INTRODUCTION AND EXECUTIVE SUMMARY
The IRSAC Large Business & International (LB&I) Subgroup (hereinafter “LB&I Subgroup”) consists of six tax professionals with a variety of experience in large corporate tax departments, public accounting and law firms, and academia. We have been honored to serve on the Council and appreciate the opportunity to submit this report.
The LB&I Subgroup has had the opportunity to discuss several topics throughout the year with LB&I management. This report is a summary of those discussions and the Subgroup’s recommendations on two topics — (1) how LB&I should identify potential compliance risks and how those compliance risks should be considered in determining potential “campaigns”; and (2) how the IRS can enhance taxpayer confidentiality and protect against misuse of data relating to information automatically exchanged with tax authorities in other countries as part of the Organisation for Economic Development & Cooperation’s (OECD’s) Base Erosion and Profit-Shifting (BEPS) project.
Before turning to our recommendations, we express our appreciation to LB&I Commissioner Doug O’Donnell and the professionals on his staff (and from the Office of Chief Counsel) for the time and effort expended on these topics and for their valuable input and feedback. Special thanks are owing to Kathy Robbins, Director of LB&I’s Enterprise Activities Practice Area (who served as our principal liaison) as well as to Anna Millikan, our liaison from the Office of National Public Liaison, and Kathryn Gregg, LB&I Stakeholder Liaison Program Manager.
- Risk Assessment
- LB&I should consider making changes to relevant tax forms to solicit documentation and other information to identify potential compliance risks with a goal of focusing valuable resources on high-risk issues and away from low-risk taxpayers and issues.
- LB&I should centrally devise questions regarding specific subject matter areas that leverage the expertise developed in International Practice Networks (IPNs) and Issue Practice Groups (IPGs) — now called Practice Networks — and devise a process for appropriately trained personnel to centrally screen and analyze the responses.
- LB&I should consider changes to Form 1120X and related instructions to require additional information or documentation related to refund claims that LB&I has identified as high-priority examination issues and study how this additional information can be stored in an accessible, user-friendly format.
- The IRS should take additional steps to promote its commitment to maintaining taxpayer confidentiality, for example, by:
- Expanding its website notice to include links to relevant materials, including its International Data Safeguards & Infrastructure Workbook and the OECD’s Keeping It Safe guide.
- Elaborating (on its website notice and elsewhere) on what is meant by the term “misuse” and explaining what the consequences will be to a receiving country that either discloses or inappropriately uses exchanged information. Specifically, the IRS should confirm that where it is determined that information has been misused, the automatic exchange of information with that country will be suspended.
- Considering whether to include specific reference to its commitment to ensure taxpayer confidentiality, along with its Exchange of Information Disclosure mailbox, in the instructions to Form 8975 and other documents sent to taxpayers.
- In addition, IRSAC urges LB&I to explore options for keeping aggrieved taxpayers informed of the status of any inquiry into whether their confidentiality was compromised or data was misused.
- The IRS should take additional steps to promote its commitment to maintaining taxpayer confidentiality, for example, by:
ISSUE ONE: RISK ASSESSMENT
IRSAC recommends that LB&I consider making changes to Form 1120 (and other forms commonly filed by LB&I taxpayers) and related instructions to solicit information or documentation for purposes of identifying potential compliance risk with a goal of focusing valuable resources on high-risk issues and away from low-risk taxpayers and issues. We also recommend that LB&I centrally devise the questions leveraging the use of expertise developed in International Practice Networks (IPNs) and Issue Practice Groups (IPGs), now known as Practice Groups, regarding specific subject matter areas, and that responses be centrally screened and analyzed by appropriately trained personnel. Finally, IRSAC recommends that LB&I consider changes to Form 1120X and related instructions to require additional information or documentation related to refund claims that LB&I has identified as high-priority examination issues and study how this additional information can be stored in an accessible, user-friendly format.
LB&I management asked the LB&I Subgroup to consider how LB&I should identify potential compliance risks and how those compliance risks should be considered in determining potential campaigns. LB&I management requested that the LB&I Subgroup focus on traditional and non-traditional methods of identifying compliance risk.
