[House Hearing, 114 Congress] [From the U.S. Government Publishing Office] TAX RETURN FILING SEASON ======================================================================= HEARING BEFORE THE SUBCOMMITTEE ON OVERSIGHT OF THE COMMITTEE ON WAYS AND MEANS U.S. HOUSE OF REPRESENTATIVES ONE HUNDRED FOURTEENTH CONGRESS SECOND SESSION __________ APRIL 19, 2016 __________ Serial No. 114-OS11 __________ Printed for the use of the Committee on Ways and Means [GRAPHIC NOT AVAILABLE IN TIFF FORMAT] U.S. GOVERNMENT PUBLISHING OFFICE 22-230 WASHINGTON : 2017 ---------------------------------------------------------------------------------------- For sale by the Superintendent of Documents, U.S. Government Publishing Office, http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, U.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free). E-mail, [email protected]. COMMITTEE ON WAYS AND MEANS KEVIN BRADY, Texas, Chairman SAM JOHNSON, Texas SANDER M. LEVIN, Michigan, DEVIN NUNES, California CHARLES B. RANGEL, New York PATRICK J. TIBERI, Ohio JIM MCDERMOTT, Washington DAVID G. REICHERT, Washington JOHN LEWIS, Georgia CHARLES W. BOUSTANY, JR., Louisiana RICHARD E. NEAL, Massachusetts PETER J. ROSKAM, Illinois XAVIER BECERRA, California TOM PRICE, Georgia LLOYD DOGGETT, Texas VERN BUCHANAN, Florida MIKE THOMPSON, California ADRIAN SMITH, Nebraska JOHN B. LARSON, Connecticut LYNN JENKINS, Kansas EARL BLUMENAUER, Oregon ERIK PAULSEN, Minnesota RON KIND, Wisconsin KENNY MARCHANT, Texas BILL PASCRELL, JR., New Jersey DIANE BLACK, Tennessee JOSEPH CROWLEY, New York TOM REED, New York DANNY DAVIS, Illinois TODD YOUNG, Indiana LINDA SANCHEZ, California MIKE KELLY, Pennsylvania JIM RENACCI, Ohio PAT MEEHAN, Pennsylvania KRISTI NOEM, South Dakota GEORGE HOLDING, North Carolina JASON SMITH, Missouri ROBERT J. DOLD, Illinois TOM RICE, South Carolina David Stewart, Staff Director Nick Gwyn, Minority Chief of Staff ______ SUBCOMMITTEE ON OVERSIGHT PETER J. ROSKAM, Illinois, Chairman PAT MEEHAN, Pennsylvania JOHN LEWIS, Georgia GEORGE HOLDING, North Carolina JOSEPH CROWLEY, New York JASON SMITH, Missouri CHARLES B. RANGEL, New York TOM REED, New York DANNY DAVIS, Illinois TOM RICE, South Carolina KENNY MARCHANT, Texas C O N T E N T S __________ Page Advisory of April 19, 2016 announcing the hearing................ 2 WITNESSES Timothy Camus, Deputy Inspector General for Investigations and Treasury Inspector General for Tax Administration, U.S. Department of Treasury......................................... 37 The Honorable John Koskinen, Commissioner, Internal Revenue Service........................................................ 17 Jessica Lucas-Judy, Acting Director, Strategic Issues, U.S. Government Accountability Office............................... 57 The Honorable James B. Renacci, Member of Congress, Washington D.C............................................................ 10 SUBMISSION FOR THE RECORD National Treasury Employees Union................................ 112 QUESTIONS FOR THE RECORD The Honorable Peter Roskam....................................... 109 TAX RETURN FILING SEASON ---------- TUESDAY, APRIL 19, 2016 U.S. House of Representatives, Committee on Ways and Means, Subcommittee on Oversight, Washington, DC. The subcommittee met, pursuant to notice, at 10:00 a.m., in Room 1100, Longworth House Office Building, the Honorable Peter Roskam, [Chairman of the Subcommittee] presiding. [The advisory announcing the hearing follows:] [GRAPHICS NOT AVAILABLE IN TIFF FORMAT] ------ Chairman ROSKAM. The subcommittee will come to order. Welcome to the Ways and Means Subcommittee on the Internal Revenue Service's 2016 tax filing return season. I think I speak for many Americans when I say that I am glad Tax Day is over. Today's hearing will review the results of the 2016 tax filing season. Additionally, we will focus on the growing threats of identity theft and cybersecurity. Over 150 million Americans already have or soon will file tax returns for 2015. They expect and deserve an efficient IRS that works for them. Two key aspects of that are ensuring a smooth filing season and protecting taxpayer data. Unfortunately, the IRS does not have the best track record with regard to either. Last year the Ways and Means Committee found that the IRS deliberately diverted user fees away from customer service, resulting in service that even the IRS Commissioner called ``abysmal.'' Through Congressional oversight and appropriations, the IRS was forced to prioritize customer service. The agency needs to act quickly to address identity theft, tax-related fraud issues, and cybersecurity issues. Fraud related to identity theft is growing at an alarming rate. It is a serious crime that hurts millions of Americans and costs the government billions of dollars. In 2012, the Treasury Inspector General for Tax Administration, or TIGTA, reported the IRS could pay out $21 billion in fraudulent refunds over five years. If you have your identity stolen, it can take months to get your life back together. TIGTA estimated it took an average of 278 days to resolve identity theft cases at the IRS. Nearly 20 percent of them were not even resolved correctly. While the IRS has taken some steps to prevent and detect identity theft, the agency is not keeping up with the criminals. Law enforcement officers say tax fraud is so easy it has become an addiction for some criminals. Former drug dealers hold tax filing parties where they file hundreds of returns using stolen identities. As one suspect told police, ``Why would I take the risk to sell drugs and get busted when I can put $10,000 on a card and do it from home all day long while the cartoons are on?'' In 2010, police in Miami, Florida uncovered an entire tax preparation company set up to file fraudulent returns. It stole over $2 million from taxpayers. While law enforcement has had some success in this area, there are many sophisticated operations that continue unabated. As one police officer in Florida remarked, ``You know, there are guys out there doing it better. We are catching the idiots.'' Crime syndicates in Eastern Europe, for example, are ripping millions of dollars off the U.S. Government without ever setting foot in the country. Last May the IRS announced criminals had broken into the Get Transcript function on the agency's Web site and accessed data on more than 100,000 Americans. The IRS suspended that specific program, but the problem continues. Over 700,000 people are now estimated to have had their sensitive information stolen. Earlier this year, the agency also had to suspend its Identity Protection Personal Identification Numbers, or IP PIN online program. IP PINs are given to previous victims of identity theft in order to protect their tax returns. But the IRS discovered at least 800 tax returns filed by fraudsters who had stolen IP PINs. It is ironic and unsettling to see criminals access the very tool the IRS relies on to protect identity theft victims. Identity thieves are increasingly relying on cybersecurity breaches and other attacks to obtain taxpayer data. And as the criminals evolve, we need to do the same. A few years ago, criminals would use stolen names and Social Security numbers to fill out fraudulent returns just by guessing information. It is simpler to catch this type of fraud because some information is often incorrect and it can be flagged through data matching. Nowadays with identity thieves obtaining their information through cybersecurity hacks, the criminals often have all of the information they need. The IRS needs to focus on advanced fraud detection methods to keep up with increasingly sophistication of identity thieves. Does the IP address match the address on the return, for example? For electronically filed returns, were the forms filled out more quickly than a human preparer could fill them out? The IRS needs to improve its information security. Both TIGTA and the GAO have raised concerns with the IRS's inability to protect taxpayer data. TIGTA found the IRS was fully meeting Federal information security standards only in three of ten areas, and there were three areas with significant weaknesses that put taxpayers at risk. Last month, the GAO reported additional problems with IRS security, including outdated software. Authentication is one of the biggest challenges. The IRS needs the ability to verify the people who are interacting with the agency are who they claim to be. TIGTA and GAO have reported the IRS's current authentication standards are not enough to protect taxpayer data. We have seen those weaknesses play out in the IP PIN and Get Transcript hacks. These criminals were able to get in through the front door bypassing the IRS's authentication protocols. The IRS has always had problems with its information technology, and now criminals are getting better at exploiting it. Last year, the IRS convened a Security Summit of stakeholders and industry experts to try and address identity theft and cybersecurity. The agency has already announced that it is working with software providers to enhance identity and validation procedures. Unfortunately, the IRS still has not made the common sense switch to multi-factor authentication. This is a common practice in the private sector. Most people have experienced it when they want to access their bank account online. The bank will not grant the user access until a code is sent to his or her phone or email account. The IRS needs to move in this direction, and quickly. And let me be clear. This is not necessarily the gold standard that I am talking about. It is the bare minimum the IRS needs to do to ensure people accessing accounts and filing returns are who they claim to be. And finally, I want to note that identity theft related tax fraud is not just committed by people outside of the IRS. As TIGTA will testify today, there have also been instances where the IRS's own employees used their positions to improperly access taxpayer data and claim fraudulent refunds. This is obviously unacceptable and should be addressed immediately. How can the IRS expect taxpayers to trust its agents with sensitive information when it cannot prevent criminal activity among its own employees? It is clear the IRS's existing efforts to address identity theft and cybersecurity attacks are not enough. Criminals are already exploiting these weaknesses, exposing taxpayers' identity and costing the government billions every year. The troubled agency's failure to improve its information security puts us at risk, and we need to hold the IRS accountable for protecting taxpayer information and strengthening security. I will now yield to the ranking member, Mr. Lewis, for the purpose of an opening statement. Mr. LEWIS. Good morning. Mr. Chairman, I want to thank you for calling today's hearing. I also would like to thank the Commissioner and other witnesses for being here today. Many of you know that this has been a difficult year for the IRS. Identity theft is on the rise, and millions of taxpayers are being harmed. At the same time, Republicans continue to ask the agency to do more with less. I have said it before, and I think our colleague and my good friend, Mr. Davis, has said it, and I will say it again. You cannot squeeze blood from a turnip. As one who has served on this Committee for a long time, I am particularly concerned about the new Republican mandate that directs the agencies to use private debt collectors. We have been down this road before. It is a waste, a distraction, and a disservice to the American taxpayers. The previous private debt collection pilot program cost more than they collected. Taxpayers were harassed, not helped. I said they were harassed and not helped. Across the country there is an increase in identity theft. Many of you read the news and have family and friends who have been victims. There are already many criminals impersonating the IRS. They seek to cheat taxpayers out of their hard earned money. Confusion about whether the private debt collector was acting for the IRS was a problem ten years ago. With more criminals, the program is bound to do more harm than good. Bringing back private debt collection is a mistake, and it should be repealed. Congress should focus on giving the IRS the tools it needs to serve taxpayers. Since 2010, funding for the IRS has been cut by around $1 billion. Last week the Republicans on this Committee passed a bill to cut the IRS by $400 million more each year. These budget cuts have resulted in the loss of 12,000 jobs, reducing employee training, delaying computer system upgrades. That is not good. It does not help. Last week I was joined by Ways and Means Oversight Subcommittee Democrats in introducing the Taxpayers Protection Act of 2016. This legislation responds to the recent recommendation from the National Taxpayer Advocate. My bill also includes good policy ideas offered by other committee members, by Mr. Pascrell and Mr. Becerra. This legislation is a good, common sense policy. In addition to fighting identify theft and strengthening taxpayer protection, our bill will fully fund the President's fiscal year 2017 request for taxpayer service, increasing funding for low income taxpayer clinics, and repeal the terrible private tax debt collection program. This bill is ripe and it is timely. I hope that it will receive the consideration of the full committee and the full Congress as soon as possible. Mr. Chairman, again, I thank you for calling today's hearing. I hope that we will see more subcommittee activity on how to better serve and support American taxpayers. I look forward to hearing from today's witnesses, and again, I want to thank all of the witnesses for being here. Thank you, Mr. Chairman, and I yield back. Chairman ROSKAM. Thank you, Mr. Lewis. We will have two panels today. Our first panel is our colleague, Congressman Jim Renacci from Ohio, who has had a personal experience in this arena that he is going to give us his perspective on. Not only does he have the background of serving on the Ways and Means Committee, but he also has a vast private sector background in terms of tax preparation and so forth with his insight as a CPA. Mr. Renacci. STATEMENT OF THE HONORABLE JIM RENACCI, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF OHIO Mr. RENACCI. Chairman Roskam, Ranking Member Lewis, and Members of the Subcommittee, thank you for holding this important hearing. I am grateful for the opportunity to testify on the impact of tax-related identity theft on taxpayers in Northeast Ohio and across the country. Let me start with my personal story. Last May I received a notice from the IRS stating they had some questions for me about my 2014 tax return. I found this troubling because I had yet not filed my return. Because of the Tax Code's complexity, my return requires many forms that rarely arrive before the April 15th filing deadline. So like every year, I filed an extension for my 2014 return until October. After receiving that IRS notice in May, I immediately called the IRS hoping to swiftly confirm that this was just an IRS error. Unfortunately, there was nothing quick about the call. It took almost two hours, and I did not get an answer. My level of concern intensified, and I realized that something was very wrong. When I returned to Washington the next week for votes, I reached out to the IRS office here. I finally got some answers. I learned that sometime in 2015, my personal information had been stolen. Someone then used the information to electronically file a fraudulent tax return for my wife and I. That fraudulent return, which included a fake W-2 from the U.S. House