CINCINNATI — It started as a $9.6 million contract to build a new system to distribute federal Pandemic Unemployment Assistance benefits.
It's likely to end with over $120 million paid by taxpayers to Deloitte Consulting LLP.
And that’s just the tip of the iceberg when it comes to consultants retained by the Ohio Department of Job and Family Services.
A WCPO 9 I-Team analysis of records from the Ohio Controlling Board shows the state's unemployment agency has added more than $100 million in new expenses this year with new contracts, amendments and purchase orders. The companies receiving those awards have already been paid $191 million by ODJFS in the three years ending June 30, 2021, according to the Ohio Checkbook.
Deloitte is the largest recipient of that new spending authority, records show.
The Ohio Controlling Board on Sept. 20 authorized a 9th amendment to Deloitte’s April 2020 contract with Ohio's unemployment system. The 21-page amendment authorizes payments of up to $5.6 million for Deloitte, which built and operated a cloud-based computer network to process Pandemic Unemployment Assistance payments.
That brings to $120.3 million the total price tag for a system that sparked a class-action lawsuit over privacy concerns and $1.6 billion worth of fraud and overpayments, according to court records and state reports.
“I don’t think that’s reasonable,” said Larry Cordell, a Ford employee from Mason who is still waiting to be paid for a week of traditional unemployment in June. “I have a problem with rewarding for failure. To me, that’s what it sounds like: rewarding for failure.”
The chairman of the Ohio House Ways and Means Committee agrees with Cordell.
“Someone has to be held accountable,” said Derek Merrin, R-Monclova Township, near Toledo. “Part of accountability is recovering our public funds. That’s the first part. The second part is, should we be renewing contracts with contractors that haven’t done a good job?”
Ohio Auditor Keith Faber said he has “serious concerns” about Deloitte’s lack of security protocols, and that could be the basis of a lawsuit to seek refunds from Deloitte.
“Ultimately, the attorney general’s office and/or the Department of Job and Family Services have to determine whether their contract was breached,” Faber said. “And that depends on the nature and scope of their contract.”
Ohio Attorney General Dave Yost declined to be interviewed, but spokeswoman Bethany McCorkle said: “We are reviewing the contract and are closely monitoring the situation.”
In a statement, Deloitte said it's proud of the work it's done in Ohio.
"Since May 2020, Ohio’s PUA system has processed payments on more than 2.7 million claims and paid out more than $11.2 billion," wrote Deloitte spokeswoman Karen Walsh. "The program’s systems and controls have stopped nearly two million potentially fraudulent claims, totaling more than $7 billion."
Ohio Job and Family Services Director Matt Damschroder declined to be interviewed, but the agency provided a statement:
“Our focus has been, and will continue to be, applying the appropriate resources to ensure legitimate claimants receive the funds owed them, while minimizing the likelihood of fraud. We believe all our contractors should be held accountable in delivering the products and services according to the contract.”
About that iceberg
Deloitte’s latest contract amendment is just a fraction of the $114 million in new consultant spending approved by the Ohio Controlling Board for Ohio’s unemployment system since June 14, according the I-Team's analysis.
The controlling board serves as a mechanism for budget adjustments when circumstances change for government agencies after a two-year spending blueprint is approved for them by the Ohio General Assembly.
The board approved major adjustments for unemployment consultants in three meetings this year: June 14, Aug. 30 and Sept. 20. The I-Team reviewed meeting agendas, minutes and contract attachments to determine how much the agency’s spending authority was increased and how each contract was altered from its original terms.
Among our findings:
- Ten contracts with a combined original value of $34.5 million increased to $206.7 million, thanks to multiple amendments since the start of the pandemic. An additional $14.5 million in new contracts and purchase orders further increased the overall tally.
- Records show Deloitte was one of 18 consultants that received new orders to staff call centers, adjudicate claims, recruit and train employees and develop new systems to detect and prevent fraud. Deloitte was the biggest recipient of new funding since June, with $54.8 million in new spending authorizations – including a new contract worth $1.05 million to build a “GovConnect UI solution” to improve workflow and establish “metrics pertaining to all aspects of the claimant interaction” with the agency.
- Direct Interactions Inc. ranked second in the I-Team’s analysis, with $23.9 million in new spending authority from the fourth amendment to a call center contract signed in April 2020. The amendment covers nine months of call center services and brings the total value of its contract to $48.4 million, nearly six times its original contract value of $8.4 million.
- Another call center operator, Conduent State & Local Solutions Inc., ranked third on the I-Team’s analysis, thanks to an $11.7 million contract signed July 8 and approved by the Controlling Board Aug. 30.
- Yet another big chunk of funding went to a Public Private Partnership, or P3 initiative, announced by Governor Mike DeWine in April. Security consultants Russell Allen Partners, Experian Information Solutions Inc., LexisNexis Risk Solutions FL Inc. received a combined $8.6 million in new spending authority in a June 14 vote by the controlling board. Contracts signed by those companies carry maximum price tags of $12 million.
'Put the tools in place'
One of those P3 partners assured state lawmakers on Sept. 30 that the Buckeye state is on the right track when it comes to fighting fraud.
“When you stack Ohio up from the state that lost the most to the state that lost the least, Ohio ranked 37th,” said Haywood Talcove, CEO of the government group for LexisNexis Solutions. “You still lost approximately $500 million, a tremendous amount of money, but relatively speaking, look at California at $41 billion. Washington State, at least $3 billion. You all did remarkably well. You did remarkably well because you got real pro-active real quick. And you put the tools in place that you needed to prevent the identity theft.”
