managing the vendor master file to stay in compliance session 7

Managing the Vendor Master File to Stay in Compliance

Session 7

Copyright 2010 IOMA

Permission to use granted to Financial Operations Networks LLC Casher Associates, Inc.

About the SpeakerJon CasherPresident, Casher Associates, Inc.Senior Consultant, [email protected]

Casher Associates, Inc.

Jon Casher is the President of Casher Associates, Inc. which specializes in project management, process management and information technology consulting. He is also a Senior Consultant for IOMA. Jon has worked with hundreds of organizations in the public and private sectors providing guidance and assistance on a broad range of accounts payable and procure-to-pay topics. He an instructor and a subject matter expert for the IOMA/TAPN Certification program.

Jon is one of the most respected consultants and original thinkers in procure-to-pay operations and technology. Jon has more than 30 years of experience in managing the design, development and deployment of computer-based financial systems. He has personally consulted with more than 100 of the world’s leading financial institutions and financial information service providers, as well as with several of the world’s largest management consulting and accounting firms and many large public and private colleges and universities. He has written two books, over 50 articles and teaches/presents at more than 30 conferences, web casts, and audio conferences each year.

Jon has a B.S. from Cornell University where his major was Operations Research, an S.M. in Management from M.I.T.’s Sloan School of Management, and has completed course work towards a Ph.D. in Management from M.I.T.’s Sloan School of Management.

Copyright 2010 IOMA


Agenda

• The importance of Vendor Management

• Types of laws and regulations that impact what is or should be in your vendor master file

• Some US Federal Laws, Regulations, and Resources

• Some State and Local Laws, Rules and Regulations

• Some International Laws, Rules, Regulations and Issues

• How to assess what’s in your vendor master file and get it into compliance

Copyright 2010 IOMA


The Importance of Vendor Management• Your vendor master file is the key control within AP

• Other than investments, 30-70% of all funds that flow out of non-financial institutions go out through AP

• AP should control additions and changes to the vendor master file― Purchasing typically does not deal with many types of

payees such as taxing authorities, donations, customer refunds, employee expense reimbursements, legal fees, royalties, garnishments

Copyright 2010 IOMA


The Regulation Decade• More laws and regulations are being passed by all levels of

government― Federal― State― Local― International

• Drivers and Catalysts― Unethical Behavior― Terrorism― Revenue Enhancement

• Barriers to Compliance― Lack of Awareness― Technical limitations of most ERP and Financial

Accounting software

Copyright 2010 IOMA


Some Federal Laws, Regulations and Resources

Copyright 2010 IOMA


1099 Reporting for Payment Cards• Regulation applies to transactions made on or

after 1/1/2011― You will not have to file 1099s― For many companies, p-cards will become a primary

method for payment― Many card issuers are coming out with new and expanded

products including single use and cardless accounts― Card issuers will have to file 1099Ks

• Implications for your Vendor Management― Encourage vendors to receive payment via card― Flag/deactivate vendors with card as the payment method

Copyright 2010 IOMA


1099s for Non-card Transactions• Patient Protection and Affordable Care Act (PPACA) and

Health Care and Education Reconciliation Act of 2010 changes 1099 Reporting effective 1/1/2012― Many more 1099s will have to be filed― IRS is requesting public input on expanded information reporting

requirements by 9/29/2010• http://www.irs.gov/pub/irs-drop/n-10-51.pdf

― Bill now in the U.S. House may nullify the changes― Bill now in the U.S. Senate may increase the $600 cutoff

to $5,000

• Implications for your Vendor Management― Require substitute W9s or W8s for all new vendors― Plan now for getting substitute W9s or W8s for existing vendors― Make sure your software will handle new withholding rate

Copyright 2010 IOMA


Non-Resident Alien Transactions• W8 Solicitation and1042-S Reporting

― For services provided by Non-Resident Aliens in U.S.― See IRS Publication 515― Goods purchased from foreign vendors are still exempt

from 1042-S reporting

• Implications for your Vendor Management― Require appropriate W8 (usually W8-BEN) for all new

foreign vendors even those who only provide goods― Plan now for getting appropriate W8 (usually W8-BEN) for

existing foreign vendors

Copyright 2010 IOMA


Foreign Account Tax Compliance Act of 2009 (FATCA)

• Changes the withholding and reporting requirements for payments to non-U.S. recipients above and beyond 1042-S reporting for NRAs― Purpose is to identify US persons who may be “hidden” behind

foreign financial institutions or foreign entities― Imposes 30% tax on all payments of U.S. source

income unless the foreign entity meets complex certification requirements

― Takes effect after 2012

• Implications for your Vendor Management― Make sure that appropriate withholding and reporting can be

performed by your software― Make sure that relevant vendors are flagged when they are setup

Copyright 2010 IOMA


U.S. Department of Treasury — Office of Foreign Assets Control (OFAC)

• Various entities were in existence until 1950

• The U.S. Treasury Division of Foreign Assets Control was established in December 1950

• On October 15, 1962, the Division of Foreign Assets Control became the Office of Foreign Assets Control

• OFAC has been in place for over 50 years!

