TIGTA: IRS CI Should Increase Efforts to Combat Identity Theft

Criminal Investigation Should Increase Its Role in Enforcement Efforts Against Identity Theft

August 28, 2019

This report has cleared the Treasury Inspector General for Tax Administration disclosure review process and information determined to be restricted from public release has been redacted from this document.

Redaction Legend:

1 = Tax Return/Return Information.

2 = Law Enforcement Techniques/ Procedures and Guidelines for Law Enforcement Investigations or Prosecutions.

Highlights

Final Report issued on August 28, 2019

Highlights of Reference Number: 2019-30-047 to the Commissioner of Internal Revenue.

IMPACT ON TAXPAYERS

Identity theft is a deliberate and purposeful violation of Internal Revenue laws by those who use another person's name and Taxpayer Identification Number either to obtain employment unlawfully or to file a fraudulent tax return. When identity theft for purposes of refund fraud is not investigated, innocent taxpayers can be harmed and the confidence in tax administration can be undermined.

WHY TIGTA DID THE AUDIT

In Criminal Investigation's (CI) annual report for Fiscal Year 2018, CI officials indicated that resources devoted to identity theft cases would be reduced in favor of traditional tax work and bringing the most sophisticated tax cases to the U.S. Department of Justice for prosecution. The overall objective of this review was to evaluate CI's efforts in identifying and investigating tax-related identity theft cases.

WHAT TIGTA FOUND

From Fiscal Year 2013 to Fiscal Year 2017, the number of identity theft investigations initiated by CI declined 75 percent. CI identity theft investigations initiated declined at a larger percentage when compared to overall investigations initiated, which declined by 43 percent while the number of special agents declined 15 percent.

The IRS tracks both IRS-identified (the IRS proactively identifies taxpayers as victims) and taxpayer-initiated identity theft incidents. For taxpayer-initiated incidents, taxpayers contact the IRS to report that, after filing their tax return, they received a notice that the return was rejected because someone (an identity thief) already filed a return using the same Social Security Number and name. TIGTA's review found that many incidents initiated by taxpayers were not placed in CI's Scheme Tracking Referral System (STARS) for consideration in CI's scheme development process. Specifically, 98,773 taxpayer-initiated identity theft returns processed in Calendar Year 2016 were not placed in CI's STARS, which is the master list of all schemes developed for the IRS. By not including these returns, CI may limit its ability to identify fraud characteristics for returns that bypass IRS filters for possible investigation.

Further, CI's coordination and documentation of internal identity theft referrals needs improvement. It is every Federal employee's duty to report fraud to the proper authorities. Given that requirement, the proper authorities should have an effective process to receive referrals. Other functions inside the IRS that interact with identity theft victims have useful information about identity theft and refund fraud. If CI took steps to harness an effective partnership with other IRS functions, CI could increase the quality and quantity of its investigations. While there is a CI referral process for compliance functions, there is no referral process for other employees who work with identity theft cases such as the Taxpayer Advocate Service and the Wage and Investment (W&I) Division's Identity Theft Victims Assistance organization (IDTVA).

WHAT TIGTA RECOMMENDED

TIGTA recommended that the Chief, CI: 1) request that the Commissioner, W&I Division, develop a process to make available taxpayer-initiated cases for scheme development and CI case consideration and 2) develop a process for employees who work identity theft cases such as TAS and the W&I Division's IDTVA organization to submit quality identity theft referrals and fraud referrals to CI. CI partially agreed to request an assessment of the STARS database for taxpayer-initiated returns, but disagreed with developing a process with TAS and the W&I Division to submit referrals to CI. The IRS agreed with TIGTA's recommendation that the National Taxpayer Advocate finalize pending guidance on identity theft referrals.

---

August 28, 2019

MEMORANDUM FOR
COMMISSIONER OF INTERNAL REVENUE

FROM:
Michael E. McKenney
Deputy Inspector General for Audit

SUBJECT:
Final Audit Report — Criminal Investigation Should Increase Its Role in Enforcement Efforts Against Identity Theft (Audit # 201730026)

This report presents the results of our review to evaluate Criminal Investigation's efforts in identifying, investigating, and prosecuting tax-related identity theft cases. This review is included in our Fiscal Year 2019 Annual Audit Plan and addresses the major management challenge of Identity Theft and Impersonation Fraud.

Management's complete response to the draft report is included as Appendix VII.

Copies of this report are also being sent to the Internal Revenue Service managers affected by the report recommendations. If you have any questions, please contact me or Matthew A. Weir, Assistant Inspector General for Audit (Compliance and Enforcement Operations).

---

Table of Contents

Background

Results of Review

Appendices

Appendix I — Detailed Objective, Scope, and Methodology

Appendix II — Major Contributors to This Report

Appendix III — Report Distribution List

Appendix IV — Outcome Measures

Appendix V — Fiscal Year 2017 Field Office Minimum Loss Referral Criteria

Appendix VI — Identity Theft Investigations Initiated, by Field Office, for Fiscal Years 2013 and 2017

Appendix VII — Management's Response to the Draft Report

Abbreviations

CI	Criminal Investigation
CIMIS	Criminal Investigation Management Information System
FY	Fiscal Year
IDTVA	Identity Theft Victim Assistance
IRS	Internal Revenue Service
RICS	Return Integrity and Compliance Services
SB/SE	Small Business/Self-Employed
STARS	Scheme Tracking and Referral System
TAS	Taxpayer Advocate Service
USAO	U.S. Attorney's Office
U.S.C.	United States Code
W&I	Wage and Investment

---

Background

Identity theft continues to have a significant impact on tax administration. When identity theft for purposes of refund fraud is not investigated, innocent taxpayers can be harmed and the confidence in tax administration can be undermined. Identity theft is a deliberate and purposeful violation of Internal Revenue laws and generally occurs in tax administration in two main ways:

1. Someone unlawfully uses a person's stolen identification information to file a fraudulent tax return and obtain a fraudulent refund.

2. Someone unlawfully uses a victim's stolen information to obtain employment. The income attributable to the unlawful employment may appear on the victim's tax account.¹

In October 1998, Congress passed the Identity Theft and Assumption Deterrence Act of 1998, which made identity theft a Federal crime with penalties of up to 15 years of imprisonment and a maximum fine of $250,000.² The primary objectives of the Act were to 1) amend 18 United States Code (U.S.C.) Section 1028 to criminalize fraud in connection with identification documents that include the unlawful transfer and use of identity information and 2) establish that the person whose identity was stolen is a true victim and provide rights of restitution for costs associated with regaining good credit or reputation.³ IRS Criminal Investigation (CI) has the authority to investigate identity theft crimes from several statutes within Title 26 (tax violations), Title 18 (tax-related and money laundering violations), and Title 31 (currency violations) of the U.S.C. CI's identity theft strategy includes investigating high-impact cases, deterring crime through publicity and collaboration with other business operating divisions to stop fraudulent refunds and enhance prevention efforts, and recovering funds linked to stolen identity refund fraud.