Prefatorily, the LB&I Subgroup previously issued recommendations regarding risk assessment in both its 2013 and 2014 reports. The Subgroup’s 2013 recommendations were based on the principle that “as both the IRS and large business taxpayers have limited resources, each would benefit from IRS risk assessing taxpayers and their filed returns prior to examination. In this manner, only high risk taxpayers would require significant IRS examination.”
The 2013 report discussed the methods employed by the Australian Taxation Office (ATO) and the United Kingdom HM Revenue & Customs (HMRC), both of which have adopted risk assessment processes and classification systems that guide the extent of their examinations of large businesses. The report noted that LB&I would face significant challenges in adopting a similar system, given the subjective nature of some of the risk assessment factors, and because IRS personnel are not trained in risk assessment methods. Nevertheless, the 2013 LB&I Subgroup recommended that, if IRS were to adopt an approach similar to the ATO and HMRC, IRS should co-develop and evaluate the proposed risk assessment methods with “a select group of large taxpayers currently participating in the CAP program” and “the initial request for data should be in the form of a ‘yes or no’ list of indicators that is part of the filed tax return.” The 2013 LB&I Subgroup also recommended, as part of a more subjective analysis of the taxpayer’s overall risk assessment, that LB&I consider 17 factors in assessing large businesses (e.g., oversight by board of directors, presence in tax havens, and low effective tax rates).
Following up on its 2013 recommendations, LB&I asked the 2014 LB&I Subgroup to review the best practices of other countries (such as Australia, New Zealand, and Canada) and to develop recommendations to enhance LB&I’s risk assessment protocols, such as refining the recommendations contained in the 2013 IRSAC report. The 2014 report summarized (i) the Co-operative Compliance: A Framework report published by the Organisation for Economic Co-operation and Development (OECD); (ii) the risk assessment approaches of the ATO, Canada Revenue Agency (CRA), and New Zealand Inland Revenue (NZIR); and (iii) LB&I’s Compliance Management Operations Program (CMO).
Building on its 2013 recommendations, the 2014 LB&I Subgroup:
- Endorsed the decision of ATO to recognize formally the fundamental differences — especially in respect of the effectiveness of a company’s Tax Control Framework — between publicly held and other taxpayers. The report emphasized the importance of the tax authority’s leveraging of the enhanced scrutiny paid to public companies by their independent authorities as well as other government bodies (such as the Securities and Exchange Commission).
- Recommended that the IRS revise Schedule UTP to collect additional information from large corporations on their tax governance practices, and that it consider expanding the class of taxpayers required to file that schedule. The 2014 LB&I Subgroup recommended that the questions be framed as requiring “yes or no” responses, and made several recommendations regarding the types of questions that the IRS might ask to identify those taxpayers that might bear less or more tax risk.
- Recommended that the information be collected and analyzed centrally by trained screeners as part of centralized risk assessment process, rather than be used by the field to determine audit risk on a case-by-case basis.
Since the LB&I Subgroup last considered LB&I’s risk-assessment procedures and protocols, LB&I has undertaken a major reorganization, a principal aspect of which is a transition from an essentially enterprise-based audit system to more of an issue-based system. At a high level, LB&I intends to transition from its historical focus on comprehensive audits of the largest businesses to a new approach focused primarily on centrally identified tax compliance risk issues. The comprehensive enterprise-wide audits will not go away entirely, but they will ultimately constitute a smaller percentage of LB&I’s work. To implement its new focus, LB&I has restructured itself into nine practice areas. The practice areas come in two types. Four are organized on a geographic basis and the other five are oriented to specific subject-matters. LB&I representatives have confirmed in speeches and other public statements that the subject matter organizations are to be deeply involved in identifying and addressing the “risk” issues. Generally speaking, in the former organizational structure, once a taxpayer was selected for examination, the selection of transactions and issues to be examined was determined largely by the examination team.
LB&I has candidly acknowledged that a key driver of the new design is LB&I’s desire to exercise more control over how it spends its resources. Rather than automatically committing personnel and other resources to recurring cycles of the same large case audits, the new approach is intended to make LB&I more agile and strategic in addressing emerging compliance risks no matter where they exist. As envisioned, agents and specialists will be assigned to “campaigns” and “tailored treatments” that concentrate on an inventory of specific centrally identified risk issues.
