Reuters reports that three former JPMorgan Chase and Co. bank employees pleaded guilty to using the identities of customers to file fraudulent tax returns. Manhattan federal prosecutors charged the trio with orchestrating two separate tax fraud schemes between 2006 and 2007 that cheated the U.S. Internal Revenue Service (IRS) and New York State out of US$4.8 million. The former employees face a maximum of five years in prison.
While the former employees of JPMorgan Chase and Co. mentioned in this case were eventually caught and prosecuted, they managed to profit from the fraud. How was this possible, and what can auditors learn from it? The former employees used the identities of Puerto Rican customers to accomplish the fraud. Identity theft is at the top of the IRS' "Dirty Dozen" tax fraud list, and in 2011, the IRS estimates that it prevented about US$1.4 billion in taxpayer funds from falling into criminal hands.
Would-be fraudsters may use the tactic of false IRS Form 1099 Refund Claims, where a fake information return (e.g., Form 1099 Original Issue Discount) is filed to justify a false refund claim on a corresponding tax return. Auditors can look for multiple tax returns and scrutinize the types and amounts of income and deductions as indicators of potential fraud. Individuals who may be targeted in an identity theft scheme can help uncover fraud by reporting a notice of a second or multiple tax returns they may receive or reporting that their tax assessment contains suspicious information, such as an unknown employer.
Deliberate under-reporting of taxable income, the most common form of tax fraud, also may have been used to maximize the theft of public money in this case. Using a false Social Security number, keeping two sets of financial books (or no records at all), creating false receipts, and altering checks to increase deductions are examples of tax fraud. Auditors can, for example, easily spot altered checks by comparing written numbers with computer coding on the check or bank statements.
Finally, the strength of JPMorgan Chase and Co.'s financial and management controls may need to be addressed if, for example, the guilty employees were using customer bank records and personal information as the basis for submitting fraudulent tax returns. The bank's internal audit function should have a robust fraud risk assessment and audit plan in place that includes periodic monitoring and assessment of controls over access to customer bank records as well as detection of irregular, frequent, and suspicious activity involving such access.