Part 25. Special Topics

Chapter 1. Fraud Handbook

Section 15. Emerging Threats Mitigation Team

25.1.15 Emerging Threats Mitigation Team

Manual Transmittal

July 08, 2022

Purpose

(1) This transmits the new IRM 25.1.15, Fraud Handbook, Emerging Threats Mitigation Team.

Material Changes

(1) New IRM section.

Effect on Other Documents

This is a new IRM section.

Audience

All IRS Employees.

Effective Date

(07-08-2022)

Katherine L. Fox, Acting Director, Office of Fraud Enforcement, SB/SE

25.1.15.1 (07-08-2022)

Program Scope and Objectives

  1. Mission. The mission of the Office of Fraud Enforcement (OFE) is to promote compliance through strengthening the IRS’ response to fraud and mitigating emerging threats. This includes:

    • Improving fraud detection and development to address areas of high fraud/risk noncompliance.

    • Cultivating internal and external partnerships to identify new treatment streams to enhance enforcement.

    • Pursuing civil fraud penalties and recommending criminal cases that will lead to prosecutions, where appropriate.

  2. The OFE builds strong internal and external partnerships and serves as the primary civil liaison to IRS-Criminal Investigation. By supporting cases throughout the life cycle and through full consideration of available treatments, OFE facilitates optimal disposition of cases with civil or criminal fraud potential.

  3. Purpose. This IRM section describes OFE procedures for researching, developing, and processing emerging threats to the tax system.

  4. Audience. This handbook is for all IRS employees.

  5. Policy Owner. Director, Office of Fraud Enforcement, Small Business Self Employed (SB/SE) Division.

  6. Program Owner. Office of Fraud Enforcement.

  7. Primary Stakeholders. The primary stakeholders are IRS compliance employees.

25.1.15.1.1 (07-08-2022)

Background

  1. OFE will identify and process potential areas of noncompliance for research based on leads received from both internal and external sources. Research projects that OFE undertakes will follow the principles of IRM 1.2.1.2.36, Policy Statement 1-236, Fairness and Integrity in Enforcement Selection. OFE will evaluate and determine the appropriate disposition of each lead received.

  2. OFE investigates leads that may signal an emerging threat to tax compliance. By doing so, OFE can expose areas of noncompliance and identify fraud-related schemes. OFE serves as a servicewide resource, supporting all IRS divisions and specializes in understanding fraud-related behaviors and activities. Leads falling outside of OFE’s area of expertise are routed to the relevant business unit(s). For more information see IRM 25.1.6, Transfer of a Lead.

  3. This IRM section provides clarification of the Emerging Threats Mitigation Team (EMT) role in OFE.

25.1.15.1.2 (07-08-2022)

Authority

  1. By law, the Service has the authority to conduct examinations under Title 26, Internal Revenue Code Subtitle F – Procedure and Administration, Chapter 78, Discovery of Liability and Enforcement of Title, Subchapter A, Examination and Inspection.

25.1.15.1.3 (07-08-2022)

Roles and Responsibilities

  1. The OFE Director is responsible for overseeing the development and delivery of major activities in support of IRS’ efforts to detect and deter fraud.

  2. The OFE program manager reviews and approves the emerging tax threats submitted by the EMT manager prior to the active development of the emerging tax threat.

  3. The EMT manager monitors and coordinates the receipt, development, and recommendation of emerging tax threats.

  4. EMT members are responsible for mitigating viable emerging tax threats. The primary role of the EMT is to research, process, and mitigate threats of emerging, ongoing or newly uncovered threats to the tax system.

25.1.15.1.4 (07-08-2022)

Program Management and Review

  1. EMT initiates public research on viable emerging tax threats. After EMT managerial approval, research includes personally identifiable information and Sensitive But Unclassified (SBU) data (PII/SBU). The EMT manager will review the viable tax threats and assign them to one or more EMT employees for development into a lead.

  2. Program reporting includes the following:

    EMT produces recommendations, which may include summaries, root cause analysis, and other supporting documents. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  3. An operational review of the EMT manager is completed by the OFE program manager once per fiscal year. The review measures program consistency, effectiveness of the threat development process, and compliance with EMT procedures.

25.1.15.1.5 (07-08-2022)

Program Controls

  1. Emerging Tax Threats (ETT) are accepted from all sources and recorded through submission to the Emerging Threats Mitigation Team Community of Practice (EMT CoP).

