LAO Contact

Update (5/16/24): Assessment section has been updated.


February 15, 2022


The 2022‑23 Budget

Assessing Proposals to Address
Unemployment Insurance Fraud


Summary. The 2022‑23 Governor’s Budget includes $29.8 million General Fund at the Employment Development Department (EDD) for six third‑party contracts to prevent future fraud in the state’s Unemployment Insurance (UI) program. (These contracts are in addition to 13 other third‑party contracts found in the department’s “vendor services” budget change proposal.) With the six fraud contracts, the administration proposes to layer additional anti‑fraud requirements and processes on top of the major fraud improvements EDD took during the pandemic. In this brief, we outline the challenges EDD faced paying legitimate UI claims and preventing fraud during the pandemic, review steps EDD has taken to improve since then, and assess whether additional anti‑fraud efforts are warranted at this time.

Background

Unemployment Benefits During the Pandemic

Pandemic Led to Sudden Spike in UI Claims... The pandemic pushed unemployment in California to record highs. Under normal conditions, about 40,000 California workers file for UI each week. During the first two months of the pandemic, an average of 500,000 workers were filing each week. This amount was five times greater than the peak seen during the Great Recession and 15 to 25 times greater than typical workload at EDD. Figure 1 shows a timeline of this and other key events related to UI during the pandemic.

Figure 1 - Timeline of Key Events During the Pandemic

…At the Same Time That New Federal Benefits Were Launched. In response to the pandemic, the federal government expanded the UI program to include self‑employed workers—under the Pandemic Unemployment Assistance (PUA) program—and provided an additional $600 per week on top of all UI payments. Under the PUA program, self‑employed workers could receive payments retroactively—so‑called “backdating”—to the beginning of the pandemic, even if they applied for PUA benefits later. Although these temporary programs were 100 percent federally funded, the state was responsible for their implementation. These efforts added to the already high workload at EDD.

Under Longstanding EDD Practices, Workers Must Pass Multiple Identity Tests. When an unemployed worker submits a claim for UI payments, EDD confirms the worker’s identifying information with the federal Social Security Administration and the state Department of Motor Vehicles. EDD also crossmatches the amount the worker reports in prior wages against employer‑provided salary data. EDD is able to quickly process many claims using these automated steps. In many cases, however, a worker’s identity cannot be confirmed to EDD’s standards, often due to incomplete information or minor discrepancies. These cases require workers and/or employers to provide EDD with additional information. Collecting this information involves extensive EDD staff time. As a result, these “manual claims” take much longer to process than automated claims.

Time‑Consuming Staff Process to Confirm Identity Led to Backlog During Pandemic. According to the administration, EDD redirects about 40 percent of all UI applications to manual staff processing. At the outset of the pandemic, EDD could manually process about 2,000 claims per day. In May, June, and July 2020, EDD redirected an average of 24,000 claims to manual processing each day. This dramatic increase in manual processing led to a backlog of claims waiting to be reviewed before UI payments could be made. Backlogged claims were delayed at least three weeks and in many cases several months. At its peak in September 2020, the backlog reached 1.7 million claims.

At the Same Time, New Federally Funded UI Benefit Hit by Fraud. At the same time that the backlog of delayed UI claims was increasing, fraudulent activity in the new federal benefit program for self‑employed workers spiked. Figure 2 shows the sudden and unexpected increase in claims for the PUA program during the early summer of 2020. (The figure also shows claims for regular state UI benefits, which did not show this same spike.) This fraudulent activity affected UI systems throughout the country. In fact, many states were hit harder than California. For instance, in Arizona, Georgia, Hawaii, Nevada, and Rhode Island, more claims for UI were submitted in 2020 than there were workers in those states. The new program was the target of fraud for several reasons. First, the federal program presented a larger financial incentive to commit fraud. Specifically, federal law allowed self‑employed workers to backdate new PUA claims to when they lost work, meaning a first fraudulent check could total several thousand dollars. Second, whereas EDD typically verifies claims against employer payroll records, it could not do so for self‑employed workers. Third, former employers typically provide a check on the validity of workers’ claims, but this extra level of review did not apply to self‑employed workers.

