Two bureaus of the Department of the Treasury are engaged in data mining activities: the Internal Revenue Service (IRS) and the Financial Crimes and Enforcement Network (FinCEN). The IRS conducts data mining activities by using two internal software programs and one Commercial-off-the-Shelf product: 1) Reveal, 2) Web Currency and Banking Retrieval System, and 3) the Electronic Fraud Detection System Clementine, respectively. The IRS data mining programs focus on the identification of financial crimes including tax fraud, money laundering, terrorism, and offshore abusive trust schemes. IRS maintains the pursuit of these pattern-based searches to identify potential criminal activity. FinCEN’s data mining activities focus on money laundering activities and other financial crimes.
INTERNAL REVENUE SERVICE (IRS)
The Internal Revenue Service–Criminal Investigation (IRS-CI) organization uses three software programs that can perform sophisticated search and analytical tasks: Reveal, Web Currency & Banking Retrieval System (Web-CBRS) and Electronic Fraud Detection System (EFDS). These programs can be used to perform data mining activities by searching databases of internal and external information. IRS-CI uses these software applications to search for specific characteristics that have been identified as potential indicators of criminal activity.
Reveal is a data query and visualization tool that provides CI analysts and agents with the capability to query and analyze large and potentially disparate sets of data through a single access point, enhancing the user’s ability to develop a unified overall picture of suspicious or criminal activity. Information is presented to the user visually, exposing associations between entities in the data that might otherwise remain undiscovered. Visualization diagrams are built by the VisuaLinks tool and are based on the data queried. The analyst is not required to manually construct the link analysis charts. The system is used in IRS-CI Lead Development Centers (LDC), Fraud Detection Centers (FDC), and field offices to identify and develop leads in the areas of counterterrorism, money laundering, offshore abusive trust schemes, and other financial crime.
Web-CBRS is a web-based application that accesses a database containing Bank Secrecy Act (BSA) forms and information. IRS-CI access the database for research in tax cases, tracking money-laundering activities, investigative leads, intelligence for the tracking of currency flows, corroborating information, and probative evidence.
EFDS is an automated system designed to maximize fraud detection at the time that tax returns are filed to reduce the issuing of questionable refunds. All data items compiled by the EFDS are used to cross-reference and verify information that relates to potentially fraudulent tax returns. EFDS is leveraged by Wage & Investment (W&I) and uses a Commercial-off-the-Shelf (COTS) software product known as Clementine to determine data mining scores. This program runs during the nightly load process and assigns a score of probability factor to each refund return. These scores range from 0-1; the higher the score, the greater the potential for fraud on that return.
With Reveal and Web-CBRS, IRS-CI does not have any specific artificial intelligence capabilities to search for indicators of terrorist or criminal activity. Special agents and investigative analysts have developed “canned queries” based on their experiences. These queries can be as simple as searching for individuals that have had five or more suspicious activity reports filed on them by financial institutions in a six month period using the Reveal database. The fraudulent behavior is determined from previous successful investigations of money laundering, counterterrorism, and BSA violations.
Accepted Electronic Filing System (ELF) returns are received via ELF 1001 and loaded into EFDS daily. Returns meeting refund and data mining score tolerances are placed into the EFDS Prescan queue which allows our W&I and Scheme Development Center (SDC) employees to view these returns for suspicious activities. With the implementation of data mining for paper returns, EFDS generates a Returns Charge-out (RCO) that is sent to Files at the paper processing sites to pull the actual paper tax return which is also viewed for suspicious activities.
Each FDC inventory is determined by state code/zip code assignments. If a tax return meets the data mining tolerance and the refund amount tolerance, it is assigned a value and placed into inventory of the FDC assigned to that specific state.
Data sources that are being or will be used:
a. IRS: Third Party Data Store (TPDS); Business Master File (BMF); Individual Master File (IMF); Information Returns Master File (IRMF) and Questionable Refund Program (QRP).
b. Taxpayer: The source is the electronically/paper filed return.
c. Employee: Source of employee information is the Online 5081.
d. Other Federal agencies: Federal Bureau of Prisons; Bank Secrecy Act data.
e. State and local agencies: All states and the District of Columbia prisons deliver prisoner listing information annually to CI in electronic format.
f. Other third party sources: Commercial public business telephone directory listings/databases are purchased by CI to contact employers for employment and wage information, e.g., Accurint.
The data uncovered during the query searches is only a lead and requires additional investigative steps be taken to verify the quality of the information. There is no empirical data on the efficacy of these searches. Statistics provided throughout the filing season outlines the fraud trends and increases in fraud detection, which may be used in the development of future data mining activity.
IRS-CI is tasked to protect IRS revenue streams by detecting current fraudulent activity and preventing future recurrences. Results of data uncovered using these systems may be reflected in indictments and criminal prosecutions, the same as other information uncovered during the investigative process. Once fraud is determined, laws and administrative procedures, policies and controls, govern the ensuing actions. Except for a few periods in our history, tax information generally has not been available to the public – its disclosure has been restricted. Before 1977, tax information was considered a “public record.” Tax information was only open to inspection under Treasury regulations approved by the President or under Presidential Order. Under this approach, the rules regarding disclosure were essentially left to the Executive Branch.