Talcove testified before the Ohio Unemployment Compensation Modernization and Improvement Council, a reform panel created by House Bill 614 to investigate why Ohio’s unemployment system went awry and what should be done to fix it. LexisNexis has a $2 million contract with the state. Talcove told the panel “it probably stopped close to 400 or so million dollars in fraudulent activity.”
He called Ohio’s unemployment system a “canary in the coal mine” because the international fraud networks that hacked that system will try the same thing in other state agencies.
“They are headed into your department of revenue,” Talcove said. “They are headed into your food stamp program. They are headed into the Medicaid program. Anywhere where you are paying a benefit, where you have legacy systems, a focus on program integrity and you’re making payments, they are going to attack.”
In addition to chairing the House Ways and Means Committee, Rep. Merrin also serves on the unemployment modernization panel. He reacted to Talcove’s testimony with a joke.
“You’re actually the first person I’ve heard before this committee compliment jobs and family services,” he said. “I almost have to think back on what we’re even doing here if they’re doing such a great job.”
In an interview, Merrin said Ohio’s rising consulting bills for the unemployment system are part of a much larger problem with IT spending by all state agencies.
“I think the state is probably being, has been taken advantage of in these contracts,” he said. “It’s very hard to prove unless you’re an IT professional and you know what these contracts should cost. But as a lawmaker in this state, no, I do not have confidence that we are paying what is appropriate for the services that we’re getting.”
'Everybody has to get paid'
And that brings us back to Deloitte. Ohio Auditor Keith Faber told the I-Team in a Sept. 23 interview that his office is scrutinizing Deloitte’s role in the avalanche of fraud that Ohio experienced when legitimate unemployment recipients competed against fraudsters from all over the globe for the federally funded pandemic unemployment benefits authorized by the CARES Act.
In an Aug. 5 report, Ohio’s unemployment modernization council estimated PUA benefits accounted for $441 million in fraudulent payments, compared to $20 million in fraud from the state’s traditional unemployment system.
“We’re not real impressed with the job Deloitte did, candidly. We’re taking a look at that,” said Faber, who expects to release a detailed report on Ohio unemployment fraud by next month.
“I think what you’re going to hear from Deloitte is, ‘We were told to put in a system up fast. This is the system we could get you fast to comply with the federal guidelines. It didn’t have the level of security protocols that we would have liked.’ But my view and our view was, it lacked security protocols.”
Faber said Ohio took the highly unusual step of modifying its financial statement to include a warning about fraud.
“We ultimately made a conclusion that the system, including the system Deloitte worked on, did not have the requisite controls to give us the assurance that we weren’t being subjected to fraud,” Faber said. “Ultimately, we modified the state opinion because they didn’t have those controls.”
To what extent is Deloitte to blame? That depends on who you ask.
State Sen. Teresa Fedor, D-Toledo, told the I-Team in August that Ohio should pursue a clawback from Deloitte.
“I’m sure there’s a clause in their contract that if things aren’t done correctly, we should get some money back. They should be held accountable,” Fedor said. “And I don’t believe that’s happening at all.”
But State Sen. Bob Hackett, R-London, told his colleagues on the Ohio Controlling Board Sept. 20 that Deloitte’s handling of the state PUA system was reviewed by “top-level experts” who concluded “everything was fine” and “Deloitte did the best they could. And a lot of it was a reaction to a one-time thing that we (had) never seen before.”
Walsh said Deloitte has worked with Ohio's job and family services department to combat fraud and overpayments.
"Deloitte has incorporated all anti-fraud technologies JFS has authorized and we continue to recommend additional methods and tools to strengthen program integrity," Walsh wrote. "Per our contract with JFS, Ohio’s PUA system was implemented with a commercial third-party identity proofing solution that required claimants to prove their identity before their claim would be paid."
The U.S. Department of Labor warned Congress in June 2020 that the department’s Employment and Training Administration was inviting fraud by instructing states to allow PUA applicants to “self-certify” their income levels and eligibility.
“That certainly was the guidance from the feds,” Faber said. “The feds basically said, ‘Because of the pandemic, because we want to get the money out to people who need it, we’ll err on the side of getting the money out.’ Well, I don’t think anybody envisioned you err on the side of giving a lot of people money in Nigeria and Russia and China and North Korea. If you asked the people who issued those guidelines in the federal government, they would say, ‘No, no, no, no. We clearly didn’t mean just open the checkbook and let people have money.’ We certainly wanted there to be some controls in place. It was the lack of those controls which we had serious concerns about, particularly with the Deloitte system.”
Deloitte’s original contract with the state clearly identifies rapid payments as the top priority.
“In light of the COVID-19 crisis and the pressing need to implement PUA, the state and Deloitte Consulting will be required to prioritize speed over non-critical functionality,” the contract states. “Decisions will be governed by the need to pay eligible recipients and not non-essential or desirable functionality. Customary state standards and rules for reporting, paperwork and process may require suspension to meet the project timeline.”
For unemployment recipients like Larry Cordell, the contract language matters less than outcomes.
Cordell is one of at least 3,100 people who notified Ohio’s unemployment agency this year that hackers had altered their unemployment accounts to route payments away from them. State officials said in a Sept. 29 press release they were “reaching out” to those victims of account takeover fraud so they could “review and adjudicate each requested week of reimbursement.”
One week after the announcement, Cordell learned about the reimbursement process from the I-Team, not from Ohio’s unemployment agency or its consultants.
“That’s part of the problem with government in the first place: overspending when there’s people out there that’s in need,” Cordell said. “Everybody has to get paid, but I think there should be a limit.”