New Delhi: The Employees Provident Fund Organisation (EPFO) has reportedly become the victim of fraud as a sum of Rs 21 crore has allegedly been stolen from a common Provident Fund (PF) pool by a group of employees from within the organisation. A report by the Indian Express, which gained access to an ongoing internal investigation, claims the mastermind behind the operation is 37-year-old Chandan Kumar Sinha, a clerk at the EPFO’s office in Kandivali, Mumbai.
Sinha, along with five other EPFO employees, reportedly withdrew the funds as PF claims and deposited them in 817 bank accounts belonging mainly to migrant workers. While the six suspected employees have been suspended, the Indian Express report claims that 90% of the misappropriated funds have already been removed from these accounts.
The missing money was taken from a pooled fund, deposits to which are made every month by organisations registered with the EPFO, generally for investments in government securities. Akin to a bank robbery, as one senior official of the organisation put it, the money that was stolen did not belong to individuals but rather to the organisation itself.
The EPFO manages around Rs 18 lakh, directly or indirectly, and is one of the world’s largest social security organisations. Prompted by the scale of this misappropriation, it is taking steps to secure all withdrawals and has even broadened the scope of its internal audit to include PF claims approved by the Kandivali office from March, 2019 to April, 2021 – up to 12 lakh claims. Moreover, following the audit, the EPFO reportedly plans to hand over the case to the Central Bureau of Investigation (CBI).
Work from home prompted lax security
A case of such large-scale fraud at a social security office raises many security concerns. Pandemic-related job cuts at the organisation had led to multiple responsibilities being assigned to employees relating to verifications and approvals to manage withdrawals. Additionally, senior officers who chose to work from home during the lockdown had shared their passwords with the suspects, not bothering to change them after any work was done. Couple this with the fact that only PF withdrawals exceeding the amount of Rs five lakh require additional authorisation from a second officer, and the loophole which the suspects exploited becomes clear.
Sinha and his associates allegedly made withdrawals of only Rs one-three lakh to avoid raising any flags within the system. Then, with the help of his colleague Abhijit Onekar, Sinha secured the bank and Aadhaar details of unemployed migrant labourers by paying them a “commission” of Rs 5,000. PF accounts were then opened in the names of these workers where they were listed as employees of Mumbai-based companies which had shuttered up to 15 years ago.
The Indian Express report listed the companies: B Vijay Kumar Jewellers Pvt Ltd, Landmark Jewellery Pvt Ltd, New Nirmal Industries, Sathee Wear Corporation and National Wires. All of these companies are thought to have shut shop in 2006.
As noted by an EPFO official, Sinha’s understanding of the loopholes of the organisation’s accounting process also aided him in pulling off the scam. For example, the EPFO does not follow ‘double-entry bookkeeping’ practices for companies which are no longer operational. Double-entry bookkeeping requires an entry in one account to always be accompanied by a corresponding entry in the other account involved. Since this practice was not in place, Sinha was able to make these deposits without arousing any suspicion.
This scam may have gone on for longer had an alleged anonymous complaint from one of Sinha’s relatives not tipped off the organisation’s officials. Apparently Sinha was using his ill-gotten gains for extravagant purchases such as luxury cars and motorcycles which made his relative jealous. After the scam was unearthed in July 2021, Sinha reportedly checked into a local hospital and has absconded since.
The revelations of the case have prompted increased security measures within the EPFO, such as the need to change passwords which access the organisation’s systems every 15 days. Senior officers have also been told to double-check the systems and processes in their respective domains and to stop assigning multiple roles to their employees.
In terms of damage control, the organisation has reportedly been in touch with banks to freeze the 817 spurious accounts and attempts are being made to retrieve assets purchased by the accused members from the misappropriated money. Slightly over Rs 2 crore have been retrieved so far.