• OFAC is an agency of the United States Department of the Treasury under the auspices of the Under Secretary of the Treasury for Terrorism and Financial Intelligence

Copyright 2010 IOMA


U.S. Department of State — Foreign Terrorist Organizations (FTO)

• “The Secretary of State designates Foreign Terrorist Organizations (FTO's), in consultation with the Attorney General and the Secretary of the Treasury. These designations are undertaken pursuant to the Immigration and Nationality Act, as amended by the Antiterrorism and Effective Death Penalty Act of 1996.”

• For several years, the FTO list has been part of the OFAC list

• Other Federal Agencies have their own lists not integrated into the OFAC list

Copyright 2010 IOMA


OFAC and FTO

• Related Laws and Regulations ― Trading With The Enemy Act - TWEA― Immigration & Nationality Act of 1952 amended by

Antiterrorism & Effective Death Penalty Act of 1996― Int’l Emergency Economic Powers Act of 1977― Export Administration Act of 1979― Arms Export Control Act of 1994― Uniting and Strengthening America by Providing

Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 amended in 2006

― Int’l Emergency Economic Powers Enhancement Act of 2007

― Comprehensive Iran Sanctions, Accountability, & Divestment Act of 2010

Copyright 2010 IOMA


OFAC and FTO (Cont’d.)

• Sample OFAC List Entities― www.treas.gov/offices/enforcement/ofac/sdn/ctrylst.txt

• GOODWILL CHARITABLE ORGANIZATION, INC. f.k.a. EDUCATIONAL DEVELOPMENT ASSOCIATION), PO Box 1794 , Dearborn, MI 48126;13106 Warren Ave. Suite #4, Dearborn, MI 48126

• GRANADA ASSOCIATES, INC., 780 NW Le Jeune Road, Suite 516, Miami, FL 33126; 780 NW 42nd Avenue, Suite 516, Miami, FL 33126; 9100 South Dadeland Boulevard,Suite 912, Miami, FL 33156

• GREAT WALL AEROSPACE, INC. (a.k.a. G.W. AEROSPACE, INC.), 21515 Hawthorne Blvd., Suite 670, Torrance, CA 90503

• GULF MOTOR SALES INC. (a.k.a. CONTINUE PROFESSIONAL EDUCATION INC.), 811 S. Central Expwy, Ste 210, Richardson, TX 75080

Copyright 2010 IOMA


OFAC and FTO (Cont’d.)

• Implications for Vendor Management― Goods and Services may not be acquired from certain

persons or organizations― Funds can not be disbursed to Specially Designated

Nationals and Blocked Persons (SDN)― Vendors should be checked against the US Treasury OFAC

SDN list on a regular basis• SDN list includes the U.S. Department of State FTO list• Recent surveys indicate about 10% of AP Departments are aware of

OFAC and 2% are in compliance• Best practice

– Check before each contract or PO is issued– Check before each invoice is posted– Check before each disbursement is made

Copyright 2010 IOMA


U.S. Department of Justice — Foreign Corrupt Practices Act of 1977 (FCPA)• Revised in 1988

• Enforces accounting transparency requirements under the Securities Exchange Act of 1934 and bribery of foreign officials

• Applies to U.S. companies and foreign companies with U.S. subsidiaries

• Fines are often in the millions of dollars

• From 2006 through 2009, there were 58 FCPA prosecutions, more than from 1977–2005― In 2008, fines and penalties were $890 million― In 2009, fines and penalties were $641 million― So far in 2010, fines and penalties over $1 billion, over 20

indictments, over 120 companies currently being investigated

Copyright 2010 IOMA


U.S. Department of Justice — Foreign Corrupt Practices Act of 1977 (FCPA) (Cont’d.)

