Copying and distributing are prohibited without permission of the publisher

Inside the Revenue Service: What does the IRS do with your data?

21 March 2018

Email a friend
  • Please enter a maximum of 5 recipients. Use ; to separate more than one email address.


The US Internal Revenue Service (IRS) is, in many ways, typical of tax authorities around the world – it’s not as well-resourced as it once was. It is being asked to do more with less, and it is turning to data analytics to help it better identify where it should focus its attention.

Software has advanced rapidly in the past few years to the extent that large-scale data analysis can now identify specific markers in tax filings that can help to detect companies that should be audited. Not all authorities are leveraging this technology effectively yet, but there is no doubt that they will.

"Something that's been increasingly important in the work we do here in the IRS and LB&I is the use of advanced data analytics to understand what is happening," says Doug O'Donnell, head of the large business and international tax (LB&I) division at the IRS. "It is amazing to think that we could ask a few questions of the data that could help us look across the whole filing population that we're responsible for."

How will tax authorities use taxpayer data in the future?

In the old world of cash transactions and paper documents, assets could be easily hidden and tax avoided. But in today's digital era, the tax authorities are able to use data analytics to shine a spotlight on taxpayers who may be hiding assets. So, what are tax authorities doing with the data?

"A lot of the discussion centres on what the effective ways to identify risk are," says O'Donnell. "With financial accounts, for example, you can imagine we'd be talking to one another about where we expected to see information reported, but didn't."

"You see a lot of investment by persons from the United States in 'X' jurisdiction, but very low reporting accounts from that jurisdiction," he adds. "Or you see financial institutions that are not reporting that you think should be. It's about looking for the things that aren't there."

The capability to better analyse data comes at a time when tax authorities will soon have more data available to them than ever before. Country-by-country reporting (CbCR), the Foreign Account Tax Compliance Act (FATCA), automatic exchange of information (AEOI), the common reporting standard (CRS) and numerous other initiatives mean vast amounts of data will be at the fingertips of tax officers everywhere. Advanced data analytics tools and artificial intelligence are the only feasible options to analyse it.

Last year, accountancy firm EY ran a campaign on digital awareness entitled "Are tax authorities better at analytics than you?" The answer, in most cases, is a resounding yes. The good news is that this isn't necessarily a bad thing for taxpayers.

"In the CbCR environment… the OECD countries and a number of others that are participating in the inclusive framework have begun to talk about how this information will be used, and there's a small pilot that was started in January called the International Compliance Assurance Programme – ICAP," says O'Donnell.

The idea behind ICAP is to see if it is possible to use CbCR data multilaterally, with taxpayers, to identify which areas of their businesses do not merit further enquiry by tax authorities. Remaining areas of the business could then be audited as usual, or companies and authorities could work together to forge advance pricing agreements (APAs), for example.

The notion is not so much to use data to build cases against large multinational taxpayers, but to better understand their business models and cooperate with them to minimise fruitless work. An audit of a fully compliant company is a waste of time for both parties.

"The idea is to try and improve risk detection and rapidly determine what to do about risks that are present, while stepping away from those that we believe are not worth responding to," says O'Donnell.

In the first part of our cover story, O'Donnell speaks exclusively to ITR in an in-depth interview exploring a wide range of the large business and international division's functions, and detailing how his department identifies risk.

Double-edged data sword

The problem with all of this data, once the tools to establish it and the way to use it are determined, is keeping it safe.

Tom Brandt, chief risk officer at the IRS, says data breaches at external entities is now on its risk register. The concern "manifested itself last fall with a data breach at Equifax," he tells ITR in another exclusive interview.

On September 8 2017, Equifax, a US-based credit report company, announced that it had been the victim of a criminal cyberhack. Data including social security numbers, home addresses and dates of birth were taken, with more than 145 million customers in the US, Canada and the UK affected. The company's stock dropped 35% in just six business days, as the company's core business was compromised.

"We had identified that as one of our top risks in last year's risk assessment over the summer, and then that manifested much more quickly than we expected," says Brandt.

By November, Equifax was on the receiving end of a 50-state class action lawsuit. Its potential future liabilities mean its share price has still not recovered.

In February 2018, the company announced that hackers had taken more data than initially thought, with tax identification numbers also stolen.

The IRS has also been a victim of cybercriminals. In 2015, hackers coupled information they had gleaned elsewhere with the functionality of the IRS's website to gain access to more than 700,000 taxpayer accounts and fraudulently claim tax rebates.

Learning from its mistake, the IRS is keen to present itself as a secure organisation, and its "Don't Take the Bait" campaign to keep taxpayers safe is just one example of its efforts.

In the second part of our cover story, Brandt talks through an array of risks that the IRS faces, from tight resources to US tax reform and, of course, data risks and cybersecurity.

He also speaks about his time as the head of the tax administration unit at the OECD's Forum on Tax Administration and the guidelines the IRS and OECD are putting in place to keep taxpayer data safe in the new collaborative international tax environment.

Doug O’Donnell interview

Doug O’Donnell speaks to Joe Stanley-Smith about how he runs his large business and international department in the rapidly changing arenas of US and international tax.

Tom Brandt interview

Joe Stanley-Smith sits down with Tom Brandt, chief risk officer at the IRS, to discuss managing budget cuts, tax reform and the growing threat of cybersecurity.






International Correspondents