of Representatives, claimed a significant refund, and the return instructed that those proceeds go to a bank account outside the United States. Thankfully, there were various red flags associated with this fraudulent return which the IRS caught before sending payment. As a taxpayer and tax preparer for almost 30 years, it is apparent to me that identity theft is real. The ability to file for a refund electronically and receive a refund quickly via bank transfer can also cause significant issues related to identity theft. Let me be clear. I do not want to return to paper returns and checks, but the ease of electronic filing and payments has exacerbated the problem. I know now more than ever we need additional safeguards to protect taxpayers. I personally have heard from many Northeast Ohio taxpayers about their experiences dealing with tax related identity theft. My district office regularly assists constituents who are ID theft victims. I just never thought it would happen to me. Of course, this is not just a Northeast Ohio problem. Tax- related identity theft is an evolving criminal activity that targets innocent taxpayers nationwide and robs the Treasury of billions of dollars each year. I am committed to finding a way to crack down on the growing threat that has devastated millions of taxpayers. So last fall with Ranking Member Lewis, I introduced bipartisan legislation entitled ``The Stolen Identity Refund Fraud Prevention Act of 2015.'' This legislation is an important first step towards shielding taxpayer dollars from fees and reducing the hardship caused by this criminal activity. I was pleased that two core components from this legislation were included in the PATH Act that passed last December. One closes the large gap between when employers provide W-2s to their employees and when they are required to provide them to the government. While W-2 and non-employee compensation statements are due to employees by the end of January, before the PATH Act the deadline for filing them electronically with the government was not until the end of March. In the last filing season, the IRS received over 90 million returns during that two-month window where the IRS was unable to verify key information before issuing refunds. Starting next filing season, the due date for filing W-2 information returns and non-employee compensation forms to the government will also be the end of January. Closing this window was a key step in enabling the IRS to prevent the continued issuance of billions of dollars in fraudulent tax returns. Even though that provision does not go into effect until next filing season, I am pleased that some employees with large volumes of W-2s were proactive on this issue and agreed this filing season to voluntarily file their W-2s with the government early in this year. According to Tax Commissioner Koskinen's testimony last week before the Finance Committee, the IRS received over 25 million early submissions, most of which came by the end of January. The second provision of my bill included in the PATH Act allows the IRS to require permitted truncated Social Security numbers on W-2s. Previously, while the IRS by regulation could require truncated Social Security numbers on Forms 1099, they were prohibited by statute from doing the same on W-2s. This common sense provision will better protect sensitive taxpayer personal information that was previously at risk. Mr. Chairman, tax-related identity theft is one of the most pressing challenges that we face in the world of tax administration. This complex and evolving threat requires cooperation from Congress, the IRS, state revenue agencies and industry stakeholders. I would also like to applaud the IRS for creating the Security Summit initiative to collaborate in fighting tax- related identity theft, and I am pleased to hear that the public-private partnership has resulted in a greater sharing of resources to improve identity theft detection and prevention. I look forward to continuing to work with all stakeholders to curb the growing threat. Thank you for the opportunity to testify. I look forward to working with my colleagues on this Committee to mark up the remaining provisions of the Stolen Identity Refund Fraud Prevention Act of 2015. [The prepared statement of Mr. Renacci follows:] [GRAPHICS NOT AVAILABLE IN TIFF FORMAT] -------- Chairman ROSKAM. Mr. Renacci, thank you for your testimony. I am just thinking about how aggressive it would be for somebody to actually file a fake W-2 with the U.S. House of Representatives on it. I mean, that is a demonstration of hubris, and as you pointed out, you know, the IRS caught it before the money went out. So let us give credit where credit is due. So thank you for your attention and for your willingness to roll up your sleeves and to work on a bipartisan basis on these issues that affect all of us. We will now hear from our second panel. It consists of three witnesses: The Honorable John Koskinen, the Commissioner of the Internal Revenue Service; Mr. Timothy Camus, who is the Deputy Inspector General for Investigations at the Treasury Inspector General for Tax Administration, or TIGTA; And Ms. Jessica Lucas-Judy, who is the Acting Director for Tax Issues at the Government Accountability Office. Commissioner Koskinen, welcome, and if we could begin with your testimony. You are recognized. STATEMENT OF JOHN KOSKINEN, COMMISSIONER, INTERNAL REVENUE SERVICE Mr. KOSKINEN. Thank you, Mr. Chairman and Ranking Member Lewis and Members of the Subcommittee. I appreciate the opportunity to appear before you today. Let me start with an update on the 2016 filing season which ended yesterday for everyone but those living in Maine and Massachusetts, who must file by midnight tonight. For the rest of the country, I am pleased to report that the last day of filing individual tax returns, yesterday, went very smoothly with our systems receiving more than four million returns on that day alone. We have received already and processed slightly over 130 million returns. Ninety percent of the refunds were processed within our 21-day goal and approximately 90 million refunds have already been issued. In regard to taxpayer service, I am also pleased to be able to report that the IRS saw significant improvements during this filing season over last year largely due to the additional resources provided by Congress. A total of $290 million in additional funding was approved for the IRS for this fiscal year to improve service to taxpayers, strengthen cybersecurity and expand our ability to address identity theft, all of which we appreciate. To illustrate how helpful this extra funding was, we designated $178 million to be used for taxpayer service, which among other things allowed us to add about 1,000 extra temporary employees to help improve our service on the phones during the filing season. During the season, the average level of service on our toll free help lines this year has exceeded 70 percent, a vast improvement over last year's 37 percent. Unfortunately, once the seasonal employees are gone and the funding runs out, that number will drop significantly, but still the average for the phone service for the full year will probably be between 47 and 50 percent, still a significant improvement over last year. The President's budget for 2017 provides for a level of phone service of about 70 percent for the entire year with an investment of approximately $150 million above current levels. This year has demonstrated that with additional funding, taxpayer service will improve significantly. Let me now turn briefly to the IRS' ongoing efforts with regard to cybersecurity and identity theft. Securing our systems and taxpayer data continues to be a top priority for the IRS. Even within our constrained resources, we continue to devote significant time and attention to the challenge. We work continuously to protect our main computer systems from cyberattacks and to safeguard taxpayer information stored in our databases. These systems withstand more than one million malicious attempts to access them every day. We are also continuing to battle a growing problem of stolen identity refund fraud. Over the past few years, we have made steady progress in protecting against fraudulent refund claims and criminally prosecuting those who engaged in this crime. We have found the type of criminal we are dealing with has changed. The problem, as the chairman noted, used to be random individuals filing a few dozen or a few hundred false returns at a time. Now we are dealing more and more with organized crime syndicates here and around the world. They are gathering unimaginable amounts of personal data from sources outside the IRS so they can do a better job of impersonating taxpayers, evading our return processing filters and obtaining fraudulent refunds. To improve our efforts against this complex, as noted, and against the evolving threat, as noted in March last year, we joined with the leaders of the electronic tax industry, the software industry and the states to create the Security Summit Group. This is an unprecedented partnership that is focused on making the tax filing experience safer and more secure for taxpayers in 2016 and beyond. Our collaborative efforts have already shown concrete results this filing season. For example, Security Summit partners have helped us improve our ability to spot potentially false returns before they are processed, and they have increased the level of authentication for taxpayers when they use software or provide information for their preparers. Over the past year, we have detected and stopped three instances of criminals masquerading as legitimate taxpayers on the basis of information stolen from places other than the IRS. One of the service's targets, as noted, was our Get Transcript online application used by taxpayers to quickly obtain a copy of their prior year return. Another was the IP PIN, as the chairman noted. In all three cases we detected that criminals were trying to use our online tools to help them pretend to be legitimate taxpayers and sneak false returns past our filters. The incidents have shown us that improving our reaction time to suspicious activity is not enough. We need to be able to anticipate the criminals' next moves in an attempt to stay ahead of them. The ongoing work of the Security Summit Group will be critical to our success here. Congress can provide critical support by approving adequate resources for these efforts. Sustaining and increasing funding in this area will be critical as we move forward. Another way Congress can help us is by passing legislative proposals to improve tax administration and cyber security. One of the most important requests we have made is for the reauthorization of streamlined critical pay authority, the loss of which has made it very difficult, if not impossible, to recruit and retain employees with expertise in highly technical areas such as information technology. Mr. Chairman, Ranking Member Lewis, and Members of the Subcommittee, this concludes my statement, and after other presentations, I would be happy to take your questions. [The prepared statement of Mr. Koskinen follows:] [GRAPHICS NOT AVAILABLE IN TIFF FORMAT] -------- Chairman ROSKAM. Thank you, Commissioner. Mr. Camus. STATEMENT OF TIMOTHY CAMUS, DEPUTY INSPECTOR GENERAL FOR INVESTIGATIONS AND TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION, U.S. DEPARTMENT OF THE TREASURY Mr. CAMUS. Chairman Roskam, Ranking Member Lewis, and Members of the Subcommittee, thank you for the opportunity to discuss the Internal Revenue Service's 2016 tax filing season. TIGTA continues to identify security of taxpayer data as fraudulent claims as major management challenges facing the IRS. Both challenges continue to play a significant role in this year's tax filing season. Since 2012, TIGTA has issued a series of reports assessing the IRS' efforts to detect and prevent fraudulent tax refunds resulting from identity theft. The IRS has implemented many of TIGTA's recommendations and has continued its efforts to improve its detection processes. However, tax related identity theft remains a major challenge for the IRS. At the same time, cybersecurity threats against the Federal Government continue to grow. The IRS is a prime target for attacks because of the extensive amounts of taxpayer data it stores and refund amounts it issues each year. Because of this, the risk of unauthorized access to tax accounts, the potential theft of taxpayer information from the IRS and refund fraud will continue to grow. For example, in August 2015, the IRS reported that unauthorized users had been successful in obtaining information from the Get Transcript application for an estimated 334,000 taxpayer accounts. To prevent further unauthorized accesses, the IRS disabled the application on its Web site. TIGTA's current review of the Get Transcript breach identified additional suspicious accesses to taxpayers' accounts that the IRS had not initially identified. We believe that more than 724,000 taxpayer transcripts may have been stolen. TIGTA is participating in a multi-agency criminal investigation into this matter. We have also provided the IRS with some of our investigative observations to date in order to help them secure their e-authentication environment going forward. We also reported in November 2015 that the IRS did not complete the required authentication risk assessment for its online identity protection personal identification number, or IP PIN application. We recommended that the IRS not reactivate this application for the 2016 filing season. However, the IRS reactivated the application on January 19th, 2016. We issued a second recommendation to the IRS on February 24th to remove the IP PIN application from its public Web site. On March 7th, the IRIS reported that it was temporarily suspending the use of the IP PIN application. The IRS also reported that 800 stolen IP PINs had been used to file fraudulent tax returns. Tax refund fraud and identity theft issues are not limited to unscrupulous individuals operating from outside of the IRS. We have conducted a number of significant investigations involving identity theft by IRS employees. In one recent prosecution case, we identified an IRS employee who, through her access to IRS data systems, stole the information of hundreds of taxpayers. She subsequently used this information in an attempt to obtain between $550,000 and $1.5 million in fraudulent refunds. We believe the IRS must prioritize its focus on insider threat posed by IRS employees by increasing and improving its application audit trails. Other challenges to the IRS' ability to efficiently administer the Nation's tax laws include a telephone impersonation scam. Since October 2013, we have received over one million complaints from taxpayers who reported that individuals called them, claimed to be IRS employees, and then demanded money. This scam is the largest, most pervasive impersonation scam in the history of our agency. It has claimed over 5,700 victims with reported losses totaling more than $31 million to date. We also continue to receive reports of individuals who have become victims of lottery winning scams, and we are also seeing an increase in the number of reported IRS fishing attempts. TIGTA and our law enforcement partners have made several arrests in connection with many of these scams, and we have over 100 investigations currently underway. As the number and sophistication of threats to taxpayer information will likely increase, they will be a continued focus of our audit and investigative coverage, and