Figure 2 - State Took Steps to Address Fraudulent UI Claims in Federal Programs

State Steps to Address Backlog and Fraud

EDD Took Early Step to Proactively Limit Fraud in Federal Programs. After investigating the spike in claims shown in Figure 2, EDD stopped automatically backdating PUA claims. This step closed off the opportunity for fraudulent actors to receive a large initial payment. EDD notified the U.S. Department of Labor (USDOL) of their intent to stop backdating PUA claims to eliminate this financial incentive. Shortly thereafter, USDOL advised all states to take a similar precautionary step. Following this action, fraudulent PUA claims fell dramatically.

Governor’s Strike Team Investigates Backlog and Issues Recommendations. In July 2020, the Governor announced the formation of a “strike team” to immediately investigate the claims backlog and to make improvements at EDD. The strike team was overseen by the state’s Government Operations Agency. In September, the strike team published an exhaustive, critical assessment of delays and fraud at EDD and issued key recommendations to address these elements.

According to Strike Team, Focus on Fraud Provided Little Benefit and Led to Backlog. The state’s longstanding institutional focus on fraud led staff to manually scrutinize roughly 40 percent of all UI applicants’ identity information. In the words of the strike team report: “In interviews and observations, stories and anecdotes about fraud and/or suspected fraud were often used to explain why EDD could not act quickly to avoid the growth of the backlog. […] There has developed at EDD a culture of allowing fear of fraud to trump all other considerations…” The department’s longstanding institutional design and anti‑fraud emphasis prevented the department from adequately adjusting its procedures to manage its surge in workload during the pandemic. In addition, according to the strike team, the state’s manual review process failed to meaningfully capture fraudulent claims—for each 500 claims EDD staff flagged for more thorough review, one fraudulent claim was uncovered.

Strike Team Recommends New, Rational Approach to Managing Fraud. Given these findings, the strike team recommended that EDD reassess its approach to preventing fraud. Specifically, the strike team recommended that “[…] fraud prevention and detection practices must be supported by data and evidence and that justifications for new and existing anti‑fraud practices include an analysis not only of their effectiveness, but also tradeoffs and unintended consequences of these practices, including adverse impact on the experience of all claimants.”

EDD Responded to Strike Team by Setting up Automated Identity Verification Tool... In response to the administration’s strike team assessment, EDD improved its identity verification process by instituting a third‑party software—ID.me. The ID.me service verifies that workers are who they say they are by asking them to take a photo or video of themselves that is then digitally compared to the documents in their application. The continued decline in new PUA claims after the state instituted ID.me—as shown in Figure 2 above—suggests that ID.me may have further reduced the viability of fraudulent claims.

…But Took Other Actions Inconsistent With Strike Team Call to Reassess Stance on Fraud. While ID.me seemed to move EDD in the right direction, the department continued to take actions inconsistent with the strike team’s recommendation to assess the effectiveness and potential unintended consequences of anti‑fraud steps. In December 2020, EDD hired Pondera, an investigation consulting firm owned by the Thompson Reuters news service, to review nearly 10 million claims issued during the pandemic, but before ID.me came online, for potentially fraudulent characteristics. EDD and the contractor identified 1.1 million claims as potentially fraudulent. EDD stopped payments for these claims. Workers were not notified ahead of time. To reopen their accounts, workers had to verify their identity using ID.me or their accounts would be closed permanently. Ultimately, more than half of the claims (600,000) flagged as fraudulent were confirmed as legitimate.