LB&I is committed to change in order to create an organization that “continuously evolves to keep pace with LB&I taxpayers operating in a global environment.” To this end, LB&I intends to use data analysis as well as feedback from examiners to identify areas of potential non-compliance and design campaigns to address key compliance risks. Campaigns are focused on specific issues using a combination of “treatment streams” to achieve the intended compliance outcome. Nevertheless, the current LB&I Subgroup believes that the recommendations made in its 2013 and 2014 report are worthy of consideration, though several may need to be refined to take into account LB&I’s overall new approach. In particular, the current LB&I Subgroup believes that “yes or no” questions are an appropriate means for LB&I to assess risk, for purposes of both selecting and deselecting issues for “campaigns.”
LB&I selects the majority of the returns for examination using three methods:
- First, IRS relies on algorithms and models to identify tax returns that may be a compliance risk and selects those returns for examination. Specifically, LB&I uses the Discriminant Analysis System (DAS), which scores corporate returns with assets above $10 million. These returns are slotted into quartiles based on their scores. The returns are assigned to the field based on these quartiles. At the group level, the returns are risk assessed and a decision is made on whether to proceed with the exam or survey. LB&I uses proprietary models to identify Forms 1120S and 1065 with assets over $10 million.
- Second, compliance check initiatives select particular returns to examine based on a particular issue that may have been determined to be a widespread issue among the return population. Compliance check initiatives, as well as prior audit results, may lead to changes in algorithms which are updated periodically.
- Third, claims for refund that exceed $5 million, which statutorily must be reviewed by the Joint Committee on Taxation (JCT), are scrutinized by a special group of IRS professionals. These refund claims include the refund claims reported on Form 1120X, Amended U.S. Corporation Income Tax Return, and Form 1139, Corporation Application for Tentative Refund Claim.
Section 6012 of the Code requires taxpayers, including corporations, to self-report certain information that IRS considers necessary for the computation of the income tax on a return. Taxpayers are the source of the information that is provided to IRS on a return. There is a general obligation of taxpayers under section 6011 to keep records and make returns as regulations could require. The IRS relies on information provided on a series of required forms based on the type of taxpayer reporting income. For example, U.S. corporate taxpayers must file Form 1120, U.S. Corporation Income Tax Return. In addition, U.S. corporate taxpayers must file various ancillary forms depending on the particular taxpayer’s activities and IRS filing requirements. IRS publishes instructions with its forms to explain how to complete the form and the necessary information or documentation that must be attached to the form.
IRSAC commends LB&I for its efforts to evolve to keep pace with LB&I taxpayers. One of LB&I’s guiding principles in establishing its future foundation is “Selection of Better Work.” The LB&I Subgroup’s recommendations are centered on assisting LB&I with gathering better information from LB&I taxpayers so it can risk assess and select “better work” to examine. In making our recommendations, we believe it fitting to reprise the opening statement in our 2013 report:
As both the IRS and large business taxpayers have limited resources, each would benefit from the IRS risk assessing taxpayers and their filed tax returns prior to examination. In this manner, only high risk taxpayers would require significant IRS examination.
The Subgroup believes that principle applies equally to issue-based risk assessment. As LB&I selects issues to pursue and develops campaigns and tailored treatments, it must consider the risks inherent in a particular issue, including the risk of non-compliance and the overall tax risk in deciding which issues it will pursue as well as those issues it will not pursue.
IRSAC recommends that LB&I consider making changes to Form 1120 (and perhaps other forms commonly filed by LB&I taxpayers) and related instructions to solicit information or documentation to identify potential compliance risks with a goal of focusing valuable resources on high-risk issues and away from low-risk taxpayers. We recommend that the additional or modified questions or instructions require the filer to respond to objective questions, similar to the questions currently posed on Form 1120, Schedule B and Schedule K. The questions might require, for example, “yes or no” answers, ratios or amounts.
We recommend that LB&I centrally devise the questions leveraging the use of expertise developed in LB&I’s Practice Groups (which were previously called IPNs and IPGs) regarding specific subject matter areas and, further, that the responses be centrally screened and analyzed by appropriately trained personnel. To be clear, we are not recommending that LB&I devise questions in order to identify whether a particular return presents an issue that LB&I has already identified as high risk. We recognize, however, that the information provided in response to certain objective questions may have the correlative benefits of allowing LB&I to risk-assess specific taxpayers on specific issues without the need to open an audit, and permitting LB&I to “de-select” low-risk taxpayers (and issues) from the audit process. In other words, refining the risk assessment process will allow LB&I to advance one of its foundational principles — “Selection of Better Work.” Nevertheless, the Subgroup recommends that the questions be framed to assess global risk — to determine, for example, the pervasiveness of an issue among LB&I taxpayers and the tax dollars involved — and to identify emerging issues.