  2. ETTs are assessed for viability using the Threat Assessment Chart. Viable ETTs are risk-scored using the IRS Fraud Risk Profile and other factors.

  3. The EMT manager reviews the viable ETT and provides EMT managerial approval prior to the active development of the ETT into a lead.

  4. ETTs are recorded in the Lead Tracking Report (LTR) and selected ETTs developed for recommendation.

  5. The EMT manager monitors the progress as the ETT moves to resolution.

25.1.15.1.6 (07-08-2022)

Terms

  1. The following terms are used throughout this section.

    1. Emerging Tax Threat – A new or novel method of willful and/or intentional action, (or lack of action), by a taxpayer or group of taxpayers that has the potential to compromise and/or threaten the integrity of the U.S. tax system. Such threats involve strong elements of fraud.

    2. Lead – A viable Emerging Tax Threat (ETT), which is developed for recommendation.

    3. External – From outside the IRS – Congress, other government agencies, other law enforcement agencies, etc.

    4. Internal – From within the IRS – Executives, employees, data analytics, business units, etc.

    5. Lead Library – Restricted access environment where Lead data is stored.

    6. Fraud Advocacy Library – Restricted access environment where advocacy recommendations are stored.

25.1.15.1.7 (07-08-2022)

Acronyms

  1. Acronyms Definitions
    BOD Business Operating Division
    CoP Community of Practice
    EMT Emerging Threats Mitigation Team
    ETT Emerging Tax Threats
    FATR Fraud Advocacy Tracking Report
    FDKB Fraud Development Knowledge Base
    IRM Internal Revenue Manual
    LTR Lead Tracking Report
    MAP Mitigation Action Plan
    OFE Office of Fraud Enforcement
    PII Personally Identifiable Information
    PSP Planning and Special Programs
    RAP Research Action Plan
    TBOR Taxpayer Bill of Rights
    TIN Taxpayer Identification Number

25.1.15.1.8 (07-08-2022)

Related Resources

  1. EMT CoP: https://team.ds.irsnet.gov/sites/cop039/Pages/default.aspx

  2. The Fraud Development Knowledge Base (FDKB):https://portal.ds.irsnet.gov/sites/vl019/Pages/default.aspx

  3. Procedural guidance on potential fraud development cases can be found throughout IRM 25.1, Fraud Handbook.

  4. The Taxpayer Bill of Rights (TBOR) lists rights that already existed in the tax code, putting them in simple language and grouping them into 10 fundamental rights. Employees are responsible for being familiar with and acting in accord with taxpayer rights. See IRC 7803(a)(3), Execution of Duties in Accord with Taxpayer Rights. For additional information about the TBOR, see https://www.irs.gov/taxpayer-bill-of-rights

25.1.15.2 (07-08-2022)

Overview

  1. The Emerging Threats Mitigation Team (EMT) consists of specialized data analysts and emerging threats specialists and others who are geographically dispersed.

  2. EMT plays a vital role in developing emerging threats into leads for recommendation to Criminal Investigation, other Business Operating Divisions (BODs), Planning and Special Programs (PSP) or other disposition as deemed appropriate based on workplan priorities and available resources.

  3. By partnering with IRS business units, outside government agencies and law enforcement agencies, EMT can utilize a whole of government approach towards combating tax noncompliance.

25.1.15.3 (07-08-2022)

Receipt of Emerging Tax Threats (ETT)

  1. ETTs from all sources are accepted and recorded in the EMT CoP, in a restricted access environment. See IRM 25.1.15.8, Records Management.

  2. Sources of ETTs include, but are not limited to, the following:

    1. An electronic submission portal ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ can be completed by any IRS employee with access to the Intranet.

    2. Partnerships with internal and external sources who provide ETTs and/or request assistance with research and analysis to develop an ETT. ETTs can be submitted through the electronic submission portal ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡.

25.1.15.4 (07-08-2022)

Assessment of ETT

  1. An ETT is processed when it has been reviewed and assessed for viability. Each ETT is assessed using the Threat Assessment Chart, which assesses the following characteristics:

    1. Number of taxpayers impacted,

    2. Sufficiency of information provided,

    3. Relationship to existing lead(s),

    4. Consistency with EMT objectives, and

    5. EMT resource availability.

    A viable ETT has multiple taxpayers, sufficient information, is not related to an existing lead, meets the definition of an ETT as defined in IRM 25.1.15.1.6, Terms, and EMT has the resources available to address it.