Proposal

The 2022‑23 Governor’s Budget includes $29.8 million General Fund at EDD for six third‑party contracts to prevent future fraud within the state’s UI program. (These contracts are in addition to 13 other third‑party contracts found in the department’s “vendor services” budget change proposal.) The six fraud‑related contracts are:

  • Automated Batch Review. Thompson Reuters software tool used to flag potentially fraudulent claims. Same tool used in January 2021 to suspend 1.1 million claims.
  • Identity Risk Analytics. Thompson Reuters software contract to allow EDD to review new UI claims daily instead of weekly. Aim of more frequent review is to stop fraud.
  • Identity Verification. Extension of state’s existing contract with ID.me.
  • Website Managed Security Services. Expanding an existing statewide partnership with Akamai to detect and prevent organized, automated cyber‑attacks—known as “bot attacks”—that could disrupt or disable EDD’s benefit application website.
  • Business Intelligence Competency Center Consulting. Consulting contract with Executive Information Systems to improve reporting of potentially fraudulent activity and crossmatching that data with Department of State Hospitals patient data or California Department of Corrections and Rehabilitation records.
  • Fraud Services. Rehiring Accenture to continue advising EDD on how to identify and prevent future fraud.

Assessment

Striking a Balance Between Fraud Prevention and Program Access. State employment insurance programs must balance the need to prevent fraud with the priority to delivery payments in a timely and straightforward manner. State agencies also have a responsibility to protect the privacy of the constituents they serve. Eliminating all fraud is infeasible. Moreover, attempting to eliminate all fraud necessitates onerous eligibility standards and a lengthy, time‑consuming application process. On the other hand, although a program without fraud controls would be quick and simple, such a system would expose the state and employers to substantial financial risk. Given the importance of UI payments to workers, the economy, and the state during economic downturns, EDD’s policies and practices should be regularly reviewed by the Legislature and administration to be sure the state is striking a workable balance that manages fraud while providing prompt and straightforward payments to eligible workers.

State Already Set up ID.me, Providing Substantial Protection Against Fraud… EDD’s implementation of ID.me during the pandemic has had two major benefits: (1) with ID.me in place, the department now can automate more claims so fewer are redirected to the time‑consuming manual review process; and (2) fraudulent actors using stolen identity information are no longer able to successfully claim benefits. With ID.me now in place, EDD has taken steps to substantially limit opportunities for fraud while also addressing the manual review bottleneck that caused the backlog during pandemic.

…But ID.me Has Come Under Scrutiny in Recent Days. The state hired ID.me to confirm workers’ identities using so‑called “one‑to‑one” face matching; that is, when a computer algorithm matches the photo or video submitted by the worker to the worker’s identification card. Earlier this month, the company CEO admitted to misleading ID.me clients: although ID.me uses one‑to‑one matching to confirm identity, the company also made so‑called “one‑to‑many” matches without their client’s knowledge. One‑to‑many matches scan one person’s face against large databases and therefore could help identify fraudulent actors who claim multiple benefits. However, privacy experts warn that these matching systems are prone to error, suffer from systematic racial bias, and have the potential to be misused. In light of this scrutiny, the Internal Revenue Service recently called off its planned adoption of ID.me for tax filing. (After the publication of this report, the IRS reinstated its use of ID.me, but with added safeguards.)

New Anti‑Fraud Proposals No Longer Needed and Run Counter to Strike Team Recommendations. Moving forward at this time with additional layers of fraud protection is not necessary because (1) recent fraud was concentrated in temporary federal benefit programs that have now ended, (2) recent fraud in the state’s regular UI program appears to have been minimal, and (3) adopting additional fraud protection now runs counter to the strike team recommendations.

