Part 4. Examining Process
Chapter 10. Examination of Returns
Section 27. Identity Theft Case Processing for Field Examiners
4.10.27 Identity Theft Case Processing for Field Examiners
Manual Transmittal
October 18, 2023
Purpose
(1) This transmits revised IRM 4.10.27, Examination of Returns, Identity Theft Case Processing for Field Examiners.
Material Changes
(1) Significant changes to this IRM are listed in the table below.
IRM Reference | Description of Change |
---|---|
Various subsections | Replaced the references to the Designated Identity Theft Adjustment (DITA) team with the Brookhaven Identity Theft Exam Referrals (BITER) team throughout the IRM. This change incorporates content from SBSE-04-0322-0005, Interim Guidance for Routing of Identity Theft Account Adjustment Requests, dated March 9, 2022. |
Various subsections | Added BMF identity theft information and procedures throughout the IRM. |
N/A | Removed subsection about Identity Theft Assistance Requests (ITAR) since ITARs were obsoleted effective October 1, 2022. |
4.10.27.1 | Added internal controls to provide background information, legal authorities that govern the actions covered in this IRM, roles and responsibilities, terms and acronyms, and related resources available to assist examiners when conducting examinations. |
4.10.27.2 | Removed reference to Form 14103, Identity Theft Assistance Requests (ITAR) since ITARs were obsoleted. Applicable content about ways in which examiners encounter identity theft was moved to IRM 4.10.27.2.1. Moved guidance about inputting identity theft tracking indicators on the account to IRM 4.10.27.6.1.4. |
4.10.27.2.1 | Added new subsection with information about ways in which an examiner may encounter identity theft during an examination. |
4.10.27.2.2 | Renamed subsection for identity theft referrals received on Form 14027-B. Removed references to the Identity Protection Specialized Unit (IPSU) and replaced with Identity Theft Victim Assistance (IDTVA) since IPSU is no longer a designated team/unit and the term is now used when referring to certain identity theft inventories or criteria. Modified content to clarify actions examiners must take when a referral is received. Removed PSP coordinator responsibilities for identity theft referrals as those procedures are outlined in IRM 4.1.1.6.9. |
4.10.27.2.3 | Added new subsection with instructions on actions examiners must take when a BMF identity theft referral on Form 14566 is received. |
4.10.27.3 | Added information about the types of documentation the taxpayer should provide to substantiate a claim of identity theft. Added requirement to document identity theft on an issue lead sheet. |
4.10.27.4 | Updated tax-related IMF identity theft definitions and terms, and added references for tax-related BMF identity theft. Added information that employment related identity theft can be tax related or non-tax related. |
4.10.27.4.1 | Revised the actions examiners must take when non-tax related identity theft is identified. |
4.10.27.5 | Renamed subsection on disclosing information to the victim. Added information to clarify what information can and cannot be disclosed to the identity theft victim as well as the procedures for providing redacted copies of identity theft returns to the victim. |
4.10.27.6 and 4.10.27.6.1 | Added language to clarify examiners should only add identity theft tracking indicators on the taxpayer’s (victim) account when there is tax administration impact (tax related identity theft). |
4.10.27.6.1.1 | Added note about when to request TC 971 AC 522 "IRSID" be input on taxpayer’s account for IRS identified identity theft. Revised title to clarify the procedures apply to IMF taxpayers. |
4.10.27.6.1.2 | Revised title to clarify the procedures apply to IMF taxpayers. Added note that tax administration source code “PNDCLM” should not be duplicated if it’s already on the taxpayer’s account for the same tax year. |
4.10.27.6.1.3 | Added new subsection with information about BMF identity theft tracking indicators. |
4.10.27.6.1.4 | Changed subsection title. Moved content about completion of Form 4844 and marking the account after receipt of identity theft supporting documentation to this subsection. Added information about reversing identity theft tracking indicators. |
4.10.27.6.2 | Revised to show identity theft aging reason codes are input as three digits instead of two digits. |
4.10.27.6.3 | Added language to clarify that activity code 557 is only used to charge time to identity theft issues when there is tax administration impact. |
4.10.27.6.3.1 | Added instructions for completing Form 5345-D to establish a separate identity theft control record on ERCS. Added guidance that Form 5345-D must be included in the case file. |
4.10.27.7 | Moved language about processing delinquent returns from prior IRM 4.10.27.14 to this subsection. Added an additional processing step about ensuring the statute of limitations is correct. |
4.10.27.9 and 4.10.27.9.1 | Moved content about the definition, criteria, and evaluation of a nullity return from prior IRM 4.10.27.12.1. Added procedures for returns that don’t meet nullity criteria. |
4.10.27.9.2 | Included content about the group’s procedures for requesting a valid return be reprocessed to the correct TIN (or correct tax period) from the following IRM subsections:
|
4.10.27.9.3 | Included content from IRM 4.4.12.5.5.2, Taxpayers with no TIN, about requesting a TIN for a taxpayer when adjustments need to be made to the account but the taxpayer doesn’t have a valid TIN. |
4.10.27.10 | Added information about the use of aging reason code 026 when updating the statute to EE for a victim with no filing requirement. Added note about statutes for returns posted to MFT 32. |
4.10.27.11 | Added requirement that managerial approval must be obtained prior to submitting an identity theft referral to adjust a taxpayer’s account. Added BMF information. |
4.10.27.12 | Changed title to clarify the Form 4442 procedures apply to IMF taxpayers only and the subsections also include case processing instructions. |
4.10.27.12.1.4 and 4.10.27.12.2.4 | Revised closing procedures for situations where a victim’s return is posted as a duplicate return and does not warrant examination. |
4.10.27.12.2.1 | Moved content about the steps to delete the AIMS/ERCS record from prior IRM 4.10.27.19 to this subsection. Removed procedure to send the administrative (case) file for returns that have not been reopened to DITA. |
4.10.27.12.3 | Updated the procedures for submitting the Form 4442 package. Moved content about checking transcripts to see if identity theft reversals are posted from prior IRM 4.10.27.19 to this subsection |
4.10.27.13, 4.10.27.13.1, and 4.10.27.13.2 | Added new subsections with procedures for correcting a BMF identity theft victim’s account. |
4.10.27.14 | Added new subsection with procedures for submitting BMF identity theft referrals for various BMF identity theft situations. |
4.10.27.15 and 4.10.27.15.1 | Added and clarified Report Generation Software (RGS) requirements and procedures (e.g., creating an identity theft issue in RGS, references to job aids with processing steps) for identity theft cases. |
4.10.27.15.1 | Added new subsection on RGS case file assembly and documents to be included in the file. Incorporated applicable content from prior IRM 4.10.27.19. |
4.10.27.16 | Changed subsection title. Rearranged content and added language to clarify certain actions are required for all secured delinquent returns (e.g., request input of TC 971 AC 282). |
4.10.27.16.1 and 4.10.27.16.2 | Added note about the requirement to send a secured delinquent return to Campus after the return has been digitized and saved in the RGS case file. |
4.10.27.17 and 4.10.27.17.1 | Added new subsections with information about the Taxpayer Protection Program, unpostable returns, returns posted to MFT 32, and procedures to correct the account and get the taxpayer’s valid return posted. |
4.10.27.18 | Added new subsection on examiner responsibilities for verifying all identity theft issues are resolved. |
(2) Editorial changes have been made throughout this IRM. Website addresses, IRM references, terms, and acronyms were updated as necessary.
Effect on Other Documents
IRM 4.10.27, dated December 24, 2013, is superseded. This IRM incorporates content from SBSE-04-0322-0005, Interim Guidance for Routing of Identity Theft Account Adjustment Requests, dated March 9, 2022.
Audience
Small Business and Self-Employed (SB/SE) Field Examination employees and Large Business and International (LB&I) employees.
Effective Date
(10-18-2023)
Heather J. Yocum
acting Director, Examination Field and Campus Policy
Small Business/Self Employed Division
SE:S:DCE:E:HQ:EFCP
Program Scope and Objectives
(1) Purpose. This IRM section provides information and procedures concerning identity theft case processing for examiners.
Individual Master File (IMF) identity theft can affect both living and deceased individuals.
Business Master File (BMF) identity theft can affect all business entities including active and inactive business entities.
(2) Audience. These procedures apply to Small Business and Self-Employed (SB/SE) Field Examination employees and Large Business and International (LB&I) employees.
(3) Policy Owner. The Director, Examination Field and Campus Policy, who reports to the Director, Examination Headquarters, owns the policy in this IRM.
(4) Program Owner. Identity Protection Strategy and Oversight (IPSO) maintains enterprise-wide identity protection program oversight. This includes internal outreach to all business operating divisions to ensure the established policies are implemented and supported servicewide.
(5) Primary Stakeholders. Employees in SB/SE Field Examination and Large Business and International (LB&I) are the primary stakeholders of this IRM.
(6) Contact Information. To recommend changes or make any other suggestions related to this IRM section, see IRM 1.11.6.5, Providing Feedback About an IRM Section - Outside of Clearance.
Background
(1) Identity theft occurs when someone uses an individual’s or business’s personal information, such as name, taxpayer identification number (TIN) (e.g., social security number (SSN) or employer identification number (EIN)) or other identifying information without permission with the intent to commit fraud or other crimes. When an examiner is advised or otherwise becomes aware that a taxpayer may be a victim of identity theft, the examiner must take certain actions. This IRM provides guidance for actions that must be taken to address and resolve identity theft issues.
(2) All identity theft cases are considered priority workload.
Authority
(1) IRM 1.2.1.17.1, Policy Statement 10-1 (formerly P-25-1), Assisting taxpayers who report they are victims of identity theft.
(2) IRC 7529, Notification of suspected identity theft.
Roles and Responsibilities
(1) The Director, Examination Headquarters, is the executive responsible for providing policy and guidance for field employees and ensuring consistent application of policy, procedures and tax law to effect tax administration while protecting taxpayers’ rights. See IRM 1.1.16.5.5, Examination Headquarters, for additional information.
(2) The Director, Examination Field and Campus Policy, reports to the Director, Examination Headquarters, and is responsible for the delivery of policy and guidance that impacts the field examination process. See IRM 1.1.16.5.5.1, Examination Field and Campus Policy, for additional information.
(3) Field Examination General Processes (FEGP), which is under the Director, Examination Field and Campus Policy, is the group responsible for providing policy and procedural guidance on standard examination processes to field employees. See IRM 1.1.16.5.5.1.1, Field Examination General Processes, for additional information.
(4) Examiners, their managers, and clerical support staff should thoroughly acquaint themselves with the examination procedures and information contained in this IRM.
(5) All examiners must perform their professional responsibilities in a way that supports the IRS Mission. This requires examiners to provide top quality service and to apply the law with integrity and fairness to all.
(6) Examiners are responsible for knowing and acting in accordance with the Taxpayer Bill of Rights (TBOR), which includes the taxpayer’s right to be informed and the right to quality service. See IRM 4.10.1.2.1, Taxpayer Bill of Rights (TBOR), for additional information on the TBOR. Examiners must ensure taxpayers receive prompt and clear communications of IRS determinations regarding identity theft, actions taken to protect and/or correct the tax account, and identity theft resources available to taxpayers. Additionally, examiners should be aware of the impact being an identity theft victim may have on a taxpayer and handle the contact with an additional level of sensitivity and understanding.
(7) Examiners and other group personnel will work closely with employees in the Wage and Investment (W&I) Identity Theft Victim Assistance (IDTVA) and Return Integrity Verification Operations (RIVO) functions to resolve identity theft issues.
(8) For guidance specific to LB&I, please visit the LB&I Identity Theft page in the Exam Procedures Knowledge Base.
Program Reports
(1) Monthly Examination Returns Control System (ERCS) reports are used to track the number of identity theft cases closed during the month, the number of identity theft cases currently open, and to identify cases missing appropriate identity theft tracking codes.
Terms and Acronyms
(1) See IRM 25.23.1.1.2, Terms/Definitions/Acronyms, and IRM Exhibit 25.23.1-1, Glossary of Identity Protection Terms and Definitions, for common terms, definitions, and acronyms associated with identity theft.
(2) The following table contains a list of terms used throughout this IRM and their definitions.
Term | Definition |
---|---|
Brookhaven Identity Theft Exam Referral (BITER) team | The BITER team supports functions working identity theft allegations. In general, BITER inputs identity theft tracking indicators and makes account adjustments recommended by SB/SE Field Examination and LB&I. This includes removal of the identity thief’s return from the identity theft victim’s account and other adjustments needed for complete resolution in correcting the victim’s account. See IRM 25.23.10.7.4.5, Field Exam IDT Account Resolution Referrals, for additional information regarding the BITER team. |
Business Master File (BMF) Identity Theft Liaison | The BMF identity theft liaison serves as their respective BOD/function's key point of contact on matters outside the scope of the referring functions or when technical help is needed to either make an ID theft determination or to resolve an ID theft case. |
Form 14566 package | Term used in this IRM for Form 14566, BMF Identity Theft Referral, and supporting documents submitted to W&I-Accounts Management for reversal of identity theft transactions on a BMF victim’s account. |
Form 4442 package | Term used in this IRM for Form 4442, Inquiry Referral, and supporting documents submitted to the BITER team for reversal of identity theft transactions on the IMF victim’s account. |
MFT AD | The MFT used to establish a separate ERCS control record for charging time spent on an identity theft issue. |
Nullity return | A false return filed by someone other than the true owner of the TIN. |
Return Integrity Verification Operations (RIVO) | A function within W&I’s Return Integrity and Compliance Services (RICS) organization that is responsible for fraud (including identity theft) detection and prevention, revenue protection, and account correction. |
Victim’s return | The true taxpayer’s return. |
Wage and Investment-Accounts Management BMF (W&I-AM BMF) | Similar to the BITER team for IMF, the BMF identity theft teams in W&I Accounts Management support functions working BMF identity theft allegations. In general, W&I-AM BMF will input identity theft tracking indicators and make account adjustments recommended by the functions. This includes removal of the identity thief’s return from the identity theft victim’s account and other adjustments needed for complete resolution in correcting the victim’s account. See IRM 25.23.9, Business Master File (BMF) Identity Theft Processing, for additional information. |
(3) The following table lists acronyms used throughout this IRM and their definitions.