we will continue to provide the IRS with information necessary to protect taxpayers. Chairman Roskam, Ranking Member Lewis, and Members of the Subcommittee, thank you for the opportunity to share my views. [The prepared statement of Mr. Camus follows:] [GRAPHICS NOT AVAILABLE IN TIFF FORMAT] --------- Chairman ROSKAM. Thank you. Ms. Lucas-Judy. STATEMENT OF JESSICA LUCAS-JUDY, ACTING DIRECTOR, STRATEGIC ISSUES, U.S. GOVERNMENT ACCOUNTABILITY OFFICE Ms. LUCAS-JUDY. Chairman Roskam, Ranking Member Lewis, Members of the Subcommittee, thank you for inviting me to testify on three opportunities that GAO identified for IRS: First, improving customer service; Second, combating identity theft refund fraud; and Third, enhancing information security. During the filing season IRS deals with millions of transactions. The scale of these operations presents challenges for customer service and for protecting taxpayers' personal and financial information. Congress provided IRS with an additional $290 million this year to improve these areas. Regarding the first area of opportunity, customer service, the 2016 filing season was generally smooth. IRS provided a higher level of telephone service than it did in 2015. More people who wanted to speak to a live assister were able to get through, and the wait times were much shorter. However, as you heard, IRS expects telephone service to decline now that the filing season is over. GAO has recommended that IRS benchmark its telephone service with other call centers to identify potential improvements. Of course, IRS provides much more than just phone service. It handles correspondence, and it also provides services online, among other things. We have made recommendations to help IRS strategically manage these duties. For example, in 2013, GAO recommended IRS develop a long- term strategy for new online services. IRS recently told us that its new Future State Initiative will provide better service to taxpayers, but this initiative is in its early stages. We have also suggested Congress require Treasury and IRS to develop a comprehensive customer service strategy that incorporates elements of our prior recommendations. The second area of opportunity is identity theft refund fraud. IRS estimates it paid more than $3 billion dollars in identity theft refunds in 2014, and that is just from schemes already known. IRS has made it easier for people to report suspected fraud, and it is working with state and industry partners to share potential leads and strengthen fraud filters. Stronger pre-refund and post-refund strategies would help IRS combat this persistent and evolving threat. For example, IRS is considering a number of tools to enhance authentication, making sure the person filing the return is who they say they are. However, some of these could impose significant burdens on taxpayers and the IRS, and it is unclear how well they work. GAO recommended IRS assess the costs and benefits of its authentication tools. It is also important that IRS identify fraudulent returns before the money goes out the door. IRS currently issues refunds after matching names and Social Security numbers and filtering for certain indicators of fraud but does not match wage information reported by employers on W-2s. Historically W-2s had been available to IRS after it issued most refunds. Matching W-2s with information on tax returns to detect fraud before paying refunds could save some of the billions of dollars currently lost to fraud. The 2016 Consolidated Appropriations Act makes some of that information available earlier, which should help address this issue. The third area of opportunity is cybersecurity. While IRS has implemented some controls, taxpayer data continues to be exposed to unnecessary risk due in part to inconsistent implementation of IRS' security programs. To illustrate, we found that IRS used easily guessable passwords on servers that were supporting key systems. IRS also allowed access to certain systems beyond what users needed to do their jobs and did not encrypt sensitive data on some of the key systems that we reviewed. Importantly IRS did not fully address deficiencies we had identified in prior reviews or ensure that its actions corrected the problem. For instance, in our most recent review, IRS told us it had addressed 28 of our prior recommendations, but we found that nine of those had not been implemented effectively. Last month GAO made 43 recommendations to address newly identified weaknesses. Implementing these and our 49 outstanding recommendations would better protect sensitive information. In summary, as more IRS services are conducted online, it would be important for IRS to ensure it has proper safeguards in place and is using the full range of information to combat identity theft refund fraud and protect taxpayer data. We urge Congress, Treasury, and IRS to implement GAO's recommendations in the three areas we identified: benchmarking IRS' phone service and developing comprehensive customer service and online strategies; assessing authentication tools and conducting pre-refund matching; and addressing vulnerabilities in IRS' information security systems to better protect taxpayer data. Chairman Roskam, Ranking Member Lewis, Members of the Subcommittee, this concludes my prepared remarks, and I will be happy to answer any questions you may have. [The prepared statement of Ms. Lucas-Judy follows:] [GRAPHICS NOT AVAILABLE IN TIFF FORMAT] -------- Chairman ROSKAM. Thank each one of you for your perspectives. They are very valuable. Now we will go to inquiries from the members. Let us go to Mr. Reed from New York. Mr. REED. Well, thank you, Mr. Chairman, and thank you to the panelists for being here today. Commissioner, I wanted to go to some of the information you shared in your testimony, in your written testimony, in regards to the Security Summit and the Information Sharing and Assessment Center that was discussed in coming out of there. So in the spirit of true oversight, not a ``got you'' question, but what is the status of the Information Sharing Center and when can we expect it to be up and running? Mr. KOSKINEN. The status is we are working both internally and also with our summit partners to design it. It will be somewhat unique. There are a couple of other ISACs, as they are called, in the government that we have looked at. None of them quite apply to this. We jointly with them all have security concerns obviously. Our hope would be to have it totally operational by the next tax season, but the technology features are such that we think we may or may not make that deadline, but we are all committed, the private sector partners with us, as quickly as we can to have it up. What it will do is basically allow the private sector and the states to more easily have access to the information that is being shared. Right now everybody gives it to us and then we process it and give it back out. So it is not that people are not sharing the information. It will just be much more efficient if we can get the ISAC up and running. Mr. REED. Okay. So one of the barriers you said was the technological barrier. What are the technological barriers that you are uncovering with establishing that center? Mr. KOSKINEN. The technology there is just setting up. We have the governance structure already underway. So it is primarily just the technology. Can we set up the database in a secure way and the accesses for it to go forward? Mr. REED. Is that hardware technology, software technology? Mr. KOSKINEN. It is a combination. You know, we have this somewhat antiquated system with many moving parts to be able to collect the data, make sure it gets into our filters appropriately and gets back out in a secure way. It is primarily a programming and software challenge. Mr. REED. Okay. That is helpful. And you know you and I have talked numerous times before, and one of the things that I drive in my private life as well as public life is metrics. What are the expectations? What are we going to hold you accountable to? So in the spirit of hoping to meet that deadline of having the ISAC center up and running by next tax season, what are you going to gauge yourself as the IRS to make sure that the ISAC operation is functioning and delivering on the security measures that you want to see happen in that arena? Mr. KOSKINEN. I think our measure is that by this time next year it will be up and running. Our goal, aspirational, is to try to see if we can get it up early enough to be at the front end of the filing season, but we would be delighted to report back to you. The measure underneath it all, that is a system. It is the amount of data being shared, and then it is really the impact on how many of these returns can we catch. So we are monitoring carefully the number of returns we stop, and to the extent we can, as a result the increase in those as a result of the partnership. Mr. REED. All right. So I am not going to let you off that easy. So the goal is to get it up and running by this time next year. Mr. KOSKINEN. Right. Mr. REED. And then you are going to monitor the data and you are going to gauge the data. How are you going to measure that? What does that mean? What is the metric? I mean I hope the goal is not just we are going to get it up and running, and we hope it is going to do a great job, and we will come next year and say it is doing a great job, Congressman. Mr. KOSKINEN. Right. Mr. REED. You are getting millions of dollars potentially invested here. What are we going to hold you accountable for? Mr. KOSKINEN. The ultimate goal is to catch and stop fraudulent refunds before they go out. Mr. REED. So how much of an improvement in that arena can we expect from you as a result of this ISAC? Mr. KOSKINEN. We do not have a number that we can work against yet. We know last year we stopped slightly over four million. Mr. REED. Will you have that number when the ISAC is up and running? Mr. KOSKINEN. Yes. We know last year we stopped four million suspicious returns, a million and a half of which were proven identity theft which were $8 billion of refunds prevented from going out. That is a baseline. The goal would be to not only stop refunds, but to trap identify theft refunds. Mr. REED. And how much? Mr. KOSKINEN. And if we are successful, to some extent those numbers should go down. In other words, if we are successful at closing off systems and having better authentication on the front end, the goal would be to have the number of fraudulent returns filed not only stopped, but to go down. If we can get fraudulent returns under a million, that would be terrific. Mr. REED. So get the fraudulent returns down to a million as a metric that we could hold you to? Mr. KOSKINEN. I think the metric would be we had a million and a half we stopped in 2014. Can we lower that metric noticeably and significantly? Mr. REED. And that would be about a million, down to about a million if I heard you correctly? Mr. KOSKINEN. Well, my partners and I have to figure out what is a reasonable goal. Mr. REED. That is what I am really looking for, are those actual hard metrics that we can hold you accountable to because what other metric are you going to deploy to make sure to see if this ISAC is a success? Mr. KOSKINEN. The two metrics that I think are most important to everyone are: can we get the number of fraudulent returns filed down? And can we get the amount of fraudulent payments made down? Mr. REED. To what? Mr. KOSKINEN. Well, the goal would be obviously illusory to get them down to zero. Mr. REED. Okay. Mr. KOSKINEN. I mean we could fight it there, but we are not going to get them to zero. Mr. REED. We all agree we cannot get to zero, but what is the goal you are going to be at from today to a year from now or a year after the ISAC center is up and running? Mr. KOSKINEN. Well, as I said, our numbers for 2014 were 3.8 billion. We would like to get that number under three billion. We would like to get it under two billion at some day, but we are dealing with increasingly well-funded, sophisticated criminals, organized criminals around the world. Mr. REED. I appreciate the work, and I appreciate the threat that you have. I just want to make sure we have a clear metric as we move forward, and we have discussed that before. Mr. KOSKINEN. Yes. Mr. REED. It is meant in good faith just to hold everyone honestly accountable. With that I yield back. Chairman ROSKAM. Mr. Lewis. Mr. LEWIS. Thank you very much, Mr. Chairman. Mr. Commissioner, thank you for your testimony this morning. What concern do you have, and if you have some concern, could you share with us about restarting this program of private debt collectors? Mr. KOSKINEN. Well, our concern goes to the issues that Mr. Camus talked about, and that is we jointly with them have been for the last couple of years battling phone scams, people impersonating IRS employees trying to shake down nervous or frightened taxpayers. Historically we have run private debt collection systems twice before and they have never generated significant funding for the government. We are committed because the Congress gave it to us as a requirement; we are committed to do everything we can to make the program work. But one of the complications this year as we put the program in place will be how to deal with the phone scams that are going on. So we have already had a bidder's conference with potential participants, trying to work with them as to how we jointly, and I am a big believer in partnerships as you know; how we jointly can figure out how to make this work. One thing we are looking at it is, as I have told people publicly for two years, if you are surprised to be hearing from us, you are not hearing from us. People should have gotten letters from us long before they ever hear from us on the phone. So one of the ideas we have is that we would send a letter to a taxpayer saying, ``Your account has now been assigned to a given debt collector.'' The debt collector then would write the same taxpayer saying, ``We are Company X and your account has been assigned to us. We will be calling you.'' So, again, a taxpayer would be in the situation of not being surprised when they got a call from the IRS. So we could continue to advise taxpayers if you are surprised, it is a scam. The other thing we are trying to tell everybody is if you are going to pay your taxes in response to any inquiry, the check goes to the United States Treasury. The money does not go into a debit card account. It does not go into a bank account. It goes to the United States Treasury. Mr. LEWIS. Mr. Commissioner, not too long ago, just maybe about three months ago I received a call at my home here on Capitol Hill. The person said, ``I am from the IRS. We are going to sue you.'' And I said, ``Sue me for what?'' The person hung up. I tried to trace the number. I could not trace it. How do we warn the American people that there are people out there that are not representing the IRS? Mr. KOSKINEN. As I said, we have been working on this for over two years. I get clippings services every day, and there are good news articles at the local level, television stories either warning about the scam every year, and regularly we put out warnings about a range of scams. I have been dismayed at the persistence of the calls. The IG has done a very good job with us of collecting the data. They have been working with the Department of Justice prosecuting as we go on, and as they have noted, the number of people falling prey to the calls is dropping as a percentage, but the calls continue. The IG does a report that they share with us every week. There