We recognize that tax forms may not be particularly well suited to identifying emerging issues, given the time lag in revising tax forms, and that the IRS must carefully analyze the burden revisions would impose on taxpayers relative to the benefits of obtaining the requested information. We therefore also recommend that LB&I conduct a study regarding ways that it might more nimbly change forms or instructions in the manner that is least burdensome to taxpayers while still obtaining the desired information.
IRSAC recommends that LB&I consider changes to Form 1120X and related instructions to require additional information or documentation related to refund claims that LB&I has identified as high-priority examination issues (e.g., R&D Tax Credit, Section 199, and Tangible Property Regulations (TPR)).
The instructions to Form 1120X currently describe “What To Attach” to Form 1120X:
If the corrected amount involves an item of income, deduction, or credit that must be supported with a schedule, statement, or form, attach the appropriate schedule, statement, or form to Form 1120X. Include the corporation’s name and employer identification number on any attachments.
LB&I should consider modifying or expanding the “What To Attach” section of the instructions to require more detailed and specific information to refund claims involving potentially high-risk refund areas. In addition, the LB&I Subgroup recommends that LB&I consider issuing regulations or some other form of guidance (such as a revenue procedure) elaborating on the type of information that should be attached to these potentially high-risk refund claims. Such an approach will allow LB&I to customize the information requested for refunds resulting from the application of particular areas of the tax law in which LB&I has determined to be related to key compliance initiatives. Known examples include the R&D Tax Credit and the Section 199 Domestic Production Deduction. This recommendation is not intended to create an additional requirement for the taxpayer to have a “valid” refund claim. Rather, this change should provide specific information necessary for LB&I to risk assess the refund claim.
The LB&I Subgroup recommends that LB&I management review the process followed by the State of California. The California Franchise Tax Board (CA FTB) has proposed the regulation (California Prop. Reg. § 19322) intended to improve its risk assessment of refund claims. The following is the proposed regulation governing California refund claims:
The claim must set forth in detail each ground upon which a refund or credit is claimed and facts sufficient to apprise the Franchise Tax Board of the exact basis thereof. The claim should be filed on Form 540X with all supporting documentation attached. A separate form should be used for each taxable year or period.
LB&I management commented during a Subgroup meeting that LB&I would be interested in understanding how the CA FTB organizes the information it receives with the refund claims so that information is stored in a user-friendly format. The LB&I Subgroup recommends that LB&I consult with the appropriate IRS personnel to discuss how information received with the refund claims can be stored in a format that can be more easily used to risk assess the refund claims.
ISSUE TWO: PROMOTING CONFIDENTIALITY OF TREATY-EXCHANGED INFORMATION
Given the imminent implementation of a program of automatic exchanges of tax information between the Internal Revenue Service and tax authorities in other countries pursuant to the Organization for Economic Development & Cooperation’s (OECD’s) Base Erosion and Profit-Shifting (BEPS) project, LB&I management asked the LB&I Subgroup to develop recommendations to reinforce and advance taxpayer confidence that the data will not be misused and that it will remain confidential as guaranteed by section 6103 of the Internal Revenue Code. Specifically, the LB&I Subgroup considered how the IRS can promote taxpayer confidentiality relating to information automatically exchanged with tax authorities in other countries pursuant to the country-by-country (CbyC) reporting initiative set forth in BEPS Action 13. We also addressed what steps might be taken to ensure that automatically exchanged CbyC information is not used inappropriately by the receiving tax authority.
IRSAC recommends that the IRS take additional steps to promote its commitment to maintaining taxpayer confidentiality, for example, by:
In addition, IRSAC urges LB&I to explore options for keeping aggrieved taxpayers informed of the status of any inquiry into whether their confidentiality was compromised or data was misused.
