This section provides procedures and information concerning identity theft case processing for examiners.

Identity theft is defined in IRM 10.5.3.1.1 (1), Definitions of Key Identity Protection Terms.

Identity theft occurs when someone uses an individual’s personal information, such as name, social security number (SSN), or other identifying information without permission to commit fraud or other crimes. Taxpayers may notify the IRS when they believe they may have experienced an identity theft incident. In these instances, taxpayers must provide documentation to establish that they are identity theft victims. See IRM 10.5.3.2.6, Initial Allegation or Suspicion of Tax-Related Identity Theft–Identity Theft Indicators.

All identity theft cases are considered priority workload.

When an examiner is advised or otherwise becomes aware that a taxpayer may be a victim of identity theft, the examiner must take certain actions. See IRM 10.5.3, Identity Protection Program, for Servicewide guidance for identity theft cases. Visit http://mysbse.web.irs.gov/exam/tip/identitytheft/default.aspx, the SB/SE Examination Identity Theft website, for guidance specific to SB/SE and a listing of the area Planning and Special Programs (PSP) identity theft coordinators.

For guidance specific to LB&I, please visit http://lmsb.irs.gov/international/dir_compliance/Identity%20Theft-Draft.asp, the Identity Theft Job Aide for LB&I examiners.

Examiners and other group personnel will work closely with the designated identity theft adjustment (DITA) team. The DITA team provides account adjustment work and support to functions working identity theft claims. The DITA team's work generally includes inputting the account adjustments recommended by the functions to remove the identity thief’s return from the valid owner’s account for complete account resolution. See IRM 4.19.24, Compliance Identity Theft, for additional information regarding the DITA team.

In this IRM the victim's and the identity thief's returns are referenced as follows:

Identity theft is an issue that must be fully developed and properly documented.

Before making a determination that identity theft has occurred, the examiner must consider the facts and circumstances of the case and fully develop the issue through inquiry, observation, analysis of appropriate documents, oral testimony, and third party contacts when warranted.

Research should be performed and documented prior to reaching a final determination of identity theft. Research using command codes (CC) ENMOD, IMFOL, RTVUE, NAMES, INOLE, DUPOL, CFINK, and IRPTR.

Research the tax identification number (TIN) (valid and invalid) to determine if there was a mixed entity or scrambled case in prior years, and to locate any possible cross-reference TIN. See IRM 21.3.4.12.3, Scrambled SSN and Mixed Entity Procedures, for the definition of mixed and scrambled entities.

Review all returns for the year(s) involved as a part of the research. Search returns, schedules, and forms for a different TIN. Research spouse and dependent information whenever available.

Compare all documents and return information for following:

Search returns and entity modules for indications of identity theft such as identity theft documentation attached to the return or a previously posted Transaction Code (TC) 971 with Action Code (AC) 501 or TC 971 with AC 522.

The examiner must determine, based on available information and research, whether or not the taxpayer’s claim of identity theft is substantiated. The examiner must document in the case file the information reviewed and conclusions reached. If the examiner determines identity theft has not occurred, the examiner must proceed with the examination.

Workpapers should support the examiner’s determination and document information requested, received, reviewed, and the conclusions reached regarding the identity theft determination. The workpapers should document the examination activities and support the final determination. See IRM 4.10.9.2.4, Supporting Workpapers, for information on file documentation and support.

The examiner may become aware of identity theft in the following ways (this listing is not all inclusive):

Within two business days of becoming aware that a taxpayer may be a victim of identity theft, the examiner must input identity theft tracking indicators [TC 971 AC 5XX, and Tax Administration Source Code]. See IRM 4.10.27.8.1 and IRM 4.10.27.9.

The IRS IPSU office handles identity theft inquiries and assists taxpayers who are victims of identity theft. If a taxpayer contacts IPSU and the identity theft inquiry involves an audit (open or closed), the IPSU will prepare a Form 14027-B or an e-mail and forward it to the area PSP identity theft coordinator for assignment.

An identity theft assistance request (ITAR) may be sent from the IPSU to the area PSP identity theft coordinator.

IPSU uses Form 14103, Identity Theft Assistance Request (ITAR), for cases involving identity theft that meet ITAR Criteria 5, 6, or 7. See IRM 13.1.7.2, TAS Case Criteria, for descriptions.