are 15 to 18,000 reported calls every week, and that is just the tip of the iceberg. So all we can do and what we are trying to do is flood the zone as it were, regularly and consistently, again, trying to get people to understand in simple terms. As I say, if you are surprised to be hearing from us, you are not hearing from us. The second thing is we never threaten you. We never say something is going to happen in 24 hours if you do not act, and the third thing is we will never tell you to put money anywhere but in the accounts of the U.S. Treasury in a check to the United States Treasury. And if we can continue to get that message out, my hope is the percentage, now small, of people who fall prey to this will decline. People being subject to it are elderly, low income people, and recent immigrants who tend to be more nervous and frightened or easily scared. And they are the people whose heart you go out to most when you read about they have sent $1,000, $3,000 in effect into criminals' hands. Mr. LEWIS. Mr. Inspector, do you share these concerns? Mr. CAMUS. Yes, sir, we are very concerned about this scam. As I said in my testimony, it is the most persistent scam. We continue to try to do a public awareness. I personally, although I have a face for radio, I recorded a public service announcement that we continue to try to market and get out on the YouTube channels. People every week fall victim to this, and as the Commissioner noted, between 15 and 20,000 calls are made each week and reported to us. We are very concerned about this as a continuing crime, but we do have some prosecutions coming up in the future that we hope will help us warn taxpayers not to fall prey to this criminal activity. Mr. LEWIS. Thank you very much. I yield back, Mr. Chairman. Chairman ROSKAM. Mr. Meehan. Mr. MEEHAN. I thank you, Mr. Chairman. I thank the ranking member for bringing up that issue. I suspect everybody on this dais got one of those phone calls. I did. My wife did. Mr. KOSKINEN. I have gotten one. When I got it I thought there must be somebody at the IRS I could talk to about this. [Laughter.] Mr. MEEHAN. We did the same press conference and got tremendous coverage and alert, but people are still once they get that call very, very scared, and there is one discrepancy that is not my questioning, but we say that we never go after people and ask for, you know, demand, but there are some collection services that are out there potentially speaking on behalf of the IRS with some level of legitimacy, and I think that is an issue that we need to be able to confirm, that you will never get a phone call from anybody representing the IRS, but a lot of work for us to do. Listen. As technology changes, we are utilizing it more, and I have seen a tremendous shift in utilization of e-filing and other kinds of things, which I assume makes it a little easier for you to be able to handle the returns that you get, Commissioner, but we are struggling on the front end with the authentication issue. Are you who you say you are? And obviously in the beginning, we began with just name, Social Security number, and some of the other things, all of which are readily available for somebody not even hacking into your system oftentimes by getting information from taxpayers. Now, I know that there have been some efforts in the IRS to strengthen its authentication system, but there has also been criticism that notwithstanding those efforts, things have not even reached the standards of what is expected of a governmental agency. So can you give me a sense on where this is going? I am aware that even within the agency you are looking at 2016, setting a standard, trying to get there, but because authentication is so important not just on the back end, but on the front end as well, to assure that the initial inquiry is accurate. Can you talk to me about authentication? Mr. KOSKINEN. Yes. Mr. MEEHAN. Where we are going and how we can fix this and get it better? Mr. KOSKINEN. Yes. It is obviously critical for all the reasons you state. It goes to the heart of our ability to expand our online services because if we are going to expand those, we have to expand them for legitimate taxpayers. So as noted, when we first designed Get Transcript four or five years ago, so-called out-of-wallet questions were a standard means of authentication on the theory that you ask questions only the taxpayer should know. It turns out with all of the data breaches, all of the information available on social media, it is increasingly easy, not totally simple, for criminals with enough personal data to, in fact, be able to masquerade as you. As I used to say, they can answer sometimes your questions better than you because they remember the year you bought the Volvo. They know that. You may not remember it. So what has happened with the evolution of the sophistication of criminals is simply relying on out-of-wallet questions no longer is the sort of standard you should use. We have gone to multi-factor authentication. In simple terms, multi-factor authentication, and you have done it with your online services, you will change a password or do something, and you will get sent to another account, to an iPhone, to your iPad, someplace else, a code that you enter back in, and that is a two-factor authentication. They know you are online. They also know that you have got possession of a device that the criminals do not have. Our problem is we do not right now have email addresses or telephone numbers regularly for taxpayers. We correspond with people by paper. Mr. MEEHAN. Well, that is what your Identity Assurance Office is looking at some of these things. Where are they going to be going with this in 2016? Because the assessment by the Inspector General was that you are going to assess costs and risks and other kinds of things. Mr. KOSKINEN. Yes. So what we are testing right now, before getting Get Transcript back up or IP PINs, is a multi-factor authentication where through a credit service, and which now would be the first to do that, who, when you go onto the credit service they have your phone number and other information, where we would correspond with the taxpayer online. We would then send to their iPhone or iPad a code. They would pick that code up and come back in, and we would be satisfied that even the criminal knew your out-of-wallet questions, which you still have to answer, they probably do not have possession of your cell phone. The difficulty is that is a good system, and it will make it much more difficult for criminals. The problem is it will make it a little harder for taxpayers as well. Mr. MEEHAN. Right, finding the right balance. Mr. KOSKINEN. Yes. Our estimate is, judging that we have talked to the British and we have talked to everybody we can talk to, that at the front end if we can get 50 percent of taxpayers through, that will be helpful. I would remind everybody on the out-of-wallet questions, our experience was 22 percent of taxpayers could not answer their out-of-wallet question, and half the criminals could not answer them. Mr. MEEHAN. Well, that is the problem. Everybody nowadays has a million different pins and other kinds of things. You forget what you gave them in terms of the identifying information. You cannot answer your own questions. Mr. KOSKINEN. Yes. Mr. MEEHAN. How do we get to a system in which we can effectively address that? Mr. KOSKINEN. Well, again, the multi-factor does not require you to remember the number you get. Every time you need it a new number will be sent to your iPhone, your iPad or texted to you, and you will use that new six-digit number just to authenticate, again, that you are who you are, and it will be harder for a criminal to duplicate that because they will not have possession of the alternate or the multi-factor part of the authentication. The problem will be and our goal will be over time to make that work smoothly enough with data enough that we could get back to the 80 percent level. We will probably never have an authentication system that everybody can get through. So the balance is how do we keep criminals out without keeping all of the taxpayers out at the same time. Chairman ROSKAM. Mr. Rangel. Mr. RANGEL. Thank you so much for calling this hearing, Mr. Chairman. It seems as though the criminals have been bipartisan in their attempt to defraud innocent congressional people. So that is one way to bring us together, through the criminal element. Years ago we had hearings, and the IRS indicated it sent out 30,000 letters to taxpayers telling them that their tax debt was being sent to private debt collectors, and then the debt collectors were required to send a letter to the taxpayers, but it turned out that some 30,000 letters were returned to the IRS. In other words, it did not appear at that time that the IRS was effective in notifying the taxpayers. Do you have any problems in your office as to whether or not you are effectively reaching the taxpayers? Mr. KOSKINEN. Our information and our experience is that we were able to reach, give or take a little, 75 to 80 percent of the taxpayers. The problem is people move every year, and give or take a little, 15 to 20, 25 percent of people are moving every year. Mr. RANGEL. Okay. The second question I have has to deal with the effectiveness of the investigation and the prosecution of these people. We hear about the victims, but as a former Federal prosecutor, I do not ever remember reading about a criminal that is conducting these fraudulent calls ever being arrested and sent to jail. Do you have any details as to what are you doing in the prosecution department to let the people know that you are being effective? Mr. KOSKINEN. Right. I will distinguish that Mr. Camus is the expert on that. Mr. RANGEL. I know. I was particularly talking to Mr. Camus. Mr. KOSKINEN. Yes, we have prosecuted over 2,000 people for identity theft. Mr. RANGEL. I know. I am asking you how do you get that out there? Mr. KOSKINEN. But for phone scams, I give you Mr. Camus. Mr. RANGEL. That is who I want. Mr. CAMUS. Yes, sir. We have had a couple of high level cases. The challenge that we have had is we find ourselves chasing a lot of the runners who are just converting the money into various forms. But last July we had a conviction of an individual who was responsible for over a million dollars in damage to his victims. He got sentenced to 14 years in Federal prison. So we have had cases on occasion. We are currently working with the Department of Justice on a cluster of cases that we hope, to answer your question, that when we get those prosecutions we will use those as a springboard to warn people on a grand scale that this is going on. If you get contacted out of the blue by somebody claiming to be from the IRS or the Treasury Department and you have not heard from them before, as the Commissioner said, you are probably getting scammed. Mr. RANGEL. I hate to say we are from the Congress and we are here to help you, but quite frankly, are these fly-by-night individuals? Is this an organized national scheme? These people seem to be pretty well organized. As a matter of fact, they are outsmarting the IRS and, therefore, the Congress and the Nation. But who are these people? How are they classified? What is going on? Mr. CAMUS. One of the biggest challenges, sir, is that initially the scam started out as being a centralized group of people. Then once the criminals started to realize through warning taxpayers not to fall for it, other criminals saw, boy, if I just pick up the telephone and call somebody and threaten them, I can collect money. Mr. RANGEL. So you do not really think this is organized? Mr. CAMUS. I think this is centered now, sir, to a point where there are all kinds of different folks making these types of phone calls because when you think about it, from a criminal point of view, they have very little invested in this crime. They are just picking up the phone and calling people, and if they get two or three victims a day, that is good money. Mr. RANGEL. I think we ought to take this up with the Justice Department. Getting back to the debt collectors, forgetting the outside criminals, do you really think the debt collectors are doing a better job than the IRS trained collectors in the past? Mr. KOSKINEN. I think what we are committed to doing is to run this program as well as we can and---- Mr. RANGEL. That was not my question. Mr. KOSKINEN. No, and see what the answer is. Mr. RANGEL. My question is that the Congress directed you use the private sector debt collectors. Mr. KOSKINEN. Right. Mr. RANGEL. And I am asking, based on your experience, do you find that to be more effective than when the IRS trained the collectors? Mr. KOSKINEN. Well, the last two times it has been tried by the IRS it did not turn out to be more effective. It turned out IRS employees were more effective. There were questions raised about how those programs are run and the costs of them. We now do have a statutory mandate. Mr. RANGEL. Who trains these private debt collectors? Because debt collectors can be very, very mean, rude. Do you train them now? Mr. KOSKINEN. We will, in fact, work with the companies to provide appropriate training as to they need to know something about their authority and they need to know something about debt collection. We will try to and select and monitor, with the Inspector General, the performance of these organizations to make sure that they are legitimate companies, but there is always that risk. But as I say, we are committed, and I think it is important for the Congress to understand to run this program as well as we can, as best as we can, we will have a fair test of how effective it is. I do not want anybody thinking that we are dragging our feet. Mr. RANGEL. Mr. Chairman, I want to thank you for this hearing. I think there is a wide range of areas that we can work with the IRS and be cooperative in a bipartisan way. This is one heck of a good beginning, and I did not like the Commissioner saying what they are trying to do. I think we ought to have other hearings to find out what can we help them to do it. We are not challenging their good intent, but there are a lot of things that have to be done, and it looks as though we are throwing up our hands saying we are doing the best we can. We are not blaming you, but we have to work more closely together. Thank you for having these hearings. Chairman ROSKAM. Thank you. Mr. Rice. Mr. RICE. Mr. Koskinen, I would like to start with you, sir. You know, I was a tax payer and CPA for 25 years, and I dealt with the IRS hundreds of times, and most of those times in my time I found them to be professional, and they are doing a difficult job in a difficult circumstance. But we have a voluntary compliance system. It does not work if the taxpayers do not work with us, and in order for the taxpayers to do that, they have to have a level of confidence in the IRS. They have to know that the IRS is competent and that they are honest, and that they are not going to target them for anything other than their tax liability, and that they are going to act in an ethical way. And in looking at what has happened in these last five years with scandal after scandal after scandal, from Lois Lerner targeting people who do not believe the way the Administration believes, purely for their political beliefs, and then the lies and the obfuscation and the cover-up in the investigation of that, and then redirecting taxpayer funds from taxpayer assistance to other things and allowing taxpayers to call in and not be responded to at a rate of two-thirds of the people