Business Tax Records Here’s The Why and How of Documenting Shareholder Loans

Generally, the IRS accepts a taxpayer’s statement of taxable income simply by matching the taxpayer’s declarations in the return with the third party information the IRS has on file. Once that taxpayer is operating a business, however evaluation of the taxpayer’s income and expenses is largely on the honor system. That is, unless and until the taxpayer’s return is selected for examination by the IRS, the taxpayer’s assertions of business income and expenses are checked only, with few exceptions, by the taxpayer’s signature on the return averring the truth of the return under penalties of perjury.[1]  At that moment, Reg. §1.6001-1(a) changes its character from taxpayer shield to IRS sword. That regulation requires, in part, that taxpayers

keep such permanent books of account or records, including inventories, as are sufficient to establish the amount of gross income, deductions, credits, or other matters required to be shown by such person in any return of such tax or information.

Failure to keep suitable books of account exposes the taxpayer to both civil and criminal penalties.[2]  In situations where the taxpayer has no, or poor, business records, the IRS can use a number of indirect methods to determine income, one of the more common of which is examination of the taxpayer’s bank records.[3] It is worth noting here that the bank deposit analysis procedure is used by the IRS to establish income, but not deductible expenses.[4]

Hence, shareholders of closely held businesses whose records are incomplete often propound an alternative characterization of some of their records of bank deposits. These taxpayers, in an effort to avoid tax liability, sometimes claim that those deposits represent nontaxable loan proceeds from the business.[5]


[1] Notable business income reporting to the IRS includes, among others, the Form 1099 series, including the new protocols for Form 1099-K, Payment Card and Third-Party Network Transactions. Pursuant to the amendments made to the de minimis exception for third party settlement organizations (e.g., eBay, PayPal, Etsy, CashApp, Venmo), such organizations must now report at a threshold of $600. IRC §6050W(e). The IRS, recognizing the considerable and disruptive burden this 2021 change in the law imposes, has suspended its enforcement for the 2022 tax year. Notice 2023-10 (IRB 2023-3, January 17, 2023).

[2] IRC §6662 provides for an addition to tax of 20% of the amount of underpayment resulting from negligence or intentional disregard of rules or regulations. So, for example, a taxpayer who does not keep proper records and consequently underpays tax due can be assessed an additional tax equal to 20% of the associated underpayment. This additional amount is, legally, a tax and not merely a penalty, and therefore accrues its own penalties and interest for late payment.  Under the Spies doctrine, 317 U.S. 492, 499 (1943), failure to keep proper books and records, coupled with an intent to evade tax, can also result in criminal penalties. IRC §7203 provides that the failure to keep proper records can, in and of itself, constitute a criminal misdemeanor, or, if such failure is willful, a felony.

[3] See, Internal Revenue Manual §; Internal Revenue IRC§446(b); Nath v. Commissioner,  T.C. Memo 2023-22 (February 27, 2023); Cheam, et. al. v. Commissioner, T.C. Memo 2023-23 (February 27, 2023)

[4] Deductions from income are a matter of legislative grace and the burden for satisfactorily documenting deductible expenses lies squarely with the taxpayer. See, e.g. INDOPCO, Inc. v. Commissioner, 503 U.S. 79, 84 (1992); See also, Cohan v. Commissioner 39 F.2d 540 (2d Cir. 1930) (This case, still good law today, had as its plaintiff the famous actor, theatrical manager, and producer George M. Cohan, who, as reported in the case, kept no records associated with his claims for business expenses. Judge Learned Hand opined that the government’s proposition to treat the plaintiff as having had zero eligible expenses was possibly too draconian in the face of judicial confidence that he had some expenses. “Absolute certainty in such matters is usually impossible and is not necessary; the [government] should make as close an approximation as it can, bearing heavily if it chooses upon the taxpayer whose inexactitude is of his own making.” Cohan at 544; Price v. United States, 335 F.2d 671, 677 (5th Cir. 1964) (“the ‘bank deposits’ method assumes only that all money deposited in a taxpayer’s bank account during a given period constitutes taxable income.”)

[5] Loan proceeds, insofar as they are accompanied by an obligation to repay the loan, are not taxable income. See, e.g., Commissioner v. Tufts, 461 U.S. 300, 312 (1983); U.S. v. Kirby Lumber Co., 284 U.S. 1, 3 (1931). The taxpayer bears the burden of proving that bank deposits are non-taxable loan proceeds. Calhoun v. United States, 591 F.2d 1243, 1245 (9th Cir. 1978).