The U.S. Department of Justice Tax Division issued Directive 144, Delegation of Authority to Authorize Grand Jury Investigations, Criminal Complaints, and Seizure Warrants for Certain Offenses Arising from Stolen Identity Refund Fraud (referred to as identity theft). This directive originally took effect for a two-year period beginning on October l, 2012, and thereafter was made permanent on January 30, 2014. The directive's purpose is to provide Federal law enforcement officials with the ability to timely address crimes of identity theft by delegating to the United States Attorney the authority to: 1) open certain tax-related grand jury investigations; 2) arrest and federally charge by criminal complaint a person engaged in identity theft crimes; and 3) seek and obtain seizure warrants for forfeiture of criminally derived proceeds of identity theft crimes, all without prior approval from the Department of Justice Criminal Enforcement Sections of the Tax Division. CI's mission states:

Criminal Investigation serves the American public by investigating potential criminal violations of the Internal Revenue Code and related financial crimes in a manner that fosters confidence in the tax system and compliance with the law.⁴

Figure 2 shows that more than 94 percent of the identity theft investigations CI initiated between Fiscal Years (FY) 2013 and 2017 were pursued under Title 18.

Figure 2: Identity Theft Investigations Initiated and Statute Violations Pursued for Each Fiscal Year

Statute Violated	FY 2013		FY 2014		FY 2015		FY 2016		FY 2017
	#	%	#	%	#	%	#	%	#	%
Title 18	1,440	97%	1,021	96%	756	97%	547	95%	352	94%
Title 26	48	3%	38	4%	19	2%	26	5%	22	6%
Title 31	4	0%	4	0%	1	0%	0	0%	0	0%
Total	1,492	100%	1,063	100%	776	100%	573	100%	374	100%
Source: TIGTA analysis of CI Management Information System (CIMIS) data for FYs 2013 through 2017 provided by CI.

Figure 3 shows the majority of identity theft cases coming from U.S. Attorney's Offices (USAO) and other Federal and State government agencies. The percentage of investigations initiated from functions within the IRS increased from 18 percent in FY 2013 to a high of 28 percent in FY 2016 and then dropped to 20 percent in FY 2017. The primary source of identity theft investigations from within the IRS were from CI's Questionable Refund Program, which represents nearly 35 percent (26 of the 75 IRS-initiated cases) for FY 2017. In addition, some investigations are based on information received from the public sector, including the media and informants. CI also develops investigations from currency transaction documents.

Figure 3: Identity Theft Criminal Investigations Initiated (by Source for Each Fiscal Year)

Source	FY 2013		FY 2014		FY 2015		FY 2016		FY 2017
	#	%	#	%	#	%	#	%	#	%
U.S. Attorney's Office and Other Government Agencies	862	58%	532	50%	427	55%	296	52%	236	63%
IRS	263	18%	221	21%	160	21%	162	28%	75	20%
Currency Transactions	124	8%	74	7%	49	6%	38	7%	17	5%
Public and Other	243	16%	236	22%	140	18%	77	13%	46	12%
Total	1,492	100%	1,063	100%	776	100%	573	100%	374	100%
Source: TIGTA analysis of CIMIS data for FYs 2013 through 2017 provided by CI.

When discussing our results with CI, they stated that because identity theft cases are worked directly with the USAO, the cases are often coded as USAO being the source, when they are in fact IRS-initiated cases by CI. For example, in:

• FY 2013, 382 of the 862 USAO cases were IRS-initiated cases.

• FY 2017, 177 of the 236 USAO cases were IRS-initiated cases.

Our data analyses were performed in TIGTA's office in Atlanta, Georgia, during the period October 2017 through April 2019. We used national reports from the CIMIS for our review. We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objective. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objective. Detailed information on our audit objective, scope, and methodology is presented in Appendix I. Major contributors to the report are listed in Appendix II.

Results of Review

From FY 2013 to FY 2017, the number of identity theft investigations initiated by CI declined 75 percent. The decrease in CI identity theft investigations initiated was significantly larger than the decrease in total investigations initiated of all types, which decreased by 43 percent over the same period. While CI experienced a decline in resources over this period of time, the decrease in CI identity theft investigations was also significantly larger than the 15 percent decline in the number of special agents.

CI management attributed the decline in the number of identity theft investigations to improved processes on the civil side of IRS identity theft efforts that have steadily reduced incidents of identity theft. Overall, our review of CI's identity theft strategy shows that:

• The decline in identity theft investigations reflects a strategic reallocation of resources away from pursuing identity theft cases.

• Many taxpayer-initiated identity theft cases were not placed in CI's Scheme Tracking and Referral System (STARS) for consideration in its scheme development process.⁵

• CI's coordination and documentation of internal identity theft referrals needs improvement.

• While some identity theft cases were discontinued and declined for prosecution, enforcement actions were taken on related cases.

As CI's resources decline and less emphasis is placed on identity theft cases, CI can expand its role in the IRS identity theft strategy by improving the fraud referral program and data analysis of successful identity theft schemes in its investigations.

The Decline in Identity Theft Investigations Reflects a Strategic Reallocation of Resources

CI continues to have fewer special agents available to work inventory, which contributed to the decline in the number of investigations initiated and completed. From FY 2013 to FY 2017, the total number of special agents decreased from 2,541 to 2,159, a decrease of 382 special agents (or 15 percent). Figure 4 shows that the number of special agents declined every fiscal year.

Declines in special agent staffing may affect CI's ability to sustain efficient and effective operations and enforcement results. While special agents decreased by 15 percent, the number of investigations initiated and completed decreased by a much larger percentage (almost triple) during the same period. Figure 5 shows a five-year trend in CI investigation initiations and completions. There was a decrease of 2,297 (43 percent) in initiations between FY 2013 and FY 2017. Completed cases declined 2,470 (44 percent) between FY 2013 and FY 2017.⁶

Identity theft cases declined at a larger percentage compared to other cases

Emphasis areas are categories given to investigations with certain characteristics that provide CI leadership with additional information about the investigations worked. About 64 percent of CI's investigations initiated in FY 2017 involved one or more CI emphasis areas. Figure 6 shows investigations initiated for FY 2013 and FY 2017 for all CI emphasis areas.

[Editor’s Note: The reference mark for footnote ⁷ appears in the image above.]