Acronym | Definition |
---|---|
AC | Action Code |
AIMS | Audit Information Management System |
AMS-CIS | Accounts Management Services-Correspondence Imaging System |
ARC | Aging Reason Code |
ASED | Assessment Statute Expiration Date |
BITER | Brookhaven Identity Theft Exam Referral |
BOD | Business Operating Division |
BMF | Business Master File |
CC | Command Code |
CCP | Centralized Case Processing |
CEAS | Correspondence Examination Automation Support |
CIS | Correspondence Imaging System |
DC | Disposal Code |
DLN | Document Locator Number |
EIN | Employer Identification Number |
ERCS | Examination Returns Control System |
IDRS | Integrated Data Retrieval System |
IRSN | Internal Revenue Service Number |
IMF | Individual Master File |
IDT | Identity Theft |
IDTVA | Identity Theft Victims Assistance |
IRP | Information Returns Processing |
IRM | Internal Revenue Manual |
IRS | Internal Revenue Service |
IRSID | IRS Initiated Suspicion of Identity Theft |
IRSN | Internal Revenue Service Number |
ITIN | Individual Taxpayer Identification Number |
LB&I | Large Business and International |
MeF | Modernized e-File |
MF | Master File |
MFT | Master File Tax |
PBC | Primary Business Code |
PII | Personally Identifiable Information |
PSP | Planning and Special Programs |
RICS | Return Integrity and Compliance Services |
RIVO | Return Integrity Verification Operations |
RGS | Report Generation Software |
SB/SE | Small Business/Self-Employed |
SC | Source Code |
SFR | Substitute for Return |
SSA | Social Security Administration |
SSN | Social Security Number |
TAS | Taxpayer Advocate Service |
TIN | Taxpayer Identification Number |
TC | Transaction Code |
TPP | Taxpayer Protection Program |
UPC | Unpostable Code |
W&I | Wage and Investment |
W&I-AM BMF | Wage and Investment - Accounts Management Business Master File |
Related Resources
(1) There are multiple resources employees will use specific to identify theft, including but not limited to:
IRM 25.23, Identity Protection and Victim Assistance
IRM 25.25, Revenue Protection
SB/SE Field Examination Identity Theft - Assistance to Victims book on Knowledge Management
LB&I Identity Theft page on Knowledge Management
Area Planning and Special Programs (PSP) Identity Theft Coordinators
Lead Sheet Issue Reference Guide (LSIRG)
Identity theft is an emerging area resulting in frequent updates. Examiners should regularly check for Servicewide Electronic Research Program (SERP) Interim Procedural Updates (IPU) and Interim Guidance (IG) updates.
Ways an Examiner May Encounter Identity Theft
(1) Examiners may encounter identity theft in the following ways (not all-inclusive):
During an examination. See IRM 4.10.27.2.1.
As an audit reconsideration if identity theft was claimed after a case had been closed by SB/SE Field Examination or LB&I. See IRM 25.23.10.7.4.4, Field Exam Reconsiderations.
Note: Return preparer misconduct (RPM) claims are screened by employees in W&I IDTVA and may be sent to Field Exam as an audit reconsideration case. See IRM 25.24.5, Return Preparer Misconduct Field Examination, for procedures for working RPM claims.
As a referral on Form 14027-B, Identity Theft Case Referral. See IRM 4.10.27.2.2.
As a referral on Form 14566, BMF Identity Theft Referral. See IRM 4.10.27.2.3.
Note: Referrals may originate from W&I IDTVA teams. IDTVA handles identity theft inquiries and assists taxpayers who are victims of identity theft. BMF identity theft referrals may also originate from other business units.
Encountering Identity Theft During an Examination
(1) There are multiple ways examiners may encounter identity theft during an examination, including (not all-inclusive).
Integrated Data Retrieval System (IDRS) research may reflect an identity theft indicator. See IRM 25.23.2.4, IDT Indicators - Tax Related, and IRM 25.23.2.8, Miscellaneous Identity Theft Indicators.
The taxpayer may inform the examiner they did not file the tax return under examination.
The taxpayer may advise the examiner their identity was compromised (e.g., a lost or stolen wallet or questionable credit card activity), but there is no known tax administration impact. See IRM 4.10.27.4.1.
The taxpayer may inform the examiner they never requested an employer identification number (EIN) or never had a business.
Examiners may discover Forms W-2 or 1099 posted to the taxpayer's account that do not appear to belong to the taxpayer. For example, Form W-2 has a different name or address as a result of identity theft.
A duplicate return (TC 976) that is not an amended return may be posted to the account.
Examiners may receive Form 4442, Inquiry Referral.
The taxpayer may appear to be a nonfiler, but their return is posted to MFT 32 instead of MFT 30 or the return is unpostable with an unpostable code (UPC) 126-0 as a result of the IRS’s Taxpayer Protection Program. This applies only to IMF taxpayers. See IRM 4.10.27.17 for additional information.
Caution: A taxpayer’s account may indicate that no return was filed. Before creating a substitute for return (SFR) (see IRM 4.12.1, Nonfiled Returns), examiners must verify the taxpayer’s valid return was not posted to MFT 32 or went unpostable with UPC 126-0. IRM 4.10.27.17 and IRM 4.10.27.17.1 provide guidance for determining if a taxpayer’s return was posted to MFT 32 or went unpostable with UPC 126-0.
(2) Examiners should be alert in all cases that identity theft may have occurred, including when the taxpayer does not respond to correspondence. A taxpayer who does not respond to correspondence may be a victim of identity theft. Examiners should verify the correct current address of the taxpayer. SB/SE field examiners should refer to IRM 4.10.2.8.3, No Response/No Show Procedures, and IRM 4.10.2.8.4, Undeliverable Initial Contact Letter, for assistance.
(3) SB/SE field examiners should contact their Area PSP Identity Theft Coordinator for assistance on identity theft cases. LB&I examiners should contact the LB&I Identity Theft Point of Contact (POC).
Form 14027-B, Identity Theft Case Referral
(1) The IDTVA function within W&I handles identity theft inquiries and assists taxpayers who are victims of identity theft. If a taxpayer contacts IDTVA and the identity theft inquiry involves an audit (open or closed), IDTVA will prepare a Form 14027-B and forward it to the Area PSP identity theft coordinator for assignment.
(2) The group's clerical staff will notify the manager when a Form 14027-B and other related identity theft information is received in the group and provide the information to the assigned examiner.
Reminder: Identity theft cases are priority workload. These cases must be timely assigned to an examiner and worked.
(3) If an examiner receives Form 14027-B, the examiner must acknowledge receipt by filling out Section V on page 2 and faxing the form to the IDTVA employee within 10 business days. The fax number for the IDTVA employee should be located in Section II line 4 of Form 14027-B.
(4) If sufficient documentation supporting the identity theft has not already been submitted to the IRS, the examiner may need to secure additional documentation to authenticate the taxpayer's identity and evidence of the identity theft. See IRM 4.10.27.3 for documentation requirements. If the taxpayer does not provide supporting documentation when requested, proceed with case resolution as if the taxpayer is not an identity theft victim.
(5) The examiner must take applicable steps for resolving the identity theft issue based on the facts and circumstances of the case.
(6) When the case is resolved and/or account actions are complete, the examiner must complete Form 14027-B through Section VIII and return it to the IDTVA employee.
Form 14566, BMF Identity Theft Referral
(1) Form 14566 is used when referring BMF identity theft cases between business units for actions needed to resolve the identity theft issue. If an examiner is assigned a case with Form 14566, the examiner must take actions to address the issues noted on the referral.
(2) If the documentation supporting the identity theft has not been submitted to the IRS, the examiner may need to secure additional documentation to authenticate the taxpayer's identity and evidence of the identity theft. See IRM 4.10.27.3 for documentation requirements.
(3) The examiner will take applicable steps for resolving the identity theft issue based on the facts and circumstances of the case.
(4) When the case is resolved and/or account actions are complete, the examiner must document Form 14566 with actions taken to address the BMF identity theft issue. The examiner must return the completed Form 14566, through their BOD’s BMF Identity Theft Liaison, to the employee who initiated the referral via secure e-mail.
(5) See IRM 25.23.9.8, Business Master File (BMF) Identity Theft Referrals, for additional information.
Determining and Documenting Identity Theft
(1) Identity theft is an issue that must be fully developed and properly documented.
(2) Before making a determination that identity theft has occurred, the examiner must consider the facts and circumstances of the case and fully develop the issue through inquiry, observation, analysis of appropriate documents, oral testimony, and third party contacts when warranted.
(3) Research should be performed and documented prior to reaching a final determination of identity theft. Research using IDRS command codes (CC) ENMOD, IMFOL or BMFOL (E or I or T), TXMODA, PMFOL, RTVUE, BRTVU, TRDBV, NAMES, NAMEE, INOLES, DUPOL, CFINK, IRPTR, and FIND. See IDRS Command Code Job Aid for format and description of common command codes.
(4) Research modules (e.g., MFT 30, MFT 02, MFT 06, MFT 05, etc.) for identity theft tracking indicators on the accounts.
Note: The identity theft indicator is input as a TC 971 with an action code (AC) and a tax administration source code (SC) on the taxpayer's account. For IMF cases, AC 501, 504, 505, 506, 522, or 525 may be present to indicate identity theft. For BMF cases, AC 522 or 524 may be present to indicate identity theft.
(5) Research the taxpayer identification number (TIN) (valid and invalid) to determine if there was a mixed entity or scrambled SSN in prior years, and to locate any possible cross-reference TIN. See IRM 21.6.2.4.2, Mixed Entity Procedures, for the definition of a mixed entity and scrambled SSN.
(6) Review all returns for the year(s) involved for indications of identity theft, such as identity theft documentation attached to the return. Search returns, schedules, and forms for a different TIN. Research spouse and dependent information whenever available.
(7) If necessary, research additional sources such as Accurint, Account Management Services-Correspondence Imaging System (AMS-CIS), internet, etc.
(8) BMF identity theft cases are complex in nature and may require research and analysis of both business and individual accounts. Cases may frequently involve multiple business operating divisions (BOD) and examiners will need to research all related IMF and BMF accounts prior to reaching a determination of identity theft. For an EIN, CC BMFOLE will reflect an XREF TIN/individual taxpayer identification number (ITIN) or SSN for the individual or entity that requested the EIN assignment. Preliminary research should include reviewing all cross-reference TINs. Refer to IRM Exhibit 25.23.9-7, Business Master File (BMF) Identity Theft Research Requirement, for additional information.
(9) Review all documentation provided by the taxpayer to determine what years were affected by the identity theft. If more than one year was affected and identity theft indicators are not on one of the years, examiners must determine if additional documentation is needed or if the tracking indicators can be input on the additional years based on documentation previously submitted. See IRM 25.23.2.3.6, When to Request Additional Information to Support an Allegation of Identity Theft, for further information.
An IMF victim should provide Form 14039, Identity Theft Affidavit, or a police report in support of an allegation of identity theft, if the identity theft affects tax administration.
Note: A taxpayer is required to provide substantiation documentation to the IRS only once per incident. If the taxpayer previously submitted complete and legible substantiation documentation for the identity theft, the taxpayer should not be asked to provide the documentation again. Identity theft substantiation documentation previously provided to W&I IDTVA or another Campus function may be available as a scanned document on AMS-CIS. See IRM 21.5.1.5, Correspondence Imaging System (CIS) Procedures, and IRM 21.5.1.5.4, Viewing or Requesting Documents on CIS Cases, for information about CIS. If the group clerical staff doesn’t have access to AMS-CIS, the examiner should contact the Area AIMS/ERCS analyst or the Area PSP Identity Theft Coordinator for assistance with obtaining information from AMS-CIS.
A BMF victim may need to file Form 14039-B, Business Identity Theft Affidavit, if other information does not support the identity theft. Refer to IRM 25.23.9.7, Form 14039-B, Business Identity Theft Affidavit.
(10) Compare all documents and return information for the following:
IMF Returns | BMF Returns |
---|---|
|
|
(11) An issue lead sheet for identity theft is required. Issue-specific content, including audit steps, for identity theft is available in the Lead Sheet Issue Reference Guide (LSIRG). Examiners must fully document, on the lead sheet and supporting workpapers, their determination of whether the taxpayer was a victim of identity theft. Relevant information should also be documented on the activity record. Workpapers should support the examiner’s final determination and document information requested, received, and reviewed. See IRM 4.10.9, Workpaper System and Case File Assembly, for information on file documentation and support. Also see IRM 4.10.27.15 for RGS case file requirements.
(12) If the taxpayer’s claim of identity theft is not substantiated, the examiner must reverse the identity theft tracking indicators (see IRM 4.10.27.6.1.4 for reversing the identity theft indicators) and proceed with normal examination procedures. If the taxpayer does not agree with the examiner’s determination, see IRM 25.23.4.13, Requests for an Appeal.
Identity Theft—Tax Related Impact
(1) Examiners must determine if the identity theft affects tax administration. IMF Identity theft can affect tax administration in two primary ways (see IRM 25.23.1.1.2(1), Terms/Definitions/Acronyms):
Tax-Related - This occurs when the identity thief uses the victim's or their dependent’s personal information without their knowledge or permission to file a tax return.
Employment or Income Related - This occurs when the identity thief uses the victim’s SSN and/or other personal information to obtain employment or other types of income (e.g., unemployment compensation, etc.) resulting in what may appear as unreported income under the victim's account.
Note: Employment or income related identity theft does not involve the filing of a fraudulent return and therefore is generally considered non-tax related (no tax administration impact). Employment or income related identity theft only affects tax administration (tax-related) if the TIN owner’s Master File (MF) tax account is affected. See IRM 25.23.13.2, Income Related Identity Theft - General, for common situations in which employment or income related identity theft affects the victim’s tax account resulting in the identity theft being treated as tax related. Also see IRM 25.23.2.8.5, Employment-Related Identity Theft - TC 971 AC 525.
