The Canada Revenue Agency (CRA) sent more than 700,000 records to the U.S. Internal Revenue Service (IRS) in 2017 as part of a tax-information sharing deal between the two countries, said a CRA official during a roundtable discussion at the annual national conference of the Canadian arm of the Society of Trust and Estate Practitioners (STEP Canada) in Toronto on Friday. The figure is current as of April 2019.

In 2014, the Canadian government signed an intergovernmental agreement (IGA) with the U.S. to exchange tax information on each other’s tax residents on an annual basis.

Under the IGA, which took effect in 2015, Canadian banks and other financial institutions report information on their American accountholders who have an aggregate balance of US$50,000 or more, excluding balances in some tax-sheltered accounts, to the CRA, which shares the data with the U.S. government.

In effect, the IGA implements the U.S. Foreign Account Tax Compliance Act (FATCA), a law passed in the U.S. in 2010 that compels global banks to report on their U.S. clients to the U.S. government. FATCA was designed to prevent offshore tax evasion by U.S. taxpayers.

So far, the U.S. government has not requested any further information in respect of the data sent by the CRA, said panellist Marina Panaourgias, an industry sector specialist in the trust section of the income tax ruling directorate of the CRA.

Terry Ritchie, director of cross border wealth services at Cardinal Point Capital Management in Toronto, suggests he isn’t surprised that the IRS has made no further inquiries about the exchanged data.

“Now that they have that information, what is the IRS likely to do with it? Probably nothing,” Ritchie says. “They have more problems in their own backyard that they should be more attentive to than to be chasing non-compliant U.S.-resident taxpayers in Canada.”

In recent years, global governments have made it an increasing priority to clamp down on offshore tax evasion.

For example, in 2017, Canadian financial institutions began identifying accounts belonging to individuals who are tax residents of foreign countries and reporting that information to the CRA under the Common Reporting Standard (CRS) regime, which was developed by the Organization for Economic Co-operation and Development. Canada began exchanging that information with foreign countries under the CRS the following year.

This article was originally published on June 7 2019 by The Advisor’s Edge (
This article was originally published on June 7 2019 by The Lawyer’s Daily (, part of LexisNexis Canada Inc.

Identity theft was an issue long before the Social Insurance Number (SIN) existed, but it keeps evolving. It is common today because high-tech hackers work around  the  clock  to find new ways to access our personally identifiable information. This makes taxpayer data some of the most sought-after information for cybercriminals.

So what are the Internal Revenue Service (IRS) and the Canada  Revenue Agency (CRA) doing to protect our sensitive information from being used to file a fraudulent tax return? A comparison between the  two agencies shows a big gap when it comes to planning and strategizing ways to protect taxpayers from tax-related identity theft.

With a population as large as that of the United States, there are hundreds of millions of opportunities to steal a person’s identity. In   fact, this has been a major concern of the IRS for some time. In 2015,   in response to the surge in identity theft that came along with taxpayers’ increased use of online technologies, the IRS formed the Security Summit.

The IRS Security Summit is a public-private partnership made up of representatives from the IRS, state tax agencies, the larger tax community (i.e., tax-preparation firms, software developers, payroll and tax financial product processors, and tax professional organizations) and financial institutions. They work together to protect U.S. taxpayers from identity theft refund fraud. In 2017, the summit also established the Identity Theft Tax Refund Fraud Information Sharing and Analysis Center (IDTTRF-ISAC) to facilitate information exchange, provide a real-time forum for discussion and promote the use of data analysis, all with a view to detecting and preventing tax- related fraud.

This ambitious initiative has proven to be very successful. IRS statistics for 2015 to 2018 show that during this time frame:

  • taxpayer reporting of identity theft fell by 71 per cent;
  • confirmed identity theft returns intercepted by the IRS declined by 54 per cent;
  • US$24 billion in fraudulent refunds were protected by the IRS stopping confirmed identity theft returns;
  • an additional US$1.4 billion in fraudulent refunds was recovered by financial industry partners.

In contrast to the formal programs and awareness campaigns of the IRS, the CRA  seems to be in    the dark. Its so-called “strategy” to prevent tax-related identity theft puts the onus on Canadian taxpayers to be vigilant around such things as telephone scams and phishing expeditions. And its “awareness campaign” appears to be limited to four posters reminding  taxpayers  that  we  can protect ourselves; tax agencies and tax preparers are  encouraged  to  put  these  posters  on  their office walls! There is no Canadian equivalent to the Security Summit and nothing like IDTTRF- ISAC. The Office of the Canadian Privacy Commissioner (OPC) is working to address data breaches that lead to identity theft by provisioning a mandatory requirement that organizations give proper notice to affected individuals and to the OPC when a data breach occurs. And that’s pretty well it.

But it seems the IRS has always outpaced the CRA in matters of data security. In 2014, some 900 SINs were stolen from the CRA due to the Heartbleed Internet bug, which was a serious  vulnerability in an encryption software intended to secure web communications. The IRS was not impacted at all. Meanwhile, the CRA had shut down online services to prevent incidents such as    the theft of SINs from happening. Yet the theft still occurred, while IRS online services continued unscathed for the duration of the notorious cyberthreat.