- Implementation of Country-by-Country Reporting
Generally speaking, “base erosion and profit shifting (BEPS)” refers to tax planning strategies that exploit gaps and mismatches in tax rules to make profits “disappear” for tax purposes or to shift profits to locations where there is little or no real activity but the taxes are low, resulting in little or no overall corporate tax being paid. The OECD’s project, which has been embraced by the Finance Ministers of the G20, was intended to bring a coordinated approach to the challenge of BEPS, and involved 15 different action plans. One of the more consequential actions recommended by the OECD relates to so-called County-by-Country (CbyC) reporting.
Specifically, BEPS Action 13 provides a template for multinational enterprises to report annually, on a country-by-country basis, information on the global enterprise’s overall activities. As explained in the OECD’s BEPS FAQ 79 —
Country-by-Country Reporting is a tool intended to allow tax administrations to perform high-level transfer pricing risk assessments, or to evaluate other BEPS-related risks. The country-by-country reporting template will require multinational enterprises (MNEs) to provide annually and for each jurisdiction in which they do business, aggregate information relating to the global allocation of the MNE’s income and taxes paid together with certain indicators of the location of economic activity within the MNE group, as well as information about which entities do business in a particular jurisdiction and the business activities each entity engages in.
The goal of BEPS Action 13 is to enhance transparency for tax administrations around the world by providing them with additional information to conduct transfer pricing risk assessments and examinations through increased transfer pricing documentation requirements, specifically including a new country-by-country report and a master file. In practical terms, CbC reporting is intended to ensure that adequate taxes are paid in the jurisdictions where profits are generated, value is added, and risk is taken.
As part of its efforts to implement BEPS in respect of U.S. taxpayers, in June 2016 the IRS issued final regulations requiring CbC reporting by U.S. persons that are the ultimate parent entity of a multinational enterprise (MNE) group with revenue of $850 million or more in the preceding accounting year. The final regulations, set forth in Treas. Reg. § 1.6038-4, require these U.S. persons to file annual reports containing information on a CbC basis of a MNE group’s income, taxes paid, and certain indicators of the location of economic activity. The new reporting requirements apply to all parent entities with taxable years beginning on or after June 30, 2016. The final regulations will require reporting on new Form 8975, the “Country-by-Country Report.” The IRS has estimated that CbyC reports will be filed by approximately 1,800 U.S.-parented MNEs.
Assuming the United States has an exchange-of-information treaty or similar agreement with a foreign jurisdiction in which the U.S. multinational group operates, the CbC reports filed with the IRS will be exchanged automatically with tax authorities in that country. The goal of the exchange is to provide greater transparency into the operations and tax positions taken by the MNE. While CbC reports will not themselves constitute conclusive evidence of income tax or transfer pricing violations (indeed, the exchange-of-information agreements proscribe their use for that purpose), they are intended to advance the tax jurisdiction’s risk assessment efforts, for example, by prompting inquiries into transfer pricing practices or other tax matters.
Every information exchange agreement to which the United States is a party requires both parties to treat the information as confidential, to implement data safeguards, and to use the information only for tax administration purposes. The United States will stop automatic exchanges with tax jurisdictions violating those requirements until the violations are cured.
- Confidentiality of Taxpayer Information (including Treaty-Exchanged Information)
Confidentiality of tax returns and taxpayer information has been a foundational principle of tax systems around the world for decades. In the United States, the principle of keeping taxpayer information sacrosanct has been enshrined in the Internal Revenue Code since the 1976 enactment of section 6103. The provision mandates that tax returns and tax-related information be kept confidential and not subject to disclosure, except in certain limited circumstances.
Laws in other countries similarly protect taxpayer privacy. What undergirds section 6103 in the United States and taxpayer privacy protections in other countries is the principle that, in order to have confidence in their tax system and to comply with their obligations under the law, taxpayers need to know that the information on their tax returns and other tax records — often sensitive financial and other propriety information — will be safeguarded and protected from intentional or inadvertent disclosure. Violations of section 6103 are illegal: hence, section 7231 makes it a crime to make an unauthorized disclosure of information; section 7231A punishes the unauthorized inspection of returns or return information; and section 7431 empowers affected taxpayers to bring a civil suit against a federal employee or other person for unauthorized inspection or disclosure of returns and return information.
