The Detroit Computing Center Adequately Processed Paper Bank
Secrecy Act Documents, but Quality Reviews Should Be Implemented to Ensure
Compliance With Quality Standards
March 2004
Reference Number: 2004-30-070
This report has cleared the Treasury
Inspector General for Tax Administration disclosure review process and
information determined to be restricted from public release has been redacted
from this document.
March
9, 2004
MEMORANDUM FOR
COMMISSIONER, SMALL BUSINESS/SELF-EMPLOYED DIVISION
FROM: Gordon C. Milbourn III /s/ Gordon C.
Milbourn III
Acting Deputy Inspector General for Audit
SUBJECT: Final Audit Report - The Detroit Computing Center Adequately
Processed Paper Bank Secrecy Act Documents, but Quality Reviews Should Be
Implemented to Ensure Compliance With Quality Standards (Audit # 200330010)
This report presents the
results of our review of the processing of paper Bank Secrecy Act (BSA)
documents at the Detroit Computing Center (DCC). The overall objectives of this review were to determine whether
controls ensured paper filed BSA forms
were processed timely and accurately to enhance the reliability of the Currency
and Banking Retrieval System (CBRS) database and to determine whether the
Internal Revenue Service’s (IRS) Detroit Computing Center (DCC) has taken
necessary steps to prepare for the additional reporting requirements under the
USA PATRIOT Act.
The BSA authorizes the
Secretary of the Treasury to issue regulations requiring financial institutions
and other persons to keep records and file reports that are determined to have
a high degree of usefulness in criminal, tax, regulatory, intelligence, and
counter-terrorism matters and to implement counter-money laundering programs
and compliance procedures. The
Secretary has delegated the duties and powers under the BSA to the Financial
Crimes Enforcement Network bureau (FinCEN), which, in turn, relies on the IRS
to process most paper and electronically filed forms required under the
BSA. The Secretary of the Treasury
recently reported to the Congress on the importance of the IRS in processing
BSA information and recommended the IRS continue in this role. The report cited the IRS, and its DCC, for
the wide range of functions it performs – receiving the forms, posting the
information into a database, and answering questions from filers and potential
filers.
The events of September 11,
2001, increased the emphasis on BSA documents to aid in identifying terrorist
funding sources. Further, the USA
PATRIOT Act increased the challenges the IRS must meet and the tasks it must
perform to support the FinCEN.
In summary, controls similar
to those used by the IRS for processing tax returns are in place to ensure BSA
forms are processed timely and accounted for properly. In addition, the DCC has been able to manage
the additional processing requirements resulting from enactment of the USA
PATRIOT Act.
Forms are, for the most
part, accurately processed. The IRS has
contracted with a private party to enter data from the paper filed BSA forms
into the CBRS database. The contract
specifies that certain information, such as names, account numbers, Employer
Identification Numbers, and transaction amounts, will be entered twice, or key
verified, to ensure the accuracy of the data.
Because of the importance of the verified data, the contractor’s
requirement for input quality is 99 percent.
The quality standard for the remaining nonverified data is 97 percent.
We reviewed 300 BSA
documents and found the contractor substantially met the required 99 percent
accuracy rate for key-verified information items. While the nonverified information did not meet the 97 percent
accuracy rate, we concluded the effect of this was minimal. Even though 44 (14.7 percent) of the 300
cases reviewed had exceptions, we believe most of the differences involved
details that would not be of primary importance to law enforcement agencies
querying the CBRS database.
However, the DCC does not
currently perform a quality review of samples of completed work, which would
allow it to evaluate whether the contractor is meeting the specified quality
requirements. We believe a measured
review process is necessary to ensure the quality of information input to the
CBRS database and the overall integrity of the system. We recommended the Director, Compliance,
Small Business/Self-Employed (SB/SE) Division, implement such a quality review
program/function.
Management’s Response: IRS
management agreed with the recommendation.
The Field Director, Compliance Services, Cincinnati Campus, SB/SE Division,
will
develop a statistically reliable quality review process to periodically
evaluate the accuracy of BSA documents processed by the contractor. Management’s complete response to the draft
report is included as Appendix V.
Copies of this
report are also being sent to the IRS managers affected by the report
recommendation. Please contact me at
(202) 622-6510 if you have questions or Richard J. Dagliolo, Acting Assistant
Inspector General for Audit (Small Business and Corporate Programs), at (631) 654-6028.