Figure 6 shows that the decline in identity theft investigation initiations was significantly larger than the decline in other areas. In FY 2013, the 1,492 identity theft investigations accounted for 33 percent of all emphasis area investigations, but by FY 2017, identity theft investigations only accounted for 15 percent.⁸

CI completed 524 identity theft investigations in FY 2017, a 62 percent decrease from the FY 2013 total of 1,391. In our review of trends in CI's investigation results, we reported that on September 18, 2012, the Department of Justice Tax Division implemented an expedited and parallel review of proposed indictments arising from stolen identity refund fraud cases. This resulted in a spike of initiations and completions for FY 2012 through FY 2013 of identity theft cases. Starting in FY 2014, however, CI shifted some resources back to non-identity theft investigations as well as investigative efforts focused on the existing inventory of cases that were in the judicial process, which caused decreases to occur in identity theft initiations for FY 2015 through FY 2016.⁹

Additionally, Figure 7 shows the declining trend in the number of CI investigations recommended for prosecution and the fluctuating trend in cases resulting in sentences for identity theft investigations over the last five fiscal years. According to CI, the increases in sentencing in FYs 2014 and 2015 for identity theft investigations relate directly to identity theft completions from FY 2012 and FY 2013 as the identity theft cases moved through the judicial process.

At a March 2017 tax conference during the Federal Bar Association Tax Section, the Deputy Chief, CI, described CI's core mission [tax] cases as “not including identity theft — so no money laundering, no Bank Secrecy Act, no identity theft.”¹⁰ Further, in CI's annual report for FY 2018, its Deputy Chief states, “We have made a conscious effort to reduce our investigative time on identity theft. We ended the year spending about 10 percent of our investigative time in this area compared to 18 percent at our high-water mark. We reinvested this time in our traditional tax work, bringing the most sophisticated tax cases to DOJ [Department of Justice] for prosecution.”¹¹ It is understandable that a significant reduction in IRS identity theft incidents could warrant a reallocation of CI identity theft resources; however, the percentage in reduction in CI identity theft investigations from FY 2013 to FY 2017 (75 percent) is higher than the reduction of IRS identity theft incidents (67 percent over the same time frame. See Figure 9). The statement by CI officials may indicate even further reductions in identity theft work in the future. While the statements appear to signal the strategic shift away from identity theft investigations, Figure 6 shows that Bank Secrecy Act investigations remained at 20 percent and money laundering investigations increased 9 percentage points from FY 2013 to FY 2017. Of the three types of investigations on which CI officials signaled a diminished emphasis, only identity theft investigations have decreased. While incidents of identity theft have decreased, they remain a significant threat to tax administration.

Three field offices represent the highest identity theft investigations initiated

Figure 8 compares the top five field offices based on the number of identity theft investigations initiated in FY 2013 and FY 2017.¹² For the five-year period of FYs 2013 through 2017, Miami, Tampa, and Atlanta (in various orders) were the top three (of 25) field offices with the highest identity theft investigation initiations. * * * 2 * * * See Appendix V, Figure 1 for FY 2017 minimum loss amounts for all CI field offices.

Figure 8: Comparison of Top Five Field Offices With Identity Theft Initiations for FYs 2013 and FY 2017

FY 2013				FY 2017
Top Five Field Offices With the Highest Initiated Identity Theft Investigations	Field Office Initiations	% of All Identity Theft Initiations		Top Five Field Offices With the Highest Initiated Identity Theft Investigations	Field Office Initiations	% of All Identity Theft Initiations
Miami Field Office	286	19%		Miami Field Office	60	16%
Tampa Field Office	198	13%		Atlanta Field Office	33	9%
Atlanta Field Office	186	12%		Tampa Field Office	29	8%
New York Field Office	113	8%		Charlotte Field Office	23	6%
Los Angeles Field Office	90	6%		Chicago and Nashville Field Offices (Tied)	21	6%
Total Top Five Field Office Initiations	873	59%		Total Top Five Field Office Initiations	166	44%
Total Identity Theft Initiations	1,492	100%		Total Identity Theft Initiations	374	100%
Source: TIGTA analysis of CIMIS data provided by CI.

Figure 8 also shows the percentage of total identity theft investigations initiated by all field offices combined for FY 2013 and 2017. As reported earlier, investigations initiated decreased by 2,297 investigations from FY 2013 (5,314 investigations) to FY 2017 (3,017 investigations), and the top five field offices represented nearly one-third of that decrease (707 of the 2,297). The top five field offices accounted for 44 percent of total identity theft investigations initiated in FY 2017, a decrease of 15 percentage points from FY 2013 (nearly 59 percent). While CI's top three field offices remained the same, they account for a decrease of 11 percentage points from FY 2013 to FY 2017.

While all field offices completed identity theft cases during this period, the bottom two field offices only completed two and three investigations respectively in FY 2017. See Appendix VI for the comparison of all the identity theft investigations for FY 2013 to FY 2017.

Many Taxpayer-Initiated Identity Theft Returns Were Not Placed in the Scheme Tracking and Referral System for Consideration in Criminal Investigation's Scheme Development Process

The IRS tracks the types of identity theft incidents (IRS-identified or taxpayer-initiated) received each calendar year and marks taxpayer accounts based on the confirmation of these case types and actions employees take.¹³ Figure 9 shows the number of incidents and taxpayers reported by the IRS for Calendar Years 2013 through 2017.

Figure 9: Identity Theft Incidents and Taxpayers in Calendar Years 2013 Through 2017

Calendar Year	IRS-Identified		Taxpayer-Initiated		Total
	Incidents	Taxpayers	Incidents	Taxpayers	Incidents	Taxpayers
2013	2,542,488	2,106,932	376,996	309,841	2,919,484	2,416,773
2014	2,992,035	2,671,897	321,793	257,008	3,313,828	2,928,905
2015	2,086,863	1,901,049	281,556	249,970	2,368,419	2,151,019
2016	1,777,251	1,580,220	142,709	113,699	1,919,960	1,693,919
2017	839,495	777,932	111,146	78,807	950,641	856,739
Source: Wage and Investment (W&I) Division Identity Protection, Strategy, and Oversight's analysis of unreversed identity theft indicators extracted from the IRS Compliance Data Warehouse.

Although CI decreased the number of its identity theft investigations initiated by 75 percent from FY 2013 to FY 2017 (see Figure 6), the reduction is almost 10 percent more than the decrease in the total number of identity theft incidents the IRS processed during that time frame.

Specifically, the number of taxpayers affected by IRS-identified and taxpayer-initiated identity theft incidents decreased 65 percent from Calendar Years 2013 to 2017. For example, in Calendar Year 2017, there were 856,739 taxpayers affected by identity theft, but CI initiated only 375 identity theft investigations. CI management attributed the decline to improved processes, mainly the IRS's systemic return processing filters managed by the IRS's civil side that have steadily prevented more identity theft cases. Figure 9 statistics demonstrate the impact of the IRS's increased efforts, showing a declining number of IRS identity theft incidents.