The exceptions in section 6103 (and comparable legislation in other countries) are aimed at promoting the administration of tax laws and assisting various branches and levels of government in carrying out their respective purposes. Thus, section 6103(k)(4) provides: “A return or return information may be disclosed to a competent authority of a foreign government which has an income tax or gift and estate tax convention, or other convention or bilateral agreement relating to the exchange of tax information, with the United States but only to the extent provided in, and subject to the terms and conditions of, such convention or bilateral agreement.”
Key to disclosure of taxpayer information under section 6103(k)(4) are the provisions of the applicable tax convention or similar bilateral agreement relating to the exchange of information. Article 26(2) of the U.S. Model Income Tax Convention provides:
Any information received under this Article by a Contracting State shall be treated as secret in the same manner as information obtained under the domestic law of that Contracting State and shall be disclosed only to persons or authorities (including courts and administrative bodies) involved in the assessment, collection, or administration of, the enforcement or prosecution in respect of, or the determination of appeals in relation to, the taxes referred to in paragraph 1 of this Article [“taxes of every kind imposed by a Contracting State to the extent that the taxation thereunder is not contrary to the Convention”], or the oversight of such functions. Such persons or authorities shall use the information only for such purposes. They may disclose the information in public court proceedings or in judicial decisions. Notwithstanding the preceding sentences of this paragraph, the competent authority of the Contracting State that receives information under the provisions of this Article may, with the written consent of the Contracting State that provided the information, also make available that information for other purposes allowed under the provisions of a mutual legal assistance treaty in force between the Contracting States that allows for the exchange of tax information.
The confidentiality provisions of the OECD Model Agreement on Exchange of Information on Tax Matters (TIEA) are similar. Specifically, Article 8 of the TIEA provides that “[a]ny information received by a Contracting Party under this Agreement shall be treated as confidential and may be disclosed only to persons or authorities (including courts and administrative bodies) in the jurisdiction of the Contracting Party concerned with the assessment or collection of, the enforcement or prosecution in respect of, or the determination of appeals in relation to, the taxes covered by this Agreement. Such persons or authorities shall use such information only for such purposes. They may disclose the information in public court proceedings or in judicial decisions. The information may not be disclosed to any other person or entity or authority or any other jurisdiction without the express written consent of the competent authority of the requested Party.”
Article 22 of TIEA confirms the confidentiality of any exchanged information, stating that it shall be treated as secret and protected in the same manner as information obtained under the domestic law of that Party and, to the extent needed to ensure the necessary level of protection of personal data, in accordance with the safeguards that may be specified by the supplying Party as required under its domestic law.
The absolute necessity of the receiving country’s implementing safeguards being consonant with those of the supplying country has been explained by the OECD in a document entitled Keeping it Safe: The OECD Guide on the Protection of Confidentiality of Information Exchanged for Tax Purpose:
Citizens and their government will only have confidence in international exchange if the information exchanged is used and disclosed only in accordance with the agreement on the basis of which it is exchanged. As in the domestic context, this is a matter of both the legal framework as well as having systems and procedures in place to ensure that the legal framework is respected in practice and there is no unauthorized disclosure of information. What applies in the domestic context regarding protecting the confidentiality of tax information applies equally in the international context.
The OECD has compiled a set of best practices and practical advice, including recommendations and a checklist on how countries can meet an adequate level of protection while recognizing that “different tax administrations may have different approaches to ensuring that in practice they achieve the level required for the effective protection of confidentiality.” Keeping It Safe continues:
Of course, the first step is ensuring that appropriate legislation is in place, but confidentiality of taxpayer information within a tax administration is not simply the result of legislation. The ability to protect the confidentiality of tax information is also the result of a “culture of care” within a tax administration. This requires that confidentiality measures be incorporated into all the operations of tax administration. Confidentiality is a cornerstone for all functions carried out within the tax administration and as the sophistication of tax administration increases, the confidentiality processes and practices must keep pace.
Under OECD Guidance, before the transmission of a taxpayer’s information to a foreign tax authority, the following requirements must be satisfied:
- A treaty or other exchange of information mechanism is in place and provides for the confidentiality of tax information.
- Domestic legislation is in place to adequately protect the confidentiality of tax information.
- Domestic legislation includes sufficient sanctions for breaches of confidentiality.
- A comprehensive policy on confidentiality of tax information is in place and endorsed at the top level of the administration.
- A specified person is responsible for implementing the comprehensive policy.
