An internal audit of the Social Security Institute (IPS) uncovered an alleged scheme to manipulate computer records that reportedly allowed debts for employer contributions exceeding G. 7.670 billion to be concealed. Internal Audit Report No. 01/2026 indicates that 14 employees are linked to alterations made between January 2024 and May 2025, benefiting 59 companies.
The mechanism identified involved changing the RUC number and the company name of debtor firms within the REI system (Electronic Information Registry), while keeping the employer's internal identifier unchanged. As a result, the debt ceased to appear associated with the original company and was instead listed under another identity, creating the appearance that the employer was up to date with its obligations.
The audit documented cases in which the data were transferred to deceased individuals, nonexistent taxpayers, or records that do not match the official tax databases. One of the examples cited refers to the replacement of an employer's data with those of a deceased person who, according to the records, would have been 117 years old.
The modifications reportedly allowed companies with actual debts to irregularly obtain compliance certificates attesting to the absence of outstanding obligations before the IPS, which are required to access institutional procedures and services, including loan applications at the IPS Loan Fund.
The auditors detected signs of the use of remote access tools to carry out modifications from locations other than those assigned to authorized users. They also verified situations in which a person logged in with a domain account and then operated the REI system with different credentials, making it difficult to identify the true person responsible for the alterations.
Another irregularity flagged is the use of a computer window called "REI-Internal System Data Modification," which was supposed to be used for consultation purposes only. In addition, it was found that employees retained administrative privileges even after leaving their positions or after the formal revocation of their access.
The historical records examined by the audit show modifications dating back to at least 2010, with a significant concentration of changes between May and October 2024. The institution itself had already reported a similar practice in 2022, with losses of G. 5 billion.
The audit concludes that the irregularities were possible due to weaknesses in traceability mechanisms, access controls, and IT oversight. Among the recommendations are the strengthening of internal controls, a comprehensive review of administrative privileges, the implementation of permanent audits on modifications to sensitive data, and the referral of the findings to the competent authorities to investigate administrative and criminal liability.