Corporation, Securities & Business Law Forum
May 2002 Vol. 47, No. 3
Statements or expressions of opinion or comments appearing herein are those of the editors or contributors, and not necessarily those of the association or section.
Contents
* IRS rewards whistle blowers to snitch on tax cheats--Ex-employers beware!
* Recent concern regarding cyber-fraud and its impact on businesses
* Illinois Secretary of State announces new services in its Chicago office
This edition of the newsletter has several interesting articles, including one that describes some of the problems that employers can have as a result of whistle blowing by former employees. The article discusses the financial incentives provided by agencies such as the IRS, which can be significant. This edition also contains an article that should be of interest to all business lawyers, one that discusses the impact of cyber-fraud on business clients. Finally, we present an article that describes some of the issues involved where CPAs act as investment advisers.
We look forward to your comments and suggestions. We also welcome your submissions to the newsletter.
David E. Doyle
10 S. La Salle Street
Suite 3500
Chicago, Illinois 60603
312/606-0529
IRS rewards whistle blowers to snitch on tax cheats--
Ex-employers beware!
By A. Jay Goldstein and Shannon M. Gomery, FagelHaber LLC
Whoever said that revenge does not pay is unaware that the Internal Revenue Service (IRS) encourages tax informants. As nationwide unemployment soars to a record high in over twenty years, the pool of potential tax snitches is growing. Illinois has not had unemployment rates this high since 1994.1 Anyone who provides information that leads to the detection and punishment of any violation of the tax laws may be eligible for a reward (federal workers are exempt from participating if the information they receive is in pursuit of their duties). Whistle blower leads are important to the IRS. Annually, the IRS collects an estimated $70 to $100 million and pays out from $1.5 million to $5 million to tipsters. While most have heard horror stories and fear a typical IRS audit, IRS criminal investigations are more invasive and even worse.
One case in point is of the investigation of a not-so-innocent restaurant owner, which paralyzed his business and ultimately led to its closure. For months, the owner endured the rigors of treasury agents examining every aspect of his financial life, resulting in the IRS recovering many thousands of dollars in taxes, fines, penalties and interest. One can describe the ordeal as similar to an autopsy without the benefit of death. The restaurant owner avoided a vacation to Club Fed only by hiring an attorney to negotiate a settlement with the IRS. When all was said and done, the restaurant owner ultimately spent more money on legal fees than the underlying tax that was originally due (and eventually repaid). A substantial reward was paid out to the informant for information leading to the IRS' successful investigation and prosecution.
The IRS Rewards Program grew out of a reaction to the Tax Reform Acts of 1998 and 1999, which sharply cut IRS spending and required the IRS to devote more time and resources to customer service. While the IRS does not publicly encourage tax informers, its representatives admit that many investigations could not be successfully conducted or even initiated without the use of paid informants. Motives for informers are not always founded on a sense of moral righteousness, but often based upon revenge. Many informants are former employees of a business that had been under- reporting its income. A disgruntled former employee or partner is frequently the case. But it doesn't end there. A neighbor who finds your dog barking throughout the night and disturbing her sleep pattern can just as easily turn informer. The emotional charge surrounding dissolution of marriage is another prime nurturing ground for informants.
How does one claim an award? Section 7623 of the Internal Revenue Code and its respective regulations detail the procedures to claim a reward. Form 211 is available online2 or can be mailed to you directly by contacting an IRS center in your area. To file a claim for reward, you must complete Form 211, Application for Reward for Original Information. Your true name must be used on the form with an original signature. Upon completion, Form 211 can be mailed to the Informants Claim Examiner at the IRS center in your area. Addresses are listed on the back of Form 211. Additional information is available by calling the IRS Informant Communication hotline at 800-829-0433.
If a recovery is made as a direct result of information you provided, you may qualify for a reward of up to 15 percent of the amount recovered including taxes, fines and penalties, but not the interest, up to a maximum reward of $2 million.
If your information was valuable, although not specific enough in determining liability, you may be rewarded this as much as 10 percent of the amount recovered, similarly with a $2 million cap. If you wish to claim the reward, you must use your own name, which should remain confidential under Federal disclosure laws. If an informant is willing to forego any cash reward, they may elect to utilize an assumed name. Useful information about persons who do not comply with the tax laws includes, but is not limited to, the following:
1. Tax years of violations;
2. Aliases;
3. Addresses;
4. Social security number and/or employer identification number;
5. Financial data (bank accounts, assets) and its location;
6. Documentation to substantiate allegation (for example, books and records) and its location; and
7. Date of birth.
It is also important to note that the whistle blower must pay tax on rewards received, or you may find yourself unintentionally sharing a cell with the same person you turned in.
No matter what you tell the IRS and no matter how much money they collect, all rewards are discretionary and not mandatory. The IRS is never obligated to pay a reward unless you negotiate a signed contract in advance of providing the information. A "confidential informant" in a recent case found that the IRS will exercise its discretion for non-payment when possible. The informer had a great case. He turned in a tax cheat, and the IRS assessed $72 million in tax and penalties, and seized more than $5 million in cash and property. The IRS denied the informant's $1,500 reward request and the annoyed informant took the IRS to court. The court reaffirmed the IRS' decision, stating, "You can't make the IRS give you a reward," and the informant did not get a dime.