• Implications for Vendor Management― Know your vendors― Perform vendor verification before setting up vendors

Copyright 2010 IOMA


Health Insurance Portability and Accountability Act of 1996 (HIPAA)

• Part of this act deals with privacy of medical records

• However, can impact AP if medical payments are processed through AP― Pre-employment physical exams― Drug testing― Other: especially companies that self-insure

• Implications for Vendor Management― Flag relevant vendors who provide such services and

restrict access to what information can be viewed

Copyright 2010 IOMA


Gramm Leach Bliley Act of 1999 (GLB)• Restricts disclosure of non-public personal information

• Aimed mainly to protect individuals who are customers of financial institutions

• However, can impact AP if customer refunds or garnishments are processed through AP

• Implications for Vendor Management― Flag relevant vendors and restrict access to what information

can be viewed and issue privacy notices to them

Copyright 2010 IOMA


Sarbanes-Oxley Act of 2002 (SOX)• Law passed in response to accounting scandals

• Applies to public companies in U.S.

• Five main areas― Auditor independence― Corporate responsibility― Improved financial disclosure― Analyst conflict of interest― Accountability for corporate fraud

• Section 404 applies to AP

• Penalties for knowingly defrauding shareholders include fines and up to 25 years in jail

Copyright 2010 IOMA


Sarbanes-Oxley Act of 2002 (SOX) (Cont’d.)

• Implications for Vendor Management― Verify that payments to company’s audit firm are solely for

audits and not for other services• Flag all vendors that are your company’s audit firm(s)

― Increase scrutiny on payments to officers and directors• Flag all vendors that are your officers and directors and their

affiliated companies

Copyright 2010 IOMA


Tax Increase Prevention and Reconciliation Act of 2005 (TIPRA)

• Applies to federal, state and local governments with expenditures of $100 million or more

• Section 511 requires withholding 3% of payments for goods and services made to government contractors after December 31, 2010― Modified to change the effective date to after December 31, 2011

• Implications for Vendor Management― Make sure that appropriate withholding and reporting can be

performed by your software― Make sure that relevant vendors are flagged when they are setup

• Preferably before contracts are signed and/or purchase orders are issued

Copyright 2010 IOMA


Some Other Rules and Regulations• Federal Contractors typically have to collect and

report information about programs and expenditures associated with Minority, Women Owned and Small Businesses

• Implications for Vendor Management― Collect appropriate information from new vendors on

substitute W9s and put into your Vendor Master File― Make sure that appropriate reporting can be performed by

your software

Copyright 2010 IOMA


U.S. General Services Administration Excluded Party List System (EPLS)

• EPLS is a database of entities barred from doing business with the federal government

• Federal contracting officials are required to contract with responsible bidders only and are required to check EPLS before awarding contracts

• Entities are added to an agency’s list of excluded parties due to a dispute

• In 2006, EPLS was extended to incorporate data from the OFAC and BIS lists

• In 2007, access to EPLS was extended to the public

• Frequent changes are made to EPLS with many temporary debarments

• Government contractors should check EPLS to ensure that subcontractors are not on it

Copyright 2010 IOMA


www.epls.gov

Copyright 2010 IOMA


Why use EPLS instead of OFAC for Denied and Debarred Party Search

• EPLS has built in search capabilities― Advanced Search allows for partial matching or

exact matching

• You may not want to do business with entities that the Federal government has blocked even if they are not on the OFAC or BIS lists― EPLS includes data from 109 Federal Agencies and/or lists― Over 100 different causes and action to be taken (treatment) are

spelled out

• Annoying aspects of EPLS― EPLS uses codes for agencies, actions, etc.― EPLS uses a non-standard list of country codes

Copyright 2010 IOMA


EPLS (Cont’d)

• “EPLS lists individuals and companies excluded from receiving and participating in federal contracts, subcontracts and prohibited from receiving benefits under certain federal programs.

• The debarment and suspension process protects the government from doing business with individuals and companies that have demonstrated poor performance, waste, fraud, violations, abuse, or have been identified as terrorists, drug traffickers, or those engaged in the sale of illegal weapons.”

Copyright 2010 IOMA


EPLS (Cont’d)

• “Federal contracting officials are required to contract with responsible bidders only and further requires contracting officials to check EPLS before making contract award.

• EPLS is the system designated and designed to assist contracting officers in performing verification and eligibility checks to ensure an award or assistance benefit is not made to an excluded or ineligible party.”

Copyright 2010 IOMA


Not all Excluded Parties should be blocked by you• Entities are added to an agency’s list of excluded

parties due to a dispute. They will then appear on EPLS.

• In late March 2008, the U.S. Environmental Protection Agency blocked IBM. ― No Federal Agency could legally enter into any new

business with IBM.― It is unlikely that the ban would or should affect your

dealings with IBM.― On April 4, 2008, the ban was lifted.