- The comprehensive policy addresses: (a) background checks and security screening of employees, (b) employment contracts, (c) training, (d) access to premises, (e) access to electronic and physical records, (f) departure policies, (g) information disposal policies, and (h) managing unauthorized disclosures.
- All aspects of the policy have been implemented in practice.
The IRS’s policy and practices to ensure taxpayer confidentiality in respect of treaty-exchanged information accord fully with the OECD guidelines. Specifically, no information will be exchanged pursuant to a tax convention until the IRS has conducted a “safeguards review” and satisfied itself that the receiving tax authority can and will maintain the confidentiality of the exchanged information.
LB&I management confirms that there have been precious few instances where concerns have been raised about the disclosure or inappropriate use of exchanged information. Where a concern is raised (either directly by the affected taxpayer or by the taxpayer’s representative), the IRS’s response is to put further exchanges with the affected jurisdiction on hold, consult with the taxpayer or representative, and — if the concern is deemed to have credence — engage in a dialogue with the other country. Under applicable tax treaties, there is no sanction for violating the confidentiality provisions; that is to say, an aggrieved taxpayer cannot sue for damages, force the return of the information, or prevent the other authority’s use of the information. That said, IRSAC understands that in such a situation the IRS will suspend the exchange-of-information provisions of the treaty until the IRS validates that future breeches will not occur. Because section 6105 cloaks “tax convention information” with a confidentiality akin to that accorded taxpayers under section 6103, however, the IRS’s ability to keep the aggrieved taxpayer apprised of its discussions with the other country may be constrained. That said, section 6105(b)(3) does permit the disclosure of such information if the foreign government consents in writing, and during our discussions with LB&I, the Subgroup was informed that such consent is frequently given.
Moreover, if the exchanged information is misused (i.e., not used solely for risk assessment purposes), the receiving country will be obliged to concede the issue in any consequent mutual assistance proceeding. Thus, section 5 of the OECD’s Competent Authority Agreement on the Exchange of Country-by-Country Reports on the Basis of a Tax Information Exchange Agreement provides:
Both Jurisdictions agree not to use the information as a substitute for a detailed transfer pricing analysis of individual transactions and prices based on a full functional analysis and a full comparability analysis. Both Jurisdictions acknowledge that information in the CbC Report on its own does not constitute conclusive evidence that transfer prices are or are not appropriate and, consequently, agree that transfer pricing adjustments will not be based on the CbC Report. Inappropriate adjustments in contravention of this paragraph made by local tax administrations will be conceded in any competent authority proceedings. Notwithstanding the above, a Jurisdiction is not prevented from using the CbC Report data as a basis for making further enquiries into the MNE’s transfer pricing arrangements or into other tax matters in the course of a tax audit and, as a result, may make appropriate adjustments to the taxable income of a Constituent Entity.
Ensuring that the other country’s systems, policies, and practices satisfy its obligations under the treaty is especially important in respect of automatic exchanges of information (such as those made pursuant to the CbyC rules). The standards used in conducting safeguard reviews are set forth in the IRS’s International Data Safeguards & Infrastructure Workbook, a 2014 publication prepared in connection with the implementation of the Foreign Account Tax Compliance Act, which also facilitates (through intergovernmental agreements between the United States and other countries) the automatic exchange of taxpayer information. The difference between automatic exchanges and ad hoc, request-driven exchanges is explained in the IRS workbook, as follows:
Automatic, or bulk, exchange of tax data differs from exchange based on specific requests. Automatic exchange is performed routinely, and the types of information and timing are agreed to in advance by the parties participating in the exchange of information. Further, information may not necessarily be related to an ongoing investigation or proceeding at the time of the exchange. As a result, it is critical that the source jurisdiction, which is transmitting the information, receives assurance from the receiving jurisdiction that confidentiality of the exchanged information will be upheld, and that the information will be used solely for the purpose for which it is intended.
The framework for assessing whether another country’s ability to engage in an effective exchange relationship and adequately safeguard the information exchanged is set forth in the workbook, which addresses with particularity the steps to be taken in respect of four strategic areas: legal framework, information security management, monitoring and enforcement, and infrastructure.
