The Internal Revenue Service will make the most progress in combating identity theft and other cybersecurity threats by continuing its fruitful partnership with states and the private sector known as the Security Summit, an advisory panel said.
The 2019 report to Congress from the tax agency’s Electronic Tax Administration Advisory Committee in making 10 new recommendations also praised IRS staff for holding up during last winter’s 35-day partial government shutdown, during which some furloughed employees were called back to prepare for filing season and roll out changes from the 2017 Tax Cuts and Jobs Act.
“The commitment and professionalism of the IRS leadership and staff during the government shutdown was exemplary,” said the panel of tax industry professionals. “Notwithstanding the disruption, the IRS prepared and executed contingency plans that minimized the impact of the shutdown on its operations including its efforts to stop” identity theft and tax refund fraud.
Since its launch under Commissioner John Koskinen in 2015, the Security Summit’s efforts have been coordinated by the advisory committee, a public forum of finance industry, state government and tax professionals that engages regularly in work groups with IRS staff to keep up with changes in software and tax-related cybercrime.
For 2019’s report, the group made “a conscious decision to narrow its focus to a smaller number of critical recommendations” compared with the past several years, it noted. Its 10 new proposals address ways to strengthen the ongoing Security Summit, improve overall security for tax administration, and protect and empower taxpayers—particularly in the agency’s ongoing push to serve more taxpayers online.
“The Security Summit continues to make progress against these ongoing risks,” the 18-member panel wrote. The prevalence of identity theft and tax return fraud “threatens the integrity of our voluntary compliance tax system at both the federal and state levels. The wholesale theft of huge volumes of personal information has provided criminals and other bad actors with detailed and accurate taxpayer information.”
But unfortunately, noted the panel founded in 1998, “there is no silver bullet that makes it easy for the IRS to spot these fraudulent returns among the hundreds of millions of legitimate returns. This is a critical time. To protect our tax system, the Security Summit and [its information sharing and analysis center] must continue to drive progress with a unified and collaborative approach among all of the stakeholders.”
Specifically, the report recommended that the IRS, industry and Congress bolster the Security Summit by funding and increasing the engagement of its information sharing center, modify the tax code’s privacy protections to allow better information sharing to counter cybercrime, and better integrate the payroll community with the summit membership.
Authorities should improve overall tax system protections by assessing the state of information security among tax professionals, grant the IRS authority to establish and enforce security standards, and protect taxpayers through improved collaboration and expanded channels for identity proofing, the report said.
The advisory panel “believes that the IRS must have clearer internal ownership and accountability for establishing or enforcing existing or new security standards and programs,” the report said. “This issue is equally present in the IRS’s broader management and execution of Security Summit and [analysis center] initiatives that cross multiple internal IRS businesses, divisions and functions.”
The advisors added that they are “encouraged by Commissioner [Charles] Rettig’s priority to protect taxpayers and the tax system and his recognition that the Security Summit is a terrific example of what the public and private sectors can accomplish when they work together.”