Copyright 2010 IOMA


Some State and Local Laws, Regulations and Issues

Copyright 2010 IOMA


Escheatment

• Escheatment (Abandoned Property)― States are becoming more aggressive― Many are using “bounty” hunters― Except for customer refunds, most uncashed checks issued

by AP should not have to be escheated

• Implications for your Vendor Management― Make sure vendor addresses are complete and correct

• When vendor or address is set up • When mail is returned as non-deliverable• When a vendor requests that a check be reissued

― Convert vendors so they are paid via ACH or payment card

Copyright 2010 IOMA


Sales and Use Tax• Sales and Use Tax

― Many states, counties and municipalities have increased tax rates as well as added taxes on new classes of expenditures

― Vendors with “nexus” in the state where goods are being placed in service, should be collecting sales tax

― Contrary to what many people believe, purchases made over the internet are taxable• If sales tax is not charged by the seller, the buyer is responsible for

remitting use tax• New York and North Carolina are currently involved in law suits to require

internet sellers to collect and remit sales tax

• Implications for your Vendor Management― Flag vendors whose transactions are subject to sales/use tax

or exempt

Copyright 2010 IOMA


State Withholding

• Many struggling with revenue shortfalls― States are beginning to require withholding especially

from out-of-state vendors

• Implications for your Vendor Management― Get detailed information on relevant state

reporting requirements― Make sure that appropriate withholding and reporting can

be performed by your software― Make sure that relevant vendors are flagged when they

are setup• Preferably before contracts are signed and/or purchase

orders are issued

Copyright 2010 IOMA


Permits, Licenses, Filing Fees, etc.• More states, municipalities and counties are requiring

special permits, licenses and/or filing fees

• Implications for your Vendor Management― If your software supports multiple addresses for vendors,

set up one master vendor for each state, county and municipality that you deal with and have separate addresses for each department, bureau, agency, etc.

Copyright 2010 IOMA


Deadbeat Parent Reporting

• States that have reporting requirementsAlabama Alaska

California Connecticut

Guam Iowa

Maine Massachusetts

Minnesota (required for state and local governments)

Mississippi

Nevada New Hampshire

New Jersey Ohio

Tennessee

Copyright 2010 IOMA


Deadbeat Parent Reporting (Cont’d.)

• Requirements vary by State― Most have rules for “New Contractors” similar to rules for “New

Employees”

• Multi-state employers are subject to the rules of their reporting state

• Some States reporting requirements are onerous― e.g. California 542 Independent Contractor Reporting (a/k/a Dead Beat

Parents) since 1/1/2001• Report First Name, Last Name, SSN and other specific items for any independent

contractor within 20 calendar days of signing a contract or PO for >= $600 or disbursing >= $600.

• U.S. Department of Health & Human Service Office of Child Support Enforcement― Web site has links to various states and tribal sites

Copyright 2010 IOMA


Deadbeat Parent Reporting (Cont’d.)

• Implications for your Vendor Management― Get detailed information on relevant state

reporting requirements― Make sure that appropriate reporting can be performed

by your software― Make sure that relevant vendors are flagged when they

are setup• Preferably before contracts are signed and/or purchase orders

are issued

Copyright 2010 IOMA


Individual States are Passing Laws That May Impact Your Company

• It is virtually impossible to keep up with new requirements—but you must try― Coordinate regularly with your legal department and

associations for your company’s industry

• Software packages typically do not have needed functionality

Copyright 2010 IOMA


Vermont Pharmaceutical Marketing Disclosure Law• Initially effective 2002

• Requires reporting of payments of $25 or more to physicians, hospitals, nursing homes, pharmacists, health benefit plan administrators, or any other persons in Vermont authorized to prescribe, dispense, or purchase prescription drugs in Vermont.

• Effective July 1, 2009― Bans certain gifts and requires registration and

financial disclosure― Requires payment of a $500 annual fee― Civil penalties of up to $10,000 per violation

Copyright 2010 IOMA


Massachusetts Cost Containment, Transparency and Efficiency Act• Effective 7/1/2009 with first reporting due 7/1/2010

• Bans pharmaceutical and medical device companies from providing gifts to physicians

• Limits when pharmaceutical and medical device manufacturers can pay for doctors' meals

• Requires pharmaceutical and medical device manufacturers to publicly disclose payments to doctors over $50 for certain types of consulting and speaking engagements

• Any company doing business in Massachusetts must comply with the regulations whether or not the physician practices in Massachusetts

Copyright 2010 IOMA


Massachusetts Standards for the Protection of Personal Information

• Effective March 1, 2010, 201 CMR 17.00 establishes minimum standards for safeguarding of personal information contained in both paper and electronic records by “persons” who own, license, receive, store, process or have access to personal information about a resident of the Commonwealth of Massachusetts.― “Persons” refers to individuals, corporations, associations or

other legal entities except for any part of Massachusetts state or local government!