(2) See IRM 25.23.1.1.2(2), Terms/Definitions/Acronyms, and IRM 25.23.9.2, Business Master File (BMF) Identity Theft - Overview, for ways in which BMF identity theft can affect tax administration.
(3) When tax administration is affected, the examiner must ensure the tax year(s) impacted have identity theft tracking indicator(s). See IRM 4.10.27.6.1. If tracking indicators already exist on a tax year, do not input the "same" code(s) for the "same" tax year.
Non-Tax Related Identity Theft - No Known Tax Administration Impact
(1) Non-tax related identity theft occurs when a taxpayer’s or dependent’s information has been compromised and/or used without permission (e.g., a lost or stolen wallet, questionable credit card activity, data breach, SSN used by someone else to obtain employment or other types of income (i.e., employment or income related identity theft), etc.), but the identity theft doesn’t affect the taxpayer’s MF tax account. See IRM 25.23.1.1.2(1), Terms/Definitions/Acronyms, and IRM Exhibit 25.23.1-1, Glossary of Identity Protection Terms and Definitions.
Reminder: Employment and income related identity theft can be non-tax related or tax-related depending on whether the identity theft affects the taxpayer’s MF tax account. See IRM 4.10.27.4.
(2) If the taxpayer’s identity has been compromised but there is no known impact to the MF tax account, the examiner should take the following actions:
Inform the taxpayer that identity theft resource information can be obtained by visiting the IRS identity theft website, https://www.irs.gov/identity-theft-central, or by calling the IRS identity theft toll-free number, 1 800-908-4490.
Advise the taxpayer that additional information is available in Pub 5027, Identity Theft Information for Taxpayers. If needed, provide a copy of Pub 5027 to the victim.
For individual taxpayers, advise the victim the best way to protect their TIN (SSN/ITIN) is by participating in the IP PIN Program. See IRM 25.23.2.9, Identity Protection Personal Identification Number (IP PIN), for options available for individuals to enroll in the program. The information is also available on the IRS identity theft website.
Continue the examination as normal as there is no tax administration impact due to identity theft. The examiner should not input identity theft tracking indicators.
Note: For all cases of employment-related identity theft involving Form W-2, Wage and Tax Statement, the examiner must assist the taxpayer by notifying the Social Security Administration (SSA) to correct the earnings record for the victim’s SSN. See IRM 25.23.13.3.1, Form 9409 Procedures - IRS/SSA Wage Worksheet, for procedures on submitting the form.
(3) If an IMF taxpayer provides identity theft substantiation (e.g., Form 14039, Identity Theft Affidavit, etc.) for non-tax related identity theft, the examiner should forward the documentation along with Form 4442, Inquiry Referral, to IDTVA by fax at 1-855-807-5720. Upon receipt of identity theft substantiation for non-tax related identity theft (IMF), IDTVA will input identity theft tracking indicators on the account (see IRM 25.23.2.8.1, IMF TC 971 AC 504).
Note: The taxpayer is not required to file Form 14039 for non-tax related identity theft; however, the taxpayer may choose to file the form to request their TIN be protected/flagged. See IRM 25.23.2.3(1), Identity Theft Claims - General Guidelines.
Note: Identity theft tracking indicators are not placed on a BMF taxpayer’s account for non-tax related identity theft.
(4) Refer to the following IRMs for additional information:
IRM 25.23.2.2.1, Taxpayer Interaction
IRM 25.23.12.3, Non-Tax-Related Identity Theft - Self Identified
IRM 25.23.9.2.1, Non-Tax related Identity Theft
Disclosure to the Victim
(1) Tax returns selected for audit may not have been filed by the true owner of the TIN. The taxpayer may have no knowledge of the return filed, unless the taxpayer received correspondence from the IRS regarding the return filed.
Caution: The examiner may be in contact with the identity thief instead of the true taxpayer. For all audits, before disclosing any information, the identity of the taxpayer must be verified. See IRM 4.10.2.8.2(1), Initial Telephone Conversation, for authentication of identity.
(2) When working with an identity theft victim, examiners must not disclose any personally identifiable information (PII) about the perpetrator who filed the fraudulent tax return (e.g., name, address, TIN, telephone number, etc.). Information about the IRS’s examination or investigation into the civil or criminal tax liability of the person who misused the SSN or EIN must also not be disclosed to the victim.
(3) Any information relating to the IRS’s determination of the victim’s tax liability for the year can be disclosed to the victim or persons authorized to receive the identity theft information (e.g., authorized representative) as their return information. This would include:
Information relating to the victim's original balance due or refund that was based on the amounts reported on the fictitious tax return (Form 1040, U.S. Individual Income Tax Return; Form 1120, U.S. Corporation Income Tax Return, etc.) or erroneous information returns (e.g., Form W-2, Wage and Tax Statement; Form 1099-MISC, Miscellaneous Income; Form 1099-NEC, Nonemployee Compensation, etc.), and the underpayment or overpayment as later adjusted.
The cause of the events on the taxpayer’s account - suspected identity theft and use of the TIN on another return.
A redacted/masked (see paragraph 5 below) copy of the fraudulent tax return filed and accepted by the IRS using the personal information of the victim. See IRM 25.23.3.2.7, Providing Copies of Fraudulent Return(s) – Procedural Overview, (IMF) and IRM 25.23.9.10, Providing Copies of Tax Returns or Income Documents Where ID Theft is Suspected or Proven, (BMF), for additional information.
Exception: See IRM 25.23.9.10(4), Providing Copies of Tax Returns or Income Documents Where ID Theft is Suspected or Proven, regarding not providing the victim a copy of a fraudulent BMF return in cases involving a fabricated business entity.
Caution: The victim is only authorized to receive redacted copies of returns filed and accepted by the IRS. If a fraudulent return was filed using the victim’s personal information but was not accepted by the IRS (e.g., unprocessed or unpostable return not posted to the victim’s tax account), a copy of the return should not be provided.
(4) If the victim requests the examiner provide them with a copy of the fraudulent tax return, they must submit the request in writing. The request must be saved in the examiner’s case file (see IRM 4.10.27.15).
IMF victims must submit their request on Form 4506-F, Identity Theft Victims Request for Copy of Fraudulent Tax Return, or a signed written request. The examiner must ensure Form 4506-F or the written request is complete and contains all required information listed in IRM 25.23.3.2.7.2.2, Preliminary Review (PR) Step 2 - Check for Completeness, before disclosing the return to the victim.
BMF victims must submit a signed written request that includes the EIN, forms in question, and tax periods. See IRM 25.23.9.10.1, Sending Redacted Information.
(5) For steps to create a redacted/masked copy of the fraudulent tax return to provide to the victim, examiners should refer to the following IRM sections:
IMF - IRM 25.23.3.2.7.3.3(3), Research (R) Step 3 - Print/Save Fraudulent Return(s) to a PDF
IMF - IRM 25.23.3.2.7.4, Manual Masking
BMF - IRM 25.23.9.10.2, Redacting Information
(6) Examiners must document the victim’s request for information regarding the identity theft and the specific information provided to the victim (including redacted copies of the fraudulent tax return) on Form 9984, Examining Officer’s Activity Record, the issue lead sheet, or the supporting workpapers.
(7) For additional guidance pertaining to identity theft and disclosure, see the following:
IRM 11.3.2.4.1.2, Identity Theft and Access to Tax Returns and Information Returns
IRM 11.3.2, Disclosure to Persons With a Material Interest
(8) For disclosure or Privacy Act related questions, request assistance from Disclosure by contacting the Disclosure Help Desk.
Tracking and Monitoring Identity Theft Inventory
(1) Identity theft cases are tracked and monitored both Servicewide and at the business unit level. Examiners must ensure cases have proper tracking and monitoring codes, and that time is appropriately charged for the identity theft aspects of a case.
Identity theft tracking indicators are used to facilitate Servicewide tracking and reporting of identity theft incidents. These indicators are used for both tax related and non-tax related identity theft incidents; however, examiners will only request tracking indicators be input for tax-related identity theft. See IRM 4.10.27.6.1 for actions that must be taken.
Aging Reason Codes (ARC) 014 and 095 are used to monitor identity theft cases. See IRM 4.10.27.6.2 for actions that must be taken.
Activity Code 557 is used to track time spent working on the identity theft aspects of a case. See IRM 4.10.27.6.3 for actions that must be taken.
Identity Theft Tracking Indicators
(1) Identity theft tracking indicator codes are used to facilitate Servicewide tracking and reporting of both tax-related and non-tax related identity theft incidents. Examiners must ensure the proper identity theft tracking indicator codes are on a victim’s account when tax administration is impacted. See IRM 4.10.27.6.1.4 for instructions on requesting tracking indicators be input on a taxpayer’s account.
Reminder: If tracking indicators already exist on a tax year, do not input the same code(s) for the same tax year(s).
(2) Each indicator is input as a TC 971 with an action code (AC) and tax administration source code (SC), and is displayed on IDRS via several command codes (e.g., ENMOD (IMF and BMF), IMFOL with definer E (IMF), TXMOD with definer A (BMF), or BMFOL with definer T (BMF)) of the affected taxpayer’s account. The AC and tax administration SC are dependent upon the facts and circumstances of the case.
The AC is a three digit code. While some ACs are used to track the progression of inventory (AC 522) others provide taxpayer protections (AC 501 and AC 506). See IRM 25.23.2.4, IDT Indicators - Tax Related, and IRM 25.23.2.8, Miscellaneous Identity Theft Indicators, for additional information regarding identity theft related action codes.
The tax administration SC flags accounts at different stages of processing, from initial identity theft allegation to closure, dependent upon case specifics. Additional information for the tax administration SCs per business operating division and AC is in IRM Exhibit 25.23.2-10, IMF Only TC 971 AC 522 Tax-Related Identity Theft, Case Status (Initial Claim/Suspicion), and IRM 25.23.9.6, Business Master File (BMF) Identity Theft Tracking Indicators.
(3) For assistance with interpreting and using IMF identity theft tracking indicators, examiners should refer to IRM 25.23.2, Identity Protection and Victim Assistance - General Case Processing. The different components of identity theft tracking indicators for IMF identity theft are described and defined throughout IRM 25.23.2, including the following subsections:
IRM 25.23.2.4.1, Tracking and Reporting Identity Theft Cases - Identity Theft Indicators
IRM 25.23.2.4.4, Initial Allegation or Suspicion of Tax-Related Identity Theft - IMF Identity Theft Indicators
IRM Exhibit 25.23.2-1, Acronyms and Definitions
(4) For assistance with interpreting and using BMF identity theft tracking indicators, refer to IRM 25.23.9.5.2, Tracking Business Master File (BMF) Tax-Related Identity Theft Inventory.
Identity Theft Tracking Indicator—IRS Initiated Suspicion (IMF)
(1) In situations where the IRS suspects identity theft may have occurred, examiners must complete Form 4844, Request for Terminal Action, to request input of a TC 971 AC 522, and tax administration SC "IRSID", for the tax year(s) impacted by the identity theft incident. For a description of tax administration SC IRSID, refer to the following:
IRM 25.23.2.4.5, IRS Initiated Suspicion of Identity Theft–TC 971 AC 522 IRSID
IRM Exhibit 25.23.2-10(5), IMF Only TC 971 AC 522 Tax-Related Identity Theft, Case Status (Initial Claim/Suspicion)
Note: Generally, examiners should not request input of TC 971 AC 522 IRSID until after a taxpayer responds to the IRS communications/notices (e.g., initial contact letter, 30-day letter, etc.), unless there is clear evidence (based on available information) to indicate the taxpayer is a victim of identity theft.
Identity Theft Tracking Indicator—Taxpayer Initiated Allegation (IMF)
(1) In situations where the taxpayer or the taxpayer’s authorized representative makes an allegation of identity theft, examiners will complete Form 4844, Request for Terminal Action, to request input of TC 971 AC 522, and tax administration SC "PNDCLM" for the tax year(s) impacted by the identity theft incident. For a description of tax administration SC PNDCLM, refer to the following:
IRM 25.23.2.4.4.1, IMF Identity Theft - Taxpayer Initiated Allegations of Identity Theft— TC 971 AC 522.
IRM Exhibit 25.23.2-10(5), IMF Only TC 971 AC 522 Tax-Related Identity Theft, Case Status (Initial Claim/Suspicion).
Note: If TC 971 AC 522 with SC "PNDCLM" is already on the account for the same tax year (e.g., input by a different function/office), do not request a separate, duplicate input of "PNDCLM."
Identity Theft Tracking Indicator (BMF)
(1) BMF identity theft indicators are applied if identity theft is highly probable or the determination has been made that identity theft has occurred. See IRM 25.23.9.6, Business Master File (BMF) Identity Theft Tracking Indicators. Examiners will complete Form 14566, BMF Identity Theft Referral, to request input of BMF identity theft tracking indicators.
If BMF identity theft is highly probable, but the taxpayer has not provided any supporting documentation, request input of TC 971 AC 522, and tax administration SC "IDTCLM" for each open tax period impacted by the identity theft incident. For employment tax returns, the TC 971 AC 522 is applied to each quarter.
If the taxpayer has provided Form 14039-B and supporting documents, request input of TC 971 AC 522, and tax administration SC "IDTDOC" for each open tax period impacted by the identity theft incident. For employment tax returns, the TC 971 AC 522 is applied to each quarter.
(2) For a description of the tax administration source codes, refer to IRM 25.23.9.6.1, Allegation or Suspicion of Business Master File (BMF) Identity Theft Transaction Code (TC) 971 Action Code (AC) 522 IDTCLM, and IRM 25.23.9.6.2, Taxpayer Supporting Documentation - Transaction Code (TC) 971 Action Code (AC) 522 IDTDOC.
Input, Update, and Reversal of Identity Theft Tracking Indicators
(1) Within two business days of becoming aware of potential IMF identity theft, examiners must complete Form 4844 and e-mail it to the BITER team (*SBSE CCS BSC EXAM IDT) for input of the tracking indicators, if they do not already exist on the account. Form 4844 should reflect the following:
Notate "Expedite Identity Theft" across the top of Form 4844.