The IRS uses numerous return filters to help stop suspected fraudulent returns from entering tax processing, which has helped prevent more identity theft incidents. * * * 2 * * *¹⁴

Although the IRS has a process for transferring IRS-identified returns confirmed as identity theft to CI's STARS, we found many taxpayer-initiated incidents were not being placed in STARS. Using IRS Individual Master File data, we identified 143,934 returns associated with taxpayer-initiated incidents closed in Calendar Year 2016.¹⁵ We initially determined that 133,898 (93 percent) returns claiming $175 million in refunds were not placed in STARS and made available for review and consideration during CI's scheme development process. Subsequent to our review, CI provided a list of 35,125 of the 133,898 returns and stated they were previously transferred to STARS.¹⁶ As a result, 98,773 taxpayer-initiated identity returns that claimed $104 million in refunds were not placed in STARS and could not be considered in CI's scheme development process.

After returns are processed and confirmed as identity theft, the W&I Division's Return Integrity and Compliance Services (RICS) organization uses a data exchange procedure to transfer them to CI's STARS.¹⁷ A return is assigned a category in STARS and a freeze code is placed on the taxpayer's account.¹⁸ After the RICS organization places the fraudulent returns in STARS, CI's Scheme Development Center analysts use the Electronic Fraud Detection System, other database tools, and computer systems to identify matching characteristics of fraudulent refunds and returns.¹⁹ Scheme Development Center analysts also provide continued investigative support for special agents working refund fraud investigations in each of the 25 field offices and use this information to build scheme packages they send to CI field agents who determine if a case is worthy of criminal prosecution.

RICS organization employees are responsible for resolving IRS-identified identity theft cases. Once a return is confirmed as identity theft, IRS guidance calls for RICS organization employees to transfer these identity theft returns to STARS and update the return dispositions in STARS. Similarly, the W&I Division's Identity Theft Victim Assistance (IDTVA) organization provides guidance and instructions for its employees to resolve identity theft cases, including those that are initiated by the taxpayer, and to mark taxpayer accounts with an identity theft indicator. IDTVA organization management refers to these returns as those that were not identified by IRS filters. However, the IDTVA organization's procedures do not include instructions for transferring the returns to STARS, nor do IDTVA organization personnel have access to STARS.

We also determined that RICS organization procedures do not address the transfer of taxpayer-identified identity theft returns to STARS. RICS organization personnel confirmed that when another function outside of the RICS organization identifies an identity theft tax-related situation, those returns are not usually placed in STARS. When we discussed with RICS organization management our concern that taxpayer-identified cases were excluded from the scheme development process, management stated that they previously considered transferring taxpayer-initiated identity theft returns to STARS, but procedural challenges would not allow for the integration of these returns into any systemic process and would require manual workaround procedures. Specifically, there were challenges with the Electronic Fraud Detection System and volume limitations with moving taxpayer-initiated identity theft returns.

While we understand that additional procedures may be needed to transfer taxpayer-initiated identity theft complaints, the additional effort is warranted. When there is no established process to transfer these returns to STARS, the returns will be unavailable to Scheme Development Center analysts for review and selection in the scheme development process. Because STARS contains the master list of all schemes developed for the IRS, not including all confirmed identity theft returns may limit CI's ability to identify fraud characteristics for returns bypassed by IRS filters. In addition, when identity theft returns are not transferred to STARS, the risk increases that fraudulent acts will not be investigated or the extent of the identity theft activity and harm to taxpayers will not be properly identified.

As Figure 9 reflects, incidents of IRS-identified and taxpayer-identified identity theft have decreased. As a result, CI has shifted emphasis away from identity theft investigations. However, as we have noted in another TIGTA report, when identity thieves are unsuccessful at attempting one form of identity theft, they shift tactics and methods. For example, while much of the focus had been on identity theft of individuals' identities, TIGTA identified significant risks with the theft of business Employer Identification Numbers for the purpose of obtaining fraudulent refunds.²⁰ Although the IRS has done much to filter out fraudulent tax returns, identity theft still poses a significant threat to tax administration, and CI plays a crucial role in deterring identity thieves. CI should consider enhancing its role in addressing identity theft rather than diminishing it further.

Recommendation

Recommendation 1: The Chief, CI, should request that the Director, Modernization Development and Delivery, W&I Division, develop a process for transferring taxpayer-initiated cases to STARS for scheme development and CI case consideration.

Criminal Investigation's Coordination and Documentation of Internal Identity Theft Referrals Need Improvement

For CI to increase the quality and quantity of identity theft investigations, an effective partnership with other IRS operating divisions and business functions is needed to support a successful fraud referral process. CI's primary objective is the prosecution, conviction, and incarceration of individuals who violate criminal tax laws and commit related offenses. The fraud referral process helps facilitate this objective, and these referrals are an important source of information for CI regarding potential criminal tax violations.

Figure 3 shows that in FY 2017, 63 percent of the investigations initiated came from the USAO or other government agencies and another 20 percent came from within the IRS. For the IRS-initiated investigations, CI officials stated that most criminal case referrals come from its special agents in the field, but identity theft referrals are occasionally received from IRS business functions. IRS guidance instructs compliance function employees to submit fraud referrals to the respective CI field office using Form 2797, Referral Report of Potential Criminal Fraud Cases.²¹ The date the CI field office receives the referral is to be noted on the Form 2797 and entered as the initiation date field in the CIMIS.²² The fraud referral is assigned to a special agent, who is to hold an initial conference with the referring compliance employee and the advisor within 10 workdays to discuss the referral's merits. After this initial meeting and further research, CI must decide whether to accept or decline the fraud referral within 30 workdays from the fraud referral's receipt. If CI accepts the referral, it is elevated to an investigation and feedback is provided to the compliance function on the Form 2797. In some instances, CI will not pursue a criminal investigation * * * 2 * * *

If the fraud referral is declined, the declination decision and date are entered in the disposition date field on the Form 2797 and in the closed status date field in the CIMIS. The special agent writes and provides a declination memorandum to the referring operating division's Fraud Technical Advisor manager detailing the reasons. Compliance function employees in the referring operating division are to resume normal case processing, which may include applying a civil fraud penalty.