It’s high time that the CRA get in step with its American cousin.

According to an IRS press release issued on April 8, IRS commissioner Charles Rettig was happy to celebrate the wins of the summit, but was also quick to caution about sophisticated criminals. “Identity thieves are often members of sophisticated criminal syndicates, based here and abroad,” he said. “They have the resources, the technology and the skills to carry on this fight. The IRS and the Summit partners must continue to work together to protect taxpayers as cyberthieves continue to evolve and adjust their tactics.”

Tax lawyers and tax accountants should be aware that part of this ongoing cybercriminal evolution involves targeting tax professionals and their clients’ personal data. This remains a major issue for the IRS, as the agency has no control over third-party data security. If you are a tax professional and believe you have experienced a theft of your U.S. taxpayer client data, contact the IRS stakeholder liaison for assistance.

And what if you are a tax professional in Canada with concerns about data breaches on this side   of the border? Well, I know I’m suddenly longing for the days when data security came in the  form of a paper shredder.


This article was originally published on May 31 2019 by The Lawyer’s Daily (, part of LexisNexis Canada Inc.

The Internal Revenue Service (IRS) in the U.S. is bringing its IT systems into the 21st century, which is good news for American taxpayers and Canadians who must file U.S. returns. It is also good news for tax lawyers and tax accountants.

The IRS Integrated Modernization Business Plan is a 45-page, six-year plan laid out in detail with initiatives categorized under four pillars:

  • Taxpayer Experience
  • Core Taxpayer Services & Enforcement
  • Modernized IRS Operations
  • Cybersecurity & Data Protection

The first pillar focuses on modernizing the taxpayer experience. The goal is to make interacting with the IRS and with personal tax information as easy as online banking. Some of the perks highlighted in the report include simplified online interfaces, better access to information and self-service options, and improved customer service through callback technology, online notices and live online customer support, all while protecting taxpayer information and data.

The second pillar, Core Taxpayer Services & Enforcement, involves programs and initiatives that aim to retire outdated systems and consolidate  disparate  systems  and  data  into  updated solutions. For example, 60 different case management systems will be decommissioned and replaced with a single, consolidated, enterprise-wide platform. The IRS says the new system will  be an “end-to-end view of taxpayer cases and interactions.”

Phase two also introduces real-time tax processing, which is described as “near real-time data processing” that will allow taxpayers to easily adjust their return online after they file. As Canadian taxpayers, we are painfully aware that the CRA’s online system is currently not close to “near real-time” and plans to make improvements are high-level at this time.

The third pillar, Modernized IRS Operations, aims to simplify infrastructure and implement new technologies such as data analytics and automation in order to create efficiencies. The IRS modernization plan anticipates that the initial investment in emerging high-tech solutions  will result in significant long-term savings for the agency through improved processes and optimized systems.

The last pillar, Cybersecurity & Data Protection, has three main initiatives: 1) Identity & Access Management, 2) Security Operations & Management, and 3) Vulnerability & Threat Management. With this one the IRS will try to better protect taxpayer data from the persistent risk of cyber threats. Incredibly, the report says the agency faces 1.4 billion attacks every year.

Why did the IRS need this integrated modernization business plan? The agency recognized that it has been experiencing its own financial struggles for decades with trillions of dollars lost to tax evasion and a tax gap of over US$450 billion (which  represents  the  difference between  taxes owed and taxes paid on time). Intensifying these shortfalls is the fact that 45 per cent to 55 percent of the IRS workforce is on the verge of retiring.

On April 10, IRS commissioner Charles Rettig announced to the Senate Committee on Finance that the agency requires US$2.3 billion to US$2.7 billion over a six-year period to implement an IT modernization plan that would include revamping its IT systems. Why? U.S. Senate Finance Committee chair Charles Grassley called the agency’s IT systems and infrastructure “woefully outdated,” and expressed concern that past efforts and investments to update its technology may not have been money well spent.

In 2018, the IRS processed almost 141 million tax returns and any agency with a volume like that needs the latest IT technology. The IRS has already been under the strain of updating disparate systems for the 2017 Tax Reform Act, not to mention the five-week government shutdown earlier this year.

Modernization is key for several reasons: to 1) improve the agency’s ability to recoup monies owed; 2) prevent further losses due to tax evasion and fraud; 3) create much-needed efficiencies and 4) ensure ongoing compliance with tax laws for taxpayers.

Since almost 90 per cent of U.S. taxpayers file their returns online these days, nobody at the IRS wants more outages on deadline day, which they refer to as Tax Day.

On April 17, 2018, the IRS announced that its systems were experiencing technical difficulties   (i.e., they crashed) due to transmissions from software providers to the agency’s tax-processing systems. Those systems were more than 60 years old. And guess what? The IRS system crashed again this year on the last Tax Day. A similar outage occurred in March on the CRA website when online services were down for a day.

I wouldn’t say that exciting times are ahead for taxpayers and their representatives, but these real and sustainable improvements to services, operations and security for the IRS are most welcome. From the perspective of a tax practitioner, the planned consolidation of various data sources for greater risk management, tax compliance, tax enforcement and information sharing have me (almost) looking forward to next year’s tax season. Or maybe the tax season six years from now.