Complete the SSN, name control, MFT code, period(s), name of taxpayer, and victim's correct address.
Enter "Input TC 971 AC 522 under ENMOD" in the "Remarks" field.
Enter "TC 971 AC 522" in the "Identity Theft Action Code" field.
Enter "SBSE FLDEXAM" or "LBI" (depending on your business unit) plus the appropriate tax administration SC (e.g., PNDCLM, IRSID, etc.) in the "Miscellaneous Field Input" field.
(2) Within two business days of confirming BMF identity theft has occurred or is highly probable, examiners must input tracking indicators by emailing Form 14566 to their BOD’s (SB/SE Field Exam or LB&I) designated BMF Identity Theft Liaison, who will forward the request to the W&I-AM BMF function. Check the appropriate boxes for TC 971 AC 522 and MISC IDTCLM or MISC IDTDOC in the "Actions requested (required)" section on Form 14566. Provide an explanation of what was found that led to the determination of identity theft and attach documents that support the determination.
(3) Upon receipt of complete and legible identity theft substantiation documentation, examiners must update the tax administration SC based on the facts and circumstances of the case.
Example: For IMF identity theft alleged by an individual taxpayer, the examiner completes Form 4844 to update the tax administration SC from PNDCLM to a more appropriate code (e.g., MULTFL, INCOME, OTHER, etc.) upon receipt of complete and legible identity theft substantiation documentation.
Note: SB/SE and LB&I are only profiled to use certain tax administration SCs for TC 971 AC 522 related to IMF identity theft. See IRM Exhibit 25.23.2-10, IMF Only TC 971 AC 522 Tax-Related Identity Theft, Case Status (Initial Claim/Suspicion). For tax administration SCs available to SB/SE Field Exam, refer to IRM Exhibit 25.23.2-10(12). For TC 971 AC 522 tax administration SCs available to LB&I, refer to IRM Exhibit 25.23.2-10(9).
(4) For tax administration SC definitions, refer to the following:
IRM Exhibit 25.23.2-1(3), Acronyms and Definitions
IRM Exhibit 25.23.2-2(5), IMF Only TC 971 AC 501 - Taxpayer Initiated Identity Theft Case Closure (Tax-Related) - TC 971 AC 501
IRM Exhibit 25.23.2-10(5), IMF Only TC 971 AC 522 Tax-Related Identity Theft, Case Status (Initial Claim/Suspicion)
IRM 25.23.9.6, Business Master File (BMF) Identity Theft Tracking Indicators
(5) If the taxpayer’s identity theft allegation or IRS suspected identity theft is not supported, examiners must reverse the tracking indicators by completing and submitting Form 4844 to the BITER team (IMF) or Form 14566 through their BMF identity theft liaison to the W&I-AM BMF team (BMF). The tracking indicators are reversed by requesting input of TC 972 AC 522 with the appropriate tax administration SC on the account.
For IMF identity theft, refer to IRM 25.23.2.6.6, Reversing Unsupported Allegations of Identity Theft, to determine the appropriate tax administration SC.
For BMF identity theft, refer to IRM 25.23.9.6.5, Reversing Business Master File (BMF) Identity Theft Indicators, to determine the appropriate tax administration SC.
Input of Aging Reason Codes 014 and 095
(1) SB/SE Examination and LB&I monitor identity theft cases open on AIMS/ERCS using ARC 014, Identity Theft, when tax administration is impacted.
(2) Examiners must update AIMS/ERCS with ARC 014 for each impacted open tax year when the taxpayer claims to be a victim of identity theft or provides documentation to substantiate identity theft.
(3) The ARC 014 remains on the AIMS/ERCS record regardless of the taxpayer submitting the substantiation documentation or the examiner’s determination of identity theft.
(4) ARC 014 has priority and will overlay all other ARCs, except ARC 095, TC 150 was determined the perpetrator return, a second valid return posted and selected for examination.
(5) Examiners must input ARC 095 on the AIMS/ERCS and MFT AD record (see IRM 4.10.27.6.3.1) if the victim’s true return is examined after account corrections are completed.
Charging Time to Identity Theft Issues
(1) When tax administration is impacted, time spent working identity theft issues must be tracked. Activity Code 557 is used to charge time spent working identity theft issues whether or not the case is open on AIMS/ERCS. See IRM 4.10.27.6.3.1 and IRM 4.10.27.6.3.2.
Time Charges—Open Examination Impacted by Identity Theft
(1) If the examination of an open return involves identity theft issues, a separate ERCS control(s) must be established to charge the time spent on the identity theft aspects of the examination for each tax period being examined.
(2) Examiners must establish the separate ERCS control (MFT AD) by submitting Form 5345-D, Examination Request-ERCS (Examination Returns Control System) Users. Form 5345-D should be completed as follows:
TIN
Note: For IMF cases, use the primary taxpayer’s TIN. The primary taxpayer’s TIN is used for the MFT AD record even if the victim is the secondary taxpayer’s TIN on a return filed jointly.
MFT - Use AD
Tax period - Use the tax period impacted by identity theft. A separate record must be created for each tax period.
Activity Code - Use 557. The second segment of the activity code will be set by ERCS to "000."
Source Code - Use 99
Status Code - Use 10
Aging Reason Code - Use 014
(3) When the examined return is closed, the time entry on the Form 5344, Examination Closing Record, should be a total of the time charged to both the AIMS/ERCS controlled return examination and the time charged to the separate ERCS control (MFT AD) established for the identity theft aspects of the examination. The separate identity theft ERCS control will be closed by the examining group to Status Code 90 on ERCS when the case is closed.
Time Charges—No Open Examination Impacted by Identity Theft
(1) If there is no open examination that is impacted by identity theft, but there is identity theft work to be performed, a separate ERCS control (MFT AD) should not be created.
Example: During the examination of a 2020 tax year where there is no indication of identity theft, the examiner notes that there is a TC 976 (duplicate return indicator) posting on the 2021 year. The examiner confirms the TC 976 posting is the result of an identity thief’s return posting (TC 150) to the account first. If the examiner does not plan to expand the audit to the 2021 year because the taxpayer’s valid (duplicate) return does not warrant examination, the examiner should charge the time to correct the account (reverse the identity theft transactions and post the taxpayer’s valid return - see IRM 4.10.27.11) to Activity Code 557 and not create a MFT AD record.
Exception: When a closed return is reopened and time charged relates to identity theft aspects, a separate ERCS control using the taxpayer’s TIN, tax period(s) which is impacted by identity theft, MFT "AD" and Activity Code 557 should be established. See IRM 4.10.27.6.3.1.
Victim Account Corrections—Processing Steps
(1) This section and the sections that follow provide instructions on the use of ID theft account correction forms and processing steps taken by the examiner:
Verify the taxpayer is a victim of identity theft by securing the supporting documentation required to substantiate identity theft. This includes reviewing the account to determine if identity theft tracking indicators already exist on the account and to prevent duplicative requests of documentation. If indicators are already on the taxpayer's account confirming they are a victim of identity theft, no additional documentation is needed. See IRM 4.10.27.3 for guidance regarding victim's documentation.
Ensure the appropriate tracking indicators are reflected on the account. See IRM 4.10.27.6.1.4 for instructions on how to input identity theft tracking indicators.
Ensure all collection activity is suspended until the identity theft issue is resolved. See IRM 4.10.27.8.
After confirming the person or entity (the true TIN owner) you are dealing with is a victim of identity theft, the examiner must ensure the victim’s address is correct on ENMOD. If the address is incorrect, update the victim’s address on ENMOD before submitting the request for account corrections. Follow the guidance in IRM 4.10.2.11, Taxpayer Change of Address or Name, to update the address. The taxpayer must provide clear and concise evidence of the correct address. See IRM 25.23.2.3.7, When to Update the Victim's Address, for more information.
Determine if the return posted to the module is a nullity return and if nullity treatment applies. See IRM 4.10.27.9.
Ensure the statute of limitations on the account is correct. See IRM 4.10.27.10.
Take specific actions (including submitting Form 4442 package to the BITER team (IMF identity theft) or Form 14566 package to the W&I-AM BMF team (BMF identity theft)) as described in IRM 4.10.27.11, IRM 4.10.27.12, and IRM 4.10.27.13 to reverse identity theft transactions on the victim’s account.
Process delinquent returns secured from the victim per IRM 4.10.27.16.
Note: The examiner must request input of TC 971 AC 282 as soon as the delinquent return is received per the guidance in IRM 4.4.9.6.1, TC 971 Action Code (AC) 282 and IRM 4.10.27.16.
Verify all identity theft related issues are addressed and resolved prior to closing the case. See IRM 4.10.27.18.
Note: If a TC 971 with AC 522 and tax administration source code IRSID (IMF) or IDTCLM (BMF) is on the account and the examiner is able to make a determination that the taxpayer is a victim of identity theft using internal research, they should not request supporting documentation.
Suspension of Collection Activity for Identity Theft Cases
(1) It is critical that no collection action is taken with respect to a taxpayer once it has been determined that they are a victim of ID theft. To protect the taxpayer (victim), the examiner will take actions to suspend collection activity when the balance due is the result of identity theft.
Note: The examiner will not suspend collection activity if the balance due is not the result of identity theft. It is possible that the victim has a balance due not attributable to the identity theft occurrence; either a portion of the assessment on the same tax period or other balance due tax periods.
(2) The examiner must take the following steps:
Follow the steps outlined in IRM 4.10.27.8.1 to determine if the taxpayer account has collection activity that requires suspension.
If collection suspension is required, follow the steps in IRM 4.10.27.8.2 to suspend.
If the taxpayer is involved in bankruptcy, contact the Centralized Insolvency Operation (CIO). Contact information can be found on the Centralized Insolvency Operation (CIO) Team Assignment page. The examiner must coordinate actions on the case with the insolvency case worker. See IRM 5.9.5.12.1, Insolvency Responsibilities When Identity Theft (IDT) Issues are Present in a Bankruptcy Case.
Identifying Collection Activity on an Identity Theft Victim's Account
(1) The examiner should secure a current TXMOD and determine if any tax period(s) impacted by identity theft are in collection Status Codes 22, 24, or 26. Refer to the instructions in CFOL Express for How to Determine if Collection is Assigned to Your Case to determine the collection status.
If yes, collection suspension must be made before the request for victim account corrections are submitted. The examiner will follow the directions per IRM 4.10.27.8.2 depending on the collection status code.
If no, the examiner will notate the case activity record or the workpapers to reflect that the TXMOD analysis reflected no collection activity.
Suspending Collection Activity on an Identity Theft Victim's Account
(1) After determining a tax period impacted by identity theft is in Collection status codes 22, 24, or 26, the examiner must suspend collection activity before the request for victim account corrections are submitted.
(2) The examiner must take the following actions if at least one of the identity theft tax years is in collection Status Code 26:
Complete Form 14394, Identity Theft Collection Alert, and notate whether a balance due will remain on the identity theft tax period after the adjustment.
Fax or e-mail the completed Form 14394 to the applicable Collection function.
Note: Obtain the revenue officer’s assignment number from the CL-ASGMT field on the TXMOD. Form 14394 provides instructions to help the examiner locate the assigned revenue officer and fax number.
(3) The examiner must take the following actions if the identity theft tax year(s) is in Status Code 22 or Status Code 24 and no other years are in Status Code 26:
Complete Form 14394 and notate whether a balance due will remain on the identity theft tax period after the adjustment.
E-mail the completed Form 14394 to the appropriate location identified in the instructions on Form 14394.
(4) Document the actions taken on the case activity record or the workpapers.
Determining if a Return is a Nullity Return
(1) A Form 4442 package (IMF) or Form 14566 package (BMF) is submitted to request taxpayer account corrections (see IRM 4.10.27.11). Before submitting the package, the examiner must first determine if a return not filed by the true owner of the TIN is considered a "nullity return." A return that is not valid is a nullity.
(2) Guidance for determining if a return is a nullity is described in the following IRMs:
IMF - IRM 25.25.2.12, Identity Theft Scheme Criteria.
IMF - IRM Exhibit 25.23.4-1, IRPTR/IDRS Data Decision Tree.
BMF - IRM 25.23.9.9.1, Duplicate /Amended Return Research.
(3) If nullity treatment criteria is met, see IRM 4.10.27.9.1.
(4) A return filed under someone else’s TIN may be a valid return if the return was filed with a good-faith effort to comply with the tax laws. The return may be a valid return even if it was prepared with the fraudulent use of someone else’s identifying information.
Example: A return that should be filed under an individual taxpayer identification number (ITIN) that is instead filed under another person’s SSN, which was used by the filer for employment purposes, is a valid return if it reports wages and withholdings of the filer.
Example: A taxpayer submits a tax return but mistakenly enters the wrong TIN resulting in the return being filed under someone else’s TIN. This is an example of a mixed entity (See IRM 21.6.2.4.2, Mixed Entity Procedures). It is a valid return and is not a nullity.
(5) If a valid return filed under an incorrect TIN needs to be moved to a taxpayer’s correct TIN, follow the procedures in IRM 4.10.27.9.2 to have Centralized Case Processing (CCP) reprocess the return to the correct TIN. Additionally, if a valid return filed under an incorrect TIN needs to be moved, but the taxpayer doesn’t have a valid TIN, follow the procedures in IRM 4.10.27.9.3.
Nullity Treatment Criteria Met
(1) If the return is determined to be a nullity, the examiner should follow the applicable instructions in IRM 4.10.27.12 or IRM 4.10.27.13 for correcting the victim’s account.
Nullity Treatment Criteria Not Met - Reprocessing Valid Returns Posted to the Incorrect TIN
(1) This section contains instructions for examiners when it is necessary to reprocess a return to a correct TIN. The instructions can also be used to reprocess a return to a correct tax year.
(2) The examiner will secure the original return. The examiner must determine if the original return was paper filed or electronically filed prior to correcting the TIN (or tax period).
