A national police operation in Madrid led to the detention of 25 individuals as part of a scheme suspected of defrauding Social Security by more than four million euros through the capitalisation of unemployment benefits. The announcement came from the Madrid Superior Police Headquarters.
The arrests occurred in several Madrid municipalities as investigators targeted a network focused on committing fraud against the State Public Employment Service (SEPE).
Officials report that more than 400 illicit cases were identified between 2020 and 2024, with four public employees and four bank staff among those arrested.
The inquiry began in December 2022 after irregularities were detected in the activities of various employees handling unemployment benefits.”[Attribution: Policía Nacional]”
An in-depth computer analysis revealed unauthorized access to multiple files, particularly those dealing with unemployment benefit capitalisation. This practice was designed to promote self‑employment and allowed beneficiaries with pending benefits to allocate the full amount to cover the initial costs of becoming self‑employed.
Investigators later uncovered a structured network comprising public employment service officials, banking staff, and administrative managers who operated in a clearly defined five‑link chain.
The first link consisted of two men who served as executives and client recruiters. They shaped strategies for which requests to file and calculated the profit margins, with returns ranging from a quarter to two‑fifths of the total capitalised amount.
They also established contact with clients and directed them to a district gestoría in Latina, Madrid, where the necessary documents were prepared to back the applications. This second group included the managers and workers of that gestoría.
The third key role involved monitoring cases and offering guidance. This work was carried out by public employees, including one from the SEPE and three from the Community of Madrid’s Public Employment Service. They used their database credentials to regularly access beneficiary files from SEPE, overseeing procedures from start to the point where benefits were paid.
For these tasks, the public employees received monthly payments from the organisation’s leaders, with sums reaching as high as €50,000. The beneficiaries’ gains were controlled through bank staff who managed the flow of money.
In the fourth link, bank employees opened accounts designated as recipients of illicit benefits after being contacted by the network’s leaders to handle these payments.
Through these arrangements, the bank staff supervised transfers and ensured that the agreed sums reached the network, often via withholdings or deferred payment orders equalling between 25% and 40% of the benefit.
Once the scheme was secured, beneficiaries transferred the agreed amounts, marking the final phase of the investigation: the receipt of benefits.
These sums were deposited into bank accounts controlled by the companies in which the network’s members held shares or into their personal accounts.
Sixteen searches were conducted in Madrid, and 25 people were detained, appearing before the judiciary as suspected offenders of Social Security crimes, documentary fraud, bribery, revelation of secrets, money laundering, and participation in a criminal organization.
During the searches, computers, mobile devices, luxury watches, cash totaling over €25,000, four vehicles, and extensive documentation were seized among other items.
From the outset, coordination between the National Police and the employment departments of the two involved public administrations—the SEPE and the Community of Madrid’s Directorate General of the Public Employment Service along with the regional employment ministry—proved efficient. The overarching objective was to clarify the facts.
Sources from the Economy, Finance and Employment Department revealed that in October 2022 the Public Employment Service identified a cybersecurity incident and requested an audit into information access by a worker who was on medical leave at the time. The community noted that the worker performed most actions remotely and repeatedly, with 89% of these actions tied to recipients of some form of benefit or those who had earned that right after the employee’s movements.
After completing the audit and gathering pertinent information, the Community of Madrid filed a complaint against the worker in December 2022, with the cybercrime unit of the National Police taking charge of the investigation. The SEPE later joined the complaint.