― www.mass.gov/Eoca/docs/idtheft/compliance_checklist.pdf

• Implications for Vendor Management― Be careful who has access to such data!

Copyright 2010 IOMA


Canada• Independent Contractor Reporting

― T4A similar to U,S. 1099-MISC― In most instances, amounts over $500 must be reported for

independent contractors

• Office of the Superintendent of Financial Institutions (OSFI) list similar to U.S. OFAC list

• Privacy Act of 1985 similar to U.S. GLB

• Personal Health Information Protection Act similar to U.S. HIPAA

• Anti-Terrorism Act similar to U.S. Patriot ACT― Passed in December 2001― Some provisions declared unconstitutional― Some provisions expired March 1, 2007

Copyright 2010 IOMA


Organisation for Economic Cooperation and Development (OECD)

• Corporate Governance principles for 31 member countries issued in 1999, revised in 2004.

• Similar to U.S. Sarbanes-Oxley Act of 2002 but compliance is not mandatory

• Covers 6 areas:― Governments should have an effective institutional and legal

framework for good corporate governance practices― Protect and facilitate shareholder’s rights― Support equal treatment of all shareholders― Importance of the role of stakeholders― Importance of timely, accurate and transparent disclosure mechanisms― Board structures, responsibilities and procedures

• Governance for State-Owned Enterprises (SOEs) principles issued in 2005.

Copyright 2010 IOMA


Denied and Debarred Parties• Similar to U.S. OFAC

• All organizations regardless of size or industry should comply― Banks and other financial service organizations receive

significant scrutiny

• Purpose and effects of designation― Curb terrorism financing― Heighten public awareness― Stigmatize and isolate terrorist organizations

• Impact of non-compliance― Fines and other penalties vary by country

Copyright 2010 IOMA


Denied and Debarred Parties (Cont’d.)

• Some lists from some other countries and international organization

Australia DFAT List Bank of England (BOE) List

Canada Office of the Superintendent of Financial Institutions (OSFI) List

European Union (EU) Consolidated List

Guernsey Financial Services Commission (GFSC)

Hong Kong Monetary Authority Lists (HKMA)

Interpol Terrorism Watch List New Zealand Police (NZP) List

OECD List of Uncooperative Tax Havens

UN Consolidated Travel Ban and Assets Freeze List

World Bank List of Debarred Firms

Copyright 2010 IOMA


How to Assess What’s in Your Vendor Master File and Get it Into Compliance

Copyright 2010 IOMA


A Comprehensive Vendor Management Program• Assess

• Purge/Block/Flag

• Cleanup

• Re-Assess

• Enhance

• Analyze

• Improve

Copyright 2010 IOMA


Vendor Management Program Components Relevant to Compliance

• Assess― Identify and collect all relevant documentation― Identify all vendor files and associated data sources― Review and verify your actual vendor setup and maintenance

processes and controls against documentation― Identify and review potential guidelines and standards― Understand features and limitations of your system(s)― Obtain a copy of your vendor master file(s) and

associated validation tables― Analyze all fields for patterns, issues, bad

values, inconsistencies― Use EPLS to find “potential problem vendors”― Identify inactive vendors and addresses

Copyright 2010 IOMA


Vendor Management Program Components Relevant to Compliance (Cont’d.)

• Purge/Block/Flag― Deactivate inactive vendors and addresses― Develop rules to identify various types of vendors such as

officers and directors, external audit firms, sensitive vendors, etc. and flag them

• Cleanup― Identify vendors in special classes for possible

name standardization― Cleanup and standardize addresses and add ZIP+4― Identify possible redundant (duplicate) vendors

• ZIP+4 is the best field to use• Partial name, partial address, Taxpayer ID and Phone are also useful

Copyright 2010 IOMA


Vendor Management Program Components Relevant to Compliance (Cont’d.)

• Improve― Design and implement a vendor verification process― Document vendor management policies, procedures

and guidelines― Train people within and external to AP on the above― Keep up to date on regulatory issues

Copyright 2010 IOMA


Questions

If you have further questions, please e-mail them to

[email protected]

Thank You!

The Accounts Payable Network2100 RiverEdge Parkway, Suite 380Atlanta, GA [email protected] 770-984-1184www.TAPN.com

For further information on this topic, contact

managing the vendor master file to stay in compliance session 7

Documents

president of casher

compliance slide

financial systems

process management

project management

ioma permission

vendor master file purchasing

speaker jon casher president