Why Your Accounts Payable Team Needs a Strategy for Vendor Compliance

Before paying the bills, Accounts Payable departments are tasked with managing vendor entry into the accounting system. Even after initial entry, AP teams have to maintain critical information throughout the lifecycle of every vendor.

Compliance is an important aspect of managing vendors effectively, but is often overlooked or not fully completed. This can lead to unwanted consequences for your organization. 

In my 20+ years of leading AP departments across a multitude of industries, I’ve learned how important vendor compliance truly is. I want to make sure your Accounts Payable team knows what’s at stake if it’s neglected.

What is Vendor Compliance?

As a business, you’re responsible for knowing who your vendors are and for maintaining compliance with not only IRS requirements, but all United States and local government rules and regulations.

Implementing a good vendor compliance strategy means your AP team has to be aware of those rules and regulations, and have the processes and procedures in place to collect the necessary information.

This will help you:

• Create and maintain accurate vendor records
• Set up requirements for all vendors your company deals with
• Resolve issues effectively and promptly if they arise

What are the requirements?

1099s and TIN Matching

The IRS requires that you file a 1099 form for each person you have paid during the year based on thresholds set by the type of payment: things like rent, medical services, and most commonly, non-employee compensation.

It’s critical that you report each payment in the proper box because the IRS uses this information to determine whether the recipient has properly reported the payment. You must also make sure to report this information using the correct name and taxpayer identification number (TIN), so it matches the IRS’s database.

OFAC Screening

The United States Department of Treasury’s Office of Foreign Assets Control also has requirements. They maintain a list of individuals and businesses that are sanctioned by the US government.  Sanctions can include anything from economic restrictions to a full ban.  If you do business with someone or some entity that’s on the OFAC list, you could face heavy fines, and in rare cases, criminal penalties.

Who Should Complete TIN Matching?

The answer is simple – every organization issuing payments to persons or entities in the United States, or for services done by a foreign persons/entity in the United States, must have accurate TIN records. As mentioned above, the IRS requires a TIN for all tax filings that your AP department may have to complete. It’s not optional, or an “if you would like to,” - it’s a requirement, and one the IRS will heavily fine you for if you’re non-compliant. 

Each year AP teams across the country prepare their review of suppliers that will require a 1099, only to find inaccurate or missing TINs. Why? Because completing a TIN match or verification was not part of your vendor master management process

Instead, take this simple additional step to save hours on the backend trying to obtain updated W9 forms, complete TIN matching, and meet the deadlines for 1099 filings.

When I say “simple,” the act of entering the data into the IRS TIN matching portal is just that; however, setting up the initial account with the IRS can be challenging, and if the person who set up access leaves your company, the process may need to be done all over again.

But don’t let that deter you! Completing a TIN Match is the most effective way to prevent inaccurate tax filings, erroneous vendor management files, B-Notices, other tax compliance issues, and the fines that come along with them.

I can confidently say from experience that TIN matching/validation is a task every organization should complete as part of their vendor management process. 

Who Needs to Comply with OFAC?

I feel like a broken record – because again, the answer is every organization!

According to the US Treasury, “all U.S. persons must comply with OFAC regulations, including all U.S. citizens and permanent resident aliens regardless of where they are located, all persons and entities within the United States, and all U.S. incorporated entities and their foreign branches.” I think that covers everyone.

You might be saying to yourself “I’ve never even heard of this OFAC, it cannot be that important...” but I guarantee you it is. Some say OFAC is one of the best-kept secrets of the US government! If you ignore this requirement, the penalties can be astronomical – and even if you do comply, you may still incur fines. However, demonstrating “reasonable cause” can often reduce those fines significantly.

What is “reasonable cause?”

Unfortunately, reasonable cause is not specifically defined by the US Dept of Treasury, but both the IRS and OFAC have described the reasonable cause as providing proof that actions were taken to prevent any non-compliant act. Examples include:

• Proof of a successful OFAC check or TIN match
• Steps the organization has taken to obtain correct information going forward
• The organization’s plan for improving accuracy in vendor management

But it’s far better to validate correctly on the front end. Complete an OFAC check before ever engaging in business with a vendor, and if you cannot do it then, it needs to be done before issuing the first payment.

What’s at risk if we don’t?

Fines, fines, more fines – perhaps civil penalties, or the complete closure of your business in rare cases. No matter what, it’s not worth the risk – especially because it’s easy to the validate TINs and OFAC status. Putting a process in place will minimize the risk.

How much can you be fined?

The IRS updates its fines annually. Currently, the fines start at $50 and go well over $250 per incorrect, late, or missing 1099. While this may not seem like a lot, the IRS is not known for flexibility in the abatement of penalties, and they will allow payment plans when needed.

In addition to fines, the IRS also issues a CP2100A notice to your organization annually with all payee errors on your prior tax year 1099 reporting. This notice must be handled within 15 business days of the date on the notice, and requires you to:

1. Send a B-Notice to all payees on the notice
2. Send a W9 request with the B-Notice
3. Start backup withholding within 30 business days of the date of the notice

All of this can be avoided by completing a TIN match on the front end of vendor setup to ensure you are accurately reporting 1099 filings.

OFAC penalties are far more excessive than IRS fines for TIN matching, which is why you need to ensure this validation is part of your vendor master setup. OFAC penalties can be as much as $250,000 per violation for non-egregious cases; however, if you do not self-disclose a finding of engagement with a party on the sanctions list, and it’s considered egregious, you’ll find yourself paying the statutory maximum. In 2022 alone, there was a company that settled in April for $6.1m in penalties.

Final Thoughts

Why should you buy into a new process that will undoubtedly result in change management effort, aggravating people in your organization because they have to “add steps” and “we’ve always done it this way?”

It’s simple – now you know that these requirements exist, and what you risk by ignoring them. The penalties for both are even higher when the noncompliance is based on intentional disregard. Don’t risk the health of your organization or your reputation!