Controls
Generally Ensured Timely and Accurate Processing for Bank Secrecy Act Documents
Appendix I – Detailed Objectives, Scope, and Methodology
Appendix II – Major Contributors to This Report
Appendix III – Report Distribution List
Appendix IV – Financial Crimes Enforcement Network (FinCEN)
Bank Secrecy Act Forms
Appendix V –
Management’s Response to the Draft Report
The Bank Secrecy Act (BSA) authorizes the Secretary of the Treasury to issue regulations requiring financial institutions and other persons to keep records and file reports that are determined to have a high degree of usefulness in criminal, tax, regulatory, intelligence, and counter-terrorism matters and to implement counter-money laundering programs and compliance procedures. The Secretary has delegated the duties and powers under the BSA to the Financial Crimes Enforcement Network bureau (FinCEN), which, in turn, relies on the Internal Revenue Service (IRS) to process most paper and electronically filed forms required under the BSA.
The Secretary of the Treasury recently reported to the Congress on the importance of the IRS in processing BSA information and recommended the IRS continue in this role. The report cited the IRS, and its Detroit Computing Center (DCC), for the wide range of functions it performs –receiving the forms, posting the information into a database, and answering questions from filers and potential filers.
The Currency Transaction Report (CTR) (Form 4789) is used by financial institutions to report currency transactions in excess of $10,000 and accounts for over 90 percent (12.3 million last year) of BSA documents filed. A Suspicious Activity Report for Depository Institutions (SAR) (Form TD F 90-22.47) is filed for a transaction involving at least $5,000 that a financial institution knows, suspects, or has reason to suspect was derived from illegal activities. Other forms are used by specific businesses, such as casinos or money service businesses, to report suspicious or large currency transactions. (See Appendix IV for a more detailed list of BSA forms.)
During Calendar Year 2002, 13.5 million BSA forms were processed by the DCC; the majority were received electronically. Approximately 30 percent, or about 4 million forms, were filed on paper.
Paper BSA forms are received, controlled, and edited at the DCC. The actual transcribing of the paper filed BSA forms for input to a database is contracted out to a private firm. After input, the DCC performs additional steps to perfect and correct any identified problems. Information from both paper filed and electronically filed forms resides in the Currency and Banking Retrieval System (CBRS) database, which can be researched by Federal, state, and local law enforcement organizations.
The events of September 11, 2001, increased the emphasis on BSA documents to aid in identifying terrorist funding sources. Further, the USA PATRIOT Act increased the challenges the IRS must meet and the tasks it must perform to support the FinCEN.
Audit work was performed at the DCC. The audit was conducted from July through October 2003 in accordance with Government Auditing Standards. Detailed information on our audit objectives, scope, and methodology is presented in Appendix I. Major contributors to the report are listed in Appendix II.
Our criteria for evaluating controls over the processing of BSA documents was based on our experience in evaluating controls as they relate to the processing of tax forms at IRS processing centers. With only a couple of exceptions and caveats, we found that the DCC has implemented controls similar to those in place for processing Federal tax returns.
Controls such as numbering, batching, and transmittal procedures are in place to ensure BSA forms are processed timely and accounted for properly. Computer checks ensure the validity of certain data, such as zip codes, state abbreviations, Social Security Numbers, and Employer Identification Numbers (EIN). Management controls, such as work plans and inventory reports, are used to monitor work received and in process and to ensure timely completion of that work. Reports are available to monitor the types and numbers of validity errors and are useful in identifying trends or areas of potential concern.
The number and extent of validity checks performed and information required by the DCC for various BSA forms is determined by agreement with the FinCEN. However, validity checks on BSA documents are less effective than those performed on tax forms because of the nature of the documents. Certain checks for tax forms can be tied to computational formulas (e.g., the various types of income should equal a certain total, and taxable income times the applicable tax rate should equal a certain income tax figure). Information on BSA forms is more general and descriptive in nature; validity checks cannot be used as effectively on this type of information.
We found that forms were timely processed to the CBRS database. In addition, the DCC has been able to manage the additional processing requirements resulting from enactment of the USA PATRIOT Act. The total number of paper forms filed did not increase significantly, in part because of offsets due to increases in the number of returns filed electronically. In fact, electronically filed BSA forms have grown from 49 percent of the total in 1993 to over 70 percent in 2002.
The IRS has contracted with a private party to enter data from paper filed BSA forms into the CBRS database. The contract specifies that certain information, such as names, account numbers, EINs, and transaction amounts, will be entered twice, or key verified, to ensure the accuracy of the data. Because of the importance of the verified data, the contractor’s requirement for input quality is 99 percent. The quality standard for the remaining nonverified data is 97 percent.