There are several reasons the IRS has given as to why a reward might not be paid. Some reasons include that the information was of no value, the information was already known, or the information was available in public records. Rewards are only paid after the actual tax is recovered and frequently this can take as long as five years or more. During this investigative period, the informant is not kept posted as to the progress of the IRS investigation, but can inquire to determine if a claim for such reward is still under active IRS consideration.
While the idea of turning in neighbors, colleagues, business associates, or ex-spouses is distasteful to most, it is important to remember that it is the honest taxpayer who ultimately winds up paying for tax fraud.
_______________
1. U.S. Department of Labor, Bureau of Labor Statistics.
2. Form 211 is available at: http://www.usataxrelief.com/_ tax_site_irs_rewards.html
Recent concern regarding cyber-fraud and its impact
on businesses
By Ethel Spyratos, Chicago
Information technology and cyber-fraud
Information technology pervades many aspects of our daily lives. We use it to ship goods, pay bills, buy consumer goods, communicate and receive water and electricity at our homes. Information technology has also changed the way we transact business, and the way the government and national defense operates. To complete each of these transactions, the United States depends upon a complex, interdependent network of critical infrastructure information systems that are essential to our national and economic security. These information systems are, in the government, telecommunications, banking and finance, transportation, energy, manufacturing, water, health and emergency service networks.1
Before September 11, Internet security was not a pressing issue. The attacks convinced many security-conscious businesses, as well as some governmental agencies, to lock down their networks. Locking down a network prevents the possibility of cyber-terrorism since access to confidential data will be denied. Cyber-terrorism could include unauthorized access of a corporate network system to tamper with confidential employee information and/or customer records, modify an employee's direct deposit bank account and divert funds elsewhere, or simply gain complete control of the system remotely for malicious purposes.
Protecting infrastructure information systems against the potential of cyber-terrorism includes having partnerships between the private sector and the government. Such a partnership arises since most of the assets of the infrastructures involved are owned by businesses; and the government can regulate and has an interest to overlook such protection.
Government's response to cyber-fraud
On October 9, 2001, President Clinton announced that Richard Clarke would be the his special advisor for cyber security. Clarke is developing a special network called GovNet. According to Clarke, "the goal of GovNet is to perform its functions with no risk of penetration or disruption from users on other networks, such as the Internet. GovNet will be a private voice and data network based on the Internet Protocol but with no connectivity to the Internet or other public or private networks." The goal of GovNet is to build a "corporate intranet" on an air-gapping network, to be used by interested federal agencies in addition to their existing Internet connectivity.
Clarke's great challenge is that more than 90 percent of the country's critical infrastructure systems are owned and managed by private companies. He cannot force them to boost their security. Instead, he must convince them that secured corporate networks are essential.
Clarke decided to work with the private sector by having the U.S. General Services Administration (GSA) release a Request for Information (RFI) to the information technology and telecommunication industries, seeking information and suggestions for the development of GovNet. The RFI requested that industry propose other ways for the federal government to better secure certain critical classes of internal government communication from external attacks that are common on internet-connected systems.
Impact of cyber-fraud on businesses
Industry experts from around the country responded to the RFI comprehensively, constructively and creatively according to Richard Clarke. The likelihood is that some new methodologies and technologies developed from the GovNet project will be transferable to the private sector. Users and analysts predict that businesses will not likely create their own closed networks like the GovNet project.2 Rather, businesses will probably continue to apply rigorous encryption and other security techniques to communications over the Internet and other public networks, since the government recently amended encryption regulations.
On January 14, 2000, the U.S. Government published new encryption export regulations in the Federal Register that implement the policy announcement on encryption made by the White House in September 1999 (Announcement). The Announcement updated the Cyberspace Electronic Act of 1999 (CESA).3 This legislation is designed to protect the growing use of encryption for the legitimate protection of privacy and confidentiality by businesses and individuals, while helping law enforcement obtain evidence to investigate and prosecute criminals despite their use of encryption to hide criminal activity. The amended provisions of CESA provide new authority for search warrants for encryption keys without contemporaneous notice to the subject. It also regulates the domestic development, use or sale of encryption. Nevertheless, Americans will remain free to use any encryption system domestically.
The financial services and health care industries, prompted by new federal laws governing the privacy and security of personal data, are already moving to secure data transmitted over public networks through the use of stronger encryption technology.4 The financial sector has been looking at technologies such as XML, which is a new transmission protocol, as a vehicle to transmit data more easily.
XML (or Extensible Markup Language) is designed to improve the functionality of the World Wide Web by providing more flexible and adaptable information identification. It is called extensible because it is not in a fixed format like HTML (a single, predefined markup language). Instead, XML is actually a "metalanguage," which is a language for describing other languages. XML can do this because it is written in SGML, the international standard metalanguage for text markup systems. XML is not a programming language, so XML files do not 'run' or 'execute.' XML is a markup specification language and XML files are data; the files remain stationary until the user runs a program, which displays the files (like a browser) or carries out a task with them.
