Nearly three million U.S. employers, representing more than 48% of the private sector workforce, use a payroll service provider (PSP) to calculate, pay and file employment tax returns. The largest payroll companies in the US deposited over 45% of all IRS employment taxes collected in 2016. PSPs often assist their clients in resolving problems or errors with their payroll tax filings and payments.
PSP clients are often small business owners that are not experts in employment taxes. PSPs collect information from their clients in order to generate their payroll tax filings and payments; this information is unique to the client’s business and subject to change periodically, such as tax rates, payment schedules, and account numbers. The accuracy of the tax filings and payments hinges on the accuracy of the information collected by the client during their onboarding with their PSP, as well as when the agency or client makes a change to the business’s tax information. If the client enters the wrong information for the wrong year, or the rate for the incorrect tax authority, or transposes a number, excludes a surcharge rate, or makes any other innocent error, they will likely receive a tax bill from the tax authority. These tax bills come as a shock to clients who are paying their PSP to help them avoid such errors.
One may ask why PSPs can’t just work with the state taxing authorities to validate their client’s data on their behalf? In fact, most PSP’s do seek to partner with taxing authorities to confirm critical information needed to file and pay taxes, and in order to avoid costly penalties, interest, additional taxes, and scary tax notices for their clients. Not only are error notices disturbing for employers to receive, but they can take a long time to resolve due to long hold times or requests to “call back later” when calling tax authorities, and multiple-month backlogs at the tax agencies processing the responses to the notices. It is a much better experience for the client, PSP and agency to confirm the accuracy of data prior to filing and depositing taxes, and before an error has actually occurred.
Unfortunately, due to the increased focus on data security in recent years, many tax authorities are understandably concerned about releasing data to a potentially unauthorized party. Data security has become such a concern that some state tax authorities will not confirm any client data with PSPs without a state authorization form on record, even information that’s not sensitive or personally identifiable, and that can’t easily be used for nefarious purposes, such as deposit schedules or tax rates. Some states have gone so far as to actually reject otherwise-valid tax returns and deposits unless a state authorization is on file for that PSP/sender.
Employers using PSPs are increasingly required to follow non-standard and redundant steps to reconfirm their intentions to authorize the same PSP to file and pay on their behalf across multiple agencies. One state recently implemented a four-step custom authorization process. The state’s system offers no prompts or guidance to assist the employer with assigning proper roles to their PSP despite the fact that nearly half of their employers use a PSP. After months of communications to employers to coordinate and explain the multiple and confusing steps, barely half of PSP clients had completed Step 1, and less than 5% had completed the final step successfully.
According to NIST Publication 800-63-3, Digital Identity Guidelines (see Section 5.3.1 Business Process vs. Online Transaction), which provides technical requirements for federal agencies to authenticate users of government systems over open networks, the receipt of information and sharing of information that is not personally identifiable is among the lowest-risk tier. PSPs are supportive of tighter authentication measures for more sensitive exchanges of information or ones that may be used for fraudulent activities (i.e. changing employer mailing addresses, discussing employee wages or SSNs, etc.). However, requiring unique and difficult processes to establish an authority to validate employer tax requirements and in order to file and pay taxes is unnecessary and in fact serves as a barrier to timely, accurate and electronic filing and payments.
Recommendations towards Modernization
#1: Create a national database to manage PSPs and employer-client relationships
The IRS has already created a Reporting Agent File (“RAF”) which serves as a database that monitors active PSP (called “Reporting Agents” by IRS) and employer/client relationships. Every employer that uses a PSP must sign a clear authorization directing the PSP to file and pay applicable federal, state and local tax returns on their behalf, and to receive related information, such as the status of a return, assigned tax deposit schedule(s), assigned tax rate(s), copies of tax notices, etc. RAF is updated by the IRS when a PSP sends an authorization form (IRS Form 8655) to the IRS that’s been signed by their client. The authorization is automatically revoked when a new authorization is received for the same employer with a more recent signature. Investments are needed to automate this authorization process more - many authorizations are still FAXed to the IRS and go through a review process prior to posting to RAF. Additionally, this PSP/client relationship information is not shared with state agencies.