By the mid-1970’s, there was increased Congressional and public concern about the widespread use of tax information by government agencies for purposes unrelated to tax administration. This concern culminated with a complete revision of Section 6103 in the Tax Reform Act of 1976. Congress eliminated Executive discretion regarding what information could be disclosed to which Federal and state agencies and established a new statutory approach that treated tax information as confidential and not subject to disclosure except to the extent explicitly provided by the Code. In each area of allowable disclosure, Congress attempted to balance the specific agency or office’s need for the information with the citizen’s right to privacy, as well as the impact of the disclosure upon the continuation of compliance with the voluntary tax assessment system. Further, Congress undertook direct responsibility for determining the types and manner of permissible disclosures.
Although there have been many amendments to the law since that time, the basic statutory approach established in 1976 remains in place today. Congress recognized that the IRS had more information about citizens than any other Federal agency and that other agencies routinely sought access to that information. Congress also recognized that citizens reasonably expected that the tax information they were required to provide to the IRS would be private. If the IRS abused that reasonable expectation of privacy, the loss of public confidence could seriously impair the tax system. There are four basic parts to this statutory approach:
Financial Crimes and Enforcement Network (FinCEN)
The Financial Crimes Enforcement Network (FinCEN) of the U.S. Department of the Treasury is statutorily obligated to analyze information to “determine emerging trends and methods in money laundering and other financial crimes.” 31 U.S.C. § 310(b)(2)(C)(v). These trend analyses typically involve querying the database FinCEN maintains that contains information reported largely by financial institutions under the Bank Secrecy Act (BSA), 31 U.S.C. 5311, et seq. This information (BSA information or BSA reports) is collected where it has a “high degree of usefulness in criminal, tax, or regulatory investigations or proceedings, or in the conduct of intelligence or counterintelligence activities, including analysis, to protect against international terrorism,” 31 U.S.C. 5311.
FinCEN conducts analyses to determine emerging trends and methods in money laundering in three ways: (1) by examining reports filed on specific violations (e.g., terrorism financing) or filed on specific industries or geographic areas and conducting analyses on these subsets to determine whether they contain any identifiable trends, patterns or methods; (2) by conducting statistical analyses of currency flows over time to determine whether the data contains anomalous trends, patterns or methods; and (3) identifying trends, patterns or specific activities indicative of money laundering or financial crimes through the review and evaluation of reports as part of ongoing review processes.
FinCEN also engages in efforts that result in the identification of subjects for investigation either as a result of trend, statistical or strategic analyses or via other past, current or future tactical proactive efforts using link analysis driven software systems and includes the search for unknown subjects by establishing a search criteria based on previously established suspicious or illicit patterns. Other proactive methods include identifying subjects connected through the same addresses or telephone numbers and searching for subjects with the largest number of BSA reports filed on their financial activities.
FinCEN utilizes several systems to accomplish its mission.
There is a link analysis-driven FinCEN system that allows users to query several data sets based on user-defined text patterns or data parameters. The following data sets are available for query within that system: (1) all BSA reports authorized by statute or regulation maintained in report-specific files and (2) FinCEN’s case management system. This system also enables users to define alert notices based on user-defined data parameters.
The basis for determining whether particular patterns or anomalies are indicative of terrorist or criminal activity varies. Because many BSA reports do not reveal the potential underlying criminal activity leading to the reported financial activity, FinCEN attempts to infer illicit cause for suspicious trends, patterns or methods by querying law enforcement databases on subjects or by identifying other financial or commercial records that may reinforce indications of anomalous or illicit activities.
The underlying data for FinCEN’s manual and automated proactive search methods and trend analysis activities are the reports provided under the BSA administered by FinCEN, e.g., a report by a financial institution of a suspicious transaction relevant to a possible violation of law or regulation (31 U.S.C. 5318(g)). Commercially available databases are used to support or further identify information that aid in the identification of the illicit cause for suspicious trends, patterns, or methods. FinCEN’s trend analysis utilizes any records available to FinCEN, including subpoenaed financial records, public source information, commercial database information, Census bureau data, Federal Reserve data, etc., and is used to support or amplify conclusions or hypotheses derived from the analysis of BSA data.
FinCEN has occasionally experienced difficulty in assessing the efficacy of its proactive activities due to a lack of feedback from law enforcement, not only in reference to numbers of investigations opened, but also to the quality of the potential targets identified, e.g., whether the identified activity was in fact related to illicit activities. FinCEN has, however, produced recent products in support of law enforcement and regulatory efforts to combat terrorism financing, mortgage loan fraud, identity theft, and Southwest Border narcotics and bulk cash smuggling that received positive feedback.
Since FinCEN redirected its analytical efforts toward specialized analysis of BSA records in Fiscal Year (FY) 2005, FinCEN has produced proactive products for its law enforcement clients that are both strategic and tactical in nature.
From FY 2005 to 2010, proactive tactical products were produced in two categories: (1) referrals based on review and evaluation of Suspicious Activity Reports (SARs) and, (2) investigative lead information that complemented or arose from strategic assessments of geographic areas, industries or issues. In both categories, FinCEN received feedback indicating positive follow-up to the tactical referrals.
From FY 2005 to 2010, FinCEN produced strategic-level proactive (self-initiated) threat assessments of geographic areas, violation types, industries and terrorism financing issues. FinCEN received feedback demonstrating that these types of products are useful to law enforcement and the public. For example:
(Link: https://www.treasury.gov/about/organizational-structure/offices/Documents/FY%202010%20Treasury%20Department%20Data%20Mining%20Rpt.pdf)