If your accounts payable department wants a motto, it might go with Semper Vigilo — "always vigilant." Threats to businesses abound and given that accounts payable issues payments, it is a prime target for criminal perpetrators of all kinds. In addition to prevention of myriad fraud schemes, AP must also ensure information protection as well as avoid unwitting payments to sanctioned entities. This, of course, involves compliance with the U.S. Treasury Department’s Office of Foreign Asset Control (OFAC). OFAC keeps track of and enforces U.S. sanctions on countries, entities, and persons — including drug traffickers, WMD dealers, dirty diamond traders, organized crime syndicates and, of course, terrorist organizations. Sanctions aim to enforce U.S. policy, prevent criminal activity and combat terrorism. (It’s a real thing — see one shared services director’s story in Avoiding the Men in Black.) You’re familiar. And you’re compliant, right? Or do you just think you are? How are you managing your compliance? It’s not enough to run your list against OFAC’s SDN list once in a while, or even (you thought of this) to check your new vendors against the list. Of course, you are adding new vendors all the time. Those need to be checked and you’re doing...

29 January, 2018

Details of Vendor Information Collection and Validation As she crossed the company parking lot early one morning, the director of shared services saw them. Men in black. Two of them. As she neared the building entrance, they approached and addressed her by name. She was afraid this day would come, and it finally had. They flashed their federal credentials, and she welcomed them up to her office. They were there to talk about a payment she had authorized. As it turned out, the payee was on a sanctions list of the Office of Foreign Assets Control (OFAC) of the U.S. Treasury Department, and the SSC director and her company were in trouble. This really happened. So maybe you’ve heard of OFAC’s sanctions lists? The U.S. government has lists of individuals, organizations, and countries with whom it is illegal to do business, including narcotics traffickers, diamond smugglers, rogue regimes, terrorist organizations, et cetera. Various lists are aggregated and published, and transactions monitored by OFAC. If you run afoul of the list, it’s going to cost you. Banks, in their compliance, effectively screen payments for the government. They’ll find out if you slip. So what are you doing about it? Are you screening your supplier...

30 November, 2017

Errors in vendor information increase both cost and risk. True Story How many times have you received a donation request for a worthy cause or the needy? In most cases the donation seeker is a legitimate organization, but fraud is not uncommon. In one actual instance, many companies received a letter, purporting to be from the Red Cross, requesting a donation due to natural disasters that had left the organization unable to provide support and rescue. In many companies this request was approved by an in-house manager, a general ledger code was provided and a donation check was issued and mailed. As it turned out, hundreds of thousands of dollars from well-intentioned companies went to a doctor who had set up post office boxes all over the country to commit this fraud. It took the FBI a long time to catch up with him because he would close the post office boxes in 30 days and move elsewhere. How did so many companies manage to fall for this fraud? [unordered_list style="circle"] Error number 1: No one questioned the validity of the request from what appeared to be the Red Cross; Error number 2: The address was never verified. [/unordered_list] Checking the U.S. Postal Service address verification database or...

29 August, 2017

The Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals, threats to national security, foreign policy or the economy of the United States. Many of the sanctions are based on United Nations and other international mandates, are multilateral in scope and involve close cooperation with allied governments. Sanctioned organizations, companies and individuals are listed on the Specially Designated Nationals and Blocked Persons (SDN) list and many other lists. Often companies and non-profit organizations are not aware that they are breaking laws by doing business with people or organizations on these lists and don’t check their vendors against them. As a result, many companies and non-profits, large and small, are fined for inadvertently transacting business with U.S. sanctioned organizations. Companies slapped with steep fines — many in the hundreds of thousands of dollars and even multi-million-dollar range — usually had no idea that their supplier was on one of these lists. According to the Treasury Department’s website, in 2017 OFAC levied $2 million in fines against ExxonMobil Corporation for violations of § 589.201 of the Ukraine-Related Sanctions Regulations, 31 C.F.R. part 589 (Ukraine-Related Sanctions Regulations). According...

29 August, 2017

The time to start thinking about compliance with federal regulations, such as Information Reporting (1099s) and checking vendors against databases, such as the Office of Foreign Assets Control (OFAC), Specially Designated Nationals (SDN) and other sanctions lists, is before the vendor has provided a product or service, not once the invoice has been received and is being paid by accounts payable. In reality, how many organizations verify that an organization is not on sanctions lists before purchasing a product or service from them? How many companies consistently require a signed W-8 or W-9 before doing business with a vendor? In many cases the onboarding of a new vendor begins when an invoice is delivered to accounts payable. Most companies have a policy that they will not pay an invoice without a W-8 or W-9 on file because they know how much easier it is to get these documents when withholding payment than it is after payment is made. But, at this point the product has been purchased or the service provided. According to the OFAC site, its regulation states that if a person or entity is on the OFAC list, U.S. organizations or persons may not do business with that company. It does...

29 August, 2017

InvoiceInfo invited readers to share their thoughts on who should be responsible for onboarding new vendors and ensuring compliance with federal and state regulations. Following are some suggestions received: “I believe onboarding should be done at the purchasing level. The purchasing party always knows ahead what contracts are coming down the pipe. They know prior to even an invitation to bid goes out. I have been trying to get our purchasing department to have vendors sign a new W-9 at the time the contract is awarded, as part of their contract package they must review and sign — PRIOR to work commencing — I haven’t been that successful, but some buyers remember to do so.” —Jane Swanson, Orange County Transportation Authority   “Our process is a centralized vendor master with a dedicated staff member having ownership. This works extremely well for us as that person has the responsibility for onboarding and is accountable for accurately maintaining the database. They take pride in making sure all documents are correct and good. We have a Vendor onboarding packet that is sent to all new vendors with a note stating they will not be paid until they complete and return the documents. Our packet includes a W-9,...

29 August, 2017

By Carol Kassem, IRSCompliance, Inc. Onboarding a new vendor is typically a pretty easy process. You request the name and address of the vendor, Social Security Number (SSN) or Employer Identification Number (EIN) and you are done. But not so quick! The way in which you request certain information about a vendor may not be compliant with IRS requirements. The most important part to the onboarding process is to correctly identify the vendor. Is this a U.S. person or a foreign person? What information do you need to request? How do you make that determination? IRS requires that you solicit specific documentation from any new vendor to properly confirm the identity of the person or entity to whom you are going to make payments. Proper documentation includes IRS Forms W-9, W-8, or 8233. The Form that you solicit will be dependent on the initial information that you have about a vendor — name, U.S. or foreign address, as well as the type of payment that you will be making. Based on this information that you have, you must solicit the Form that is most appropriate for this new vendor. Given that the information that you have solicited will be used to issue...

29 August, 2017