In FY 2016, CI received 328 fraud referrals from other divisions and functions within the IRS.²³ CI accepted 221 (67 percent) of the 328 referrals and rejected 113 referrals.²⁴ In FY 2016, CI reported that the IRS's Small Business/Self-Employed (SB/SE) Division submitted an overwhelming majority of fraud referrals. Specifically, for the 328 fraud referrals for FY 2016:

• 312 (95 percent) originated from the SB/SE Division.²⁵

• * * * 1 * * *²⁶

• * * * 1* * *

• * * * 1 * * *

IRS employees can also flag questionable tax returns as potential fraud or identity theft cases by submitting them in what the IRS calls the “funny box” at the processing campuses. CI management advised us in April 2019 that CI used to be responsible for reviewing the funny box submissions; however, CI ceded the review of these referrals to W&I Division RICS organization employees. If these returns are in fact confirmed as fraud or instances of identity theft, the returns are transferred to the STARS database for consideration by CI's scheme development process. However, CI personnel no longer review individual funny box submissions.

It is every Federal employees' duty to report fraud to the appropriate authorities.²⁷ Given this requirement, the appropriate authorities should establish processes to receive such reports. None of the fraud or identity theft referrals originated from the Taxpayer Advocate Service (TAS), and only two from the W&I Division, the IRS's largest division (which is responsible for processing all returns). While the fraud referral guidance previously described covers the submission and selection of fraud referrals from compliance employees, it does not address fraud referrals received from employees who work with identity theft cases such as those in TAS and the W&I Division.

A referral process between CI and TAS is needed

TAS cited identity theft as one of its top issues in several Annual Reports to Congress during FYs 2013 through 2017. Figure 10 shows the number of TAS identity theft case closures during those five fiscal years.

Figure 10: TAS Identity Theft Case Closures for FYs 2013 Through 2017

Fiscal Year	TAS Closures	Identity Theft Closures
		Total28	W&I Division	SB/SE Division
2013	249,372	69,530	56,763	12,753
2014	222,974	46,334	33,718	12,609
2015	227,512	54,849	38,295	16,551
2016	221,312	45,492	29,553	15,930
2017	167,687	24,540	14,623	9,908
Source: TIGTA analysis of TAS's case closure data for FYs 2013 through 2017 as reported in TAS Business Performance Reports.

We determined that 44 percent of approximately 45,000 cases TAS closed in FY 2016 were confirmed as identity theft as indicated on the taxpayer's account. TAS management affirmed that not all of its identity theft cases (56 percent of approximately 45,000 cases) are confirmed incidents and explained that its identity theft cases are identified as Primary Core Issue Code 425, indicating that identity theft processes have in some way affected the taxpayer or the taxpayer's account or have contributed to the issue bringing the taxpayer to TAS.

Although many TAS cases may result in confirmed identity theft, TAS management stated that they refer very few identity theft leads to CI. Management said that TAS personnel previously faced challenges in referring issues to CI.

When discussing the need for a referral process, TAS stated that it does not have current procedures regarding the preparation and routing of identity theft referrals to CI unless the account is already under CI control. During interviews with seven case advocates, four of them never referred an identity theft case to CI and two of the four were unaware of any referral process. Three case advocates said that, if an identity theft referral was needed, they would forward it to either the IDTVA organization or Submission Processing. According to TAS management, it has pending guidance awaiting clearance that addresses confidentiality and disclosures related to identity theft. The guidance lists multiple scenarios a TAS employee may encounter when working an identity theft case and provides guidance on making disclosures. TAS identity theft cases generally do not have CI involvement; however, there will be instances when TAS should communicate potential identity theft concerns to CI (such as when TAS employees are aware of a perpetrator's identity), and a referral process will promote the sharing of critical information for timely action to be taken.

Improved coordination between CI and the W&I Division is needed

We previously discussed that most of the W&I Division's taxpayer-initiated identity theft returns are not available for review in STARS. W&I Division is responsible for the RICS and IDTVA programs. While CI management stated that very few referrals received from the IRS's other functions involve identity theft, our analysis showed that referrals from W&I Division's RICS and IDTVA programs were not always received and adequately documented. In June 2012, the RICS organization initiated the Fraud Referral Database process, which was created to evaluate potential tax issues (including identity theft) that IRS employees identified for which there is no treatment stream. Although any IRS employee may submit a Fraud Referral Database referral, most originate within the W&I Division. The referring employee's manager submits the referral to the business function's referral coordinator who inputs it into the Fraud Referral Database. RICS organization personnel review the referrals to identify fraud patterns and return characteristics. RICS organization personnel also send referral summaries and return lists to CI's Scheme Development Center for consideration if referral criteria are met. For example, in

FY 2016, the RICS organization sent 13 of its 32 database referrals to CI for consideration. For the 13 leads sent to CI for consideration, four were potentially related to identity theft and four were not.²⁹ We were unable to determine if the remaining five referrals showed identity theft characteristics based on the documentation provided. Our analysis of the four potential identity theft referrals found that:

• Two referrals did not meet CI's referral criteria, and CI had no written record of its decision or a documented review of the referrals. Thus, these returns were not input into STARS.

• For two other referrals, CI transferred the returns to STARS.

CI also stated that it did not receive four of the remaining five Fraud Referral Database referrals that the RICS organization stated it had forwarded to CI, nor could the RICS organization provide evidence such as e-mails to prove the referrals were sent. Moreover, CI did not provide any documented evidence of its review of any of the referrals it claims were received from the RICS organization.

The W&I Division's IDTVA organization is tasked with resolving identity theft cases, including those initiated by taxpayers. As with the employees in TAS, IDTVA organization employees are in a position to identify information that law enforcement may be able to act upon. While the IDTVA organization could only identify one recent identity theft referral it made to the RICS organization, the significant enforcement impact of that referral demonstrates the importance of ensuring that referral processes exist and are working effectively. In this case, which was referred in February of 2017, IDTVA organization employees identified fraudulent returns filed by identity thieves who routed partial refunds to victims' bank accounts and the remaining amounts to themselves. The IDTVA organization's one referral resulted in the RICS organization adjusting its return processing filters and placing 7,613 returns on its Dynamic Selection List.³⁰ The RICS organization stated that 4,135 returns (claiming nearly $18.3 million in refunds) of the 7,613 returns were categorized as potential identity theft and placed in the Taxpayer Protection Program, which stops the refund until the legitimate taxpayer is identified.³¹

While this single referral had significant enforcement impact, its impact could have been more significant if all of these fraudulent returns were placed into STARS. Our analysis found that 2,552 of the 7,613 returns were confirmed as identity theft; yet, the RICS organization provided us with a list showing that only 1,870 of the 2,552 returns were transferred to STARS (we concluded that 682 were not).³² Using Master File data to research the returns not transferred to STARS, we identified 583 taxpayers (71 were duplicate records and 20 had both IRS-identified and taxpayer-identified identity theft codes on the tax accounts) that claimed nearly $1.6 million in refunds with confirmed identity theft activity. When asked why tax returns associated with 583 Taxpayer Identification Numbers were not transferred to STARS, CI management responded that not all Taxpayer Identification Numbers on the Dynamic Selection List with an identity theft marker are necessarily in STARS.³³ CI stated that it is possible for a victim's case to be worked in the IDTVA organization and never get transferred to STARS.

