Opening Statement to the Standing Committee on Human Resources Development
and the Status of Persons with Disabilities
Integrity of the Social Insurance Number
(Chapter 1 - 2002 Status Report of the Auditor General of Canada)
28 November 2002
Sheila Fraser, FCA
Auditor General of Canada
Madam Chair, thank you for this opportunity to present the results of our audit
on the integrity of the social insurance number (SIN). With me today are Peter
Simeoni and Suzanne Therrien who are responsible for this audit work.
Since its creation in 1964 the SIN has systematically become one of a handful
of personal identifiers that are used in Canadian society. Several of the federal
government's largest programs use it. For example, in 2000-01 the SIN was the
key account number for about $53.6 billion in payments under Employment Insurance,
the Canada Pension Plan, and Old Age Security.
Many businesses are also using the SINs of employees and clients for a variety
of purposesanything from serving as file numbers to making a loan to renting
a video. Some provincial ministries and city governments also appear to be using
it. In short, many organizations collect SINs from Canadians for a variety of
uses.
The widespread use of the SIN gives it more value than the government intended.
As a result, it is particularly important that it only be used by its rightful
owner. When it is not, government benefits, tax refunds, or consumer credit
may go to the wrong person.
Focus of the Audit
We carried out this audit to determine whether the government was safeguarding
and strengthening the integrity of the SIN. Our work followed up on the concerns
we raised in our 1998 report on SIN management. It was also based on reports
to the House of Commons on the SIN by the standing committees on Public Accounts
and on Human Resources Development. These reports were very useful to us in
the course of our work.
What we found
When we began we expected to find that the problems reported in the past would
be largely resolved. Instead, we found that while there had been progress on
certain issues since 1998, many others had not been addressed.
On one hand, the government has reaffirmed its policy that the SIN is to be
used only as an account number for authorized federal programs. To help protect
personal information, (including the SIN), outside the federal government, it
is implementing the Personal Information Protection and Electronic Documents
Act. In addition, HRDC has examined the use of the SIN in the private sector
and has made modest efforts to raise public awareness about how the SIN should
be used.
On the other hand, we again found serious weaknesses in the control and issuing
of SINs, which lead us to conclude that HRDC has not done enough to safeguard
and strengthen the integrity of the SIN.
In our view, HRDC is not meeting the intent of the Employment Insurance
Act and Regulations in issuing SINs. HRDC asks applicants for one document
as proof of both identity and citizenship. Since a single piece of identification
is usually insufficient to check both, we are concerned that for the majority
of the SINs issued since 1998, the applicant's identity and citizenship status
were not checked properly.
We question the reliability of some of the documents that HRDC accepted as
proof of eligibility for a SIN. For example, we found that HRDC would accept
expired passports, baptismal certificates, and photocopies of these and other
documents. We are also concerned because HRDC did not check the validity of
most documents it accepts with the authorities responsible for issuing them.
We found that there is inadequate control over SINs issued to people who are
not Canadians or permanent residentsthe 900 series. Like regular SINs,
these SINs do not expire, although they are likely needed only temporarily.
And, again, like regular SINs, HRDC did not take adequate steps to establish
the identity of applicants. Nor did it ask these applicants to show why they
needed a SIN, even though it is required to by regulation. Over time, HRDC has
issued close to 1.6 million of these SINs in the 900 series, and more than 900,000
of them are still usable.
Since 1998 the Department has stepped up the number of SIN-related fraud investigations.
However, there is little basis to judge whether the new level of effort is adequate
because the Department has not done a comprehensive risk assessment as a basis
for its investigations.
The reliability and completeness of information in the Social Insurance Register,
the database of all SIN records, also remains a problem. While HRDC made some
improvements after 1998, there are still several issues that it has not dealt
with adequately. For example, the number of usable SINs for people over 20 years
old exceeds the related census figure by 5 million. Although HRDC has declared
2.6 million SINs dormant, these SINs can still be used to access federal benefits
programs without triggering an investigation.
Madam Chair, I am pleased to note that the department accepted all of our recommendations.
Minister Stewart has announced several measures which, if implemented fully,
should address a number of our concerns. While I am encouraged by the department's
commitment to manage the SIN better, we have not seen the details. I think that
it's important that the department develop a complete action plan addressing
all of the issues we raised. To do that well, the department should assess what
risks there are in managing the SIN, and devise appropriate program controls.
It is equally important that controls, while effective, not become excessive
or unreasonable.
Issues the Committee may wish to pursue
Madam Chair, it is clear that HRDC has to make a better effort to strengthen
the integrity of the social insurance number. While HRDC recognizes there are
problems and has taken some steps to address them in the past, we are here today
because it did not follow through.
The first order of business is making sure that HRDC respects the intent of
the Employment Insurance Act and Regulations. The Committee may wish
to ask officials from HRDC how they plan to determine the identity and citizenship
status of SIN applicants and to obtain proof that applicants for 900-series
SINs actually require them.
The Committee may also wish to ask the officials from HRDC what their plans
are for:
- increasing public awareness of how to use the SIN;
- addressing the risks of the 900-series SIN;
- assessing the reliability of documents it accepts as support for applications
and checking their validity with the authorities that issued them;
- providing staff with the training and tools they need;
- improving the Social Insurance Register; and
- doing risk-based investigations on SIN-related fraud.
The Committee may also wish to ask the department to provide it with an action
plan, against which the department would report its progress regularly.
Madam Chair, that concludes my opening statement. We would be pleased to answer
the Committee's questions. Thank you.
|