Compliance Readiness Audit Report

Date: 2024-12-27 Scope: IRS Circular 230, WISP, Form 7216, Data Retention, Identity Verification Auditor: Claude Code

---

Executive Summary

The Tax Practice AI system has a strong architectural foundation for regulatory compliance with comprehensive design documentation. However, several critical implementation gaps exist that must be addressed before production deployment.

Overall Compliance Rating: 70/100

Regulation	Readiness	Critical Gaps
IRS Circular 230	65%	COI checks, competency tracking, PTIN enforcement
WISP	60%	MFA, training tracking, incident response, field encryption
Form 7216	50%	AI processing consent, e-filing enforcement
Data Retention	80%	Legal hold, secure deletion
Identity Verification	75%	Form 2848, MFA, Persona API activation

---

Critical Issues (COMP-001 through COMP-008)

COMP-001: AI/Cloud Processing Consent Missing

Severity: CRITICAL Regulation: IRS Form 7216 Status: NOT IMPLEMENTED

Problem: Form 7216 requires explicit client consent before disclosing tax return information to third parties, including cloud AI services. The system sends client tax data to Claude/Bedrock for analysis without consent verification.

Evidence: - ConsentType enum lacks USE_AI_PROCESSING type - BedrockService.invoke() accepts client_id but does NOT call consent workflow - AnthropicService same pattern - logs but no consent check - All AI workflows (classification, extraction, analysis) proceed without consent validation

Files: - src/services/bedrock_service.py:304-392 - src/services/anthropic_service.py:477-568 - src/domain/engagement.py:64-69 (ConsentType enum)

Impact: Every AI analysis potentially violates IRS Form 7216 requirements.

Fix: 1. Add USE_AI_PROCESSING to ConsentType enum 2. Add consent check before ALL Bedrock/Claude invocations 3. Create AI processing disclosure form with explicit language 4. Block AI analysis if consent not obtained

---

COMP-002: Form 7216 Consent Not Enforced at E-Filing

Severity: CRITICAL Regulation: IRS Circular 230, Form 7216 Status: NOT IMPLEMENTED

Problem: E-filing workflow does not verify valid Form 7216 consent before transmitting returns to IRS.

Evidence: - efiling_workflow.py mark_ready_for_filing() has no consent validation - Returns can be filed without checking disclosure authorization - Consent workflow exists but is not integrated with filing

Files: - src/workflows/filing/efiling_workflow.py

Impact: Potential IRS violation - disclosure without authorization.

Fix:

async def mark_ready_for_filing(self, return_id: UUID) -> EFileResult:
    consent_valid = await self._consent_workflow.check_consent(
        client_id=return.client_id,
        consent_type=ConsentType.DISCLOSURE_THIRD_PARTY,
        tax_year=return.tax_year,
    )
    if not consent_valid.has_valid_consent:
        return EFileResult.fail("No valid Form 7216 consent on file")

---

COMP-003: Authentication Events Not Logged

Severity: CRITICAL Regulation: WISP, Audit Requirements Status: NOT IMPLEMENTED

Problem: audit_service.log_auth() method exists but is NEVER called. Authentication events not captured in audit trail.

Missing Logs: - Login attempts (successful and failed) - Logout events - Magic link requests and verification - Account lockout events - Password changes

Evidence: - ClientAuthenticationWorkflow records to login_attempt table but NOT to audit_log - Client auth routes use structlog only, not audit service - No calls to audit_service.log_auth() found in codebase

Files: - src/workflows/intake/client_authentication.py - src/api/routes/client_auth.py - src/services/audit_service.py (method exists, unused)

Impact: Cannot detect brute force attacks, no compliance audit trail for access.

Fix: Add await audit_service.log_auth() calls to all authentication endpoints.

---

COMP-004: Document/Client Access Not Logged

Severity: CRITICAL Regulation: WISP, IRS Circular 230 Status: NOT IMPLEMENTED

Problem: Audit logging only captures data modifications, not data access. Cannot prove who viewed sensitive information.

