All material subject to strictly enforced copyright laws. © 2022 ITR is part of the Euromoney Institutional Investor PLC group.

Inside the Revenue Service: What does the IRS do with your data?


The US Internal Revenue Service (IRS) is, in many ways, typical of tax authorities around the world – it’s not as well-resourced as it once was. It is being asked to do more with less, and it is turning to data analytics to help it better identify where it should focus its attention.


Software has advanced rapidly in the past few years to the extent that large-scale data analysis can now identify specific markers in tax filings that can help to detect companies that should be audited. Not all authorities are leveraging this technology effectively yet, but there is no doubt that they will.

"Something that's been increasingly important in the work we do here in the IRS and LB&I is the use of advanced data analytics to understand what is happening," says Doug O'Donnell, head of the large business and international tax (LB&I) division at the IRS. "It is amazing to think that we could ask a few questions of the data that could help us look across the whole filing population that we're responsible for."

How will tax authorities use taxpayer data in the future?

In the old world of cash transactions and paper documents, assets could be easily hidden and tax avoided. But in today's digital era, the tax authorities are able to use data analytics to shine a spotlight on taxpayers who may be hiding assets. So, what are tax authorities doing with the data?

"A lot of the discussion centres on what the effective ways to identify risk are," says O'Donnell. "With financial accounts, for example, you can imagine we'd be talking to one another about where we expected to see information reported, but didn't."

"You see a lot of investment by persons from the United States in 'X' jurisdiction, but very low reporting accounts from that jurisdiction," he adds. "Or you see financial institutions that are not reporting that you think should be. It's about looking for the things that aren't there."

The capability to better analyse data comes at a time when tax authorities will soon have more data available to them than ever before. Country-by-country reporting (CbCR), the Foreign Account Tax Compliance Act (FATCA), automatic exchange of information (AEOI), the common reporting standard (CRS) and numerous other initiatives mean vast amounts of data will be at the fingertips of tax officers everywhere. Advanced data analytics tools and artificial intelligence are the only feasible options to analyse it.

Last year, accountancy firm EY ran a campaign on digital awareness entitled "Are tax authorities better at analytics than you?" The answer, in most cases, is a resounding yes. The good news is that this isn't necessarily a bad thing for taxpayers.

"In the CbCR environment… the OECD countries and a number of others that are participating in the inclusive framework have begun to talk about how this information will be used, and there's a small pilot that was started in January called the International Compliance Assurance Programme – ICAP," says O'Donnell.

The idea behind ICAP is to see if it is possible to use CbCR data multilaterally, with taxpayers, to identify which areas of their businesses do not merit further enquiry by tax authorities. Remaining areas of the business could then be audited as usual, or companies and authorities could work together to forge advance pricing agreements (APAs), for example.

The notion is not so much to use data to build cases against large multinational taxpayers, but to better understand their business models and cooperate with them to minimise fruitless work. An audit of a fully compliant company is a waste of time for both parties.

"The idea is to try and improve risk detection and rapidly determine what to do about risks that are present, while stepping away from those that we believe are not worth responding to," says O'Donnell.

In the first part of our cover story, O'Donnell speaks exclusively to ITR in an in-depth interview exploring a wide range of the large business and international division's functions, and detailing how his department identifies risk.


Double-edged data sword

The problem with all of this data, once the tools to establish it and the way to use it are determined, is keeping it safe.

Tom Brandt, chief risk officer at the IRS, says data breaches at external entities is now on its risk register. The concern "manifested itself last fall with a data breach at Equifax," he tells ITR in another exclusive interview.

On September 8 2017, Equifax, a US-based credit report company, announced that it had been the victim of a criminal cyberhack. Data including social security numbers, home addresses and dates of birth were taken, with more than 145 million customers in the US, Canada and the UK affected. The company's stock dropped 35% in just six business days, as the company's core business was compromised.

"We had identified that as one of our top risks in last year's risk assessment over the summer, and then that manifested much more quickly than we expected," says Brandt.

By November, Equifax was on the receiving end of a 50-state class action lawsuit. Its potential future liabilities mean its share price has still not recovered.

In February 2018, the company announced that hackers had taken more data than initially thought, with tax identification numbers also stolen.

The IRS has also been a victim of cybercriminals. In 2015, hackers coupled information they had gleaned elsewhere with the functionality of the IRS's website to gain access to more than 700,000 taxpayer accounts and fraudulently claim tax rebates.

Learning from its mistake, the IRS is keen to present itself as a secure organisation, and its "Don't Take the Bait" campaign to keep taxpayers safe is just one example of its efforts.

In the second part of our cover story, Brandt talks through an array of risks that the IRS faces, from tight resources to US tax reform and, of course, data risks and cybersecurity.

He also speaks about his time as the head of the tax administration unit at the OECD's Forum on Tax Administration and the guidelines the IRS and OECD are putting in place to keep taxpayer data safe in the new collaborative international tax environment.


Doug O’Donnell interview

Doug O’Donnell speaks to Joe Stanley-Smith about how he runs his large business and international department in the rapidly changing arenas of US and international tax.


Tom Brandt interview

Joe Stanley-Smith sits down with Tom Brandt, chief risk officer at the IRS, to discuss managing budget cuts, tax reform and the growing threat of cybersecurity.

more across site & bottom lb ros

More from across our site

Several tax chiefs shared their administrations’ latest digital identity tracking systems and other tax technologies at the OECD’s annual meeting of authorities.
Businesses welcome the UK’s decision to scrap the IR35 reforms but are not happy about the time and money they have wasted to date.
Energy ministers agreed on regulations including a windfall tax on fossil fuel companies to address high gas prices at an extraordinary Council meeting on September 30.
The European Parliament raises concerns over unanimity in voting on pillar two, while protests break out over tax reform in Colombia.
Ramesh Khaitan speaks to reporter Siqalane Taho about tax morality, transfer pricing regulations, Indian tax developments, and the OECD’s two-pillar solution.
Join ITR and KPMG China at 10am BST on October 19 as they discuss the personal, employment, and corporate tax-related implications of employees working from overseas.
Tricentis and Boehringer Ingelheim, along with a European Commission TP specialist, criticised the complexity of pillar one rules and their scope at an ITR event.
Speakers at ITR’s Managing Tax Disputes Summit said taxpayers can still face lengthy TP audits, despite strong documentation preparation
Gig economy companies in New Zealand will need to fully account and become liable for the goods and services tax of underlying suppliers on their platforms, under new proposals.
Join ITR and Thomson Reuters at 2pm (UAE) / 11am (UK) on October 13 as they discuss how businesses can prepare for Tax Administration 3.0 and future-proof against changes such as e-invoicing and increasing digitisation.
We use cookies to provide a personalized site experience.
By continuing to use & browse the site you agree to our Privacy Policy.
I agree