Because automatic exchanges of information contained in taxpayers’ CbyC reports have not yet commenced, concerns about the confidentiality or misuse of exchanged taxpayer information remain anticipatory. The LB&I Subgroup commends LB&I management for emphasizing the IRS’s ongoing commitment to ensure taxpayer confidentiality and the proper use of their data. We applaud, for example, the posting of a notice on the IRS’s website captioned “Reporting Unauthorized Disclosure or Misuse of Tax Information Exchanged Under an International Agreement.” After explaining that the IRS will exchange information with treaty partners, as specifically requested, automatically, or spontaneously, the notice states:
The United States takes its obligation to respect the Taxpayer’s Right to Confidentiality very seriously and has implemented safeguards to protect the confidentiality and prevent the unauthorized disclosure or misuse of taxpayer information. The United States encourages anyone who is aware of a suspected unauthorized disclosure or misuse of information exchanged under an international agreement to which the United States is a party to file a report with the Internal Revenue Service (IRS).
Any person who discovers a possible unauthorized disclosure or misuse of taxpayer information should notify the office of Treaty Administration within the IRS Large Business and International Division. Send a description of the incident to the Exchange of Information Disclosure mailbox. Use the term “Report of Suspected Unauthorized Disclosure of Exchanged Information” in the subject line of the email.
Because of the critical importance of ensuring taxpayer confidence in the integrity of the tax system, IRSAC recommends that the IRS take additional steps to promote its commitment to maintaining taxpayer confidentiality. For example, we recommend —
- The IRS expand its website notice to include links to relevant materials, including its International Data Safeguards & Infrastructure Workbook and the OECD’s Keeping It Safe guide.
- The IRS elaborate (on its website notice and elsewhere) on what is meant by the term “misuse” and explain what the consequences will be to a receiving country that either discloses or inappropriately uses exchanged information. Specifically, the IRS should confirm that where it is determined that information has been misused, the automatic exchange of information with that country will be suspended.
- The IRS consider whether to include specific reference to its commitment to ensure taxpayer confidentiality, along with its Exchange of Information Disclosure mailbox, in the instructions to Form 8975 and other documents sent to taxpayers.
In addition, mindful of the restrictions imposed by section 6105 on the IRS’s sharing information about both automatic exchanges of information generally and potential or actual breaches of taxpayer confidentiality in respect of treaty-exchanged information, IRSAC urges LB&I to explore options for keeping aggrieved taxpayers informed of the status of any inquiry into whether their confidentiality was compromised or data were misused. For example, we recommend that the IRS publish each year a list of countries with respect to which automatic exchanges of CbyC reports will occur. As for the particular instances of alleged or actual disclosure or misuse, options could include securing the consent required by section 6105(b)(3) on a case-by-case basis or, perhaps even better, a process or procedure for keeping affected taxpayers apprised in the model competent authority or automatic exchange of information agreement.
Steps such as these would not only underscore the IRS’s commitment to ensuring taxpayer confidentiality and the appropriate use of their data, but would also communicate that transparency is not a one-way street, thereby buttressing taxpayers’ faith in the integrity of the tax system.
 The preamble to the proposed CbyC regulations provides:
If the United States determines that a tax jurisdiction is not in compliance with confidentiality requirements, data safeguards, and the appropriate use standards provided for under the information exchange agreement or the competent authority arrangement, the United States will pause automatic exchange of CbC reports with that tax jurisdiction until such time as the United States is satisfied that the tax jurisdiction is meeting its obligations under the applicable information exchange or competent authority agreement or arrangement.
REG–109822–15, 2016-14 (April 4, 2016), available at /irb/2016-14_IRB/ar13.html (subpart 2, styled “Exchange of Information, Confidentiality, and Improper Use of Information”). More generally, section 7.3 of the OECD’s Multilateral Competent Authority Agreement on Automatic Exchange of Financial Exchange of Financial Account Information provides:
A Competent Authority may suspend the exchange of information under this Agreement by giving notice in writing to another Competent Authority that it has determined that there is or has been significant non-compliance by the second-mentioned Competent Authority with this Agreement. Such suspension will have immediate effect. For the purposes of this paragraph, significant non-compliance includes, but is not limited to, non-compliance with the confidentiality and data safeguard provisions of this Agreement and the Convention, a failure by the Competent Authority to provide timely or adequate information as required under this Agreement or defining the status of Entities or accounts as Non-Reporting Financial Institutions and Excluded Accounts in a manner that frustrates the purposes of the Common Reporting Standard.