The PSP identity theft coordinator will take the following actions upon receipt of an ITAR from the IPSU:

The group will acknowledge receipt of Form 14103within 3 business days via secure e-mail to the PSP identity theft coordinator. If there are concerns regarding Form 14103 that need to be discussed with the PSP identity theft coordinator, they should be discussed when acknowledging receipt of the case.

If an identity thief has used a taxpayer’s SSN for filing purposes, tax administration is affected. Identity theft can affect tax administration in two primary ways:

See IRM 10.5.3.2, Identity Protection Program Servicewide Identity Theft Guidance.

When tax administration is affected, the examiner must determine if the tax year(s) impacted have identity theft tracking indicator(s). If tracking indicators already exist on a tax year, do not input the "same" code(s) for the "same" tax year. See IRM 10.5.3.2.5, Identity Theft Tracking Indicators.

The taxpayer should provide a Form 14039, Identity Theft Affidavit, or a police report in support of an allegation of identity theft. Form 14039 is used to report both tax-related and non-tax related identity theft issues.

For guidance on when to request documentation, see IRM 10.5.3.2.7.1, When to Request Identity Theft Supporting Documents. Also see IRM 10.5.3.2.6, Initial Allegation or Suspicion of Tax—Related identity Theft—Identity Theft Indicators, and IRM 10.5.3.2.7, Overview—Identity Theft Supporting Documentation.

The examiner should review Form 14039 Section A and Section B, to determine if multiple years were affected by the identity theft. If more than one year is involved and indicators are not on one of the years, follow the guidance in IRM 10.5.3.2.7, Overview—Identity Theft Supporting Documentation, to determine if additional documentation is needed or if the multiple year can be updated based on documentation previously submitted.

Within 30 days of receipt of taxpayer identity theft documentation, the examiner must make contact with the taxpayer. See IRM 10.5.3.2.7.2, Complete and Legible Documents, for guidance. Document action taken on Form 9984, Examining Officer's Activity Record.

Sometimes tax returns not filed by the true owner of a SSN are selected for audit. Unless a taxpayer’s account reflects that he or she has been subject to identity theft or the taxpayer received correspondence regarding the return filed, the taxpayer probably has no knowledge of the return filed by someone else. You may tell a taxpayer that he or she may be a victim of identity theft, but you may not disclose information that identifies the person who filed the tax return. To authenticate the true taxpayer, see IRM 10.5.3.2.7, Identity Theft Supporting Documentation.

Any information relating to the Service’s determination of the victim’s tax liability for the year can be disclosed to the victim as his return information. This would include any information relating to the victim's original balance due or refund that was based on the amounts reported on the fictitious Form 1040, U.S. Individual Income Tax Return, or the erroneous Form W-2, Wage and Tax Statement, and the underpayment or overpayment as later adjusted. The cause of the events on the taxpayer’s account—suspected identity theft and use of the SSN on another return—would also be disclosable to the victim as the taxpayer’s return information. See IRM 11.3.2.4.1.1, Identity Theft and Access to Information Returns, for additional guidance.

Any other information about the Service’s investigation into the civil or criminal tax liability of the person who misused the SSN should not be disclosed to the victim. This includes the fictitious return (e.g., Form 1040), related information reporting documents (e.g., Form W-2 or Form 1099-MISC, Miscellaneous Income,) or the identity and investigation of the perpetrator. See IRM 11.3.2.4.1.1, Identity Theft and Access to Information Returns.

If you have disclosure or Privacy Act related questions take the following actions:

Identity theft cases are tracked and monitored both Servicewide and at the business unit level. Examiners must ensure cases have proper tracking and monitoring codes, and that time is appropriately charged for the identity theft aspects of a case.

Identity theft indicators are input by completing and submitting Form 4844 to the DITA team.

Within 2 business days of becoming aware of potential identity theft, examiners should complete Form 4844 and send it to the DITA team for input of the tracking indicator if it does not already exist on the account.

The DITA team will input the request for terminal action within 2 business days of receipt. See directions in IRM 4.10.27.9.1 and IRM 4.10.27.9.2 for completion and submission of Form 4844.

This section and the sections that follow provide instructions on the use of ID theft account correction forms and processing steps taken by the examiner:

It is critical that no collection action is taken with respect to a taxpayer once it has been determined that he or she is a victim of ID theft. To protect the taxpayer (victim), the examiner will take actions to suspend collection activity when the balance due is the result of identity theft.