Missing Logs: - Client record views - Document views and downloads - Client listing/search operations - Tax return views - Export operations

Evidence: - Document routes use structlog: log.debug("get_document") - NOT audit_log - Client routes: log.info("client_not_found") - NOT audit_log - No calls to audit_service.log_access() in API routes

Files: - src/api/routes/documents.py - src/api/routes/clients.py - src/api/routes/returns.py

Impact: Cannot demonstrate who accessed what data for compliance audits.

Fix: Add audit logging middleware or explicit log_access() calls to all GET endpoints for sensitive data.

---

COMP-005: Account Lockout Not Implemented

Severity: CRITICAL Regulation: WISP (SEC-005) Status: DESIGNED, NOT IMPLEMENTED

Problem: Security design specifies account lockout after failed attempts, but no implementation exists.

Design (SECURITY_DESIGN.md): - 5 failed attempts = 15 minute lockout - 10 cumulative = 1 hour lockout - 15 cumulative = indefinite (admin unlock)

Evidence: - No failed_login_attempts or lockout_until fields in users table - No lockout check in authentication middleware - No code to increment failure count or enforce lockout

Files: - src/api/middleware/auth.py (missing lockout logic) - docs/SECURITY_DESIGN.md (SEC-005 specification)

Impact: Brute force attacks on staff accounts possible.

Fix: 1. Add lockout fields to users table 2. Check lockout status before password validation 3. Increment failure count on failed attempts 4. Return 429 if locked out

---

COMP-006: Field-Level Encryption Not Implemented

Severity: CRITICAL Regulation: WISP (ENC-004) Status: DESIGNED, NOT IMPLEMENTED

Problem: Security design specifies field-level encryption for PII using pgcrypto, but no implementation exists.

Design (SECURITY_DESIGN.md): - SSN: AES-256-GCM via pgcrypto - Bank account numbers: AES-256-GCM - PTIN: AES-256-GCM - Driver's license: AES-256-GCM

Evidence: - No encryption service found in src/services/ - No pgcrypto wrapper functions - Schema shows fields as plain VARCHAR, not encrypted

Files: - docs/SECURITY_DESIGN.md (ENC-004 specification) - No implementation files exist

Impact: PII stored unencrypted at application layer (relies only on Aurora encryption at rest).

Fix: 1. Create encryption_service.py with pgcrypto wrapper 2. Encrypt sensitive fields on write 3. Decrypt on authorized read only

---

COMP-007: Conflict of Interest Checks Missing

Severity: CRITICAL Regulation: IRS Circular 230 Status: NOT IMPLEMENTED

Problem: Circular 230 requires conflict of interest checks before client engagement. No implementation exists.

Evidence: - No conflict_of_interest table in database schema - No conflict checking workflow - No API endpoint for conflict checks - Requirements document (PRE-001 through PRE-004) specifies need

Files: - docs/DATABASE_SCHEMA.sql (table missing) - docs/client_facing_docs/tax_practice_ai_requirements.md (requirement exists)

Impact: Non-compliance with Circular 230 practitioner requirements.

Fix: 1. Create client_entity and conflict_check tables 2. Implement COI check workflow before engagement 3. Flag potential conflicts for manual review 4. Log all conflict checks for audit

---

COMP-008: Form 2848 (POA) Workflow Missing

Severity: CRITICAL Regulation: IRS Requirements Status: PARTIAL (domain model only)

Problem: Power of Attorney tracking exists as relationship type but no Form 2848 workflow.

What Exists: - Relationship.POA = "poa" in ClientContact domain - Database can track POA relationships

What's Missing: - No Form 2848 generation - No signature collection for 2848 - No IRS authorization validation - No POA-based access control

Files: - src/domain/client.py:43 (POA enum value)

Impact: Cannot properly authorize representatives per IRS requirements.