  2. A viable ETT undergoes preliminary research before it is risked. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  3. Viable ETTs are risk-scored using the current IRS Fraud Risk Profile in combination with EMT identified fraud risks. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  4. Risked ETTs require EMT management review and approval. Approval is based on multiple factors, including risk score and available resources.

25.1.15.5 (07-08-2022)

Development of a Lead

  1. When an ETT is promoted, it becomes a lead.

    1. The lead information, which may contain Personally Identifiable Information (PII) is stored on the restricted access environment, which follows IRM 10.5.1, Privacy Policy and, specifically, IRM 10.5.1.2.2, Sensitive But Unclassified (SBU) Data. PII is defined in IRM 10.5.1.2.3, Personally Identifiable Information.

  2. The EMT researches and develops a set of data to investigate the lead and support proposed recommendations.

    1. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    2. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    3. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    4. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    5. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    6. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    7. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  3. Lead actions are recorded on the Research Action Plan (RAP). The RAP includes the following information:

    1. Lead name and number (YYMM-XX)

    2. Hypothesis

    3. Research methodology

    4. Activity log of significant actions

    5. Root cause analysis,

    6. Results and recommendation(s)

25.1.15.6 (07-08-2022)

Transfer of a Lead

  1. EMT may recommend the lead for transfer to the appropriate BOD through:

    1. Direct contact with the affected BOD,

    2. Criminal Investigation,

    3. Planning and Special Programs (PSP),

    4. Lead Development Center,

    5. Office of Promoter Investigations, or

    6. Other disposition as deemed appropriate.

  2. EMT may recommend the lead to OFE Fraud Advocacy. IRM 25.1.15.7, Fraud Advocacy.

  3. If EMTs recommend the lead as unactionable it will not be transferred.

25.1.15.7 (07-08-2022)

Fraud Advocacy

  1. The EMT identifies, analyzes, and advocates for remedies to prevent further and future tax fraud and abuse through the Systemic Advocacy for Fraud Prevention (SAFE) Program. The program aligns with and supports the mission of the OFE by strengthening the IRS’ response to fraud and mitigating emerging tax threats.

  2. The SAFE Program:

    1. Provides a consistent and objective framework for identifying issues, assessing risk, and creating and implementing appropriate solutions.

    2. Proactively advocates for changes to combat tax fraud and abuse using a risk management approach.

    3. Researches, analyzes, seeks resolutions, and develops actionable plans that mitigate and reduce the likelihood of future tax fraud and abuse.

  3. Advocacy issues that are worked through the SAFE Program originate from any source including independent research and study of potentially emerging threats. For example, the identification and mitigation of emerging threats in an evolving digital economy and decentralized finance environment.

25.1.15.8 (07-08-2022)

Records Management

  1. Records are maintained on a restricted access site. Archived records are stored in accordance with IRM 10.5.1.6.10.5, Records Management Disposition and Destruction.

  2. The EMT CoP maintains a record of emerging tax threats received and the status of the threats. Statuses include the following:

    1. Received: A new submission to the EMT CoP.

    2. Follow-up: A request for additional information is needed.

    3. Active: The period of assessment, public research, and risk.

    4. Selected: Approved for development into a lead.

    5. Closed: Tabled for a future date.

  3. The LTR maintains a record of leads received and the status of the leads. Statuses includes the following:

    1. Active: OFE program manager approved, development and research are in progress.

    2. Archived: Leads in closed status for at least one year.

    3. Completed: Leads researched, developed, recommended and/or closed.

    4. On Hold: Inactive due to lack of resources.

  4. The Lead Library contains the lead data. Approved and developed leads are stored in separately identifiable folders. Lead data includes the following mandatory documents:

    1. Research Action Plan (RAP)

    2. OFE program manager approval of ETT for development into a lead

    3. Risk Analysis

    4. Supporting documents, research, and analyses

    5. Final document (summary, conclusion, recommendation)

    6. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  5. SAFE Program advocacy issues are tracked by status.

    1. Active: EMT manager approved and development is in progress.

    2. Archived: Proposals in closed status for at least one year.

    3. Completed: Proposals were researched, developed, proposed and/or closed.

    4. On Hold: Inactive due to lack of resources.

  6. The Fraud Advocacy Library contains the SAFE data. Approved and developed proposals are stored in separately identifiable folders. SAFE data includes the following mandatory documents:

    1. Mitigation Action Plan (MAP)

    2. EMY manager approval

    3. Risk Analysis

    4. Supporting documents, research, and analyses

    5. Results