States could be notified of new and/or changing PSP/client relationships using the existing IRS Information Sharing Program. These programs are intended to:
- save government resources through partnerships between federal and state agencies
- enhance voluntary compliance with tax laws
- facilitate the exchange of taxpayer data, leveraging resources, providing assistance to taxpayers to improve compliance and communications
Internal Revenue Code (IRC) Section 6103 authorizes the IRS to share tax information by entering into agreements with governmental agencies for tax administration purposes but is not currently used to share information about PSP relationship changes to state agencies. By sharing PSP reporting relationships with state agencies, states wouldn’t need to manage these processes themselves, cutting down on errors, and authorization reviews and processing. This information exchange would also help employers stay in compliance with the various state tax requirements, and improve communications for all parties. Improvements could be made to the IRS Information Sharing Program to allow for real-time exchange of information using Application Programming Interfaces(APIs). Other federal agencies have already started investing in similar technology.
#2: Embrace API standards that allow for the real-time exchange of information
The Federation of Tax Administrators (FTA) is an organization whose mission it is to improve the quality of state tax administration by proposing standards, and facilitating the exchange of information, and intergovernmental and interstate coordination. FTA has worked for years to develop standard XML file formats for PSPs to use in partnership with state agencies (see Data Exchange Data Formats here). The standard formats would allow for real time validation of information through APIs so that employers could onboard with their new PSP without any errors, and compliance could be maintained throughout their relationship with their PSP.
Unfortunately, these formats are rarely supported by state agencies. Instead, many state agencies use manually process files on a monthly, quarterly or annual basis batch processes that. These manual processes occur long after the client has onboarded with their PSP. This makes it difficult for PSPs to detect and correct any errors before a return or tax deposit is sent, exposing the client to penalty and interest. Additionally, most states use non-standard file formats that change periodically and are difficult for PSPs to build and maintain.
Another complication today is that many states don’t accept the IRS authorization. They instead often require their own electronic or paper authorization process (although it’s unclear why the IRS form wouldn’t suffice as proper authorization). Most states assess two or more payroll taxes that are paid and reported to two different state tax authorities. Therefore, employers are often taking steps to authorize their PSP in three or more systems (IRS plus two state systems), even if they are only operating their business in a single state.
Although it’s strongly encouraged for states to recognize and accept the IRS authorization form, if for some reason a state must enforce the use of a unique authorization process, FTA has also already created standard formats for employers to grant their PSP authorization (see reference to EPOA here). Currently very few agencies use this electronic POA format and prefer instead a non-standard form or process.
In recent years, states have attempted to modernize their tax systems. Third-party vendors are often hired to build next generation systems. These states and vendors could utilize the available and recommended standards in their new systems, but don’t often partner directly with FTA or PSPs, and instead build to the unique requirements prescribed by the state’s project manager and team assigned to the project. Oftentimes, these project managers aren't aware of the existence of these standards, or they don’t prioritize the use of industry standards. If states supported these real-time exchanges of information using standard formats, they could monetize the exchange and charge PSPs for the validation of the client data.
Businesses, and the tax administrators and payroll companies that serve them, would greatly benefit from improved coordination with the industry, as well as the implementation of more modern technology solutions. This would surface errors earlier in the process, reduce workload for tax administrators, and help small businesses improve the accuracy of their payroll tax filings and deposits. Examples of improved processes that could be implemented include:
- IRS could share with states, in real time, which PSP is the current authorized payroll company for a business, and notify the states immediately when the authorization has been terminated.
- State tax administrators could update their records with PSP/client relationship information gathered from the IRS (preferably via API or web service).
- Note that a similar system already exists for some states for the purpose of unemployment claim processes (see this UI SIDES system), but a similar system does not exist for payroll tax purposes.
- States could share critical but non-sensitive/protected information with the authorized PSPs, preferably using APIs.
- IRS could modernize their authorization processing system which still receives many authorization forms on paper. Modernize the current rejected authorization process which provides authorization errors via compact disc (CD) via snail mail. In the new FY23 budget, IRS received increased funding for modernization efforts to address processing times and backlogs along with more resources for taxpayer service.IRS could begin sharing the reporting agent of record (RAF) with state agencies through IRS Information Sharing Program.