The IDTVA organization has no process in place to submit identity theft referrals to CI, and IDTVA organization management confirmed that the organization does not generally share information with CI nor has CI asked it to refer identity theft cases. The IDTVA organization works closely with the RICS organization to identify potential identity theft because the RICS organization has the ability to identify identity theft characteristics using return data elements. The RICS organization included information about the IDTVA organization's referral in its April 2017 Return Review Program summary document, which key RICS organization personnel stated was presumably sent to various IRS business units including CI.

Weak documentation and coordination between CI and other IRS business functions to refer potential identity theft referrals is partly a result of CI's lack of a written process for employees in other functions who work identity theft cases to submit identity theft referrals for criminal case consideration. CI officials stated that CI field offices work closely with the compliance areas in the SB/SE Division, e.g., the Collection and Examination functions, regarding general tax fraud referrals, and very few of them involve identity theft. CI also provides guidance and feedback to compliance areas as to what CI is looking for in general tax fraud referrals. However, unlike the Collection and Examination functions, the IDTVA organization was established specifically to work identity theft cases and yet there is no formal process for its employees to make identity theft referrals to CI.

When there is no formal process to receive and review identity theft referrals from all IRS business functions, potential tax fraud and identity theft referrals that employees submit are not always acted upon. There is also a continued risk of the IRS issuing fraudulent refunds to identity thieves even in instances that may have been previously identified and avoidable. In addition, CI's established fraud referral guidance is silent about referrals received from employees in other functions who work identity theft cases. We attribute the low number of fraud referrals from these other functions to the absence of written procedures instructing employees to route potential identity theft violations to CI. Both TAS and IDTVA organization officials confirmed that their business functions have no formal procedures in place to submit identity theft referrals to CI.

Recommendations

Recommendation 2: The Chief, CI, should develop a process for employees who work identity theft cases such as TAS and the W&I Division's IDTVA organization to submit quality identity theft referrals and fraud referrals to CI.

Recommendation 3: The National Taxpayer Advocate should finalize and disseminate to employees its guidance on routing identity theft referrals to CI.

While Some Identity Theft Cases Were Discontinued or Declined for Prosecution, Enforcement Actions Were Taken on Related Cases

We previously reported a concern that the average number of days for a special agent to determine that a case did not contain prosecution potential steadily increased.³⁴ In FY 2016, it took an average of 540 days (1.5 years) to determine that there was no prosecution potential. Comparatively, the average number of days for special agents to refer a case for prosecution was 313 days in FY 2016. The investigative resources in FY 2016 expended on discontinued cases were significant, as it took an average of 227 more days than for cases referred for prosecution.

From the CIMIS database, we identified 268 identity theft investigations that were closed during FY 2016. This total is comprised of 196 identity theft cases that were discontinued by CI and 72 identity theft cases that were referred to the USAO but were declined. From the population of 268 cases, we selected a random sample of 86 cases for review.³⁵

After reviewing 60 of the selected sample cases, we determined that the cases were properly closed. Specifically, the special agents responsible for the cases included sufficient information in the discontinued or prosecution declined memorandums to show the reasons for closing the investigations. For the 60 selected cases, we reviewed the available documents that were used to initiate the investigation, support the allegation of criminal activity, and report discontinuance of the investigation or decline prosecution of the referral to the USAO.

CI procedures provide that when a special agent determines that there appears to be no prosecution potential in an investigation or evidence cannot be obtained to support a prosecution recommendation, the special agent will recommend that CI withdraw from the investigation. CI requires the special agent to input the reason the case was closed in the CIMIS. Special agents are able to input more than one reason code for each case. The reasons why cases are closed are displayed in alphabetical order in the CIMIS, so we were unable to determine the primary reason used to close each case. However, Figure 11 shows that the top three reason codes used to close our 60 sample cases were: * * * 2 * * *

Figure 11: Special Agent Explanations For Closing Cases in Selected Sample

* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * *2 * * *36	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *

Although the 60 cases we reviewed were discontinued or the Department of Justice declined prosecution, enforcement actions were taken by CI or other law enforcement organizations for 32 investigations that were related to the cases in our sample. Some examples of these enforcement activities include:

• 23 cases for which other subjects were arrested, indicted, or sentenced for involvement in fraudulent refund schemes.

• 9 cases for which State law enforcement agencies arrested or imprisoned the subject for identity theft or nontax crimes.

For 52 of the 60 cases reviewed, the special agents received assistance from analysts in the Scheme Development Centers. For 40 of the cases, the special agents requested assistance from Scheme Development Center analysts, and for the other 12 cases, Scheme Development Center analysts submitted referrals for the field offices to determine if the refund scheme information met criteria to start an investigation.

---

Appendix I
Detailed Objective, Scope, and Methodology

The overall objective of this review was to evaluate CI's efforts in identifying, investigating, and prosecuting tax-related identity theft cases. To accomplish this objective, we:

I. Assessed CI's efforts to identity tax-related identity theft cases and ensure that taxpayers are investigated to prevent tax-related identity theft, including refund fraud and employment-related fraud.

II. Assessed the effectiveness of CI's identity theft program in respect to referrals from within the IRS.

III. Determined whether CI instituted procedures to assess and monitor the effectiveness and timeliness of its review of tax-related identity theft fraud cases.

Data validation methodology

During this review, we relied on data provided to us by the IRS for identity theft and fraudulent returns transferred to the Scheme Tracking and Referral System in Calendar Year 2016 as of February 6, 2018, and April 20, 2018. We validated this information by selecting random samples from STARS data and comparing them to data obtained from the IRS's Integrated Data Retrieval System. We also obtained Taxpayer Information Number data related to TAS identity theft cases processed in 2016. We validated this information by comparing it to the IRS's Integrated Data Retrieval System. We also obtained 2016 data from the IRS's Fraud Referral Database, which contained information on referrals the Return Integrity Compliance Services submitted to CI for review. For those returns the IRS stated were transferred to STARS, we compared the referral data to STARS screen-prints evidencing the transfer. Finally, we obtained data associated with Taxpayer Information Numbers pushed to the IRS's 2017 Dynamic Selection List, which are returns flagged in IRS systems that allow the SSN to be recognized as potentially compromised in response to an identity theft referral. Before relying on the data, we selected a random sample from the list and verified that the data were reflective of the data captured in the IRS's Integrated Data Retrieval System. Based on the results of our testing, we believe that the data used in our review were reliable.