Note: LB&I only: A LB&I Imaging Network (LIN) return cannot be used as the document to be reprocessed. The original return must be secured.
(3) To determine if the original return was paper filed (and secure the paper return):
Secure a print of Command Code (CC) IMFOL or BMFOL ‘I’. Under the "Return Posted" column, if the tax period displays "Posted", it means that a paper return was filed. The examiner can secure the original paper return from the campus by requesting CC ESTAB using Form 2275, Records Request, Charge and Recharge. Submit the completed form to the Area AIMS/ERCS Analyst for processing.
The Area AIMS/ERCS Analyst will either receive the return and forward it to the requestor or a Form 4251, Return Charge-Out, will be sent stating where the return can be located or that the return is "Not in File."
The Area AIMS/ERCS Analyst will follow the lead provided on Form 4251 and inform the requestor of their findings. If the return is "Not in File" follow instructions in (d) below.
If the return cannot be secured through ESTAB, submit a "Special Search" request on Form 2275 to the Area AIMS/ERCS Analyst to forward to campus to search the files. See IRM 3.5.61.16.1, Background.
If the original return could not be secured using the procedures above, contact the taxpayer to request a copy of the return (if not already provided). The copy may be reprocessed by following the applicable steps outlined in paragraph 4 below.
(4) If the paper filed return still cannot be secured using the procedures above, a Dummy Return must be created. Available command codes, such as CC RTVUE / BRTVU or TRDBV, may provide sufficient information to recreate the return. If enough information is available, a "dummy" return can be completed and forwarded to Submission Processing for posting to the correct TIN (or tax Period).
Attach a print of the command code information secured to the back of the "dummy" return. Secure a CC TRDBV print to obtain the correct tax return numbers to enter on a tax return you will complete for the reprocessing. Write Dummy Return across the top of the tax return.
Write the Document Locator Number (DLN) from the document that could not secured across the top right hand corner of the "Dummy Return."
Note: Do not request the return from files or Modernized e-file system (MeF) and use for reprocessing "Dummy Returns."
(5) To determine if the original return was filed electronically, secure a print of CC IMFOL or BMFOLI ‘I’. Under the "Return Posted" column, if the tax period displays "MEF", it means that the return was filed electronically. An electronically filed return can also be determined by the first two digits of the DLN, associated with the TC 150 - see Document 6209, IRS Processing Codes and Information, Section 4 (3), Campus and File Location Codes, for a list of electronic filing DLNs.
(6) If it is determined that the taxpayer filed an electronic return, the return can be secured using Modernized e-file (MeF) application, Return Request Display (RRD) in the Employee User Portal (EUP). CC TRPRT (Tax Return print) can also be requested and used to reprocess the return. A TRPRT is a graphical (form image) print of a tax return stored on TRDB (Tax Return Data).
(7) The examiner will complete Form 3870 and:
Annotate in Item 11, "Reason for Adjustment," the following comments: "Return posted to the incorrect TIN (or tax period). Please reprocess the attached return to the following TIN (or tax period)", whichever is applicable.
In Item 30, "Remarks," provide a complete explanation of how the account is to be reprocessed.
Note: IMMINENT OR EXPIRED STATUTE - Special handling is required to avoid a barred statute. A statement must be made on Form 3870 Item 30, Remarks, if the Assessment Statute Expiration Date (ASED) on the incorrect year or TIN has expired or is within six months of expiring. The statement should include remarks that "The ASED IS IMMINENT OR EXPIRED and that an account transfer may be necessary."
(8) Keep a copy of the return information and other pertinent documents for your files.
Note: The AIMS/ERCS database of the incorrect TIN (or tax period) will remain in the group status. Do not update the status of the incorrect account to CCP.
(9) Forward the return and Form 3870 to CCP by either mail or EEFax. If the original return is secured, it must be mailed. All other forms of the return can be e-faxed to CCP.
(10) If mailing an original return and Form 3870 to CCP, use the following address and mail via overnight mail:
SB/SE Areas 201-207:
IRS - Centralized Case Processing
ATTN: FORT (Field Office Resource Team)
5333 Getwell Road
Memphis, TN 38118
EFax: See CCP Exam EFax Numbers for the EFax number to CCP in Memphis.
Areas 212-214 and 315:
IRS - Centralized Case Processing
ATTN: CCP Manager
Mail Stop 8412-G
7940 Kentucky Drive
Florence, KY 41042
Fax: See CCP Exam EFax Numbers for the EFax number to CCP in Cincinnati.
LB&I Groups:
IRS - CCP - Mail Stop 4020
ATTN: FORT
1973 N. Rulon White Blvd.
Ogden, UT 84404-5402
Fax: See CCP Exam EFax Numbers for the EFax number to CCP in Ogden.
(11) The reprocessing of returns takes approximately eight weeks to complete.
(12) Once the examiner has been notified by CCP that the reprocessing action has been completed, the group must close both the AIMS and ERCS controls for the incorrect TIN (or tax period) by completing Form 10904, Request for Record Deletion from AIMS/ERCS, using Disposal Code 33.
(13) The group will close the AIMS and ERCS controls on the incorrect TIN (or tax period) once notified by CCP that the reprocessing action has been completed. AIMS and ERCS controls are closed by completing Form 10904, Request for Record Deletion from AIMS/ERCS, using Disposal Code 33. Provide the reason for the request on the form. Update the ERCS record to status 41 and forward Form 10904 to the local AIMS/ERCS analyst for processing.
Note: Do not send Form 10904 to CCP for input.
(14) The group will establish AIMS/ERCS controls using the correct TIN (or tax period) with managerial approval. Assistance from the local AIMS/ERCS analyst is available as needed.
(15) Once the return is reprocessed, AIMS/ERCS controls have been closed on the incorrect TIN (or tax period), and AIMS/ERCS controls have been established on the correct TIN (or tax period), the examiner can forward their completed audit to the appropriate CCP FORT or Technical Services office for final closure of the examination.
Nullity Treatment Criteria Not Met - Reprocessing Valid Returns for Taxpayers with no TIN
(1) When the taxpayer does not have a TIN and an adjustment needs to be made to the taxpayer’s account on MF, the following options are available:
The taxpayer may request a temporary TIN called an Individual Taxpayer Identification Number (ITIN). The ITIN is given by the IRS, not the Social Security Administration, and begins with the number "9".
The IRS may request a TIN for the taxpayer called an Internal Revenue Service Number (IRSN).
(2) If the taxpayer does not have an EIN or SSN and refuses to file Form SS-4, Application for Employer Identification Number, or Form SS-5, Application for a Social Security Number Card (Original, Replacement or Correction), the examiner can secure an IRSN by completing Form 4442, Inquiry Referral, for BMF taxpayers or Form 9956, Request for Temporary SSN, for IMF taxpayers. Follow the instructions below:
Form 4442 is faxed to the Entity function at the Cincinnati Campus or Ogden Campus for BMF taxpayers.
Form 9956 is faxed to the Entity function at the Austin Campus or Fresno Campus for IMF taxpayers.
Instructions for completion of Form 4442 are included on the form. In addition, when requesting an EIN for a BMF taxpayer, include your request in "Section B - Taxpayer Inquiry/Proposed Resolution" stating you are requesting an IRSN for a BMF taxpayer and request the account be established on MF.
When completing Form 9956 be sure to check the "YES" box next to the question "Would you like the account established on Master File."
(3) For additional information on TINs, see IRM 3.13.2, BMF Account Numbers, and IRM 3.13.5, Individual Master File (IMF) Account Numbers.
(4) Once the taxpayer has a valid TIN, the valid return filed under someone else’s TIN may be reprocessed to the taxpayer’s TIN following procedures in IRM 4.10.27.9.2.
Statute of Limitations and Statute Control for Identity Theft Cases
(1) The posting of the identity thief’s return usually results in a false statute date on the victim’s account. Once the examiner determines the taxpayer was a victim of identity theft, the victim's statute must be controlled and protected. The examiner is responsible for controlling statutes on his or her assigned cases. See IRM 25.6.23.4, Responsibilities of Managers and Employees.
(2) If the victim has previously filed a return (TC 976 duplicate posting on the module) or the victim files a delinquent return with the examiner, the statute is determined by the date the victim’s return was received by the IRS. The group must follow the guidance set forth in IRM 25.6.23, Examination Process—Assessment Statute of Limitations Controls.
Note: See IRM 4.10.27.17 (4) for information about the statute of limitations when a valid return is flagged as an identity theft return and posted to MFT 32 due to the IRS’s Taxpayer Protection Program.
(3) If the victim has not filed a return, the statute will be updated to alpha code EE, No Return Filed - section 6501(c)(3), per directions provided in IRM 25.6.23.5.1.1(2), Time for Initiating Controls. Also see IRM 25.6.1.6.14, Criteria for Establishing a Statute of Limitations Period, for additional guidance on identity theft related returns.
Note: Before updating the statute to alpha code EE, the ARC on the case must be changed from 014 to 026 to bypass the MF ASED update to AIMS. If the ARC 026 is not entered, the statute date will revert back to the statute date based on the identity thief’s return.
(4) When a late filed return is received from a taxpayer, the examiner will replace the EE statute designation with a true statute expiration date based on the date the return was received by the IRS. See IRM Exhibit 25.6.23-3, Instructions for Updating the Statute on AIMS.
(5) A list of Technical Services statute coordinators is available in the Technical Services book on Knowledge Management.
Identity Theft Post Function Account Adjustment Referrals
(1) Examiners must prepare an identity theft post function account adjustment referral to correct an identity theft victim’s account. Generally, to correct the victim’s account, the examiner must reverse the identity thief’s return, including audit adjustments posted to the victim's account due to the audit of the identity thief's return, and correctly process and post the victim’s return.
(2) Examiners must obtain written managerial approval prior to submitting any referrals and/or requests to correct an identity theft victim’s account. For IMF, see IRM 4.10.27.12.3 (1). For BMF, see IRM 4.10.27.13.2.
(3) To input reversals for IMF identity theft, the examiner must submit the identity theft post function account adjustment referral, hereinafter referenced as the Form 4442 package, to the BITER team as described in IRM 4.10.27.12.
(4) To input reversals for BMF identity theft, the examiner must submit, through their BOD’s designated BMF Identity Theft Liaison, the identity theft post function account adjustment referral, hereinafter referenced as the Form 14566 package to the W&I-AM BMF team as described in IRM 4.10.27.13.1. Refer to the tables in IRM 4.10.27.13 to determine the appropriate steps required for BMF identity theft account corrections.
Note: W&I-AM BMF does not reverse audit adjustments posted to the victim's account due to the audit of the identity thief's return. The examiner must reverse the audit assessment by following instructions in IRM 4.10.27.13 (3)
Form 4442 Inquiry Referral and Case Processing Instructions - IMF Identity Theft
(1) Account correction instructions to the BITER team on Form 4442 will vary depending on whether or not a TC 300 has posted to the victim’s account. The examiner must follow either Table 1 Form 4442 Instructions - No TC 300 Posted to Identity Thief’s Return on MF or Table 2 Form 4442 Instructions - TC 300 Posted to Identity Thief’s Return on MF to determine the appropriate actions required to correct the taxpayer's account. Table 1 Form 4442 Instructions—No TC 300 Posted to Identity Thief's Return on MF
IF the victim | AND | THEN follow |
---|---|---|
Does not have a filing requirement | A TC 150 is on the victim's account due to the identity thief's return | |
Has a filing requirement and the victim's secured delinquent return will be accepted as filed (examination not warranted) | A TC 150 is on the victim’s account due to the identity thief's return | |
Has a filing requirement and the victim's secured delinquent return will not be accepted as filed (examination warranted) | A TC 150 is on the victim’s account due to the identity thief's return | |
Has a duplicate return posted on his or her account and the victim's filed return doesn’t warrant examination | The following two conditions are met:
| |
Has a duplicate return posted on his or her account and the victim's filed return warrants examination | The following two conditions are met:
|
IF the victim | AND | THEN follow |
---|---|---|
Does not have a filing requirement | The following two conditions are met:
| |
Has a filing requirement and the victim's secured delinquent return will be accepted as filed (examination not warranted) | The following two conditions are met:
| |
Has a filing requirement and the victim's secured delinquent return will not be accepted as filed (examination warranted) | The following two conditions are met:
| |
Has a duplicate return posted on his or her account and the victim’s filed return doesn’t warrant examination | The following three conditions are met:
| |
Has a duplicate return posted on his or her account and the victim's filed return warrants examination | The following three conditions are met:
|
No TC 300 Posted to MF Cases
(1) IRM 4.10.27.12.1.1 through IRM 4.10.27.12.1.5 provide specific instructions for the examiner to take when processing cases where no TC 300 posted to MF based on the five scenarios outlined in Table 1 at IRM 4.10.27.12.
Victim Has No Filing Requirement
(1) When the victim does not have a filing requirement and a TC 150 is on the victim’s module due to the identity thief's return, follow the steps below.
(2) Step 1: Insert the language below in Part III Section B of Form 4442:
Nullity treatment applies to posted return.
Victim does not have a filing requirement.
Reverse the TC 150 - return information, wages, withholding, credits, tax, and refunds for the identity thief's return, including any interest and penalties.
Address any payments or credits on the account that belong to the true TIN owner (victim).
Input the appropriate TC 971 with an AC 501 or AC 506 upon completing the account corrections.
Inform the examiner by secure e-mail at [insert examiner’s full e-mail address, e.g., Mary.Doe@irs.gov] when the account corrections are complete.
(3) Step 2: Send the completed Form 4442 package to the BITER team for processing. Follow the procedures in IRM 4.10.27.12.3.
(4) Step 3: Follow RGS instructions in IRM 4.10.27.15.
(5) Step 4: After confirming BITER has completed identity theft transaction reversals, delete the AIMS/ERCS record by following the steps below:
Prepare a Form 10904, Request for Record Deletion from AIMS/ERCS, to close the account off AIMS/ERCS.
The examiner or clerical staff will send Form 10904 requesting Disposal Code (DC) 33 to the local AIMS/ERCS unit to process per the examiner’s instructions.