The government has also attempted to address cyber security issues by creating centers urging companies from nearly every sector of the economy to share information about security threats and vulnerabilities among themselves and with law enforcement. But these centers have not been effective. One reason may be that such data swapping could be interpreted as a violation of U.S. antitrust laws. Another reason for their ineffectiveness may be that businesses fear that details of computer insecurities may become public, thus exposing their "soft spots."
Some have suggested changing existing laws to allay these concerns. Calls for changes to antitrust statutes and the Freedom of Information Act have faltered in the face of opposition from committee chair Patrick Leahy, of Vermont. He and others maintain that changes to such laws could let companies "sweep problems under the rug."
Richard Clarke has proposed an alternative to information sharing. The insurance industry and the Internal Auditors Association can provide incentives to companies to improve their information technologies security.
Suggestions for businesses to monitor and guard corporate networks
To secure information technology, security experts say that firewalls are mandatory for cable-modem and digital-subscriber line (DSL) broadband users. Systems having cable-modem and DSL are "always on Internet connection," as opposed to other systems where the user has to dial up to access the Internet. The dial up systems can be turned off. Thus, unlike the "always on Internet connection" systems, information technology or other confidential information may be inaccessible when the system is turned off. Cyber-security experts also agree that secure routers are recommended for networks with more hackable routers such as border gateway protocol routers (BGP).5 Software kits exist that enable those with strong technical ability to hack into certain routers.
A firewall is a set of related programs, located at a network gateway server that protects the resources of a private network from users of other networks. An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to. Basically, a firewall works closely with a router program. It examines each network packet to determine whether to forward it toward its destination. A firewall also includes or works with a proxy server that makes network requests on behalf of workstation users. A firewall is often installed in a specially designated computer separate from the rest of the network so that all incoming requests do not automatically have direct access to private network resources.
Secure routers are important since such routers will not only pass along data, they will also verify that the device talking to them is another router and not a malicious hacker using a compromised computer connected to a cable modem. If the device talking to them is not another router, the system will lock-down instead. An example of a secure router is S-BGP, a secure version of Border Gateway Protocol.
Mandatory firewalls and secure routers are basic methods to monitor and guard corporate networks. A vast number of other intrusion detection and/or vulnerability scanner programs exist, some in combination with firewalls and/or secure router systems. Security-conscious businesses should consult with information technology security experts to determine which programs are right for their networks as a measure to avoid a breach of confidential information.
_______________
1. Dempsey, James X., "Critical Infrastructure Protection: Threats to Privacy and Other Civil Liberties and Concerns with Government Mandates on Industry." DePaul Business Law Journal, Vol. 12, p. 97 (1999/2000)
2. Yasin, Rutrell, "Government Takes Security Lead" Today's News, Oct. 23, 2001.
3. Federal Register: Jan. 14, 2000 (Vol. 65, No. 10), see also The White House Fact Sheet, Sept. 16, 1999.
4. Mike Hager, VP of Network Security and Disaster Recovery, Oppenheimer Funds, Oct. 2001.
5. Salkever, Alex, "Toward More Cybersecurity in 2002" Business Week, Jan. 2, 2002.
By Earl B. Johnston, CPA and David F. Wilding, Chicago
There is a growing trend in the CPA community. Increasingly, CPAs are expanding their accounting practices to provide investment advisory services to their clients. Because CPAs possess a high degree of financial-related education, the investing public benefits from this trend. However, the regulations to which CPAs are subject impose barriers to the types of financial services that can be provided and the manner with which CPAs may be compensated for these services.
Multiple-regulation
Regulators search for the correct balance between under-regulation (as to teachers and the media) and redundant regulation (as among CPAs, investment advisers, banking, and insurance companies.) Following and responding to this trend, in 1999, President Clinton signed into law the Gramm-Leach-Bliley Act. This law repealed the 66-year-old Glass-Steagall Act, which prohibited banks, securities firms, and insurance companies from affiliating. As a result, financial institutions were allowed to affiliate within a new financial holding company structure. The SEC faces a similar dilemma with regard to CPAs who, with greater frequency, are encroaching on the financial services community, especially broker/dealers and investments advisors. Over the past two decades, broker/dealers have recognized this opportunity by capitalizing on the inherent characteristics of CPAs that make them excellent targets for a strategic alliance. In particular, CPAs:
* have an established rapport of trust and competence with their clients;
* have particular knowledge about their tax and accounting clients' financial assets;
* are governed by ethical standards; and
* have a high level of competent training--including advanced formal educational requirements, passing a rigorous multi-part, multi-day exam, and meeting minimum experience requirements to be licensed by their state accountancy boards.
In the past, through strategic alliances with broker/dealers and investment advisors, CPAs have been, for the most part, content to act as solicitors for broker/dealers and investment advisors and to receive only referral fees. However, with greater frequency CPAs are less willing to enter into a strategic alliance where the CPA will only receive a small percentage of the fees as opposed to the full investment advisor fees and brokerage commissions