  • Recent Fraud Concentrated in Temporary Federal Benefits That Have Ended. Figure 3 shows the administration’s estimate of suspicious or confirmed UI benefit fraud that occurred during the pandemic. The vast majority of fraud occurred in the temporary federal programs that now have ended. According to the administration, $18.7 billion (94 percent) of UI benefit fraud may have occurred in the federally funded PUA program, while EDD suspects $1.3 billion (6 percent) in state UI benefits fraud.
  • Administration’s Estimates of Fraud in State UI Benefits Likely Significantly Overstated. The $1.3 billion estimate of fraud in the state UI benefits program likely is overstated. EDD counts state UI claims as fraudulent if a worker did not confirm their identity when EDD requested additional documentation or verification. Yet there are several reasons why workers with legitimate claims may not have followed up with EDD. Many of the suspected fraudulent claimants already had run out of benefits, meaning legitimate claimants would have had little reason to log in to confirm their identity. Other claimants may have given up in frustration after trying unsuccessfully to send requested documentation to EDD. While widespread frustration and an inability to contact EDD are problematic for other reasons, the claims from this group of workers did not represent fraudulent activity so including them contributes to the overstatement. Another estimate of likely fraud in the state’s program (based on findings in the administration’s strike team report) suggests that state UI fraud during the pandemic could be much smaller—just $100 million in fraud out of $35 billion in benefits paid. (The small red area represents this smaller likely fraud estimate.) Given that relatively little fraud seems to have targeted the state’s regular UI program, new, additional layers of fraud prevention are not needed.
  • Runs Counter to Key Strike Team Recommendation. Moving forward at this time with new, additional layers of fraud protection also would move the department further out of balance by again prioritizing fraud elimination at the expense of prompt and straightforward payments. To ensure that an anti‑fraud emphasis does not come at the expense of prompt and straightforward payments, the strike team recommended that new anti‑fraud proposals must be supported by data and take into consideration how the new protocols might impact legitimate claimants. The department’s use of the Thompson Reuters software to suspend 1.1 million claims, of which at least 600,000 were legitimate, raises concerns that EDD has not internalized the strike team’s fraud‑related recommendations. Moving forward with this contract and others therefore runs counter to the administration’s own assessment and recommendations and would move the department further out of balance.
Figure 3 - Temporary Federal Benefits, Not State Benefits Were the Primary Target of Fraud

Recommendations

Approve Contract to Prevent Website Disruptions. We suggest the Legislature approve the administration’s contract with Akamai to prevent coordinated bot attacks that could disrupt or shut down EDD’s website at critical times.

Withhold Action on ID.me… Setting up automated identity verification substantially sped up EDD processes so benefits could be paid promptly during the pandemic. The software likely also reduced fraud in the temporary federal programs. In hindsight, the strike team’s recommendation to set up ID.me was warranted during the pandemic, when the magnitude of the claims backlog called for prompt and decisive action. Now that this critical period has passed, we recommend the Legislature pause and carefully consider the implications of requiring third‑party biometric scanning—in this case, facial recognition performed by artificial intelligence.

…And Direct Administration to Gather More Information, Assess Alternatives. As the Legislature considers the ongoing use of facial recognition software for the state’s UI system, we recommend that it direct the administration to follow through on the strike team recommendation to assess the trade‑offs and potential unintended consequences of anti‑fraud measures, in this case for ID.me. The Legislature also may wish to task the administration with presenting alternatives to biometric scanning that achieve the same (or similar) level of automated security but that pose fewer potential privacy risks and equity concerns.

Reject Proposals to Make Pandemic Era Anti‑Fraud Tools Permanent. We recommend the Legislature reject the pandemic era anti‑fraud contracts with Thompson Reuters for automated batch review and identity risk analytics because the state’s use of these programs adversely impacted the experience of several hundred thousand unemployed workers with legitimate claims and are not likely to be useful now that automated identity verification is in place. The Legislature may wish to ask the administration whether these software tools could be useful in more targeted, special circumstances.

Reject Anti‑Fraud Consulting Contracts, Require EDD to Outline Benefits and Consider Trade‑Offs First. We also recommend that the Legislature reject the Business Intelligence Competency Center Consulting and Fraud Services contracts until the administration reports on the “the effectiveness, but also the trade‑offs and unintended consequences of these practices” as recommended by the strike team.