ALBANY – In a case of the auditor being audited, a Cuomo administration agency on Tuesday said the pension system overseen by state Comptroller Thomas DiNapoli has an antiquated technology operation run with computer codes dating back to the 1950s.
The Department of Financial Services said taxpayers and members of the State Common Retirement Fund, which includes hundreds of thousands of state and local government workers and retirees, are being put at risk by an information technology system that also uses a computer mainframe designed in 1987, with inadequate internal controls to safeguard the $160 billion system.
Benjamin Lawsky, superintendent of the financial services regulatory agency, said he will be proposing new regulations aimed at bolstering the information technology departments at all public pension funds in New York, including the appointment of trained information security officers and regular reviews designed to protect information from everything from hackers to disasters.
DiNapoli, whose office has issued a number of critical audits of Cuomo administration agencies and authorities and who has never been politically tight with the governor, a fellow Democrat, dismissed the report’s findings and said work began in 2012 on a complete overhaul of the fund’s computer system. The comptroller’s office said the Lawsky audit “chose not to highlight” the upgrade that’s under way.
“Many of the conclusions of this report are either incorrect, exaggerated or misleading,” said Erie Sumberg, a spokesman for DiNapoli, who added that a full response to the audit will be coming in the next several days.
DiNapoli, who during the first two years of the Cuomo administration was not overly aggressive with the governor, became more willing this year to sharply criticize Cuomo. He bashed Cuomo’s budget plan, raised questions about the need for a Thruway toll hike that the Cuomo administration later backed away from, and most recently issued a sharply critical report of the governor’s New York Power Authority. Cuomo did not endorse DiNapoli in 2010 when they both ran statewide.
Lawsky promised more audits of the state pension fund, which is the nation’s third largest public retirement system and one of the few major funds that has one person – in this case DiNapoli – as its sole trustee.
The new audit of the fund said the pension system uses software no longer supported by its manufacturer and that executives with the fund, when interviewed by the financial services agency, acknowledged the fund’s technology program is “approaching a point of failure.”
The fund’s computer system processes more than 1 million transactions per month, the audit said, including handling of benefits, employer billing and enrollment of new members. The audit said the system’s core programming language is so old that few people know how to use it. The audit also said the system is vulnerable to hackers because of inadequate internal security protections.