Fix: 1. Create Form 2848 generation workflow 2. Add signature collection for POA 3. Implement IRS authorization validation 4. Enforce POA access controls

---

High Priority Issues (COMP-009 through COMP-016)

COMP-009: PTIN Expiration Not Enforced in Workflows

Severity: HIGH Regulation: IRS Circular 230

Problem: PTIN tracking exists in database but expiration not validated before allowing return preparation.

Evidence: - ptin_record table has expiration_date - No validation in preparer assignment workflow - No check before in_prep state transition

Files: - docs/DATABASE_SCHEMA.sql:1021-1045 - src/workflows/preparation/assignment_workflow.py (missing check)

Fix: Add PTIN expiration validation to assignment workflow and state machine.

---

COMP-010: Competency/Credential Tracking Missing

Severity: HIGH Regulation: IRS Circular 230 (CIR-004)

Problem: No tracking of preparer credentials (EA, CPA) or continuing education (CPE).

Evidence: - No preparer_credential table - No CPE hours tracking - No competency matrix by return type

Fix: Create credential tracking system with expiration alerts.

---

COMP-011: MFA Not Implemented

Severity: HIGH Regulation: WISP, IRS Publication 4557

Problem: Framework exists but no actual MFA implementation.

What Exists: - MFA_VERIFY audit action defined - JWT structure supports token tracking

What's Missing: - No TOTP implementation - No authenticator app support - No backup codes - No enforcement on sensitive operations

Files: - src/domain/audit.py (MFA_VERIFY action) - src/api/middleware/auth.py (no MFA check)

Fix: Implement TOTP with authenticator app support and backup codes.

---

COMP-012: Employee Training Tracking Missing

Severity: HIGH Regulation: WISP

Problem: No system to track security awareness training for staff.

Evidence: - No user_training_record table - No training management API - No expiration alerts - Cannot demonstrate WISP training compliance

Fix: Create training tracking system with completion certificates and expiration.

---

COMP-013: Database Immutability Not Enforced

Severity: HIGH Regulation: Audit Requirements

Problem: REVOKE statements for audit_log table are commented out in schema.

Evidence:

-- REVOKE UPDATE, DELETE ON audit_log FROM public;
-- REVOKE UPDATE, DELETE ON audit_log FROM app_service_role;

Commented out in DATABASE_SCHEMA.sql

Impact: Audit logs can theoretically be modified.

Fix: Uncomment REVOKE statements in production deployment.

---

COMP-014: Incident Detection/Alerting Not Implemented

Severity: HIGH Regulation: WISP

Problem: Thresholds documented but no automated detection or alerting.

Design Exists: - 10 failed logins in 5 minutes → Alert - 100+ records/min bulk access → Alert - After-hours access → Alert

Evidence: - No security_incident table creation script - No detection automation - No alerting integration

Files: - docs/SECURITY_DESIGN.md Section 9 (specification only)

Fix: Implement incident detection with automated alerting.

---

COMP-015: Persona Integration in Dry-Run Mode

Severity: HIGH Regulation: Identity Verification

Problem: Persona service configured but running in simulated mode.

Evidence: - persona_service.py has dry_run mode flag - Real API calls not being made - Identity verification simulated, not actual

Files: - src/services/persona_service.py

Fix: Activate real Persona API integration before production.

---

COMP-016: Authorization Denials Not Logged to Audit

Severity: HIGH Regulation: WISP, Audit Requirements

Problem: RBAC permission denials logged to structlog but not to audit_log table.

Evidence: - rbac.py: log.warning("authorization_denied") - structlog only - No call to audit_service for access denials

Files: - src/api/middleware/rbac.py

Fix: Add audit logging for all authorization failures.

---

Medium Priority Issues (COMP-017 through COMP-022)

COMP-017: Legal Hold Not Implemented

Severity: MEDIUM Regulation: Data Retention (RET-004)

Problem: Cannot prevent deletion of records during litigation or regulatory holds.

Design Exists: - legal_hold table schema documented - Hold scope (client, return, document) defined

Implementation Missing: - No legal hold enforcement in delete operations - No hold management API

---

COMP-018: Secure Deletion Not Implemented

Severity: MEDIUM Regulation: Data Retention (RET-005)

Problem: No cryptographic erasure for data past retention period.