calling in not being responded to, and then apparent, you know, disregard or incompetence in protecting taxpayer info, in taking basic measures to avoid sending out fraudulent refunds. It just looks to me like and nobody being held accountable in any of this, you know, nobody getting fired, nobody being held accountable in any way. It looks to me like the IRS has so undermined its credibility, and a lot of this happened before you got there, but it so undermined its own credibility in the last five years, it is almost beyond my comprehension. It is almost like if they had set out to do it intentionally, I do not know what else they could have done to further undermine their credibility than what they have done in the last five years. So I am just really worried. You know, this is not just something that is a one-time thing or it only happens every once in a great while. It is just every year it seems like there is another scandal, one after another after another, a cascade. And, my friend, there is an old saying. If you find yourself in a hole, the first thing you need to do is quit digging, right? So my question to you, I have got some questions here that the group here wants me to ask you, but my question to you first is: how do we stop this cascade of scandals? How do we start working on rebuilding the credibility of this institution that is so fundamental to this country? Because I do not see it happening right now. Is there some method, quality control? Is there some process that you're undertaking to foresee instead of us being totally reactionary to scandal after scandal after scandal and eroding the taxpayer confidence? Is there something you are doing to try to head this off and stop this endless cascade? Mr. KOSKINEN. One of the things we are doing that is important, and there are two basic things. One is to get people to understand our responses to the challenges and the work we are doing to fix them, and to the extent that I am a big believer in transparency, we have hearings. I think the hearings should point out the problems. There has been less focus on the solutions. We have taken every recommendation and implemented that have been made by the Inspector General in response to the (C)(4) issue of social welfare organizations not being handled promptly. We have taken every recommendation of the Senate Finance Committee, both its bipartisan recommendations, the majority report and the minority report. We have tried to make it clear that if anyone has any indication, our goal is to make sure people, as you say, are treated fairly no matter who they voted for, what party they belong to, where they go to church. I think that is fundamental. The second thing that we have done is we have set up a risk management program for the entire agency and are working to have every employee of the IRS from the front line on up view themselves as a risk manager so that they understand my view, and I mean it, as bad news is good news. The only problem we cannot solve is the problem we do not know about. As I said at my confirmation hearing two and a half years ago, it would be fun to say we will never make a mistake. There will never be a problem. We run the world's most complicated Tax Code. We deal with 150 million Americans. We have 85,000 employees. The better goal, it seems to me, is to say that if there is a problem, we will find it quickly, we will fix it quickly, and we will be transparent about it. And I think if the public understands not that there will never be a problem, but if there is a problem our goal is to find it quickly, to fix it quickly, and to be transparent about it, then we will be on the road toward restoring confidence in the agency. Mr. RICE. Friend, that is reactive and not proactive. Mr. KOSKINEN. No, if I get employees on the front line to raise their hand when they see a problem, that is proactive. That is not reactive. General Motors' ignition switch is my favorite example. A lot of people knew about the ignition switch problem. It is just nobody at the top knew. My goal is to make sure that any time any employee knows anything is going on, they will raise their hand and let us know. We are proactive in terms of implementing all of the recommendations that the IG made and the Senate Finance Committee and others have made about how to make sure we never have a management failure such as we had with the (C)(4). We also have a valuable partnership with the IG and GAO. We take their recommendations seriously and implement them, but I think it is important for people to understand the culture of this organization. We have wonderful employees, dedicated to the mission. The culture is that if there is a problem, we reward messengers, do not shoot them; that we really mean it, that we want to find out whenever we have a problem and a situation occurs, as quickly as we can we can fix it. I think if the public understood that inevitably there will be issues, but we have a system designed to find them as quickly as we can, where employees are empowered, feel responsible to let us know, they will then feel that problems will not get hidden. They are not going to go on forever; that we are, in fact, going to fix them as quickly as we can, and we will let you know about it. Chairman ROSKAM. The time has expired. Mr. RICE. People need to be held accountable. Chairman ROSKAM. Mr. Davis. Mr. DAVIS. Mr. KOSKINEN. Yes. Mr. DAVIS. Thank you very much, Mr. Chairman, and I, too, want to thank you for calling this hearing. And I want to thank our witnesses for being here with us today. Mr. Chairman, I am troubled a bit by the policy of using private tax collectors who could earn up to 25 percent of what they collect, and I know that we often have the discussion relative to what is most effective, public or private, but it seems to me that this policy sets up a perverse incentive for private industry to harass and confuse taxpayers while costing the Federal Government money. My office often receives calls from constituents who have received fraudulent calls purportedly from Treasury or the IRS, as well as I get calls from constituents who have been targeted by mean-spirited debt collectors who threaten and frighten them. A recent call involved a constituent whose daughter with learning issues had given her credit card number to the person who called from the Treasury. Of course, I continue to be concerned and am troubled by whether or not we are trying to get from an agency without having all of the resources that they really need. Commissioner, I guess I am trying to get at, you know, based on the discussion that we are having right now and that we have had this morning, it seems as though in some ways we are between the rock and a hard place, that, on one hand, we are trying to prevent fraudulent activity from occurring and, on the other hand, it seems as though we do not have what we need even in the way of investigatory personnel or people to really deal with the pervasiveness of the issue. And I guess the agency is trying to do what it can. Are there any other approaches that you can think of that might help us to deal more effectively with these problems? Mr. KOSKINEN. Well, clearly, resources are an important part of it. Ninety-five million of the money we got this year in additional funding have gone to cybersecurity to allow us to buy better monitoring systems, to begin to retire antiquated equipment that is at greater risk. The budget for 2017 requests additional funding for that. It also is a procedural issue. One of the reasons I called the CEOs, tax preparers, software developers, payroll providers and state commissioners together a year ago was because we needed to change the paradigm. As I told them, the goal was not to tell them what to do. The goal was to create a partnership because no one of us by ourselves can deal with the complexity and sophistication of the criminals we are facing. So by bringing the entire tax, what we call the ecosystem together, dealing with taxpayers at the front end when they use the software or deal with their preparers, dealing with the returns when they come through the states and the IRS, and then dealing with financial institutions when the refunds are deposited, we can, in fact, begin to have a more coordinated strategy to fight back against the criminals. And I think it is an important step forward as we go. We do not have a line of sight into the taxpayers directly. They deal with software companies. They deal with preparers, but the preparers and software companies can give us identification of what are the ideas from the computers which they are using to file the returns. Are they filing quickly or not so quickly? We have plenty of data elements that we now have we did not have before. So part of it is resources, making sure we are doing the best we can and we have been constrained for some time. Part of it is, as I say, changing the paradigm, trying to figure out, as I say, if we can, can we get beyond reactive and start to be able to anticipate where it is going to happen? We have been warning preparers for a year that as we get better at stopping false returns, the next place that the criminals are going to go is attacking preparers and hacking into their system because then they have all the information they need in that way, and we see some of that happening. But, again, the preparers have been very good. They are very sensitive about that, setting security standards across the industry that they are setting. We can require them, but we require them after they have said this is what they need. Mr. DAVIS. Thank you very much. Mr. Chairman, I think we might want to take a look at our policy perspective in terms of trying to get further insight into solving the problems. Mr. KOSKINEN. Thank you. Chairman ROSKAM. Mr. Holding. Mr. HOLDING. Thank you, Mr. Chairman. You know, in order to properly protect taxpayer data, we need to authenticate as we have discussed on the front end so that only valid users can access the systems, but the reality is we have to also minimize the damage that bad actors can do if they access the system. Both GAO and TIGTA have reported the IRS is not making sure that the only people who are accessing the information are the folks that have authorization to do so. So my first question to Ms. Lucas-Judy and to Mr. Camus is: identify for me succinctly what do you think are the most serious problems with the IRS' information security. So, Mr. Camus, if you could kick it off. Give it to me in a sentence. Mr. CAMUS. The insider threat in addition to some of the things we talked about with Get Transcript and IP PIN. We are concerned that the 55,000 IRS employees who have access to the most sensitive data of every taxpayer do not do horrible things with that data and commit identity theft themselves. Mr. HOLDING. Ms. Lucas-Judy. Ms. LUCAS-JUDY. The GAO has found that IRS could do more to authenticate the users and make sure that systems are protected. They could do more to ensure that the level of access that is provided is just what people need to do their jobs. And then also another place was installing security patches for software as soon as it is available. IRS' own guidelines call for a risk-based approach to installing patches to software, and what we found was that they were not adhering to their own guidelines there. Mr. HOLDING. Interesting. I want to quickly move over, Mr. Commissioner, to the law enforcement side of the IRS. As a former U.S. Attorney I firmly understand and appreciate the great value of the work done by the Criminal Investigative Division. You always want to have an IRS CID agent on your case. So it is curious to listen to the testimony this morning about the continuing prevalence in tax related crimes, such as identity theft and fraud, and you mentioned the additional funding provided to the IRS during fiscal year 2016. I believe you said $290 million. So how much of that was directed toward the CID, the Criminal Investigative Division? Mr. KOSKINEN. The bulk of the money went first at 178 million to taxpayer services; 95 million to cybersecurity and improving the systems. There was no additional funding. Some of the systems are used by CID and we have been supporting the systems, but there are no additional personnel that were added to CID. We are down about 5,000 revenue agents, officers, and criminal investigators over the last five years. Mr. HOLDING. So, I mean, it occurs to me you are talking about these crimes being committed. So who is going to investigate these crimes and put the cases together and bring them to the prosecutor, bring them to the U.S. Attorney's Office and ask them to prosecute? So I do not understand why you are not placing more of a premium on the criminal investigation. Mr. KOSKINEN. We are. Five or six years ago before the explosion of identity theft CID spent about three percent of their time on this. They are now up to 20 percent of their time. So they have, in fact, assigned a high priority to identity theft and refund fraud. Mr. HOLDING. Mr. Commissioner, interestingly, you know, I have taken a look at CID's business report from fiscal year 2015, and I see a notable decrease in the number of investigations initiated and a troubling trend overall with the number of Special Agents and professional staff since 2010. You cannot deter crime unless you are prosecuting crime. Mr. KOSKINEN. That is right, and we need more people, and the only way to get the people is to fund them, and over the last five years, six years, our budget is down a billion dollars. We are down 15,000 employees. We are going to shrink another two to 3,000 this year, and that is going to include shrinkage in CID agents, revenue agents and revenue officers. It is a point I have been making for two and a half years. Mr. HOLDING. Commissioner, when you are faced with a budget, I mean, you have to look at what you need to do with the money that you are given, and by shrinking the Criminal Investigative Division and really limiting the number of prosecutions, I mean, it is defeating in and of itself. You know prosecution and the penalties that come with successful prosecution are the ways to deter crime. Holding them up as an example, you know, we have heard over and over again that, you know, criminal organizations are getting more interested in committing tax fraud because they know they are not going to get prosecuted. My time has expired, Mr. Chairman. So I yield back. Mr. KOSKINEN. If I could, Mr. Chairman, just note our funding goes to enforcement, taxpayer service, and information technology. As the budget gets cut, everything has been cut. They are all a priority. Now, we would put more money into enforcement. We would put more money into taxpayer service. We would put more money into information technology if we had it. One of the things I hope we will do with the $290 million is demonstrate to the Congress if you give us the funding, we will demonstrate to you exactly the improvements you bought with that additional funding. The converse is true as well. If you do not give us the money, we will not be able to increase enforcement, improve taxpayer service or improve protection. Chairman ROSKAM. We have a first-time caller, a long-time listener. Mr. Pascrell. Mr. PASCRELL. Thank you, Mr. Chairman, Mr. Roskam, and Ranking Member Lewis for holding this hearing. Yesterday was tax day, a very important day in the calendar, and millions of Americans have been busy filing their taxes this season and trust that private information is secure. You have heard from the Commissioner about the drastic under-funding and