EMINUTES places cookies on your device to give you the best user experience. By using our website, you agree to the placement of these cookies. Please read our updated Privacy and Cookie Policy.

15 • 2022

Keep the IRS Updated on Your Business Entity’s “Responsible Party” to Fight Identity Theft Tax Refund Fraud

We have written before about the dangers of business identity theft.[1] Various federal regulators, including the Federal Trade Commission and the Internal Revenue Service (IRS), have warned about the harmful consequences of business identity theft.[2] The IRS, for example, has made substantial efforts to combat one particular type of identity theft scam known as “Identity Theft Tax Refund Fraud” (IDTTRF).

To that end, the Electronic Tax Administration Advisory Committee (ETAAC) aims its efforts at preventing Identity Theft Tax Refund Fraud in support of electronic filing of tax and information returns. ETAAC members are selected by the IRS and work closely with the IRS Security Summit, a joint effort of the IRS, state tax administrators, and the nation’s tax industry to fight Identity Theft Tax Refund Fraud.[3]

ETAAC outlined the problem of Identity Theft Tax Refund Fraud in its 2019 Report to Congress:

IDTTRF threatens the integrity of our voluntary compliance tax system at both the federal and state levels. The wholesale theft of huge volumes of personal information has provided criminals and other bad actors with detailed and accurate taxpayer information. Our sophisticated adversaries can use this information to create and file returns that look almost identical to those of the legitimate taxpayer.[4]

The mechanism for the fraud is relatively simple: the wrongdoer steals a business entity’s Federal Employer Identification Number (EIN), then obtains a tax refund by filing a fraudulent return electronically, early in the tax filing season so that the IRS receives the false return before the real taxpayer has time to file its legitimate return.[5] The criminals can have the refund delivered to an address where they can steal it out of the mail (possibly by changing the entity’s business address), or they can arrange to have the refunds electronically transferred to debit cards.[6]

When the IRS identifies a business-related return that is potentially fraudulent (perhaps because the IRS received two returns from the same entity), the IRS attempts to contact the entity through the “responsible party” identified in its Form SS-4[7] to seek additional information before processing the return.[8] If the IRS cannot contact the business entity because the responsible party information on its Form SS-4 is inaccurate or outdated, then the IRS will suspend the processing of the suspect return until it can be verified, which may result in, among other things, refund delays and penalties for the business taxpayer.[9]

To try to deal with that problem, the IRS in 2014 adopted a regulation requiring an entity with a Federal Employer Identification Number to report a change in its responsible party within 60 days by filing Form 8822-B with the IRS.[10] Although there is no penalty for failing to file the form,[11] business taxpayers would be well advised to do so and keep the IRS updated on who the entity’s responsible party is, in case the IRS has any questions about a suspect return. Of course, it is less likely that the entity will have to report a change in its responsible party if the proper person is identified on the Form SS-4 to begin with—that is, the entity’s president or other person who controls the entity[12]—which is our practice here at eMinutes.

[1]See eMinutes Blog, “Why Identity Thieves Want You To Let Your Corporation Die On The Vine” (Oct. 22, 2018).

[2]See, e.g., IRS, Tax Practitioner Guide to Business Identity Theft.

[3]See IRS, IRS Selects 10 New Members for Electronic Tax Administration Advisory Committee, IR-2020-208 (Sept. 11, 2020).

[4]ETAAC 2019 Annual Report to Congress, IRS Publication 3415 (Rev. 6-2019), at iv.

[5]See U.S. Dep’t of Justice, Stolen Identity Refund Fraud. The Department of Justice provides links to dozens of cases involving tax refund fraud.


[7]IRS Form SS-4 is an application used to request a Federal Employer Identification Number, the unique number that the IRS uses to identify a business. See IRS, What Is an IRS Form SS-4? The information that must be included on the Form SS-4 includes the “responsible party” for the business. See Form SS-4, lines 7a, 7b. A business entity’s “responsible party” is defined as “the person who ultimately owns or controls the entity or who exercises ultimate effective control over the entity. The person identified as the responsible party should have a level of control over, or entitlement to, the funds or assets in the entity that, as a practical matter, enables the person, directly or indirectly, to control, manage, or direct the entity and the disposition of its funds and assets.” Instructions for Form SS-4 (revised Dec. 2019), at 3. For a business entity, the responsible party must be a natural person. Id.

[8]See IRS, Identity Theft Information for Businesses.

[9]See ETAAC 2020 Annual Report to Congress, IRS Publication 3415 (Rev. 6-2020), at 39-40.

[10]See Form 8822-B (revised Dec. 2019), at 2; 26 C.F.R. § 301.6109-1(d)(2)(ii).

[11]See ETAAC 2020 Annual Report to Congress, supra note 6, at 40.

[12]See note 5 (quoting the definition of “responsible party” from the Instructions for Form SS-4).