. . . Not Mumbai, Quezon City, or Dhaka.
While this headline hardly sounds like earth-shattering news, an article in Forbes earlier this month highlighted the growing trend of American tax preparers to send U.S. tax returns to third-party IT export companies in India, the Philippines, and Bangladesh.
The Forbes article described the phenomenon as “a secret in the tax business, known within the industry but rarely discussed publicly.”
So, let’s discuss it.
Spoiler Alert: We think it’s a really bad idea.
Just to clarify, we aren’t talking about a branch office of a U.S. accountancy firm in a foreign city like London or Zurich. We’re talking about companies in Third World countries that sell IT services to anyone (from anywhere in the world) who needs computer processing.
Think about the last time you called a so-called “Help Desk” at a company that outsources its help desk function.
Although there is no specific data available regarding the number of returns being prepared overseas, according to the claims by some of the outsourcing firms themselves, the amount is in the millions.
And because the outsourcing firms also claim to save U.S. tax preparers 60% in salary overhead, there’s every indication that this trend will continue. In fact, according to the online English edition of today’s (10/29/2018) Dhaka Tribune, by 2021 the government of Bangladesh has targeted $5 billion in annual exports from the IT sector—presumably including U.S. tax returns (a 2500% increase over the nearly $200 million it exported last year.)
How is this even legal?
You may be surprised to learn, that according to the IRS, disclosing tax return information to another tax return preparer who is assisting in the preparation of the return generally does not require the consent of the taxpayer.
However, if the other tax return preparer is located outside the United States, the taxpayer must agree and sign an acknowledgement consenting to the disclosure. In addition, Social Security numbers may be disclosed to tax return preparers located outside the United States if taxpayer consent is obtained and both the sending and receiving tax return preparers maintain adequate data protection safeguards as defined in Revenue Procedure 2013-14, section 5.07. The specific language that must be included in the consent form is found in Revenue Procedure 2013-14, section 5.04(e)(ii).
So, bottom line, it’s perfectly legal for your U.S. tax preparer to send your personal financial details to overseas tax preparers who neither you nor the tax preparer you hired have ever met . . . as long as you sign a consent. It’s also perfectly legal if your consent is an element on an apparently innocuous general engagement letter that you may sign without thoroughly studying.
What’s the upside?
The use of overseas tax preparers can save time and money. Whether you benefit from saving money depends on whether the tax preparation firm you hire chooses to pass along their savings to you.
So, what’s the problem?
Other than not dealing with the person you thought you hired, the privacy and safety of your information are legitimate concerns.
What defines adequate data protection and who monitors the effectiveness of those safeguards?
The IRS describes adequate data protection as a management-approved and implemented security program, policy, and practice that includes administrative, technical, and physical safeguards to protect tax return information from misuse, unauthorized access, or disclosure and that meets or conforms to one of the data security frameworks described in the revenue procedure.
The question that needs to be answered is: In a Third World country where money is the only motivating factor, is your financial information truly safe?
There have been 17 major data breaches in the United States since 2000. These include credit monitoring agency Equifax—143 million accounts, eBay—145 million accounts, Target—110 million accounts, and the biggest of all, the once dominant Internet giant, Yahoo—3 billion user accounts.
In September 2016, Yahoo announced it had been the victim of the biggest data breach in history, likely by “a state-sponsored actor.” The attack compromised the real names, email addresses, dates of birth and telephone numbers of 500,000 users. That figure was updated to all 3 billion accounts in 2017.
Even if you save a few dollars, is the cyber-attack risk worth it?
We take the security of your information seriously.
At Brown, Brown & Associates, all your personal, financial, and tax information is kept on our private server, housed in our offices. The security of our system is monitored continually. And the only people who touch your information are men and women you can meet and talk to face-to-face in our offices.
We can’t imagine doing business any other way.