undercutting. Those are facts or they are fables. I happen to believe they are facts. And I want to commend you for weathering storm that we have been experiencing over the last couple of years. I think the storm is from men and women of good faith, but I think their priorities are misdirected. Identity theft and tax fraud are a growing problem, growing problems being carried out by very, very sophisticated criminals who we usually assist. As technology changes and criminal syndicates hone in on American tax returns, we need to help, be able to keep up. Just this year a man was changed in Federal court in Newark, New Jersey for being sent nearly $343,000 in fraudulent tax refund checks, cashing them in New Jersey bank accounts. Too often the victims are not alerted and not able to get the help they need to correct the problem, and I think Mr. Holding is on target. If we do not prosecute, what good does it all mean? Organized crime last year, syndicates accessed past tax returns in more than 100,000 people to file fraudulent returns, and the IRS sent nearly 50 million in refunds before detecting the crime. Using Social Security numbers--and that is a whole other issue which we have struggled with since the Homeland Security Department was put together and the committee was put together--birth dates, street addresses, other personal information, hackers completed a multi-step authentication process and requested tax returns and other filings, then used that information to file fraudulent returns. I introduced a piece of legislation, H.R. 3981, the Identity Theft and Tax Fraud Prevention Act, that would take a number of steps to address the issue. It would create a single point of contact for identity theft victims. I think that is a big issue as I read the materials. Provide a taxpayer notification of suspected identity theft; create criminal penalties for tax fraud through identity theft; increase taxpayer repair penalties for improper use of personal information; and reduce the display in the use of Social Security numbers all over the place. Retailers demanded it because we demanded it in many of the Homeland Security pieces of legislation that we passed. I am proud to sponsor that legislation, this legislation, with Congressman Lewis, the Taxpayer Protection Act of 2016. It builds on these provisions and adds hopefully some meaningful reforms like the elimination of private debt collectors, and we will debate that, and increase funding for taxpayer services. Mr. Commissioner, I know that both the GAO and TIGTA found in a 2014 report on cybersecurity that identify theft victims are no longer provided with a single point of contact in the IRS. The IRS has indicated that budgetary constraints do not allow for a single employee. Could you please comment on that and how that if we did have enough it would benefit the taxpayers? Mr. KOSKINEN. What we have done, which we think is a significant step forward, is bring all of the identity theft assistance programs into one area. It used to be in our various divisions. Mr. PASCRELL. Right. Mr. KOSKINEN. So there is now a single point of contact. In other words, the taxpayer is not going to get referred to different divisions of the IRS with their problem, and we think that that has been effective this year. We think the time it takes to resolve a taxpayer account problem is down to our goal of 120 days and we would like to shrink it. It was at one point almost a year. The problem an individual point of contact is then when you call, they may be on vacation. They may be out of town. If you call any other call center, you never get them. The key is to have it centralized so that people know what the status of the case is so when the taxpayer calls back in, that single point of contact can continue the discussion rather than start all over again. And we think that that is important. Mr. PASCRELL. Good. Thank you, Mr. Chairman. Chairman ROSKAM. Chairman Johnson. Mr. JOHNSON. Thank you, Mr. Chairman. Commissioner, it is always good to see you. I have two issues I would like to talk to you about. First, as you know, last year's tax deal included the Johnson, Larson Wrongful Conviction Tax Relief Act. Now, back in January we wrote you about the importance of quick implementation, and as you know, our bill would allow those who previously paid taxes on their restitution to be able to file for a refund when they ordinarily could not do so because too many years have gone by, and as you know, they only have this year to file for such a refund. Mr. Commissioner, it is April already, and I want to know what you and the IRS are doing to get the word out about this important relief. Mr. KOSKINEN. We every year--because you are exactly right; the statute runs out--early in the filing season try to make, again, a full national release of the amount of money that is out there, the states in which it is available, trying to encourage people. Usually what has happened, they had a job; they got withholding; and then they forgot about it. They did not have to file. They forgot about the act that they should have filed to get the refund or the money back. Every year we do our best to remind taxpayers of that situation, and we issue a kind of national public campaign to get people aware of that. Mr. JOHNSON. Are you doing that right now? Mr. KOSKINEN. We have done that right now probably six weeks or so ago. We actually went state by state, and we had a lot of good coverage in Oregon and Massachusetts, Mississippi people saying, ``This is the amount of money that in this state taxpayers have if they would just file.'' Mr. JOHNSON. Okay. My second issue involves illegal immigrants and their use of Social Security numbers. I know this has been brought up before, but it is too important of an issue for me to stay silent. As you know, as Chairman of the Social Security Subcommittee, one of my longstanding priorities has been to protect Americans' identities, and as we have heard today, the IRS struggles to respond to identity theft. At last week's Senate Finance Committee hearing you were asked about troubling practice of illegal immigrants stealing Americans' Social Security numbers to get a job and then filing tax returns using their own names and their own individual tax identification numbers. What I find absolutely outrageous is your suggesting that when it comes to illegal immigrants, the IRS could not really be bothered when it comes to these folks stealing Americans' Social Security numbers, and I think that is wrong, and it ought to stop now. What is the status of the pilot program you began in 2014 that sends notices to suspected victims of identity theft? Mr. KOSKINEN. I do not have the update to that. I will get that for you, but again, as I said, the point is anyone with a job earning money is required to pay taxes whether they are undocumented for one reason or another or whether they simply cannot get a Social Security number. They apply to us and authenticate themselves and are given what is called an ITIN. Our role is to make sure that those tax payments are made and credited appropriately. Oftentimes to get a job, you need a Social Security number. They may have borrowed one. They may get one from a relative. You can buy them for ten or $15 on the Web. The problem is if people think we are in the immigration business of tracking through and finding out what is going on with those Social Security numbers, we are not going to get people paying the taxes they owed because of their nervousness. We are though looking at can we advise because the Social Security number just comes as an adjunct either on a W-2. Sometimes we do not even know what the Social Security number is. The return is filed without a W-2, but the taxes are paid. So we are doing, as you note, a review to see what would the implications be of notifying people that somebody has used their Social Security number for a job, not to file a return. The return does not come with a Social Security number as the identifier, but so that it is out there. We already, as noted earlier when we talked, even when on some of the accesses to our applications the criminals were not able to get through, if they tried and we track that, we notified all of those taxpayers that their Social Security number was in the hands of criminals, and while it was not successfully used to get any information from the IRS, we think it is important for taxpayers to know if criminals have access to their Social Security numbers. So we are trying with a pilot program to figure out exactly what can we do without discouraging people from paying their taxes to let people know whether their Social Security number is being used. Mr. JOHNSON. Well, the status of the pilot program you began in 2014, it sends notices to suspected victims of identity theft is important. And, Mr. Camus, I understand that the IG has a report coming out on the pilot program. What are your thoughts? And has the IRS made any progress in stopping the improper use of Social Security numbers? Mr. CAMUS. Sir, we will be issuing our report hopefully in June, and we will be able to address your issues and concerns in that report. Mr. JOHNSON. Okay. Mr. Commissioner, that the IRS can track when illegal activity has occurred but fails to notify the victims of these crimes is plain wrong. Mr. Commissioner, the IRS must do better. Americans rightly expect the IRS to stand up for them and protect their Social Security numbers. Thank you, Mr. Chairman. I yield back. Chairman ROSKAM. Mr. Marchant. Mr. MARCHANT. Thank you, Mr. Chairman. Like Representative Johnson, I felt like the hearing that took place earlier this week or last week was very alarming. I got a lot of input from my constituents about the responses that were made at that time. So I would like to just discuss that a little bit further and get your thoughts. Your responses basically said they are undocumented aliens. They are paying taxes. That is in everybody's interest to have them pay the taxes they owe. So is it your position that a person that is in the country illegally and is breaking the law because they are in the country illegally and undocumented, it is the law that they pay income tax on their earnings? Mr. KOSKINEN. Yes. And in fact, whenever there have been over the last 30 or 40 years, any amnesty programs or programs to allow people here in undocumented status to become green card holders or citizens, the first thing they have to establish is that they paid taxes on any earnings while they were in the United States. So the reason a number of people file with ITINs who are here legally but just cannot get a Social Security number, they are not American citizens. But the reason undocumented residents are filing and paying their taxes is just for that reason, that in fact some day they are going to have to establish that they paid them. And our job is, in fact, to collect those taxes. Mr. MARCHANT. Is it a crime or is it illegal for a person to obtain a job by giving another person's Social Security number? Mr. KOSKINEN. I am not sure what the legal implications are because we are not in the immigration business, but I am sure it is not allowed. I do not know what the nature of---- Mr. MARCHANT. If my son gave his cousin's Social Security number on his tax return, if somebody in the United States is here legally and they give a false Social Security number or another person's Social Security number, are they creating some kind of fraud with the IRS? Mr. KOSKINEN. Again, I would stress the Social Security number is not used to file with the IRS. So in your case your son would be giving the Social Security number to someone to allow him to get a job and they would be using that Social Security number with their employer. With us, they would be filing with an ITIN. So the Social Security number is not used to file with us. The Social Security number, whether it is bought, borrowed or stolen, is used to get a job. Mr. MARCHANT. To get to a logical conclusion of this, but a Social Security number triggers the deduction of Social Security tax. It triggers all kinds of deductions, and it triggers all kinds of forms that get sent to the Social Security Administration and then gets filed when they file their tax return, right? Mr. KOSKINEN. No. Actually what they are filing with us is simply whatever information they have of their revenues and expenses or taxes. The Social Security Administration and the Immigration---- Mr. MARCHANT. But it will ultimately either be a W-2 or a 1099, correct? Mr. KOSKINEN. Yes, but as noted, we have been collecting and paying out taxes without those W-2s being identified. Our problem is to make sure that the people who owe the taxes are paying them. Mr. MARCHANT. So many of these people obtaining the earned income tax credit and the child tax credit have not even presented a 1099 or a W-2 on their tax return? Mr. KOSKINEN. You are only eligible for the earned income tax credit if you actually file with a Social Security number and have a legitimate Social Security number. ITIN holders are not eligible. Mr. MARCHANT. Okay. So but if you file with the Social Security number that you used to get the job, that the employer uses to issue you a W-2, is the Social Security number on the W-2 the one that the employee gave them that is not correct or is it the ITIN number that you obtain from the IRS? Mr. KOSKINEN. The W-2 will not have the ITIN number. The W- 2 will have a Social Security number that the employer accepted when the employee got the job. Mr. MARCHANT. But it is an inaccurate document. The IRS, I assume, is using a W-2 that is an inaccurate document. Mr. KOSKINEN. Well, it is an inaccurate document if it has a Social Security number not there. The numbers on the document will be accurate. It will reflect accurately the income and withholding. Mr. MARCHANT. So the IRS just disregards the inaccuracy, the parts of the document that are inaccurate, but they will take the income part. Mr. KOSKINEN. Again, the Immigration Service works with employers to make sure that people are legitimately getting jobs. Social Security enforces whether the payments are being made appropriately. Our job is are people paying taxes on the earnings they have. If the W-2 comes in and says I earned $14,000 and here is my tax payment, that is what our job is. If we start going into the immigration business, we are going to have a lot of people decide, ``Well, I cannot file with the IRS because that is going to trigger a set of government inquiries''. Mr. MARCHANT. Well, I would not say that you are necessarily in the immigration business if you were just saying to the taxpayer, ``You are giving me inaccurate information on your tax return,'' and that in itself should raise some red flag as when it begins to be paying credits out, whether they be earned income tax credits---- Mr. KOSKINEN. The information they are giving us is accurate. That is the Social Security number they have been using, the revenues and the withholding and that are accurate numbers, and again, the statute provides we are supposed to be collecting that tax, not going behind it and figuring out whether they legitimately had that job. If they had the job and got paid, if they are paying their taxes, they have an obligation to pay them. If they are filing, the W-2 has accurate information about revenue and expenses. That is what we are supposed to be doing. Now, as I said, whether the use of that Social Security number, again it is taxpayer information whether we can provide that and in what forms we can notify taxpayers, somebody has gotten a job with their