A business or individual tax return reports, in effect, two fundamental arithmetic issues — Income and Deductions (or Credits) — to arrive at taxable income.  The regulations require taxpayers to document both.[1] See my earlier article on some of the issues that arise in connection with insufficiently documented claims for deductions. Should the IRS elect, in the face of a taxpayer’s problematic record keeping, to measure income through a bank records analysis, the Service treats all of the bank deposits, less those that can be otherwise explained, such as transfers between accounts, as taxable income for purposes of determining any deficiency in tax paid unless the taxpayer is able to demonstrate to the contrary.[2]

Closely held businesses routinely transfer money to one or more of their shareholders, usually in the form of taxable dividends, but often as a loan, which must be paid back and so, therefore, is not taxable income to the shareholder receiving it.  The IRS has in place a two-step checklist its agents use to test a taxpayer’s claim that an otherwise unexplained bank deposit is a loan rather than taxable income:

  1. Verify that the interest rate equals at least the minimum Applicable Federal Rate pursuant to IRC 7872 [3]
  2. Determine whether the amounts advanced to the stockholder are bona fide loans or distributions of earnings and profits, which are taxable as dividends. This determination is based on the actions and intent of the parties at the time of the withdrawal and no single test or set formula can give a definite answer. Some of the factors to be considered include the following:
    1. Whether the amounts of the withdrawals are carried on the books as a loan receivable
    2. Whether the withdrawals were secured by collateral or accompanied by other indications of a bona fide loan, such as interest bearing notes and the observance of other ordinary loan formalities
    3. Whether both the stockholder and the corporation treat the withdrawals as indebtedness
    4. Whether interest is paid by the stockholder or charged by the corporation
    5. Whether the corporation had sufficient surplus to cover the withdrawals when they were made


[1] Reg. Section 1.6001-1(a); See also, IRC Section 6001(a).

[2] See, Whatley v. Commissioner, 24 F.3d 1119 (9th Cir. 1994) (memorandum) (“Because the IRS’s determination was based on a bank deposit analysis, the [taxpayers] could only meet their burden by showing that the deposits came from a nontaxable source.”) The IRS burden in supporting a statutory Notice of Deficiency (NOD) for unreported income varies among the Circuits. For example, the First, Fourth, Sixth, and Seventh Circuit Courts of Appeal generally place the burden of persuasion on the taxpayer to demonstrate that the NOD is without factual foundation, whereas the Second, Third, Fifth, Seventh, Eighth, Ninth, and Tenth Circuits generally require the government to produce at least some factual foundation for the NOD before proceeding against the taxpayer.

[3] While this part of the test, as recited in § (March 1, 2003) of the Internal Revenue Manual, does not appear relevant to the determination of whether funds deposited of record in a bank account represent a loan or taxable income, it does signal that, when the service identifies a loan transaction, it will look for the possibility of imputed income under IRC §7872.  That statute imputes to the lender an income tax on the difference in interest due, if a positive number, between the Applicable Federal Rate (AFR) (as minuend) and the interest rate applicable to the subject loan (as subtrahend).  While the intricacies of determining the correct AFR to apply to a given loan are beyond the scope of this note, it is sufficient here to observe that the courts frequently invoke the statutory language of “below market loan” while exploring market-based interest rates that prevailed at the time of the claimed loan transaction.  Rather, the statute provides, generally, that a shareholder demand loan is a below-market loan if interest is payable at a rate less than the AFR, while a term loan is a below-market loan if the amount loaned exceeds the present value of all payments due under the loan using as discount rate the appropriate AFR for the month the loan is made. IRC §7872(f)(2). The issue of the actual interest rate, then, is less of a test for the validity of a claim that certain proceeds represent a non-taxable loan than it is for the ancillary issue of the separate income tax that may be due on the associated interest. The absence of any interest charge for the putative loan is an indicium of the absence of intent to repay and, hence, does not serve the taxpayer’s burden of demonstrating the non-taxability of any corresponding bank deposits.

  1. Whether the stockholder had the ability and intended to make repayment with interest at the time of the withdrawal
  2. The presence or absence of a maturity date
  3. The corporation, though prosperous, has not distributed dividends.


Courts interpreting taxpayer claims of non-taxable loan proceeds appearing in their bank accounts seek objective evidence of the taxpayer’s intent that the money was intended as a loan. These elements are but a portion of a facts and circumstances test and vary from the more prescriptive tests of the IRM:


  1. The existence or non-existence of a debt instrument;
  2. Provisions for security, interest payments, and a fixed payment date;
  3. Whether or not repayments of the loan were made;
  4. The taxpayer’s ability to repay the loan;
  5. The borrower’s receipt of compensation; and
  6. The testimony of the taxpayer.[1]


Each of these elements is instructive for the practitioner.