The examiner or clerical staff will monitor the taxpayer's account for the TC 421 posted to MF (verify with IMFOLT) and Status Code 90 on AIMS.
See IRM 4.4.21.2, Deleting AIMS Records - Error Accounts.
Victim Has a Filing Requirement—Victim's Secured Delinquent Return Accepted as Filed
(1) If the victim has a filing requirement and the secured delinquent return will be accepted as filed (examination not warranted) and a TC 150 is on the victim’s account due to the identity thief's return, follow the steps below.
Reminder: The examiner must request input of TC 971 AC 282 as soon as the delinquent return is received. See IRM 4.10.27.16 and IRM 4.4.9.6.1, TC 971 Action Code (AC) 282.
(2) Step 1: Insert the language below in Part III Section B of Form 4442:
Nullity treatment applies to posted return.
Reverse TC 150 - return information, wages, withholding, credits, tax, and refunds for the identity thief's return, including any interest and penalties.
Address any payments or credits on the account that belong to the true TIN owner (victim).
Exam will process the victim’s secured delinquent return.
Input the appropriate TC 971 with an AC 501 or AC 506 upon completing the account corrections.
Inform the examiner by secure e-mail at [insert examiner’s full e-mail address, e.g., Mary.Doe@irs.gov] when the account corrections are complete.
(3) Step 2: Send the completed Form 4442 package to the BITER team for processing. Follow the procedures in IRM 4.10.27.12.3.
Note: Do not forward the victim’s secured delinquent return to the BITER team.
(4) Step 3: After confirming BITER has completed identity theft transaction reversals, follow the secured delinquent return (victim) - accepted as filed case procedures in IRM 4.10.27.16.1 to process the victim’s delinquent return.
(5) Step 4: See IRM 4.10.27.15 for RGS instructions.
(6) Step 5: Close the case to CCP.
Victim Has a Filing Requirement—Victim's Secured Delinquent Return NOT Accepted as Filed
(1) If the victim has a filing requirement and the secured delinquent return will not be accepted as filed (examination warranted) and a TC 150 is on the victim’s account due to the identity thief's return, follow the steps outlined below.
Reminder: The examiner must request input of TC 971 AC 282 as soon as the delinquent return is received. See IRM 4.10.27.16 and IRM 4.4.9.6.1, TC 971 Action Code (AC) 282.
(2) Step 1: Insert the language below in Part III Section B of Form 4442:
Nullity treatment applies to posted return.
Reverse TC 150 - return information, wages, withholding, credits, tax, and refunds for the identity thief's return, including any interest and penalties.
Address any payments or credits on the account that belong to the true TIN owner (victim).
Exam will process the victim’s secured delinquent return.
Input the appropriate TC 971 with an AC 501 or AC 506 upon completing the account corrections.
Inform the examiner by secure e-mail at [insert examiner’s full e-mail address, e.g., Mary.Doe@irs.gov] when the account corrections are complete.
(3) Step 2: Send the completed Form 4442 package to the BITER team for processing. Follow the procedures in IRM 4.10.27.12.3.
Reminder: Do not forward the victim’s secured delinquent return to the BITER team.
(4) Step 3: While the reversals for the identity thief's return data are being processed by the BITER team, the examiner should continue with the examination of the victim’s return.
(5) Step 4: After confirming BITER has completed identity theft transaction reversals, follow the instructions in IRM 4.10.27.16.2 to process the victim’s delinquent return.
(6) Step 5: See IRM 4.10.27.15 for RGS instructions.
Victim's Return Posted as a Duplicate Return—Victim's Return Does Not Warrant Examination
(1) If the following conditions are met:
A TC 150 is on the victim’s module due to the identity thief's return,
A TC 976 (duplicate return indicator) is on the account for the victim’s return that posted after the identity thief's return, and
The victim's return does NOT warrant examination,
(2) Step 1: Insert the language below in Part III Section B of Form 4442:
Nullity treatment applies to the first posted return (TC 150).
Reverse TC 150 - return information, wages, withholding, credits, tax, and refunds for the identity thief's return, including any interest and penalties.
Address any payments or credits on the account that belong to the true TIN owner (victim).
Post the victim’s TC 976 return as the original return.
Input the appropriate TC 971 with an AC 501 or AC 506 upon completing the account corrections.
Inform the examiner by secure e-mail at [insert examiner’s full e-mail address, e.g., Mary.Doe@irs.gov] when the account corrections are complete.
(3) Step 2: Send the completed Form 4442 package to the BITER team for processing. Follow the procedures in IRM 4.10.27.12.3.
(4) Step 3: After receiving e-mail confirmation from the BITER team that the identity thief's return data has been reversed and victim’s return posted, follow procedures in IRM 4.10.2.5.2, Procedures for Surveying Returns After Assignment, to survey the victim’s return.
Exception: Time should not be charged to Activity Code 615, Survey.
(5) Step 4: See IRM 4.10.27.15 for RGS instructions.
Duplicate Return Posted—Victim's Return Warrants Examination
(1) If the following conditions are met:
A TC 150 is on the victim’s account due to the identity thief's return, and
A TC 976 (duplicate return indicator) is on the account for the victim’s return that posted after the identity thief's return,
(2) Step 1: Insert the language below in Part III Section B of Form 4442:
Nullity treatment applies to the first posted return (TC 150).
Reverse TC 150 - return information, wages, withholding, credits, tax, and refunds for the identity thief's return, including any interest and penalties.
Address any payments or credits on the account that belong to the true TIN owner (victim).
Exam will process the victim’s return. The BITER team should not post and process the victim’s TC 976 return when making the reversals.
Input the appropriate TC 971 with an AC 501 or AC 506 upon completing the account corrections.
Inform the examiner by secure e-mail at [insert examiner’s full e-mail address, e.g., Mary.Doe@irs.gov] when the account corrections are complete.
(3) Step 2: Send the completed Form 4442 package to the BITER team for processing. Follow the procedures in IRM 4.10.27.12.3.
(4) Step 3: While the reversals for the identity thief's return data are being made, the examiner should continue with the examination of the victim’s return. Use a TRDBV print or request a CIS print from your AIMS/ERCS analyst to obtain the figures for the victim’s TC 976 return.
(5) Step 4: After confirming BITER has completed identity theft transaction reversals, follow IRM 4.10.27.16.2 to process the victim’s duplicate return.
(6) Step 5: See IRM 4.10.27.15 for RGS instructions.
TC 300 Posted to MF Cases
(1) IRM 4.10.27.12.2.1 through IRM 4.10.27.12.2.5 provides specific instructions for the examiner to take when processing cases where a TC 300 posted to MF based on the five scenarios outlined in Table 2 in IRM 4.10.27.12.
Victim Has No Filing Requirement
(1) When the victim does not have a filing requirement and the following two conditions are met:
A TC 150 is on the victim’s module due to the identity thief's return and
Audit codes are posted on the victim’s account due to the audit of the identity thief's return (TC 420, TC 300, etc.),
(2) Step 1: Insert the language below in Part III Section B of Form 4442:
Nullity treatment applies to posted return.
Victim does not have a filing requirement.
Reverse the TC 150 - return information, wages, withholding, credits, tax, and refunds for the identity thief's return, including any interest and penalties.
Reverse the TC 300 assessed amount from the audit of the identity thief's return, including interest and penalties.
Address any payments or credits on the account that belong to the true TIN owner (victim).
Input the appropriate TC 971 with an AC 501 or AC 506 upon completing the account corrections.
Inform the examiner by secure e-mail at [insert examiner’s full e-mail address, e.g., Mary.Doe@irs.gov] when the account corrections are complete.
(3) Step 2: Send the completed Form 4442 package to the BITER team for processing. Follow the procedures in IRM 4.10.27.12.3.
(4) Step 3: Follow RGS instructions in IRM 4.10.27.15.
Note: Disposition of the case file depends on whether or not the case contains a reopened tax year. Reopened tax year is defined as an examination record that was closed and still on AIMS in Status Code 90. See IRM 4.4.23.8.2, Reopening.
(5) Step 4: After confirming BITER has completed identity theft transaction reversals, close or delete the AIMS/ERCS record (the steps used to close or delete the AIMS/ERCS record and each return in the will depend on whether the return was reopened). For returns that have been reopened, follow the steps in the Identity Theft RGS Procedures - Reopened Return When Victim Does Not Have a Filing Requirement or Victim’s Posted Duplicate Return (TC 976) Does Not Warrant Examination job aid to close the AIMS/ERCS record. For returns that have not been reopened, follow the steps below to delete the AIMS/ERCS record:
Prepare a Form 10904, Request for Record Deletion from AIMS/ERCS, to close the account off AIMS/ERCS.
The examiner or clerical staff will send Form 10904 requesting Disposal Code (DC) 33 to the local AIMS/ERCS unit to process per the examiner’s instructions.
The examiner or clerical staff will monitor the taxpayer's account for the TC 421 posted to MF (verify with IMFOLT) and Status Code 90 on AIMS.
See IRM 4.4.21.2, Deleting AIMS Records - Error Accounts.
Note: The reopened return indicator is shown on the AMDISA transcript. See IRM 4.4.26.4, Identifying Reopened Records.
Note: If an examiner has a case with both reopened and non-reopened returns, the examiner must split the case into two separate case files and follow the procedures applicable for each return type.
Victim Has a Filing Requirement—Victim's Secured Delinquent Return Accepted as Filed
(1) If the victim has a filing requirement and the secured delinquent return will be accepted as filed (examination not warranted) and the following conditions are met:
TC 150 is on the victim’s account due to the identity thief's return, and
Audit codes are posted on the victim’s account due to the audit of the identity thief's return (TC 420, TC 300, etc.),
Reminder: The examiner must request input of TC 971 AC 282 as soon as the delinquent return is received. See IRM 4.10.27.16 and IRM 4.4.9.6.1, TC 971 Action Code (AC) 282.
(2) Step 1: Use the language below in Part III Section B of Form 4442:
Nullity treatment applies to posted return.
Reverse TC 150 - return information, wages, withholding, credits, tax, and refunds for the identity thief's return, including any interest and penalties.
Reverse the TC 300 assessed amount from the audit of the identity thief's return, including interest and penalties.
Address any payments or credits on the account that belong to the true TIN owner (victim).
Exam will process the victim’s secured delinquent return.
Input the appropriate TC 971 with an AC 501 or AC 506 upon completing the account corrections.
Inform the examiner by secure e-mail at [insert examiner’s full e-mail address, e.g., Mary.Doe@irs.gov] when the account corrections are complete.
(3) Step 2: Send the completed Form 4442 package to the BITER team for processing. Follow the procedures in IRM 4.10.27.12.3.
Reminder: Do not forward the victim’s secured delinquent return to the BITER team.
(4) Step 3: After confirming BITER has completed identity theft transaction reversals, follow the secured delinquent return (victim) - accepted as filed case procedures in IRM 4.10.27.16.1 to process the victim’s delinquent return.
(5) Step 4: See IRM 4.10.27.15 for RGS instructions.
(6) Step 5: Close the case to CCP.
Victim Has a Filing Requirement—Victim Secured Delinquent Return NOT Accepted as Filed
(1) If the victim has a filing requirement and the secured delinquent return will not be accepted as filed (examination warranted) and the following conditions are met:
TC 150 is on the victim’s module due to the identity thief's return, and
Audit codes are posted on the victim’s account due to the audit of the identity thief's return (TC 420, TC 300, etc.),
Reminder: The examiner must request input of TC 971 AC 282 as soon as the delinquent return is received. See IRM 4.10.27.16 and IRM 4.4.9.6.1, TC 971 Action Code (AC) 282.
(2) Step 1: Insert the language below in Part III Section B of Form 4442:
Nullity treatment applies to posted return.
Reverse TC 150 - return information, wages, withholding, credits, tax, and refunds for the identity thief's return, including any interest and penalties.
Reverse the TC 300 assessed amount from the audit of the identity thief's return, including interest and penalties.
Address any payments or credits on the account belong to the true TIN owner (victim).
Exam will process the victim’s secured delinquent return.
Input the appropriate TC 971 with an AC 501 or AC 506 upon completing the account corrections.
Inform the examiner by secure e-mail at [insert examiner’s full e-mail address, e.g., Mary.Doe@irs.gov] when the account corrections are complete.
(3) Step 2: Send the completed Form 4442 package to the BITER team for processing. Follow the procedures in IRM 4.10.27.12.3.
Reminder: Do not forward the victim’s secured delinquent return to the BITER team.
(4) Step 3: While the reversals for the identity thief's return data are being processed by the BITER team, the examiner should continue with the examination of the victim’s return.
(5) Step 4: After confirming BITER has completed identity theft transaction reversals, follow the instructions in IRM 4.10.27.16.2 to process the victim’s delinquent return.
(6) Step 5: See IRM 4.10.27.15 for RGS instructions.
Victim's Return Posted as a Duplicate Return—Victim's Return Does NOT Warrant Examination
(1) If the following conditions are met:
A TC 150 is on the victim’s account due to the identity thief's return,
A TC 976 (duplicate return indicator) is on the account for the victim’s return that posted after the identity thief's return,
Audit codes are posted on the victim’s account due to the audit of the identity thief's return (TC 420, TC 300, etc.), and
The victim's return does NOT warrant examination.
(2) Step 1: Insert the language below in Part III, Section B of Form 4442:
Nullity treatment applies to the first posted return (TC 150).
Reverse TC 150 - return information, wages, withholding, credits, tax, and refunds for the identity thief's return, including any interest and penalties.
Reverse the TC 300 assessed amount from the identity thief's return audit, including interest and penalties.
Address any payments or credits on the account that belong to the true TIN owner (victim).
Post the victim’s TC 976 return as the original return.
Input the appropriate TC 971 with an AC 501 or AC 506 upon completing the account corrections.
Inform the examiner by secure e-mail at [insert examiner’s full e-mail address, e.g., Mary.Doe@irs.gov] when the account corrections are complete.
(3) Step 2: Send the completed Form 4442 package to the BITER team for processing. Follow the procedures in IRM 4.10.27.12.3.