Social Security number. Chairman ROSKAM. Mr. Smith. Mr. SMITH. Thank you, Mr. Chairman. Commissioner earlier we were discussing the funds going towards taxpayer services for wait times and various items. The IRS has discretion over roughly $500 million in funds that they collect from fees that they can appropriate any way that they want. Could you tell me why you all have decided from 2014 to 2015 to cut almost $130 million that was used in 2014 for taxpayer assistance? Mr. KOSKINEN. Because for that year, as you will recall, we had a budget cut of $350 million, and inflationary and payroll costs of $250 million. So we had $600 million that we had to make up, and the way we made that up was allocating those user fees. Some portion of them, about 50 million, went to taxpayer service. A big chunk of them went to information technology, and ID theft. In other words, again, we end up having to do enforcement, taxpayer service, and information technology. As our budget gets cut, everything has to get cut to some extent. There are priorities. Last year, as I testified before this Committee, if we had put the 100 million there, we would not have had the money to spend both in implementing. We have got a whole set of unfunded statutory mandates. Private debt collection is an unfunded mandate. The health coverage tax care program is an unfunded mandate. The ABLE Act is an unfunded mandate. Going after people who owe more than $50,000 and having their passports taken away is an unfunded mandate. The Point of Contacts Compliance Act is an unfunded mandate. Mr. SMITH. Okay. Let me ask you a question. In regards to taxpayer assistance, did Congress leave your funding level for taxpayer assistance to help taxpayers? Mr. KOSKINEN. Yes. What the---- Mr. SMITH. We did leave it at level funding? Mr. KOSKINEN. You left it, and we did not change that level of funding. What the Congress has not done---- Mr. SMITH. You changed the level---- Mr. KOSKINEN. What Congress has not done for the past four or five years is fully fund the cost of taxpayer service. Mr. SMITH. Okay. What I am talking about is taxpayer assistance. So when Congress in the line item budget, we appropriated level funding for taxpayer assistance; is that correct? Mr. KOSKINEN. Yes, and we spent that money. Mr. SMITH. Okay. That was my question. The other question is the fund that you all have complete discretion of, which is the user fees, you have complete discretion of user fees, correct? Mr. KOSKINEN. Yes. We file a spending plan with the appropriators. Mr. SMITH. Okay. That was my question. You answered that. My other question is that in 2014 you appropriated $183 million for taxpayer assistance; is that correct? Mr. KOSKINEN. In 2014, yes. Mr. SMITH. Yes. In 2015, you appropriated 49 million for taxpayer assistance; is that correct? Mr. KOSKINEN. That is correct. Mr. SMITH. So it was your decision to cut taxpayer assistance by $130 million; is that correct? Mr. KOSKINEN. Yes. Mr. SMITH. Thank you. Mr. Chairman, that is all I have. Mr. KOSKINEN. If I could just expand, we also cut tax enforcement. Chairman ROSKAM. The time has expired. Mr. KOSKINEN. We also cut information technology. Chairman ROSKAM. Mr. Koskinen, you will have an opportunity. Mr. Renacci. Mr. RENACCI. Thank you, Mr. Chairman. And I do want to thank you for the opportunity to testify and also being part of the hearing from this side of the dais, and I do hope to work with my colleagues on the committee to really mark up the remaining provisions of the Stolen Identity Refund Fraud Prevention Act of 2015, which does address some of these issues. Mr. Commissioner, you said something pretty interesting. You said, ``We run the world's most complicated Tax Code,'' you as the IRS. That is kind of interesting because I think the real answer is we have to simplify the Tax Code, and that probably would be the best way of reducing the overhead that you have, if we could get to that part. And I do want to applaud you for creating the Security Summit Initiative. I think that is an important part of moving forward. But I want to ask you about the IP PIN program, and I know Mr. Camus talked about this. I understand the current IP program is available to all taxpayers previously identified by the IRS as victim's identity theft. Actually I have one of those ID numbers right now as well, and participants from the pilot program, which are people living in Florida, Georgia, Washington, D.C., which are areas of high risk of ID theft. Do you think expanding the program to the taxpayers who request one regardless of states would further crack down on the tax related ID theft, and does the security breach connected to the IP PIN retrieval tool give you pause in doing so? Mr. KOSKINEN. No, the breach was for people who were trying to retrieve their PIN. Last year we mailed 2.7 million IP PINs out to the taxpayers, but they lose them. They forget about them, and then they need to get one. So we had about 135,000 on it. About five percent of people try to access it online. So continuing to mail them out to the address of record we think is a secure method of providing them. The problem we have is when they forget them because they cannot file without them. How do we get them access to those? What we are going to do is we will bring that back up with the multi-factor authentication, but taxpayers also will be able to go online and have the IP PIN mailed to them. It will just take them five to seven days longer to get it. But in terms of the PIN itself, one of the reasons is in some ways you kind of move it here and it moves there. One of the reasons that criminals were trying to access the IP PIN was they discovered that the IP PINs were stopping them when they had stolen or bought Social Security numbers from filing successfully. So their next move was, okay, if I need an IP PIN, I will go get the IP PIN. There is no taxpayer identification involved in that access. It is just a way of being able to file. They already had the necessary fraudulent information to file. So our goal is to continue providing IP PINs to victims of identity theft and those in the pilot program areas, but we will continue to provide them by mail. For next year the re- authentication will be by mail unless you can work your way through the multi-factor authentication. Mr. RENACCI. So do you think expanding it to other states would be helpful? Mr. KOSKINEN. Yes, we have explored that as to what if we just got rid of Social Security numbers as an identifier and gave everybody an IP PIN. There is a substantial cost in that and a burden to taxpayers to try to then keep track of those PINs. We think that ultimately we are better off if we can improve authentication and deal with authorities like the Congress has given us. Get W-2s earlier to be able to match and make sure that we have the right people because IP PINs themselves can get lost, stolen or used, and so they are not by themselves, you know, totally a magical percentage, but we are expanding them, as I say. We sent out 2.7 million this year and continue to expand them. The pilot program was attest to see how many people would like to have them. A relatively small percentage of people have opted in that direction, but that means that we may be able to offer it to more people because we will not get overwhelmed by it, and it will give some people who want that additional security a better feeling. Mr. RENACCI. Thank you. Ms. Lucas-Judy, can you talk a bit about the process of what happens to W-2s once they get to the government, specifically timing between being received by the Social Security Administration and where they are transmitted to the IRS? Because I understand there is a delay there. And then do you know the difference in timing between when the IRS receives an electronically filed W-2s from the Social Security Administration as compared to paper filed W-2s with the Social Security at the same time? Mr. KOSKINEN. You are given an additional--I am sorry. Ms. LUCAS-JUDY. So there is a delay and there has been a delay historically in IRS receiving the W-2 information and being able to use that to match wage data against what is on the tax return before providing a refund, and so that is why we advocated for the deadline to be earlier, and we also had recommended that IRS assess the cost and benefits and figure out how it was going to implement pre-refund matching once it did start receiving the W-2s earlier. So, you know, we are happy that IRS has implemented that recommendation, and will be able to hopefully take the information that it is getting in the next filing season with earlier W-2s and be able to use that as part of its---- Mr. RENACCI. How significant a delay is the paper W-2? That is the big question. Ms. LUCAS-JUDY. The paper W-2s come in several weeks later. It can take weeks longer to process those, to receive those and process those as opposed to the electronic filing. Mr. RENACCI. Is that a month, three weeks, six weeks? Ms. LUCAS-JUDY. I would have to get back to you on the exact amount. Mr. RENACCI. Thank you. I yield back. Chairman ROSKAM. Mr. Kelly. Mr. KELLY. Thank you, Chairman. I thank you all for being here. Mr. Rangel said something that really made a lot of sense to me, and really everybody that is here today either up here in the dais, we all work for the same people, hard-working American taxpayers, and I think sometimes the exchanges go back and forth like we are actually at odds with each other, and I do not think we are. But I will say this, and Mr. Koskinen, you are right. A 78,000 page Tax Code is the problem. It is so complicated, and it creates an awful lot of problems for people. I have also gone through this process like Mr. Lewis where I got phone calls from people saying, ``This is the IRS. You have got a problem.'' I came home one time after being in session. My wife said, ``Please, something is wrong with the IRS.'' I said, ``Why do you say this?'' She said, ``Because they called us.'' I said, ``That is not the IRS.'' She said, ``How do you know?'' I said, ``They never call. You would have gotten a letter.'' But think about this. The culture of fear that comes with the IRS as an agency, I am not saying that is your intention. I am saying that is what people feel. Why do they respond to these people who call them? Because they are scared to death that they have done something wrong and they are scared to death that the outcomes are going to be poor for them, that somehow they are going to be put through some type of a process that they just do not want to go through. So we talk to each other about these things all the time, but we never fix them. The problem is the code. When President Clinton first ran for office he said very simply it is the economy, stupid. Right now it is the Tax Code, stupid. How long are we going to go on? And every one of you are doing the same thing for the same purposes. We have to have an IRS. We have to have a way to collect revenue, but by the same token, are we going to be at this level of fear that every day hard-working American taxpayers fear a letter or a call from the IRS? There is nothing that strikes fear in the hearts of the American people more than the IRS getting involved with them. I am not saying it is your fault. I am saying it is a result of where we are. I look at these things, and, Commissioner, an $11 billion a year budget, that is not a little bit. Eighty-two thousand people. I come from the private sector, and unfortunately in government the answer to every single problem is to throw more money at it. In the private sector is to get it fixed or you will not be in business anymore, and I think this is where we have this real disconnect. We think that in the government the answer is always to grow it bigger. It has got to expand the number of dollars. For me in the private sector it is how would I prioritize those dollars to fit the needs that I need, not just putting them where I want to from time to time, but on a priority from the most needed to the least needed to the best service I could provide to make sure my customer base stays intact. And so when I look at all of you, I mean, you are all doing the same thing. And, Mr. Camus, thank you. You have given up a quarter of a century to serve this country. That is phenomenal. Ms. Lucas- Judy, thank you for what you are doing, but you are all working for the same process and that is to help hard-working American taxpayers. Commissioner, I know you are working within a very difficult situation, but the reality of all this is we can have hearing after hearing after hearing. If we do not fix our Tax Code, all this is going to lead to is hearing after hearing after hearing and more suggestions of what we could do to fix it. So do you all have any suggestion other than--I know what you are dealing with right now is a disease, but what is the cure? So, Ms. Lucas-Judy, the one thing that could happen today in Congress that would make it easier for the American taxpayers, not easier for their representatives, but for the American taxpayers? Ms. LUCAS-JUDY. Well, we have recommended that Congress give Treasury the authority to lower the threshold for e-filing of information returns from the current 250 down to five to ten because that would provide information electronically earlier for IRS to do its W-2 matching. We have also recommended that it require Treasury and IRS to work together on a comprehensive customer service strategy to figure out what kind of services that IRS wants to be able to provide, what is it going to cost, you know, what is the right balance between online and---- Mr. KELLY. I just want to interrupt for a minute because what you are responding to is under the current code with 78,000 pages. That still is the underlying problem, is it not? This thing is so big and so unmanageable that the average person cannot do it on herself or himself. They just cannot. They are scared to death they are going to make a mistake. So that is what I keep going back to. Mr. Camus, outside of major tax reform, how could we ever get this system into something that is actually manageable and understandable by the hard-working American taxpayer? That is who we are leaving out of the equation. Mr. CAMUS. Mr. Kelly, you are absolutely right, you know, and we all serve America and we are very proud. The 400 men and women and the 836 men and women in my agency are proud to come to work every day to make America better and serve America. That is why we take these issues so seriously. In our view one of the things that can help would be as we make recommendations to the IRS, that sometimes there could be support or some oversight into making sure that they are implemented. Sometimes that does mean resources or their decisions that are being made. That is maybe a discussion we could have, to make sure that the recommendations that we make when we view something at the IRS and have discussions with the Commissioner and his staff, that we could actually bring those to life. The GAO recommendations are a good point. We talk about recommendations over and over again, but how do we bring those to life and make sure they actually happen for the American taxpayer? Mr. KOSKINEN. Well, I totally agree with you that tax simplification is core to the issue. It would make our lives simpler. It would make taxpayers' lives simpler. The code really is a mess. So as I have made it clear, while the policy of tax simplification and Tax Code is the domain of Congress and the White House, anything we can do to be supportive of simplifying the Administration of the Tax Code, which is our