How a key provincial program became a target of employee fraud

Introduction to the case

Fraudster created over 9,000 false identities to funnel the stolen funds

Sanjay Madan, former director of the Ontario Ministry of Education’s iAccess Solutions Branch, and his family allegedly embezzled $11 million dollars from the provincial Support for Families program (SFFP), designed to help parents pay for their children’s educational needs as COVID-19 prevented access to in-person learning.

While investigating the SFFP fraud allegations, the Crown discovered information alleging that Madan had also accepted more than $30 million in kickbacks. Note that the allegations have yet to be proven in court. A civil trial and a separate criminal investigation are underway. This case study is centred primarily on the embezzlement allegations.

Details of the fraud

As a lead developer of the SFFP computer application, Madan devised an elaborate fraud scheme to funnel misappropriated funds to hundreds of fake bank accounts in Canada.

The fraud occurred between April and August 2020.

Madan is thought to be the mastermind behind the $11-million embezzlement and asset misappropriation scheme.

His wife, Shalini Madan, and two adult sons, Chinmaya Madan and Ujjawal Madan, are also being investigated, although all three have submitted affidavits disavowing any knowledge of Madan’s alleged schemes.¹

Madan’s family was also employed with the Province of Ontario, though Chinmaya and Ujjawal have since resigned and Shalini was dismissed.

Throughout the court proceedings, Madan has insisted his family wasn’t involved in the scam.

Madan’s close friend, businessman Vidhan Singh, is also alleged to have had an active part in the fraud scheme.²

Neither the criminal nor civil allegations against the Madans or Singh have been proven in court. A civil trial and a separate criminal investigation are underway.

How did the fraudsters commit the crime?

Exploiting his position as a senior IT employee and his unique access to the SFFP payment processing system, Madan crafted an elaborate scam that involved fake identities, fraudulent bank accounts, and deceiving subordinates, according to Toronto Life.

Subordinate deception: Madan directed his subordinate, Hong Shi, to remove a security system that triggered an alert when SFFP claims were made for more than six children in a single household. He misled Shi into believing the order came from the ministry’s chief information officer, Soussan Tabari.

Falsified identities: Madan allegedly opened hundreds of sub-accounts at Canadian banks where subsidies would be deposited. He created these accounts in his name, his companies’ names, his family members’ accounts, and even in the name of his deceased father.

Fake bank accounts: Madan created some 9,000 false identities to use as applicants for the SFFP. More than 43,000 applications were filed on behalf of fake families from April to August 2020, and nearly $11 million was funnelled to 2,982 bank accounts.

CAPTCHA bypass: A CAPTCHA test, which determines whether an online user is a human or a bot, was required to submit an SFFP application. To bypass this control, Madan instructed one of his subordinates, Geetika Verma, to complete these checks manually for the false applicants.

Misleading records: The Bank of Montreal (BMO), one of the financial institutions where Madan created accounts, noticed a series of deposits where payee names didn’t match. After being questioned about it, Madan claimed the money was from tenants who owed him rent money and provided BMO with falsified emails from the renters.

Concealing evidence: Madan later deleted his database of fake names and wiped his computer.²

What was the outcome?

August 2020: BMO informed Madan’s superior, Soussan Tabari, of their suspicions about the discrepancy in payee names. In the following months, a forensic investigation was launched to determine the extent and nature of the allegations.

September 2020: The Ontario government sued Madan to recover the lost funds. He was charged with:

• fraud;
• breach of trust;
• money laundering; and
• possession of stolen property.

October 2020: Worried the fraudster would try to hide his assets, the province obtained a Mareva injunction, freezing $28 million in assets in Canada and India.

November 2020: Madan was fired from his job with the Government of Ontario.

January 2021: The Ontario government recovered the $11 million in stolen pandemic relief funds that had been funnelled into the now-frozen bank accounts.²

March 2021: In a statement of defence, Madan blamed the province for allegedly lax security measures that allowed “widespread misappropriation” of the COVID-19 relief funds.¹

How could this have been prevented?

Three major shortcomings enabled this specific fraud incident to go undetected for so long and balloon to multimillion-dollar levels, including:

The Madans’ sizeable real estate portfolio went unnoticed.

Madan and his wife had a combined income of about $300,000, yet owned several expensive assets, including a $1.64 million property, two under-construction villas in India, two condos in downtown Toronto, Ont., and two 30-unit rental apartment buildings in Waterloo, Ont.²

Lack of sufficient verification of applicants.

The Government of Ontario was not equipped to verify the legitimacy of SFFP applicants as it doesn’t have access to private school or home-school enrollment records, only public school records.²

Changes to SFFP made based on trust, not protocol.

The changes requested of Shi and Verma should have received written approval from a superior—in this case, Soussan Tabri.

The fraud could have been prevented or detected sooner with the following mitigation measures:

• An independent third party to audit the SFFP system before launch.
• Controls around changing system configurations.
• Superuser accounts should be available to a limited number of employees, monitored using system logs, and separated by function.
• Periodic internal audits on payment records.
• An assertive Code of Ethics and fraud awareness training for employees.
• An effective reporting mechanism and anonymous whistleblower program.