(4) Step 3: After receiving e-mail confirmation from the BITER team that the identity thief's return data has been reversed and victim’s return posted, follow procedures in IRM 4.10.2.5.2, Procedures for Surveying Returns After Assignment, to survey the victim’s return.
Exception: Time should not be charged to Activity Code 615, Survey.
Exception: Returns that have been reopened cannot be surveyed. If the return was reopened on AIMS, follow the steps in the Identity Theft RGS Procedures - Reopened Return When Victim Does Not Have a Filing Requirement or Victim’s Posted Duplicate Return (TC 976) Does Not Warrant Examination job aid.
Reminder: If an examiner has a case with both reopened and non-reopened returns, the examiner will split the case into two separate files and follow the procedures applicable for each return type.
(5) Step 4: See IRM 4.10.27.15 for RGS instructions.
Duplicate Return Posted—Victim's Return Warrants Examination
(1) If the following conditions are met:
A TC 150 is on the victim’s account due to the identity thief's return,
A TC 976 (duplicate return indicator) is on the account for the victim’s return that posted after the identity thief's return,
Audit codes are posted on the victim’s account due to the audit of the identity thief's return (TC 420, TC 300, etc.), and
The victim's return warrants examination,
(2) Step 1: Insert the language below in Part III Section B of Form 4442:
Nullity treatment applies to the first posted return (TC 150).
Reverse TC 150 - return information, wages, withholding, credits, tax, and refunds for the identity thief's return, including any interest and penalties.
Reverse the TC 300 assessed amount from the audit of identity thief's return, including interest and penalties.
Address any payments or credits on the account that belong to the true TIN owner (victim).
Exam will process the victim’s return. The BITER team should not process or post the victim’s TC 976 return when making the reversals.
Input the appropriate TC 971 with an AC 501 or AC 506 upon completing the account corrections.
Inform the examiner by secure e-mail at [insert examiner’s full e-mail address, e.g., Mary.Doe@irs.gov] when the account corrections are complete.
(3) Step 2: Send the completed Form 4442 package to the BITER team for processing. Follow the procedures in IRM 4.10.27.12.3.
(4) Step 3: While the reversals for the identity thief's return data are being made, the examiner should continue with the examination of the victim’s return. Use a TRDBV print or request a CIS print from your AIMS/ERCS analyst to obtain the figures for the victim’s TC 976 return.
(5) Step 4: After confirming BITER has completed identity theft transaction reversals, follow IRM 4.10.27.16.2 to process the victim’s duplicate return.
(6) Step 5: See IRM 4.10.27.15 for RGS instructions.
Form 4442 Package Content, Assembly, and Submission
(1) The examiner must prepare the Form 4442 package containing the following:
Form 4442
Note: The group manager must sign Form 4442 (Part I, Line 7) to show approval for account corrections.
Copy of the victim’s identity theft substantiation documentation (e.g., Form 14039, police report, etc.)
CC MFTRA U print, if secured (do not attach any other IDRS prints because the BITER team will secure if needed)
Any correspondence to or from the victim
(2) A separate Form 4442 must be prepared and submitted to the BITER team for each tax year that reversals need to be made on a victim’s account. Supporting documentation does not need to be duplicated and attached to each year. The supporting documentation, if the same for all years involved, only has to be attached to the most recent year’s Form 4442 (e.g., 2018, 2019, and 2020, only attach supporting documentation to Form 4442 for 2020).
Reminder: If a TC 971 with AC 522 and tax administration source code IRSID is on the account and the examiner is able to make a determination that the taxpayer is a victim of identity theft using internal research, they should not request supporting documentation.
(3) When preparing Form 4442:
Write "EXPEDITE - IDENTITY THEFT" across the top of each Form 4442.
Input "FIELD EXAM" or "LB&I" and include your Area’s primary business code (PBC) in Part 1, Box 4 - Location.
Include specific instructions (in Part III Section B) on actions needed to correct the account. See IRM sections referenced in Table 1 or Table 2 in IRM 4.10.27.12 for specific language to be used in Part III Section B. Attach a continuation sheet to Form 4442 if additional space is needed to provide instructions to the BITER team.
Note: If the IRS identified the identity theft, the Form 4442 should be noted, "IRS identified, substantiation documentation not required."
(4) To submit the "Form 4442 Package" to the BITER team, send an encrypted e-mail to *SBSE CCS BSC EXAM IDT.
(5) Incomplete referrals will be rejected back to the originating group.
(6) BITER will assign a CIS number to the referral and provide it to the examiner by email.
(7) While the reversals for the identity thief’s return data are being processed by the BITER team, examiners should continue with the examination of the victim’s return, if warranted. BITER will notify the examiner when the actions are completed.
(8) Examiners should periodically check transcripts to see if the reversals are posted on the account even if a confirmation e-mail has not been received. The examiner should follow-up if no contact from the BITER team is received within 12 to 15 weeks. If needed, contact the Area PSP Identity Theft Coordinator for assistance.
Resolving BMF Identity Theft Cases
(1) This section provides procedures for resolving BMF identity theft cases when an identity thief’s return has posted to the victim’s account. Account correction instructions will vary depending on whether or not a TC 300 has also posted to the victim’s account.
(2) No TC 300 Posted to MF - Follow the procedures in the table below based on the facts and circumstances of the case.
Note: If a delinquent return is secured from the victim, the examiner must request input of TC 971 AC 282 as soon as the delinquent return is received. See IRM 4.10.27.16 and IRM 4.4.9.6.1, TC 971 Action Code (AC) 282.
IF | THEN |
---|---|
Victim Has No Filing Requirement |
|
Victim Has a Filing Requirement—Victim's Secured Delinquent Return Accepted as Filed |
|
Victim Has a Filing Requirement—Victim's Secured Delinquent Return NOT Accepted as Filed |
|
Victim's Return Posted as a Duplicate Return—Victim's Return Does Not Warrant Examination |
|
Duplicate Return Posted—Victim's Return Warrants Examination |
|
(3) TC 300 Posted to MF - W&I-AM BMF does not adjust prior examination assessments (TC 300). To reverse examination assessments on the identity thief’s return, the examiner must incorporate the adjustments into an examination report (e.g., Form 4549-A, Report of Income Tax Examination Changes (Without Taxpayer Signature)) and process as an abatement following the procedures in the table below, based on the facts and circumstances of the case.
Reminder: The examiner must obtain written approval from the group manager prior to any account corrections, including abating a prior examination assessment.
Note: Exam must reverse the examination assessment prior to submitting the Form 14566 package to back out the identity thief’s return.
Note: If a delinquent return is secured from the victim, the examiner must request input of TC 971 AC 282 as soon as the delinquent return is received. See IRM 4.10.27.16 and IRM 4.4.9.6.1, TC 971 Action Code (AC) 282.
IF | THEN |
---|---|
Victim Has No Filing Requirement |
|
Victim Has a Filing Requirement—Victim's Secured Delinquent Return Accepted as Filed |
|
Victim Has a Filing Requirement—Victim's Secured Delinquent Return NOT Accepted as Filed |
|
Victim's Return Posted as a Duplicate Return—Victim's Return Does Not Warrant Examination |
|
Duplicate Return Posted—Victim's Return Warrants Examination |
|
BMF Identity Theft Referral (Form 14566 Package) Instructions
(1) A Form 14566 package is required to be submitted to the W&I-AM BMF function for BMF identity theft account corrections.
Reminder: The examiner must obtain managerial approval prior to submitting Form 14566, BMF Identity Theft Referral.
Reminder: W&I-AM BMF does not reverse prior examination assessments (TC 300). If the BMF identity thief’s return was audited, the examiner must reverse the examination assessment by following instructions in IRM 4.10.27.13 (3).
(2) The examiner must prepare the Form 14566 package containing the following:
Form 14566
Copy of the victim’s identity theft substantiation documentation (e.g., Form 14039, Identity Theft Affidavit; Form 14039-B, Business Identity Theft Affidavit; police report, etc.)
Other documentation supporting a determination of identity theft (IDRS research, etc.)
Any correspondence to or from the victim
(3) Examiners should refer to IRM Exhibit 25.23.9-6, Business Master File (BMF) Identity Theft Referral Form, for instructions on completing Form 14566. In the "Explanation for identity theft determination (required)" section, enter instructions or language regarding account corrections requested. Some or all of the language used on Form 4442, Inquiry Referral, for IMF identity theft cases (see IRM 4.10.27.12.1.1 through IRM 4.10.27.12.1.5) may be applicable for BMF account correction requests and can be used on Form 14566 as appropriate, based on the facts and circumstances of the case.
Exception: The input of AC 501 or AC 506 on the account upon completion of account corrections is only used for IMF identity theft and is not applicable to BMF identity theft. In the instructions on Form 14566, the examiner should request input of TC 971 AC 522 and tax administration SC "CLSIDT" upon completion of the account corrections. See IRM 25.23.9.6.3, Closing Business Master File (BMF) Identity Theft Issues - Transaction Code (TC) 971 Action Code (AC) 522 CLSIDT.
(4) A separate Form 14566 must be prepared for each tax year that reversals need to be made on a victim’s account. Supporting documentation does not need to be duplicated and attached to each year. The supporting documentation, if the same for all years involved, only has to be attached to the most recent year Form 14566 (e.g., 2018, 2019, and 2020, only attach supporting documentation to Form 14566 for 2020).
Note: If a TC 971 with AC 522 and tax administration source code IDTCLM is on the account and the examiner is able to make a determination that the taxpayer is a victim of identity theft using internal research, they should not request supporting documentation.
(5) To submit the Form 14566 package, send an encrypted e-mail to your BOD’s (SB/SE Field Exam or LB&I) BMF Identity Theft Liaison. The liaison will review the package for accuracy and completeness and forward to the BMF identity theft liaison for W&I-AM BMF. The W&I-AM BMF liaison will acknowledge receipt of the referral within three business days and advise the referring function the case has been accepted into their inventory and assigned to the appropriate team for resolution.
(6) The estimated timeframe for completion of account corrections is 30 days. W&I-AM BMF may advise more time is needed depending on the account correction actions requested. Once all requested actions have been taken, the W&I-AM BMF employee will return the completed BMF identity theft referral to their liaison, who will then send it through the originator’s BMF identity theft liaison and they will return it to the examiner. See IRM 25.23.9.8, Business Master File (BMF) Identity Theft Referrals.
(7) The examiner should monitor the account and follow-up with their BOD’s BMF identity theft liaison if account corrections are not processed within 60 days.
Managerial Approval for BMF Account Corrections
(1) All Identity theft account corrections must be approved, in writing, by the group manager. Unlike the Form 4442 used for IMF identity theft, the forms used to correct BMF accounts do not include a place for the manager’s signature; therefore, it is necessary to obtain written managerial approval for BMF account corrections in an alternative manner. The written approval method can be at local management’s discretion as long as the written approval:
Includes a description of the specific BMF identity theft issues (e.g., identity thief’s return posted to the victim’s account, prior audit assessment based on the identity thief’s return), similar to the information included on Form 4442 to correct IMF identity theft.
Clearly shows what actions the examiner is taking to correct the account (e.g., submit Form 14566 package to reverse the identity thief’s return, submit an abatement request to CCP to reverse a prior audit assessment), and
Shows the manager approved each action.
(2) The following are examples of how written managerial approval can be obtained for BMF account correction (not all-inclusive).
Example: The examiner sends the manager an encrypted e-mail asking for approval to submit an abatement request to CCP and a Form 14566 package to W&I -AM BMF to correct the victim’s account. The email includes an explanation that an identity thief’s return posted to the taxpayer’s account and there is a TC 300 on the account due to a prior audit of the identity theft return, both of which need to be reversed. The examiner attaches the taxpayer’s identity theft substantiation and the completed account corrections forms (e.g., Form 14566, Form 4549-A, Form 5344, etc.) to the email for the manager’s review. The manager replies to the email with an affirmative statement of approval.
Example: The examiner discusses the identity theft issue(s), including necessary account corrections, with the group manager and the manager gives approval for the examiner to submit a Form 14566 package to W&I-AM BMF to back out the identity thief’s return. The examiner documents the details of the discussion and the manager’s concurrence on Form 9984, Examining Officer’s Activity Record, or on a supporting workpaper and provides to the manager for signature. The manager signs Form 9984 or the supporting workpaper to show approval.
Example: The examiner completes Form 14566 and the documents to abate a prior audit assessment, and submits them to the manager. The manager signs Form 5344 in the "Comments" section and signs Form 14566 in the "Explanation for identity theft determination (required)" section to show approval.
(3) The examiner must save the manager’s written approval in the RGS case file. See IRM 4.10.27.15 for RGS procedures.
Additional BMF Considerations
(1) BMF identity theft can affect a taxpayer in many ways and often requires actions by various functions to resolve. When actions are needed by another function to resolve a BMF identity theft issue, examiners should complete Form 14566, BMF Identity Theft Referral, and submit it to their BOD’s designated BMF Identity Theft Liaison for forwarding to the correct function. See IRM 25.23.9.3, Business Master File (BMF) Identity Theft Liaisons, and IRM 25.23.9.8, Business Master File (BMF) Identity Theft Referrals. Examples of situations in which an examiner may need to make a referral to another function for assistance with BMF identity theft issues include:
The examiner determines there is a fabricated EIN that was established for the sole purpose of defrauding the government through the filing of IMF and BMF false refund returns or income documents and the MF account needs to be locked. See IRM 25.23.9.8.1, Fabricated or Inactive Employer Identification Number (EIN) Procedures, and IRM 25.23.9.8.4, Referrals to Lock the Account.
The examiner needs assistance from Return Integrity and Compliance Services (RICS) or Criminal Investigation (CI) to determine if an EIN is fabricated. See IRM 25.23.9.8.2, Referrals to Return Integrity and Compliance Services (RICS), and IRM 25.23.9.8.3, Referrals to Criminal Investigation (CI).
The examiner discovers an identity thief has filed false income documents (e.g., Form W-2, Wage and Tax Statement). See IRM 25.23.9.8.5, Referrals to Combined Annual Wage Reporting (CAWR).