Based on our review of statistical samples of documents input to the CBRS database, we determined the verified data met the 99 percent quality standard, but the nonverified data did not meet the 97 percent standard. We reviewed 300 BSA documents (250 CTRs and 50 other BSA forms) processed from January 1, 2002, to March 31, 2003, to determine whether information from these forms was properly input to the CBRS database. We found the DCC and its contractor substantially met quality standards for items that required 99 percent accuracy. Only 4 (1.3 percent) of 300 forms had incorrect entries in the more important/verified fields. Only 2 (0.8 percent) of the 250 CTRs were entered incorrectly. Although the 50 other BSA forms had 2 exceptions (4 percent), the errors were lessened by the number of transactions those forms reported. CTRs generally represent one transaction per form. Other BSA forms, however, such as the SAR, may report on several transactions that are designed to circumvent CTR reporting requirements. Similarly, the Report of Foreign Bank and Financial Accounts (FBAR) (Form TD F 90-22.1) may include information regarding many foreign accounts. In fact, just 5 of the 50 non-CTR forms in our sample involved information concerning 61 different accounts or transactions. In our opinion, this further diluted our overall exception rate of 1.3 percent to effectively meet the established 99 percent accuracy rate for this information.
For the nonverified information, 44 (14.7 percent) of the 300 cases we reviewed had 1 or 2 discrepancies between what was on the document and what was input to the CBRS database. While this resulted in not meeting the 97 percent quality standard, the effect was minimal. Over one-half of these differences involved details regarding the institution that filed the forms, such as the specific person who prepared the form or the Magnetic Ink Character Recognition number of the bank. These exceptions are not as significant when, for example, a bank’s name and EIN are accurately input. We also do not believe these types of information items would be of primary importance to law enforcement agencies querying the database.
The contract for entry of data into the CBRS database states the IRS is responsible for monitoring the contractor’s performance using both computer-generated error listings and random sampling methods. Further, the General Accounting Office Standards for Internal Control in the Federal Government specify that management conduct reviews to compare actual performance with planned or expected results and analyze significant differences.
The DCC did not have a quality review function in place to review samples of completed work and, therefore, could not make an accurate statement regarding the contractor’s compliance with the required quality standards. Instead, the DCC has relied on the computer-generated error listings based on the various validity checks. These listings are a valuable tool, but they have limitations. The error listings identify exceptions for only those fields that have specific validity checks, and they are limited to the criteria designed for those fields. Errors that might not be identified by validity checks could include misspellings when the validity requirement is for alpha characters or transposed numbers in a field requiring numbers. On the other hand, validity errors may not necessarily be due to input errors by the contractor but may represent improperly prepared returns. A quality review can identify errors outside of the validity checks and can determine whether the IRS, the contractor, or the return filer was responsible for these exceptions.
Although the Standards for Internal Control in the Federal Government call for internal controls, they state further that the controls should be implemented and designed based on the related cost and benefits. We believe a measured review process is necessary to ensure the quality of information input to the CBRS database and the overall integrity of the system. However, based on the error rates we identified in our samples, a periodic quality review may suffice and be more cost effective than an ongoing quality review.
1.
The Director, Compliance, Small Business/Self-Employed
(SB/SE) Division, should establish a Quality Review function/process to
perform, on either an ongoing or periodic basis, statistically valid reviews of
documents input to the CBRS database to determine the causes of any identified
problems and to implement appropriate corrective measures.
Management’s Response: The Field Director, Compliance Services, Cincinnati Campus, SB/SE Division, will develop a statistically reliable quality review process to periodically evaluate the accuracy of work to prepare BSA filings for input by the keying contractor and to evaluate the input by that contractor.
Appendix I
Detailed Objectives, Scope,
and Methodology
Our overall objectives of this review were to determine
whether controls ensured paper filed
Bank Secrecy Act (BSA) forms were processed timely and accurately to enhance
the reliability of the Currency and Banking Retrieval System (CBRS) database
and to determine whether the Detroit Computing Center (DCC) has taken necessary
steps to prepare for the additional reporting requirements under the USA
PATRIOT Act.
To accomplish our
objectives, we:
I.
Determined
whether controls were in place to ensure processing timeliness and accuracy.
A. Reviewed manuals, job aids, and other
documentation used to establish processing criteria for BSA documents and
evaluated controls for processing BSA documents to determine whether they were
equivalent to controls for processing Internal Revenue Service tax returns.
B. Interviewed managers and analysts to identify
and evaluate any additional controls.
C. Reviewed suspense and correspondence procedures to determine whether information was timely obtained to perfect incomplete forms received by the DCC.
II.