Internal controls methodology

Internal controls relate to management's plans, methods, and procedures used to meet their mission, goals, and objectives. Internal controls include the processes and procedures for planning, organizing, directing, and controlling program operations. They include the systems for measuring, reporting, and monitoring program performance. We determined the following internal controls were relevant to our audit objective: IRS policies, procedures, and practices for determining whether identity theft investigations are timely processed and monitored. We evaluated these controls by reviewing source materials, interviewing management, and reviewing a random sample of 60 identity theft subject criminal investigations that were discontinued or referred for prosecution by CI but declined and closed in FY 2016.

---

Appendix II
Major Contributors to This Report

Matthew A. Weir, Assistant Inspector General for Audit (Compliance and Enforcement Operations)

Christina Dreyer, Director

Timothy Greiner, Audit Manager

Gwendolyn Green, Lead Auditor

Jamelle Pruden, Lead Auditor

---

Appendix III
Report Distribution List

Deputy Commissioner for Services and Enforcement

Chief, Criminal Investigation

Commissioner, Wage and Investment Division

Chief of Staff, Criminal Investigation

Deputy Director, Operations Policy and Support, Criminal Investigation

Director, Modernization Development and Delivery, Wage and Investment Division

Director, Operations Support, Wage and Investment Division

Director, Return Integrity and Compliance Services, Wage and Investment

Division Director, Enterprise Audit Management

---

Appendix IV
Outcome Measures

This appendix presents detailed information on the measurable impact that our recommended corrective actions will have on tax administration. These benefits will be incorporated into our Semiannual Report to Congress.

Type and Value of Outcome Measure:

• Reliability of Information — Potential; 98,773 returns confirmed as taxpayer-initiated identity theft were not transferred to the CI STARS database for scheme development (see page 10).

Methodology Used to Measure the Reported Benefit:

We identified 133,898 taxpayer-identified identity theft returns claiming $175 million in refunds that were not transferred to CI's STARS for scheme development. We identified these returns by comparing the IRS's list of all returns transferred to STARS database in 2016 to the

143,934 unreversed taxpayer-initiated identity theft returns processed during 2016 that we extracted from the Individual Master File.¹ CI stated that 35,125 of these returns were previously transferred to STARS.² As a result, our outcome is calculated by subtracting 35,125 from the 133,898 equaling 98,773 that claimed $104 million in refunds.

Type and Value of Outcome Measure:

• Reliability of Information — Potential; 583 taxpayers with returns confirmed as identity theft were not transferred to the CI STARS database for scheme development (see page 13).

Methodology Used to Measure the Reported Benefit:

We identified 583 taxpayers associated with returns claiming nearly $1.6 million in refunds that were not transferred to CI's STARS for scheme development. We identified these taxpayers by comparing the IRS's list of Taxpayer Identification Numbers transferred to its Dynamic Selection List.

---

Appendix V
Fiscal Year 2017 Field Office Minimum Loss Referral Criteria

* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *.

* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *	* * * 2 * * *	* * * 2 * * *
* * * 2 * * *.

---

Appendix VI
Identity Theft Investigations Initiated, by Field Office, for Fiscal Years 2013 and 2017

Field Office	FY 2013	FY 2017	Decrease From FY 2013 to FY 2017	Percentage of Decrease
Atlanta	186	33	153	82%
Boston	49	7	42	86%
Charlotte	42	23	19	45%
Chicago	38	21	17	45%
Cincinnati	30	6	24	80%
Dallas	23	14	9	39%
Denver	12	3	9	75%
Detroit	16	14	2	13%
Houston	23	11	12	52%
Las Vegas	24	* * * 1 * * *	* * * 1 * * *	* * * 1 * * *
Los Angeles	90	18	72	80%
Miami	286	60	226	79%
Nashville	52	21	31	60%
New Orleans	77	4	73	95%
New York	113	18	95	84%
Newark	25	8	17	68%
Oakland	37	6	31	84%
Philadelphia	37	17	20	54%
Phoenix	12	11	1	8%
San Antonio	10	7	3	30%
Seattle	11	7	4	36%
St. Louis	25	10	15	60%
St. Paul	31	9	22	71%
Tampa	198	29	169	85%
Washington, DC	45	15	30	67%
Source: TIGTA analysis of data provided by CI.

---

Appendix VII
Management's Response to the Draft Report

July 18, 2019

MEMORANDUM FOR
MICHAEL E MCKENNEY
DEPUTY INSPECTOR GENERAL FOR AUDIT

FROM:
Don Fort
Chief
Criminal Investigation

SUBJECT:
Draft Audit Report — Criminal Investigation Should Increase its Role in Enforcement Efforts Against Identity Theft (Audit # 201730026)

Thank you for the opportunity to review and comment on the subject draft report. IRS Criminal Investigation's (CI) mission is to serve the American public by investigating potential criminal violations of the Internal Revenue Code, and related financial crimes, in a manner that fosters confidence in the tax system and compliance with the law CI is the only federal agency with jurisdiction to investigate Title 26 Federal tax offenses. These crimes cover a broad range of schemes and offenses against both taxpayers and the Federal government, including identity theft, all of which are of significant priority to CI. Tax-related identity theft occurs when an individual uses another person's name and taxpayer identification number to file a fraudulent tax return, oftentimes to generate a refund to which the perpetrator is not entitled.

CI regularly assesses its coverage of all program areas to ensure a balanced approach to initiating Subject Criminal Investigations. CI utilizes Direct Investigative Time (DIT) to assess its' level of involvement and commitment to each program area which is the most accurate qualitative measure. Relying upon a quantitative measure, such as the number of Subject Criminal Initiations, Completions, Convictions and etc., ignores many critical factors that must be considered to understand the full scope of CI's work. Factors such as the number of targets, complexity of schemes, multi-agency involvement and foreign-jurisdiction evidence-gathering needs are ignored when solely utilizing quantitative data points to measure investigative efforts.

Tax-related identity theft fraud has evolved over time, and continues to evolve, as unscrupulous individuals work tirelessly to discover IRS's detection mechanisms and thresholds. Schemes are now being perpetuated by criminal organizations with multiple players versus individual actors as we've seen in the past. This change in behavior affects the number of identity theft investigations initiated, as CI's approach to combatting this fraud has shifted to effectively address these new and emerging threats. CI has shifted its resources to focus on more sophisticated and complex schemes, involving many of the investigative-characteristics discussed above; thereby, increasing the time it takes investigate and subsequently support during judicial processes. These factors, coupled with declining resources, limits CI's capacity with regard to the number of investigations initiated, generally. However, strong partnerships with many internal and external stakeholders have enhanced the Service ability to address identity theft incidents real-time.