Reminder: Written managerial approval is required prior to making a referral or request to make changes to a taxpayer’s account.
Report Generation Software (RGS) Procedures
(1) An RGS record is required for all identity theft cases in which the group has open examination controls. The examiner must either create the RGS case or secure the RGS case from Archives (if a prior audit of the identity thief’s return was closed). See IRM 4.10.15.5, Creating Cases, and IRM 4.10.15.5.1, Retrieving Closed Cases. If identity theft work is performed for a prior or subsequent year that is not open for examination, all relevant identity theft documentation must be saved in the RGS file for the primary case. Refer to IRM 4.10.27.15.1 for documents that must be saved in the case file.
(2) A separate miscellaneous issue with a "6XX" reference code (e.g., IMF code or SAIN 76150 available under Miscellaneous) must be created in RGS for identity theft and indexed on Form 4318, Examination Workpapers Index. See Creating Form 4318-600 Items.
(3) Identity theft documentation (e.g., issue-specific lead sheet and supporting workpapers, correspondence, affidavits, etc.) must be properly indexed, digitized, named, and organized in the RGS case file in accordance with electronic case file procedures. For information on saving and naming files in RGS, see IRM 4.10.15, Report Generation Software, and any related interim guidance that affects the content in IRM 4.10.15. Also see the Electronic Case Procedures book in the Exam Procedures Knowledge Base and RGS File Naming Conventions job aid.
(4) RGS procedures for identity theft cases are based on the facts and circumstances for each return, including whether or not a TC 300 for a prior audit has posted to the victim’s account.
IMF (all) and BMF (no TC 300 posted to MF) identity theft cases: Refer to the Identity Theft RGS Procedures - IMF (All) and BMF (No TC 300 Posted to MF) job aid.
BMF identity theft cases with TC 300 posted to MF: Refer to the Identity Theft RGS Procedures - BMF (TC 300 Posted to MF) job aid.
Reopened return when victim does not have a filing requirement or victim’s posted duplicate return (TC 976) does not warrant examination: Refer to Identity Theft RGS Procedures - Reopened Return When Victim Does Not Have a Filing Requirement or Victim’s Posted Duplicate Return (TC 976) Does Not Warrant Examination job aid
RGS Case File Contents
(1) The RGS case file will generally include but is not limited to the following:
Identity thief's return (or RTVUE or BRTVU of identity thief's return)
Form 9984, Examining Officer’s Activity Record
Form 4251, Return Charge-Out, for the identity thief's return, if applicable
Form 2363, Master File Entity Change
Form 5348, AIMS/ERCS Update
Form 14394, Identity Theft Collection Alert
Audit reports, workpapers, 30/90 day letters, and other pertinent audit documents if the identity thief's return was previously audited
Form 14039, Identity Theft Affidavit
Form 14027-B, Identity Theft Case Referral
Form 14566, BMF Identity Theft Referral
Form 14039-B, Business Identity Theft Affidavit
Police report, if applicable
Documentation secured from victim
Any other significant documentation secured or prepared (e.g., Form 4442 package, Form 14566 package, partial abatement/assessment documentation, etc.) while assisting the victim
Identity theft issue lead sheet
Reminder: The RGS case file must be organized in accordance with electronic case file procedures and established file naming conventions must be used when saving documents in the case file. See RGS File Naming Conventions job aid.
Processing Secured Delinquent Returns (Victim) and TC 976 (Victim) Duplicate Returns
(1) This subsection describes the actions an examiner must take when a delinquent return is secured from the victim. Procedures for processing a TC 976 duplicate return that warrants examination are also covered. The processing and closing of the victim’s secured delinquent return (or TC 976 duplicate return) after the account is corrected is the same as the processing and closing of a delinquent return secured after the posting of a substitute for return (SFR).
(2) Once an examiner secures a delinquent return, the examiner must take the following actions as outlined in IRM 4.4.9.6, Delinquent Return Received After SFR TC 150 Posted at MF.
Request the input of a TC 971 AC 282 to update MF to show that Examination secured a delinquent return. This step should be done by the group as soon as the return is secured. See IRM 4.4.9.6.1, TC 971 Action Code (AC) 282, for procedures.
Note: *The date used to compute the ASED may not be the date the examiner received the tax return if the taxpayer had filed a perfected, valid return at an earlier time and the return was solely rejected because the taxpayer was a victim of identity theft. See IRM 25.6.1.6.15, When a Document is Treated as Filed Under the IRC, and Treas. Reg. 301.7502–1(d).
Establish ASED on AIMS/ERCS by inputting Form 5348, AIMS/ERCS Update (Examination Update), to request the statute date be updated on AIMS and ERCS. Managerial approval is required for statute updates. See IRM 4.4.9.6.2.2, Establish ASED on AIMS/ERCS.
Update the activity code on AIMS/ERCS to reflect the information reported on the delinquent return as soon as possible. At the latest, the activity code must be updated by the time the case leaves the group. See IRM 4.4.9.6.2.4, Activity Code. Also see Code Listings for a list of activity codes and their definitions.
(3) If the secured delinquent return is accepted as filed, see IRM 4.10.27.16.1. If the secured delinquent return or TC 976 duplicate return warrants examination, see IRM 4.10.27.16.2.
Secured Delinquent Return (Victim) Procedures - Return Accepted as Filed
(1) If the secured delinquent return is accepted as filed, follow procedures in IRM 4.4.9.6.3, Delinquent Return Secured by Examination After SFR TC 150 Posted - Accepted as Filed Procedures, and IRM 4.4.9.6.3.1, Prepare Examination Report and Form 5344, Examination Closing Record, to incorporate the amounts on the secured delinquent return into an examination report and assess as a TC 300. Applicable RGS procedures can be found in the Identity Theft RGS Procedures – IMF (All) and BMF (No TC 300 Posted to MF) and Identity Theft RGS Procedures – BMF (TC 300 Posted to MF) job aids.
Exception: See Handling hardcopy original delinquent tax returns and amended returns for required procedures to send the delinquent return to Campus after it has been digitized and saved in the RGS electronic case file.
Secured Delinquent Return (Victim) or TC 976 Victim Duplicate Return Procedures - Return Warrants Examination
(1) After the account is corrected, the secured return or TC 976 duplicate return must be processed as a partial assessment. Prepare the examination report starting with zero per return to reflect tax, credits, etc. per return. Refer to IRM 4.4.9.6.4.1, Prepare Examination Report and Form 5344, Examination Closing Record, and IRM 4.4.9.6.4.2, EFax to Centralized Case Processing (CCP), for partial assessment processing instructions. Applicable RGS procedures for partial assessments can be found in the Identity Theft RGS Procedures – IMF (All) and BMF (No TC 300 Posted to MF) and Identity Theft RGS Procedures – BMF (TC 300 Posted to MF) job aids.
Note: If tax per return is zero (before withholding credits or refundable credits or both), do not request a partial assessment. Prepare final examination report starting with per return figures of zero.
(2) If the audit of the victim’s return does not result in adjustments, refer to IRM 4.4.9.6.5.1, No Additional Adjustments Required/Prepare RAR (Revenue Agent Report) and Form 5344, Examination Closing Record, for examination report and closing procedures.
(3) If the audit of the victim’s return results in additional adjustments, refer to IRM 4.4.9.6.5.2, Additional Adjustments Required/Prepare RAR and Form 5344, Examination Closing Record, for examination report and closing procedures.
(4) Note: See Handling hardcopy original delinquent tax returns and amended returns for required procedures to send the delinquent return to Campus after it has been digitized and saved in the RGS electronic case file.
(5) When the identity theft aspect is resolved and the account has been corrected, the examiner must update the impacted tax year(s) to ARC 095.
Taxpayer Protection Program
(1) The IRS’s Taxpayer Protection Program (TPP) is responsible for identifying potential IMF identity theft cases during return processing. See IRM 25.25.6.1.7, Taxpayer Protection Program Overview. Potential identity theft returns selected for TPP treatment are prevented from posting until the IRS can authenticate the taxpayer’s identity. During an audit, examiners may encounter situations in which a taxpayer appears to be a nonfiler (e.g., no indication that a prior or subsequent year return was filed while completing required filing checks, Nonfiler Program case) and/or a taxpayer states they have filed a return but a return is not posted to MFT 30.
(2) Examiners must be alert to the possibility that a taxpayer’s filed return was flagged for TPP treatment and take actions to correct the taxpayer’s account, if necessary. See IRM 4.10.27.17.1.
Note: The TPP is for IMF returns only.
(3) When a potential identity theft return is identified by the TPP, a letter is sent to the taxpayer to confirm the taxpayer’s identity. The tax return is not posted to MFT 30 unless the taxpayer responds to the IRS’s communications and authenticates their identity. The following TPP transactions will be reflected on the MFT 30 module:
The MFT 30 TXMODA and IMFOLT will reflect a TC 150 with an unpostable code (UPC) 126-0 and TC 971 AC 124 (beginning in tax year 2017) or TC 971 AC 121 (tax years prior to 2017), which indicates a potential identity theft return was selected by the TPP.
The account will reflect a TC 971 AC 123 when a letter is issued to the taxpayer. The specific letter number (e.g., 4883C, 5071C, 5447C, 5747C) is displayed in the MISC field. Examiners can view images of "C - letters" on the Servicewide Notice Information Program website.
(4) If the taxpayer doesn’t timely respond to the IRS’s letter(s) or the IRS still can’t authenticate the taxpayer’s identity after receiving a response, the return is posted to MFT 32. A return is posted to MFT 32 using one of the following actions:
Posting a TC 971 AC 111 to MFT 30. When a TC 971 AC 111 posts to MFT 30, it will contain the document locator number (DLN) of the return in the MISC field of the transaction. MFT 32 will reflect a TC 976 with the same DLN.
Editing Special Processing Code (SPC) "T" on the return. When SPC "T" is edited on the return, a TC 971 AC 111 will not appear on the MFT 30 module.
Note: The potential identity theft return can be viewed on IDRS using CC TRDBV. SPC "T" is displayed on the TRDBV "CODES" screen.
Note: The statute date for a valid return (see IRM 25.6.1.6.14(1), Criteria for Establishing a Statute of Limitations Period) posted to MFT 32 is based on the date the return was received by the IRS. The return is considered filed even if the taxpayer did not respond to TPP correspondence.
(5) See IRM 25.23.2.7.2.2, MFT 32 Overview, and IRM 25.25.6.7, MFT 32 Procedures - Moving Identity Theft Returns, for additional information.
Unpostable Code (UPC) 126-0 and MFT 32 Procedures
(1) If a taxpayer’s account doesn’t show a return as being filed (no TC 150 posted), examiners should review TXMOD and IMFOL transcripts to determine if TPP codes are on the account and/or the return was posted to MFT 32. Follow the instructions in the table below if TPP codes are on the account and/or the return is posted to MFT 32.
If | And | Then |
---|---|---|
The MFT 30 account includes a UPC 126-0 and TC 971 AC 124 or TC 971 AC 121 but the return has not posted to MFT 32. | SFR TC 150 is not on the account |
Note: If the examiner is not able to verify the return is valid, no further action is required for the unpostable return. The return won’t post to the taxpayer’s account (MFT 30) without authentication. |
The MFT 30 account includes a UPC 126-0 and TC 971 AC 124 or TC 971 AC 121 but the return has not posted to MFT 32. | SFR TC 150 is on the account |
Note: If the examiner is not able to verify the return is valid, no further action is required for the unpostable return. The return won’t post to the taxpayer’s account (MFT 30) without authentication. |
The return was posted to MFT 32 | SFR TC 150 is not on the account |
Note: If the examiner is not able to verify the return is valid, no further action is required for the MFT 32 return. The return won’t post to the taxpayer’s account (MFT 30) without authentication. |
The return was posted to MFT 32 | SFR TC 150 is on the account |
Note: If the examiner is not able to verify the return is valid, no further action is required for the MFT 32 return. The return won’t post to the taxpayer’s account (MFT 30) without authentication. Note: TC 972 AC 124 is typically placed on the account to close the TPP issue once the return is deemed ID theft and moved to MFT 32 due to non-response. |
(2) Returns for the current tax year and immediately preceding tax year can be systemically posted to MFT 30. RIVO will send returns for earlier years to Submission Processing to be processed and posted.
Note: RIVO does not monitor the account once the return is confirmed as received in Submission Processing. The group must monitor the taxpayer's account for the posting of the return. See IRM 4.4.9.4.13.1, Monitoring for the Posting of the TC 150. If the return is not posted within eight weeks, contact the Area PSP Identity Theft Coordinator for assistance.
(3) Once the return is posted to MFT 30, verify the statute is correct on the module and proceed with the examination, if warranted.
Caution: The statute date for a valid return posted to MFT 32 is based on the date the return was received by the IRS. If the statute is expired, no audit assessment can be made to the account after the return is posted to MFT 30.
Verifying the Resolution of Identity Theft Issues
(1) Examiners must perform case analysis to ensure all identity theft related issues are addressed and resolved. Verify that all applicable corrections to the victim’s account have been completed, including (but not limited to):
The victim’s correct address on INOLES.
The reversal of TC 150, including withholding tax and refunds, to remove the identity thief’s return.
The reversal of TC 300 to remove the audit or tax assessment, including interest and penalties, if applicable.
The TC 976 duplicate return is processed/posted as the original return.
The victim’s secured delinquent return is processed/posted.
The taxpayer’s valid return posted to MFT 32 (or unpostable return) is moved/posted to MFT 30.
No pending transactions on TXMODA (e.g., reversals, posting of a return, etc.).
No freeze or hold codes on IMFOLI/BMFOLI or TXMODA that would prevent the issuance of the victim’s refund.
The fabricated EIN account has been locked. See IRM 25.23.9.8.1, Fabricated or Inactive Employer Identification Number (EIN) Procedures, and IRM 25.23.9.8.4, Referrals to Lock the Account.
Closing tracking indicators to indicate the identity theft issues have been resolved.