E-invoicing: how to guard against the risks of fraud

Electronic invoicing best practices to adopt

How can you be sure a payment has been validated for the right entity? To combat e-invoicing fraud, you’ll need to answer a multitude of questions and perform the associated verifications.

• Has the invoice already been processed? Check that no duplicates are present.
• Is the vendor mentioned on the invoice properly referenced in the vendor database? You’ll need to check the repository.
• Is the invoice referenced in the order database? To confirm this is the case, you’ll need to check via the API. It is also possible to use some types of criteria such as amount to detect activity history anomalies or inconsistencies for a given vendor.
• Is the vendor still in business? To guard against identity theft, you must check that vendors declared in the database are still operating. That is to say they have not been subject to bankruptcy filing, mandatory liquidations, or imposed surveillance, for example. Multiple external databases let users check that a SIRET or SIREN identification number is still active, and online directories like societe.com (site in French) contain references that indicate a company’s health. When in doubt or faced with a know problem, an alert workflow must be implemented and the payment process must be blocked.
• Does the bank information record (RIB) correspond to registered payment information? An ill-intentioned employee on the vendor side could attempt to replace a company’s RIB with a personal bank record. To prevent this, an international banking number (IBAN) verification system must be implemented. The goal: associate a customer with a certified bank identity. If the RIB differs from the information in the certified record, the vendor must be contacted so that the authenticity of the document can be verified and permission can be granted.

Required vigilance in e-invoicing: the current state of affairs

In March 2017, the French government voted on Law no. 2017-399 (in French) “on the vigilance required on behalf of parent companies and sold-to parties” (document in French). This law specifically requires that companies collect certain types of information on vendor equity at the time that payment is made and reference it in the company’s database. The regulation calls for heavy penalties if these measures are not respected. The problem is that it is still largely unknown to the public, despite involving all companies that reference a vendor with which purchases are to be made or to which invoices issued in an amount greater than €5,000. In the event of tax audit, companies must be able to present five specific documents and prove they possessed them before the first order was placed with the vendor. This required vigilance also references article D822-5 of the French Labor Code (document in French), which stipulates that companies affected by the regulation must produce the following every six months:

1. An up-to-date company incorporation statute (extrait Kbis)
2. A certificate from the French Social Security Contribution Office (URSSAF) proving that the vendor is not behind on contributions
3. A list of the names of authorized foreign workers

When performed manually, this fastidious job can be simplified through the use of an invoice digitization platform, allowing information to be found that relates to vendors listed in databases provided by specialized companies. In addition to searching documents, the platform will ensure they are up-to-date (vendor identity, exactness of banking data, required vigilance document collection).