First, the existence of a written instrument memorializing the loan is fundamental evidentiary element.  The terms of such an instrument should be both arms-length and established contemporaneously with the loan. [2]


Second, as with the first test, the ordinary elements of a business loan include the responsibility of the lender to secure repayment and a fixed (or fixable) maturity date for the loan. Indeed, the absence of a due date for payment renders the transaction little more than a transfer of cash.[3]


Evidence of the borrower’s ability to repay and, indeed, a history of repayment of the debt stand to corroborate the intent of the parties to the transaction to have made a loan, rather than a taxable transfer of funds.[4]


In circumstances where the putative borrower is an employee of a corporate entity that stands as lender, the taxpayer’s burden of demonstrating that bank deposits were non-taxable loans, rather than compensation for services, is particularly fraught. Where a taxpayer sits, in effect, on both sides of a transaction, it is harder to sustain that burden. In such a case, and absent sufficient evidence to overcome the presumption that the bank deposits represent taxable income, the court will presume payments received by an employee are taxable compensation.[5]


[1] See, Friedrich v. Commissioner, 925 F.2d 180, 182 (7th Cir. 1991) (affirming 52 T.C. Memo 1132 (July 31, 1989)); Matter of Uneco, Inc., 532 F.2d 1204, 1208 (8th Cir. 1976); In the Matter of Indian Lake Estates, Inc., 448 F.2d 574, 578-79 (5th Cir. 1971); Haber v. Commissioner, 52 T.C. 255 (1969), aff’d 422 F.2d 198 (5th Cir. 1970).

[2] See, Todd. V. Commissioner, 2011 T.C. Memo 123 (June 6, 2011) (a six month delay from the time of disbursement of the funds to the time of the execution of the promissory note, coupled with the failure of the parties to abide by the terms of the note rendered the promissory note of “little weight” in the view of the court).

[3] Not incidentally, under §3-108 of the Uniform Commercial Code, the absence of either a due date or provision that a debt instrument is payable on demand renders it non-negotiable, and, thereby, limits its value as an asset on the books of the lender.

[4] See, e,g, Fisher v. Commissioner, 54 T.C. 905, 911 (April 29, 1970) (“We think the conclusion is inescapable that there was no reasonable expectation, at the time the amounts in question were withdrawn from the corporation, that they would be repaid. Under all the circumstances it is our conclusion that there was no bona fide intention on the part of either the petitioner or the corporation that the amounts in question should be repaid. It should be added that, insofar as the record shows, no part of the withdrawals has been repaid and that, although the demand notes called for the payment of interest, no interest has ever been paid.”)

[5] See, Beaver v. Commissioner, 55 T.C. 85, 91 (October 20, 1970); Nath v. Commissioner, 2023 T.C. Memo 22 (February 27, 2023).

Finally, the courts receive self serving testimony from the taxpayer as to the taxpayer’s intent to treat the money received as a loan with due circumspection. In the same way, the taxpayer’s failure to introduce available witness testimony that would be expected to rebut the presumption of taxability is treated as, effectively, a concession that such witness would testify unfavorably to the taxpayer. [1]


In summary, once the IRS has determined that a taxpayer’s documentation is insufficient and elects to use bank records to establish income, the taxpayer’s burden in overcoming the resulting presumption that all of the deposits in the bank represent taxable income requires considerably more than the taxpayer’s mere assertion of the character of the deposited amounts.


Reliable, arm’s length documentation, that includes the ordinary components of debt instruments such as their contemporaneity with the distribution of the proceeds, maturity date, stated interest, and a repayment schedule is maxime res magni momentiare to courts evaluating the intent of the parties to treat the subject transaction as a loan. In addition, the credit environment, including the apparent ability of the ostensible borrower to repay the loan as agreed and the security given for the loan, actual repayment performance, and how well the facts and circumstances overcome a court’s inference that an employee of the lender likely received the money as a dividend or compensation, are all parts of the landscape that a practitioner advising someone operating a business that may lend its shareholders or employees money must consider.



[1] See, Friedrich, 185 F2d. at 185.