Missing: - No secure deletion job - No key deletion for encrypted fields - No overwrite patterns

---

COMP-019: Vendor Security Assessments Missing

Severity: MEDIUM Regulation: WISP

Problem: Third-party services documented but no security assessments on file.

Missing: - No vendor security questionnaires - No BAAs for HIPAA-relevant services - No audit rights documentation

---

COMP-020: Password Policy Not Enforced

Severity: MEDIUM Regulation: WISP

Problem: 12-character minimum documented but no validation in code.

Missing: - No password complexity validator - No password history check - No change enforcement policy

---

COMP-021: IP/Device Context Not Auto-Captured

Severity: MEDIUM Regulation: Audit Requirements

Problem: IP address and user agent only captured in some workflows, not automatically from all requests.

Missing: - No middleware to extract request context - Inconsistent capture across endpoints

---

COMP-022: Consent Table Schema Mismatch

Severity: MEDIUM Regulation: Form 7216

Problem: Code uses consent table but schema also defines form_7216_consent table.

Evidence: - ConsentRepository uses consent table - form_7216_consent table defined but unused - Potential confusion and maintenance issues

Fix: Consolidate to single consent table, remove unused schema.

---

What's Working Well

Implemented and Compliant

Feature	Status	Evidence
PTIN Database Tracking	✅	ptin_record table with expiration
Form 7216 Consent Workflow	✅	Collection, storage, revocation
Form 8879 Signature Enforcement	✅	Signing order=1, blocks filing
RBAC Role Hierarchy	✅	5 roles with permission matrix
Audit Log Schema	✅	7-year partitioned, immutable design
Soft Delete Pattern	✅	All tables have deleted_at
S3 Lifecycle to Glacier	✅	Configured for 3-year archive
7-Year Retention Config	✅	Centralized in config.yaml
Tier 2 Identity Verification	✅	Phone, email, ID, Persona
Client Communication Tracking	✅	Full message history
Preparer Notes & Changes	✅	Before/after audit trail
Engagement Letter Workflow	✅	Templates, signatures, storage
AI Conversation Tracking	✅	Full Q&A history with citations

---

Recommendations by Priority

Before Production (P0)

1. COMP-001: Add AI processing consent type and enforcement
2. COMP-002: Add consent check to e-filing workflow
3. COMP-003: Enable authentication event logging
4. COMP-004: Add document/client access logging
5. COMP-005: Implement account lockout
6. COMP-006: Implement field-level encryption
7. COMP-007: Implement conflict of interest checks
8. COMP-008: Implement Form 2848 workflow

V1.1 (P1)

1. COMP-009: Enforce PTIN expiration in workflows
2. COMP-010: Implement credential/CPE tracking
3. COMP-011: Implement MFA
4. COMP-012: Implement training tracking
5. COMP-013: Activate database immutability
6. COMP-014: Implement incident detection
7. COMP-015: Activate Persona API
8. COMP-016: Log authorization denials

Future (P2)

1. COMP-017: Implement legal hold
2. COMP-018: Implement secure deletion
3. COMP-019: Document vendor security
4. COMP-020: Enforce password policy
5. COMP-021: Auto-capture request context
6. COMP-022: Consolidate consent tables

---

Effort Estimates

Priority	Items	Estimated Effort
P0 (Critical)	8	40-60 hours
P1 (High)	8	30-40 hours
P2 (Medium)	6	15-20 hours
Total	22	85-120 hours

---

References

• IRS Circular 230: Practice Before the IRS
• IRS Publication 4557: Safeguarding Taxpayer Data
• IRS Form 7216: Consent for Disclosure of Tax Return Information
• IRS Form 8879: IRS e-file Signature Authorization
• IRS Form 2848: Power of Attorney and Declaration of Representative
• WISP: Written Information Security Plan (IRS requirement)
• Related: docs/SECURITY_DESIGN.md, docs/ARCHITECTURE.md

---

Audit performed by Claude Code