The examiner will take the following steps:

A Form 4442 package is submitted to the DITA team to request taxpayer account corrections. In order to prepare this package, the examiner must first determine if a return not filed by the true owner of the SSN is considered a "nullity return." See IRM 4.10.27.12.1, Definition of Nullity Return.

See IRM 4.10.27.12.1 (2) for steps to use to determine if a return is a nullity.

Once the examiner determines whether the return is a nullity, the examiner will enter applicable language from below in Part III Section B of Form 4442:

Examiners must prepare an identity theft post function account adjustment referral, hereinafter referenced as the Form 4442 package, to correct an identity theft victim’s account. Generally, to correct the victim’s account, the examiner must reverse the identity thief’s return, including audit adjustments posted to the victim's account due to the audit of the identity thief's return, and correctly process and post the victim’s return. To input the reversals, the examiner must submit a Form 4442 package to the DITA team as described in IRM 4.10.27.21.

Once the examiner has determined the taxpayer was a victim of identity theft and if required, the victim has provided the substantiation documentation required per IRM 10.5.3.2.7, Overview—Identity Theft Supporting Documentation, the examiner should continue with the instructions below:

Account correction instructions to the DITA team on Form 4442 will vary depending on whether or not a TC 300 has posted to the victim’s account. The examiner must follow either Table 1 Form 4442 Instructions—No TC 300 Posted to Identity Thief's Return on Master File (MF) or Table 2 Form 4442 Instructions—TC 300 Posted to Identity Thief's Return on Master File (MF) to determine the appropriate actions required to correct the taxpayer's account.

After completing Form 4442, Inquiry Referral, the examiner will follow the applicable RGS procedures based on the facts and circumstances for each return. See tables in IRM 4.10.27.15, Form 4442 Inquiry Referral Instructions, for reference to the appropriate IRM section. For the ID Theft RGS Chart, which provides a summary of RGS procedures, visit the MySB/SE RGS website at http://mysbse.web.irs.gov/exam/rgs/resources/29258.aspx.

When a victim has no filing requirement or the victim's return posted as duplicate return (TC 976), is accepted as filed, follow the steps (a) through (c) below unless the tax period being closed was a reopened return (examination record that was closed and still on AIMS in Status Code 90), then follow RGS procedures in IRM 4.10.27.20.

When a victim’s return (secured by examiner) is accepted as filed, follow the steps below:

When a victim’s return secured by examiner or victim's return posted as duplicate return (TC 976) warrants examination, follow the steps below:

Once an examiner secures a delinquent return that will be accepted as filed, the examiner must take the actions outlined in this section.

Request the input of a TC 971 AC 282 using the return received date used for computing the ASED* on Form 3177, Notice of Action for Entry on Master File. This updates Master File to show that Examination secured a delinquent return. This step should be done by the group as soon as the return is secured.

Prepare Form 3177 as follows:

Establish ASED on AIMS/ERCS by inputting Form 5348, AIMS/ERCS Update (Examination Update), to request the statute date be updated on AIMS and ERCS. Managerial approval is required for statute updates.

Update the activity code on AIMS/ERCS to reflect the income on the delinquent return as soon as possible. At the latest, the activity code must be updated by the time the case leaves the group. See IRM 4.4.9.7.2.4, Activity Code.

After the DITA team has corrected the account, incorporate the amounts on the secured delinquent return received from the victim into a report (Form 4549 or any other type of examination report) and assess as a TC 300/301. Do not forward the delinquent return to submissions processing for posting of a TC 150.

The processing and closing of the victim’s secured delinquent return after the DITA team has corrected the account is the same as the processing and closing of a delinquent return secured after the posting of a substitute for return (SFR). Follow IRM 4.4.9.7.3, Delinquent Return Secured by Examination After SFR TC 150 Posted—Accepted as Filed Procedures, and IRM 4.4.9.7.3.1, Prepare RAR and Form 5344, Examination Closing Record.

The examiner must take the actions outlined in this section when a secured delinquent return or TC 976 duplicate return warrants examination.