Determined
whether identified controls were working to ensure accuracy and timeliness in
processing paper BSA forms.
A.
Obtained a computer file of 17 million BSA
forms filed from January 1, 2002, through March 31, 2003, selected a
statistically valid sample from the approximately 4 million paper returns, and
reviewed these returns for accuracy of input.
The sample was broken down between 250 Currency Transaction Reports
(CTR) (Form 4789) and 50 other BSA forms.
The sample size allowed us to project our results on paper CTRs and the
entire paper filed portion of the database using a 95 percent confidence level,
reliability of +/- 5 percent, and an expected error rate of 20 percent or less.
B.
Interviewed managers and obtained
documentation relating to trends in the nonpaper filing of BSA documents and
regarding initiatives to increase the nonpaper filing of BSA documents.
C.
Selected a judgmental sample of 50 BSA forms,
taken at random from trays of work received at the DCC on July 7 and 8, 2003,
and researched subsequent postings to the CBRS database to determine whether
all returns received were timely processed. A judgmental sample was necessary because we
were limited to receipts available in the mailroom at the time of our onsite
visit.
III.
Determined
whether steps have been taken to accommodate any additional work based on
enactment of the USA PATRIOT Act.
A. Reviewed text and analysis of Title III,
International Money Laundering Abatement and Anti-Terrorist Financing Act of
2001, of the USA PATRIOT Act as it relates to additional filing requirements
affecting the DCC.
B. Reviewed BSA regulations issued as a result
of the USA PATRIOT Act and identified additional forms and the related number
of returns that were estimated to be filed.
C. Discussed with DCC management any additional
filing requirements resulting from the Act, the volume of forms expected, and
steps taken to ensure these filings will be timely processed. We included reviews of work plans to ensure
significant increases in filings were considered in the budget process.
D. Interviewed managers and quality review
personnel in affected processing areas regarding any potential concerns caused
by the USA PATRIOT Act, including system capacity concerns.
Appendix II
Major Contributors to This Report
Richard J. Dagliolo, Acting Assistant Inspector General for
Audit (Small Business and Corporate Programs)
Kyle R. Andersen, Acting Director
L.
Jeff Anderson, Acting Audit Manager
Scott Critchlow, Senior Auditor
Greg Schmidt, Senior Auditor
Appendix III
Commissioner C
Office of the Commissioner – Attn: Chief of Staff C
Deputy Commissioner for Services and Enforcement SE
Acting Deputy Commissioner, Small Business/Self-Employed Division SE:S
Acting Director, Compliance, Small Business/Self-Employed Division SE:S:C
Director, Communications and Liaison, Small Business/Self-Employed Division SE:S:MS:CL
Deputy Director, Compliance Services, Small Business/Self-Employed Division SE:S:C:CS
Field Director, Compliance Services, Cincinnati, Small Business/Self-Employed Division SE:S:C:CS:C
Staff
Assistant, Small Business/Self-Employed Division SE:S
Chief Counsel CC
National Taxpayer Advocate
TA
Director, Office of Legislative Affairs CL:LA
Director, Office of Program Evaluation and Risk
Analysis RAS:O
Office of Management Controls OS:CFO:AR:M
Audit Liaison: Commissioner, Small Business/Self-Employed Division SE:S
Appendix IV
Financial Crimes Enforcement Network (FinCEN) Bank Secrecy Act
Forms
4 Currency Transaction Report (CTR) (Form 4789)
4
Currency
Transaction Report by Casinos (CTRC) (Form 103) (formerly Form 8362)
4
Currency
Transaction Report by Casinos – Nevada (Form 8852)
4
Report of Cash
Payments Over $10,000 Received in a Trade or Business (Form 8300)
4
Report of International Transportation of
Currency or Monetary Instruments (CMIR) (Form 4790)
4 Report of Foreign Bank and Financial Accounts
(FBAR) (Form TD F 90-22.1)
4
Suspicious
Activity Report for Depository Institutions (SAR) (Form TD F 90-22.47)
(formerly Suspicious Activity Report)
4
Suspicious
Activity Report by the Securities and Futures Industries (Form 101)
4
Suspicious
Activity Report by Casinos and Card Clubs (Form 102)
4
Registration of
Money Service Business (MSB) (Form TD F 90-22.55)
4
Suspicious
Activity Report by Money Services Business (Form TD F 90-22.56)
4 Designation of Exempt Person (DEP) (Form TD F 90-22.53)
Appendix V
Management’s Response to the Draft Report
The response was removed due to
its size. To see the response, please
go to the Adobe PDF version of the report on the TIGTA Public Web Page.