Do you Know your Exposure?

Electronic invoicing in Latin America is not just about operational issues, it is about risk and financial exposure.  Recently, Citigroup, Inc. announced that fraudulent invoices in their Mexico operation forced the company to adjust their 2013 profits by $235 million dollars.

Source:  http://www.reuters.com/article/2014/02/28/us-citigroup-mexico-fraud-idUSBREA1R10Q20140228

And this is the self-disclosure adjustments.   As we have seen in other incidents, this type of fraudulent invoicing opens companies up to Foreign Corrupt Practices Act (FCPA) violations.  For example, Tyson Foods settled their Mexico FCPA issues in 2011 for $4 Million dollars and that was for violations totaling a little over $100,000 dollars in invoice issues in Mexico. (Source: http://www.sec.gov/news/press/2011/2011-42.htm)

So the question that this raises to all companies with subsidiaries in Mexico:  Do you know your exposure?

Almost all FCPA violations involve books and records violations: Accounting, Record-Keeping and Internal Controls (Source: fcpamericas.com/about-the-blog/)

In addition to prohibiting bribery, the FCPA requires proper accounting, record-keeping and the establishment and maintenance of appropriate internal controls. The FCPA specifically requires that every publicly traded company in the U.S:

• Make and keep books, records and accounts that accurately and fairly reflect the transactions and dispositions of the assets of the company in reasonable detail. Documentation must not only record financial facts related to any transaction, but they must include any other information alerting the reviewer to illegality.
• Devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that, among other things, transactions have been executed in accordance with management’s specific authorization and recorded in accordance with generally accepted accounting principles (“GAAP”).”

Many executives will say that they implemented a consolidated ERP system such as SAP to control this risk and overlay governance on top of their internal accounting processes. But after millions spent, many organizations leave the electronic invoicing in small local systems that are not tightly integrated to their SAP system let alone their governance procedures they built into those system. 

So my question is why would you leave the invoicing and the government system of record locally – shouldn’t this also be under the control and governance of the SAP system. The reality to most CFOs and Controllers is their company implemented local solutions not part of their governance, and you can see the risk is significant.  

The answer – make sure the SAP system is the system of record and that invoice verification/validation and government interaction is controlled by the very processes you spent all that money on.

And, don’t think that financial penalties are limited to fraudulent actions.  They are not – the Mexico SAT is starting to impose the fines that this very electronic invoice mandate was set out to collect.  They typically revolve around withholding tax issues and improper VAT deductions or missing XML during an audit.  I have spoken to companies that are currently paying fines in the range from $40,000 US dollars to $200,000 US dollars.