After the DITA team has corrected the account, the secured return or TC 976 duplicate return must be processed as a partial assessment. Prepare RAR starting with zero per return to reflect tax, credits, etc. per return. Refer to IRM 4.4.9.7.4.1, Prepare RAR and Form 5344, Examination Closing Record, and IRM 4.4.9.7.4.2, Fax to Centralized Case Processing (CCP), for partial assessment processing instructions.

If the audit of the victim’s return does not result in adjustments, refer to IRM 4.4.9.7.5.1, No Additional Adjustments Required/Prepare RAR and Form 5344, Examination Closing Record, for RAR and closing procedures.

If the audit of the victim’s return results in additional adjustments, refer to IRM 4.4.9.7.5.2, Additional Adjustments Required/Prepare RAR and Form 5344, Examination Closing Record, for RAR and closing procedures.

When the identity theft aspect is resolved and the DITA team has corrected the account, the examiner will update the impacted tax year(s) to ARC 95. See IRM Exhibit 4.4.1-4, Aging Reason Codes.

When an identity theft victim has no filing requirement or the victim has a TC 976 return that does NOT warrant examination, the examiner must take the actions below to delete the account:

Administrative File—The examiner will prepare an administrative file that will generally include but is not limited to the following:

Do not delete the AIMS record until the secure e-mail confirmation is received from the DITA team, acknowledging the reversal of the identity thief's return information. Check IDRS to ensure the reversal of the identity thief's return was completed properly. Examiners should also periodically check transcripts to see if the reversals are posted on the account even if a confirmation e-mail has not been received. Examiner should follow-up if no contact from the DITA team in 12 to 15 weeks.

Delete AIMS/ERCS Record—Once the group confirms that the identity thief's reversals are complete, the examiner and or clerical staff (as directed by the group manager) should take the following actions:

The group cannot delete an AIMS/ERCS record using Disposal Code (DC) 33 procedures if the record is a reopened return (examination record that was closed and still on AIMS in Status Code 90). In this instance, the examiner must take the following actions:

Secure the RGS electronic case if it is not in the examiner’s possession by retrieving the case from "Archives."

Assemble the administrative case file as described in IRM Exhibit 4.4.1-8, Case Assembly, and complete Form 3198, Special Handling Notice for Examination Case Processing, as follows:

Close the case to CCP as a regular closure.

The examiner will prepare the DITA Team Referral Package (Form 4442 package) containing the following:

Form 4442 must be prepared and submitted to the DITA team for each tax year that reversals need to be made on a victim’s account. Supporting documentation does not need to be duplicated and attached to each year. The supporting documentation, if the same for all years involved, only has to be attached to the most recent year Form 4442, (e.g., 2009, 2010, and 2011, then attach supporting documentation to Form 4442 for 2011).

When preparing Form 4442:

Incomplete referrals will be rejected back to the originating group.

Mail, fax, or e-mail the Form 4442 package, along with Form 3210 to the DITA team depending on its contents as follows:

The DITA team's mailing address, fax number, and e-mail address can be found on the MySBSE Identity Theft website under the contacts section.

Once the taxpayer provides the substantiation documentation required per IRM 10.5.3.2.7, Overview Identity Theft Supporting Documentation, and the examiner determines the taxpayer was a victim of identity theft, the victim's statute must be controlled and protected. The examiner is responsible for controlling statutes on his or her assigned cases. See IRM 25.6.23.5 (3), Responsibilities of Managers and Employees.

If the victim has previously filed a return (TC 976 on the module) or the victim files a return with the examiner, the filed return will control the statute. The group must follow the guidance set forth in IRM 25.6.23, Examination Process—Assessment Statute of Limitations Controls.

If the victim has not filed, the statute will be updated to alpha code EE, No Return Filed—section 6501(c)(3), per directions provided in IRM 25.6.23.6.1.1 (2), Time for Initiating Controls. Also see IRM 25.6.1.6.14, Criteria for Establishing a Statute of Limitations Period, for additional guidance on identity theft related returns.

When a late filed return is received from a taxpayer, the examiner will replace the EE statute designation with a true statute expiration date based on the date the return was received by the IRS. See IRM Exhibit 25.6.23-3, Instructions for Updating the Statute on AIMS.

A list of Technical Services statute coordinators is available on MySB/SE Statutes (Barred, Consents)—Exam Technical Services at http://mysbse.web.irs.gov/exam/tip/statutes/11894.aspx.