responsibility, we are happy to do. I would note, just to make you feel hopefully a little better, the OECD just published statistics that noted that it cost us 50 percent of what the average cost of collection is around the world. Germany, France, England, Australia, Canada spend twice as much to collect a dollar of revenue as the IRS does. So we need to be efficient. They are our taxpayer dollars we are spending, and I agree that every problem does not have a monetary solution to it, hence the Security Summit, but on the other hand, there is a point at which as you have more and more work to do, as I have said, and you and I have talked, nobody I know in the private sector says, ``I think I will take my revenue arm, my accounts receivable arm,'' whatever you think it is, ``and starve it for funds and just see how it does.'' In other words, most of those businesses say, ``Wherever I produce the revenue, I want to protect that while I am becoming efficient and trying to run the organization.'' Mr. KELLY. It is the only way to survive. You are right. Thank you. And I yield back. Chairman ROSKAM. I want to thank our panel and the members for actively participating. Let me just ask a couple of other questions, but make one point. Just to step back from this whole process for a second, I have got to share with you an interaction that I had last week with a group of visiting parliamentarians from emerging democracies. This is part of an effort of the House Democracy Partnership. It is a relationship the House has with emerging democracies around the world. And we had a panel and a discussion, and to go back and forth with parliamentarians of other countries that are emerging and really struggling with the voices of authoritarianism within their own countries, and you talk about this process, and if they were to be witnesses here today, this would be a marvel to them, an absolute marvel, that you have got an oversight process. We have got these two co-equal branches of government that are tussling it out and sort of arguing and so forth and presenting different perspectives. But in the great scheme of things, we have got a lot to be thankful for. I know we have got very serious challenges that we have got to deal with, but you compare what we are dealing with with what is going on around the world, and we have got a lot to be thankful for. And the disposition and the talent of the members as well as our witnesses today are all part of the solution. So end of sermon, but I think it is an important point to make. Commissioner, you mentioned the multi-factor authentication process. Let me take you back to a hearing that you did not attend, but we had as a subcommittee. It was last year, I think, and we had invited in the person who is in charge of fighting fraud at Medicare, and we asked a very simple question: what is the fraud and erroneous payments rate? And he said the number is 12.7 percent, and all of our jaws just dropped. We had on a similar panel that same day the person who is in charge of fighting fraud at Visa and asked him the same question. What is your fraud rate? And he said it was .06 percent. So there is this high contrast between what the public sector was doing and what the private sector is doing. On this multi-factor authentication, this is not new ground. It is out there in the private sector. What is your expectation of when this would be implemented at the IRS? Is this a matter of months in your view? Is this a matter of years in your view? Can you just give us a sense of scope and scale? Mr. KOSKINEN. I said some time ago we would have it in the spring, and if you define that broadly, we are running internal tests on it right now. We are having security experts---- Chairman ROSKAM. Okay. I mean, that is reasonable. Mr. KOSKINEN. Sometime in the next couple of months it will be up. Chairman ROSKAM. Mr. Camus, do you have an expectation that that is realistic, that what the Commissioner is talking about to have that multi-factor authentication in place in that time frame based on your experience. Do you think that is realistic? Mr. CAMUS. I think it is a significant challenge, but I know they are dedicated to doing that, and our agents have consulted with them on things that we have seen in our investigation of the breaches. So we are sharing that information with them, but it is a significant undertaking and a very complex one. Chairman ROSKAM. Okay. Ms. Lucas-Judy, what is your opinion on whether the Commissioner's time line is realistic? Ms. LUCAS-JUDY. I agree that it would be complicated. It would probably take a while, and there is a lot for them to consider. We do think it is important that they take a measured approach and consider very carefully the costs, the benefits, the risks of any of the authentication tools before they go forward and implement them. Chairman ROSKAM. Okay. Let me just shift gears and, Ms. Lucas-Judy, stick with you for a second. The Commissioner mentioned in response to Mr. Rice's inquiry about recommendations from GAO as it relates to the management failure surrounding the targeting issue, and if I understood the Commissioner, he said that they have been implemented, those recommendations. Is that your understanding? Have those recommendations been fully implemented or are there things that yet have to be implemented? What is your understanding? Ms. LUCAS-JUDY. I would have to get back with you to be sure. I am pretty certain that the recommendations are still open. Mr. KOSKINEN. I think the recommendations were from the Inspector General that I testified. Chairman ROSKAM. Okay. Mr. KOSKINEN. As well as the Senate Finance Committee. Chairman ROSKAM. Okay. Then I stand corrected. Mr. Camus, is that your understanding, that TIGTA's recommendations have been fully implemented on the targeting mismanagement? Mr. CAMUS. I believe we did a recent audit report that was favorable in that regard, but I can get that audit report reference for you. Chairman ROSKAM. Okay. Just so that we are clear and thank you for making that clarification. Ms. Lucas-Judy, could you give us a sense? So we have heard this testimony today about the nature of the changing fraud schemes. It was fairly pedestrian in the past. The fraudsters are moving at the same rate of technology, becoming more and more sophisticated. In the past it was basically get a name and get a Social Security number and manipulate something. Do you have a sense of how we should be thinking about fraudsters now that have access to all of the information? So a fraudster based on the data breaches and all of these other areas are not guessing John Lewis, date of birth, you know, what his favorite drink is, Coca-Cola by the way. He is working the hometown product. But they are coming in the front door with all of the information. Do you have an opinion or recommendation in terms of what we should be thinking about and that changing nature of the way the technology is driving the crime? Do you follow my question? Ms. LUCAS-JUDY. I think so. Chairman ROSKAM. You had a very quizzical look on your face. Go ahead. Ms. LUCAS-JUDY. We are currently looking at the characteristics of identity theft refund fraud to, you know, try to determine if there are any patterns in terms of, you know, where it is coming from, location, other characteristics, and we are going to be reporting out on that later this year. But in general, I mean, we have said before that it needs to be a multipronged, multilayered approach to fighting identity theft refund fraud, you know, trying to get at the situation up front, during the processing, and then afterwards following up with leads from partners, and again, you know, analyzing that information, developing metrics to determine how effective the leads program is and sharing information that is actionable with the folks that are providing the leads information so that they can help strengthen their own security posture. Chairman ROSKAM. Mr. Camus, on the idea of a refund deposit being made to an account, electronically made, it is my understanding that the IRS has changed its policy, and they have limited the amount of deposits that will be made into a single account. Can you give us a sense of that, you know, what your understanding is of that? Because I think implicit is the recognition that it would have been ridiculous over a period of time to have hundreds of refunds going to a single account, and the IRS has changed that policy. Now, my understanding is that they will put three refunds into a single account, but is there still an issue as to where a paper check could go, that it could go to more than one address? Do you follow me on the nature of this question? And can you give us some insight for this? Because it is really troubling, and I think like we are in the midst of it, but we are not quite done dealing with it. Can you give us a sense of that? Mr. CAMUS. Yes, you hit the nail on the head. It is a very complex issue because taxpayers, if you have seen one taxpayer, you have seen one taxpayer. Each taxpayer can have their own set of circumstances. So the IRS did, in fact, take a look at that issue based on some recommendations, and they agreed that any more than three deposits to a single bank account is questionable even if it is maybe a family member that has the bank account on behalf of all the people. So limiting those bank accounts, limiting those deposits to a single bank account to three people, their filters have caught about 885,000 questionable returns using that screen. We also think thought that mailing then subsequent paper checks could cause a problem because who is to say that the criminals have not gone in and changed the address of record? That is one of the concerns that we have when we talk to the Commissioner's staff about all the ways that criminals from all over the world look at this $3.3 trillion that is collected or the 400 billion that gets issued in refunds. That is a very ripe area for criminal enterprise, and they are constantly looking at it and testing it. So we think the limiting the refunds to three is good. We are looking at that, and we will be writing an audit report on the effects of that. Chairman ROSKAM. Okay. Commissioner, thank you for your time today, and I have just got sort of just a closing question and just a general inquiry. So some of the concerns that were either articulated or implied today are no surprise to you. You have heard some of these things in the past. One of the areas that I think is really worthy of exploration is this. The allocation of resources as it relates to technology has from my point of view underperformed, and your head of IT came up, and we had a briefing. I think it was last year. Do not hold my feet to the fire, but you remember when you came up and you brought your team. And one of the things that he said to me startled me, and we were criticizing, you know, as is sort of our pattern, and he said, ``Well,''--and this is as it relates to the IG spending--and he said, ``We do not look at it as a failure. We look at it as we have learned what does not work.'' Now, that is great if you are Thomas Edison and this is Menlo Park, but that is not what we are dealing with, and I am not trying to be cavalier or flippant. My view is, look, some of this technology has been explored and robust in the private sector, and it has been allocated, and the example I used a couple of minutes ago about the use of Visa's technology as it relates to Medicare, it is deployed. It is successful. So what is the level of complication that has made it so difficult for the Internal Revenue Service to transition and to be successful on these themes? And this is in the context of an agency that has been successful in moving through and implementing the Affordable Care Act. And one of the reasons we are not talking about the Affordable Care Act today is because the IRS has been successful largely in implementing a terribly complicated new law and did it pretty well. So why should the IRS not be held to account? If you can do it with the Affordable Care Act and be successful, what is to say it cannot be done on cybersecurity and these identity theft questions? That is how it looks to me. Am I misperceiving this? What new information? Because I am not believing that it is just money. I just am not buying it, and if that is sort of what it distills down to, then okay. We are shirts and skins, and I guess that is just the way it is. I do not think that is it. I think that there is something else going on, and I am interested just in your perspective. What else do you think is going on? Mr. KOSKINEN. I think the biggest difference is with the Affordable Care Act or when we get tax extenders, it is a fixed target. You know exactly what it is you are going to do. It is complicated. We run an antiquated system, as you know, that we are trying to upgrade. When you are dealing with identity theft and refund fraud, as you have noted and this hearing has discussed, you are dealing with a moving target that as you push down here and stop it there, it moves and evolves. That is to say we are now dealing with and part of the reason for the Security Summit is the ways of getting refund fraud information is not just stealing it in the public domain, and it is not trying to access IRS systems. It is, in fact, accessing all private sector systems so that the reason the states are so enthusiastic is they are fighting the same battle, and it changes every year. So we are moving. It is as if you change the rule of the football game every year, and last year's rules have now been changed, and we have got to play with a different game and a different set of rules, and it will continue to be a moving target. But I do think that it is important for us to continue to fight that battle. As I say, my goal is for us to get to a point where instead of just reacting and stopping in their latest incarnation, we can begin to anticipate where are they going next? If we have stopped them here, what is the next likely place they will go? One of the things we are getting with leads from private sector and the states is what are they seeing that is different. What are the patterns that are going on out there that did not happen last year? Last year, you know, there were actually suddenly refund fraud attacks on states, not the Federal Government but on state systems. This year we are seeing other things. That is why our data elements that we are involved with. We have over 200 filters now that have evolved over time. Those 200 filters five years ago would have stopped everything. They do not stop everything today because, in fact, we are fixing the plane while it flies, but we do not know the direction it is going every year. Chairman ROSKAM. So just in closing, I think that there is an opportunity here, and you heard it from both sides of the aisle. There is a level of concern and a level of anxiety. From my point of view, the IRS has demonstrated a capacity to deal with some very significant, challenging things. I will stipulate that the implementation of the Affordable Care Act as you have described it is a fixed target and date certain and so forth. I think we have a season right now where there is a lot of interest on both sides in trying to drive towards some of these solutions, and I think that we should seize on that opportunity. But I want to thank each of you for your time today and for the members who have chosen to participate. The meeting is adjourned. [Whereupon, at 12:05 p.m., the subcommittee was adjourned.] [Questions for the record follow:] [GRAPHICS NOT AVAILABLE IN TIFF FORMAT] [all]