The audit report focuses on the reduction in the number of identity theft-related investigations initiated. As previously mentioned, DIT is the performance indicator that most accurately captures the effort CI dedicates to any given program area. There was less than a 5% (4.6%) reduction in DIT from Calendar Year 2013 to Calendar Year 2017. For context, Calendar Year 2013 was an anomaly with regard to the amount of direct investigative time dedicated to identity theft cases. This was the year in which IRS saw a significant spike in identity theft fraud. As such, CI advises against utilizing 2013 as the base year to measure performance over time.

The 4.6% reduction in DIT comports with the overall trends for both IRS and Taxpayer identified identity theft incidences. In 2013 (the peak of identity theft fraud), there were approximately 2,416,773 taxpayers whom were victims of IDT. However, in 2017, this number decreased to approximately 856,739, representing a 64.5% decrease in the number of taxpayers identified to be victims of identity theft. Similarly, there was a 63% reduction in the number of IRS-identified incidents during the same time period. This decline is attributable to Service-wide enforcement and revenue protection efforts. CI's successful identification, development, and completion of the most significant identity-theft schemes, the subsequent prosecutions of said schemes, and strong sentences imposed on the perpetrators of these schemes have sent a strong deterrence message to would-be bad actors. Additionally, IRS's internal and external collaborative efforts, along with improved filters, early detection, incident response team, and etc. are also responsible for the overall reduction in tax-related identity theft.

Cl agrees that not all taxpayer-initiated identity theft incident tax returns are transferred into the Scheme Tracking and Referral System (STARS). TIGTA's initial audit results identified 133,898 returns that were potentially not transferred into STARS for calendar year 2016. Subsequent analysis conducted by CI identified 35,125 of the 133,898 population were found in the STARS database and considered during the scheme-development process; thereby, reducing this number to 98,773. This population of returns represents approximately 5.1% of all tax returns confirmed as identity in calendar year 2016. Although CI shares the philosophy that every confirmed identity theft return is integral to its fight to quell such fraud, we remain confident in the processes and procedures the Service has in place to identify identity theft fraud. As a result, more than 95% of all identity theft returns have consistently been identified and subsequently transferred into STARS.

Identity Theft will continue to be an investigative priority for IRS-CI. CI will continue to leverage data and information gathered, via its internal and external partners, to make smart decisions relative to the identification and development of high impact investigations across all program areas.

Attached is CI's comments and proposed responses to your recommendations. If you have any questions, please contact me, or a member of your staff may contact Akeia Conner, Executive Director, Refund and Cyber Crimes, at (202) 317-4636.

Attachments: TIGTA Audit #201730026 Recommendations

Recommendation 1

The Chief for CI, should request that the Director, Modernization Development and Delivery, W&l Division, develop a process for transferring taxpayer-initiated cases to STARS for scheme development and CI case consideration.

CORRECTIVE ACTION

Agree to request an assessment only:

Cl past and presently works extremely close and seamlessly with W&l. The level of identity theft deterrence accomplished to date, cited as 64.5%, in this report would not be possible without this partnership. Adequate response to this recommendation requires statement of a few pivotal points. There is affirmatively taxpayer identified identity theft returns in STARS. The returns found in STARS are a compilation of systemic and manual processes. As captured in the summary memorandum, there is a significant amount of returns, well beyond the sampling of this audit. More than 95% of all identity theft returns have consistently been identified and subsequently transferred into STARS. Additional analysis was presented to TIGTA as response to the agreement to fact and discussion draft documents. The overall understanding to outline is taxpayer initiated identity theft returns are in STARS and are accessible for scheme development and other protective treatments.

As stated above, CI agrees to request an assessment of the STARS database that will measure cost, impact, and estimated time; to ensure all taxpayer initiated returns are transferred into the database. CI, W&l, and IT will need to identify upgrades and estimate the level of effort and resource requirements to further expand existing processes. We will collectively continue to work daily to identify system and manual improvements that augment data processes. CI shares the philosophy that every confirmed identity theft return is integral to its fight to quell identity theft. CI remains confident in the processes and procedures the Service has in place to identify identity theft fraud.

IMPLEMENTATION DATE

October 15, 2020

RESPONSIBLE OFFICIAL

Executive Director, Refund Crimes

CORRECTIVE ACTION MONITORING PLAN

Monthly status discussion/meetings

RECOMMENDATION 2

The Chief for CI should develop a process for employees who work identity theft cases such as TAS and W&l's IDTVA organization to submit quality identity theft referrals and fraud referrals to CI.

CORRECTIVE ACTION

Disagree: Taxpayer Advocate Service provides IDT information to Return Integrity Compliance Services (RICS) as documented in the audit. CI works alongside RICS partnering on IDT in virtually every coordination aspect determined to date. This effort is continual and evolves as schemes and new mechanisms for schemes evolve. This close partnership provides CI access to RICS data which includes TAS information. W&l and CI have numerous information sharing methods have proven effective and support the real time response needed on IDT matters. The improvements in filters, response time, and overall revenue protection speak to their effectiveness. This coordination takes place through systems, working groups, and analysts. The various processes we have deployed suit the rapid nature of IDT and have allowed flexibility as schemes quickly change. The traditional referral process does not fully address the information exchange needed to sort the scheme dynamics and quickly get ahead to stop the fraud.

Taxpayer Advocate Service is currently working to finalize and disseminate its guidance on routing identity theft referrals to CI. W&l IDTVA will be addressed in the impact assessment requested in Recommendation 1. CI will review and contribute any assistance needed by the TAS and W&l organizations regarding identity theft referrals. These additions will increase existing procedures, providing coverage for any existing system fissures. Consequently, an additional process does not need to be created by CI.

Until the final process is disseminated, it should be noted there are also several other IRS-wide means of making identity theft fraud referral from within IRS and external to the Service. Forms that facilitate referral and direct information sharing are: Form 14039, Identity Theft Affidavit, and Form 3949, Information Report Referral.

IMPLEMENTATION DATE

N/A

RESPONSIBLE OFFICIAL

N/A

CORRECTIVE ACTION MONITORING PLAN

N/A

RECOMMENDATION 3

The National Taxpayer Advocate should finalize and disseminate to employees its guidance on routing identity theft referrals to CI.

CORRECTIVE ACTION

Agree. The Taxpayer Advocate Service agrees with this recommendation to finalize and disseminate guidance to employees on routing identity theft referrals to the Criminal Investigation division.

IMPLEMENTATION DATE

March 15, 2020

RESPONSIBLE OFFICIAL

Executive Director, Case Advocacy

CORRECTIVE ACTION MONITORING PLAN

N/A