0
It pointed out failures in the process of adjusting the rules for associative discounts on social security benefits and concluded that the national institute of social insurance (“assumed the risk” by authorizing, by 2024, transitory solutions proposed by the entities themselves without the proper technical validation of Dataprev.
The conclusion is in the audit of the agency in which the CGU has evaluated various aspects of technical cooperation agreements between entities and the INSS, from the agreements of the agreements to their supervision by the institute.
Such agreements are at the center of the investigations, which investigates, and which resulted in the operation without discount in April this year.
The CGU draws attention to Normative Instruction PRES/INSS No. 162/2024, which determined that discounts could only occur with “prior, personal and specific” authorization by the beneficiary, through an electronic signature adhesion and biometric validation, whose requirements would be defined by Dataprev.
Given the increase in discounts at the beginning of 2024, as well as a large volume of insured policyholders on discounts without proper authorization, the INSS President of the time suspended new endorsements in April 2024, until Dataprev’s definitive solution was implemented.
The following month, however, some entities requested permission to use their own electronic affiliation systems with automatic unlocking the benefits of new members, claiming that they met the security criteria established by the regulation.
On May 29, 2024, Dataprev issued a technical note after questioning the INSS about the possibility of its own solutions indicated, establishing minimum criteria for the verification of facial biometrics.
Such criteria included capture of biometrics with liveness proof (called liveness), facial recognition authentication and validation on official government bases.
The Dataprev warned, however, that the solutions of the entities did not fully meet the requirements, noting that it would be for the INSS to decide on the eventual transitional authorization.
Finally, it proposed, if the INSS decided on the possibility of using its own solution of the entities, that the start of operationalization began only at the end of June 2024, with repercussion and transfer to the entities in July 2024.
Still, on the following day, on May 30, the INSS requested the Dataprev the adoption of solution to implement the transitory rule, using an electronic affiliation solution of the entities, so that the transfers would still occur at the competence of June 2024.
One day later, on May 31, the president of the agency authorized the entities’ requests, conditioning only the signing of terms of commitment.
“On 06.06.2024, knowing the position of Dataprev that the solutions presented by the entities did not fully meet the requirements established by the company, the INSS communicated all entities with current agreements on the approval of the transitory rule and forwarded the model of the commitment term to be agreed, establishing the same deadline for the submission of the signed document, so that discounts could still be registered. In that competence, ”said CGU.
Subsequently, CGU says, the INSS requested the entities the technical documentation of the solutions used, including details about the electronic signature tool and facial biometrics. However, with the exception of an entity, the agency did not request to Dataprev the analysis of the documentation sent, “which indicates that it has taken the risk for the use of platforms without prior validation.”
The associative monthly discount portal, a system developed by Dataprev, was made available on September 17, 2024. Thus, thousands of complete registration was recorded until January 2025.
However, according to the CGU, the INSS decided to extend the term of the transient solution until February 2025, “without formal assessment of the risks arising from the maintenance of this solution parallel to that developed by Dataprev, in accordance with the normative instruction.”
The result, according to the audit, was that between June and December 2024, 623,567 new endorsements of associative tuition were recorded through the transient solution.
“By authorizing in a fast, and without adequate technical validations, the resumption of the endorsement of associative discounts through the use of biometrics promoted from the use of own systems of the entities, even in the face of dataprev alerts regarding the non -compliance with the minimum security requirements, the INSS assumes the risk of entities to perform these endors without proper authorization from the beneficiary,” said CGU.
Such a measure of flexibility was defined as “severe failure” by CGU.
“This non-compliance with the procedure defined in the newly published in PresS/INSS No. 162/2024, which would be an improvement of the (then nonexistent) controls for the validation of the requirements, based on a change in time and without the adoption of supervision or approval mechanisms, represents a serious failure with impact on the internal controls and risk management of the institute,” said the controller in the controller in Excerpt from the audit.
Defense
During the audit, the INSS was consulted by the CGU, stating that it already had several improvement measures regarding ACTs being implemented with the purpose of remedy irregularities, and reimburses the beneficiaries that were affected by improper discounts.
According to the controllership report, in response, the INSS had already stated that it began an institutional process of revision and robustness of the flow and controls of associative discounts to improve management.
The INSS also pointed out that the policyholders advised on the verification of possible associative monthly discounts through the benefit extract. If an unauthorized discount was identified, he said it would be possible to request the immediate blockage of discounts.
“Thus, it is verified that, in the scope of the INSS, amid the receipt of recommendations and/or determinations of control of the CGU and the Federal Court of Audit (TCU), the municipality was already adopting initial measures aimed at improving the situation.”
One of the examples that have been worked on, according to the INSS, is the implementation of a tool, along with Dataprev, which requires confirmation, via my INSS, of the term of adhesion to discounts.
The INSS also stated that there is no provision for the celebration of new Acts or even reestablishing the suspended agreements, and not what will be the terms that will be addressed to formalize the agreements.
The agency also points out that it should only celebrate new agreements after the completion of the ongoing findings, “especially with regard to reimbursement to injured beneficiaries. There will be no restoration to entities that cause damage to beneficiaries and the INSS.”
The INSS also cites the implementation of a series of procedures for investigating irregularities in the ACTs, as well as proceedings adopted on a disciplinary basis, in addition to the establishment of 12 Administrative Responsibility Processes (PARS), later invited by CGU.
“It is underway, in the INSS Corregedoria, disciplinary administrative proceeding instituted in the face of the servants of this municipality, noting that the servants involved were preventively removed,” he said.
Finally, he concluded by emphasizing the fact that the returns to retirees and pensioners who had their benefits discounted irregularly already started, whose first payment was in July this year.
