IRS identity theft enforcement activities plummet
- By Derek B. Johnson
- Sep 03, 2019
In the latest sign that enforcement of criminal tax laws have been deprioritized, a new audit from the Treasury Inspector General for Tax Administration found that identity theft cases opened by the IRS has dropped by more than 75% since 2013.
The IRS started more than 1,400 identity theft investigations and statue violations in 2013; by 2017 the number was just over 350. According to auditors, the number of annual identity theft investigations opened by the IRS dropped from 263 in 2013 to just 75 in 2017. The decline "reflects a strategic reallocation of resources" at the agency, and those figures likely underestimate the scope of the drop, the report said. IRS officials told auditors in 2018 that they planned to further shift resources away from identity theft cases to help with traditional tax work.
Like other parts of IRS, the Criminal Investigations Division has been squeezed over the past decade, losing more than 380 special agents (15% of the division's total workforce) over that time period. While that could explain some of the decline, TIGTA auditors noted that the total number of investigations initiated and closed by IRS fell much further, suggesting there may be additional contributing factors. Furthermore, while all categories of investigations dropped over the same time frame, identity theft cases fell far more sharply than others.
In a response attached to the audit, Don Fort, chief of the Criminal Investigation Division, said the statistics TIGTA used do not accurately reflect the changing identity fraud landscape, where individual criminals have given way to larger organizations with multiple players. The report "ignores many critical factors" that affect the topline numbers, he said.
"Factors such as the number of targets, complexity of schemes, multi-agency involvement and foreign-jurisdiction evidence-gathering needs are ignored when solely utilizing quantitative data points to measure investigative efforts," Fort wrote.
While only briefly mentioned in the report, the role of newer, automated fraud detection programs, like the Return Review Program, may be catching and stopping a portion of identity theft cases that might have once matured into criminal investigations.
Terry Milholland, who served as IRS chief technology officer between 2008 and 2016, said that discussions between the IT and business sides of the agency at the time of the downturn were focused less on investigating identity theft after the fact ("a labor intensive exercise") and more on leveraging technology to stop attempts before an incident triggered a criminal investigation.
"Prevention became the area of focus, thus development and deployment of [the Return Review Program], web tools, web accounts for taxpayers and earlier identification of potential ID theft before a return was accepted for processing," Milholland told FCW in an email. "These paid off as once it became harder to fool the tax processing systems, fraudulent ID theft would drop off."
Milholland also speculated that the agency could be compensating for reduced staff by homing in on larger fraud cases. The audit corroborates that theory, as IRS officials said they want to refocus their reduced workforce on "bringing the most sophisticated tax cases to the U.S. Department of Justice for prosecution."
The IRS isn't alone in seeing a decline in identity theft enforcement. The tax agency constitutes only one part of the nation's overall case load, along with investigations housed at U.S. Attorneys Offices and other federal and state agencies. The TIGTA audit found that other stakeholders who rely on the IRS to develop leads have experienced similar drops in enforcement numbers. For example, hundreds of identity theft cases pursued by U.S. Attorneys every year are actually first initiated by the IRS. Over the same time period, U.S. Attorneys went from processing 862 identity theft cases in 2013 to just 236 such cases in 2017.
The drop follows a more-general trend of enforcement activities taking a backseat at the IRS amid a decade of budget and personnel cuts. Major pieces of legislation with tax implications, such as the Affordable Care Act and Tax Cuts and Jobs Act, have also required significant reallocation of internal resources at the agency.
Officials have attempted to compensate by introducing newer automated fraud monitoring technologies, and they claim such tactics have contributed to significant drops in reported incidents of tax-related identity theft since 2015. Improving enforcement activities is a key goal of the agency's IT modernization plan, and successfully integrating such technologies further into the tax process was identified as one of the most pressing challenges in a Government Accountability Office report released earlier this year.
However, the lack of enforcement still troubles some outside organizations that help mitigate the effects of identity fraud. Eva Velasquez, CEO of the non-profit Identity Theft Resource Center, told FCW that incidents of identity theft are underreported already and that focusing on larger, more sophisticated identity-theft rings is not a substitute for more general enforcement efforts. In fact, it could end up signaling to criminals how to carry out such fraud without attracting the attention of law enforcement.
"Anytime an organization or entity, particularly one in law enforcement … makes a decision about where their benchmark is [and says], 'Here's our threshold and we're not going to investigate anything below X,' well the thieves read those reports," Velasquez said. "So, while you may say I'm going to focus on these much larger fraud rings because it will have more of an impact, you're then allowing the smaller rings to proliferate, grow, do harm and stay under the radar."
Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.
Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.
Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at email@example.com, or follow him on Twitter @derekdoestech.
Click here for previous articles by Johnson.