SEC Proposes Two New Cybersecurity Regulations

What You Need to Know


Summary of New Proposed Rule 10


Proposed Rule 10 would require all Market Entities (everyone but small broker-dealers) – referred to in the Rule as Covered Entities – to adopt written policies and procedures to address cybersecurity risks.  These written policies and procedures must include the following:

  • Periodic assessments of cybersecurity risks associated with the Covered Entity’s information systems and written documentation of the risk assessments;
  • Controls designed to minimize user-related risks and prevent unauthorized access to the Covered Entity’s information systems;
  • Measures designed to monitor the Covered Entity’s information systems and protect the Covered Entity’s information from unauthorized access or use, and oversee service providers that receive, maintain, or process information or are otherwise permitted to access the Covered Entity’s information systems;
  • Measures to detect, mitigate, and remediate any cybersecurity threats and vulnerabilities with respect to the Covered Entity’s information systems; and
  • Measures to detect, respond to, and recover from a cybersecurity incident and procedures to create written documentation of any cybersecurity incident and the response to and recovery from the incident.[1]

Proposed Rule 10 would also require immediate written electronic notice of a significant cybersecurity incident to the SEC and the filing of a new form SCIR.  The SCIR form would gather information about the significant cybersecurity incident and the Covered Entity’s efforts to respond to and recover from the incident.

Finally, the proposal would require Covered Entities to publicly disclose summary descriptions of their cybersecurity risks and the significant cybersecurity incidents they experienced during the current or previous calendar year on Part II of proposed Form SCIR. A Covered Entity would need to file the form with the SEC and post it on its website. Covered Entities that are carrying or introducing broker-dealers would also need to provide the form to customers at account opening, when information on the form is updated, and annually.

Summary of Proposed Amendments to Regulation S-P

The second proposed rule would amend Regulation S-P covering almost all Market Entities to create additional protections for customer information and create a federal minimum standard for data breach regulations.  The proposed amendments would require covered institutions to adopt an incident response program as part of their written policies and procedures under the safeguards rule. The proposal would require an incident response program to be reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information, include procedures to assess the nature and scope of any such incident, and contain and control such incidents. The proposal would also apply certain requirements related to incident response to covered institutions’ relationships with third-party service providers.

The proposed amendments would require covered institutions to notify affected individuals whose sensitive customer information was or is reasonably likely to have been accessed or used without authorization. The proposal would require a covered institution to provide the notice as soon as practicable, but not later than 30 days after a covered institution becomes aware that unauthorized access to or use of customer information has occurred or is reasonably likely to have occurred. A covered institution would not need to provide the notification if the covered institution determines that the sensitive customer information was not actually and is not reasonably likely to be used in a manner that would result in substantial harm or inconvenience.

Additionally, the proposed amendments would enhance customer notification by:

  • Expanding the safeguards and disposal rules to cover “customer information,” a new defined term referring to a record containing “nonpublic personal information,” a term already in use for other components of Regulation S-P, about a customer of a financial institution. The proposed amendments would therefore apply both rules to both nonpublic personal information that a covered institution collects about its own customers and nonpublic personal information it receives from a third-party financial institution about customers of that financial institution;
  • Requiring covered institutions to make and maintain written records documenting compliance with the requirements of the safeguards rule and disposal rule;
  • Conforming Regulation S-P’s annual privacy notice delivery provisions to the terms of an exception added by the 2015 Fixing America’s Surface Transportation Act, which would provide that covered institutions are not required to deliver an annual privacy notice if certain conditions are satisfied; and
  • Extending the safeguards rule to transfer agents registered with the Commission or another appropriate regulatory agency. In addition, the proposed amendments would extend the disposal rule from covering only transfer agents registered with the Commission to also transfer agents registered with another appropriate regulatory agency.

What You Need to Know Right Now


First – the proposed cybersecurity regulations are not yet final.  Market Entities have the opportunity to comment on the proposals.  This is a chance for Market Entities to influence the future of cybersecurity in the industry.  Some of the concerns raised by the SEC include conflict with state data breach laws.  Mark T. Uyeda, an SEC Commissioner, noted:


“lack of an integrated regulatory structure may even weaken cybersecurity protection by diverting attention to satisfy multiple overlapping regulatory regimes rather than focusing on the real threat of cyber intrusions and other malfeasance.”


These are just a few of the many topics that the SEC has opened for comments.  Numerous other issues exist.  The attorneys at Pastore LLC are highly skilled in both the financial sector and cybersecurity.  Pastore LLC can help you draft and file comments before the proposals become final.  Comments are due 60 days after the proposed rules appear in the Federal Register, which is expected to occur in the next 4 weeks.


Second – it is inevitable that some form of cybersecurity enhancement rules will be enacted in the near future.  Now is the time to start planning compliance.  The attorneys at Pastore LLC can assist you in formatting written policies and procedures.  Pastore LLC attorneys are creative and understand the overall data privacy, data breach and cybersecurity landscape.  Pastore LLC attorneys can work with internal compliance and legal departments to develop the best plan for a Market Entity’s needs.


Don’t wait!  Change is coming and Market Entities need to plan for the future regulations now.  Pastore LLC can help.

[1] Fact Sheet – Addressing Cybersecurity Risk to the U.S. Securities Markets.