woman sitting at desk working on computer

Compliance and Vendor Onboarding: What You Don’t Verify Can Hurt You

Errors in vendor information increase both cost and risk.

True Story

How many times have you received a donation request for a worthy cause or the needy? In most cases the donation seeker is a legitimate organization, but fraud is not uncommon.

In one actual instance, many companies received a letter, purporting to be from the Red Cross, requesting a donation due to natural disasters that had left the organization unable to provide support and rescue. In many companies this request was approved by an in-house manager, a general ledger code was provided and a donation check was issued and mailed.

As it turned out, hundreds of thousands of dollars from well-intentioned companies went to a doctor who had set up post office boxes all over the country to commit this fraud. It took the FBI a long time to catch up with him because he would close the post office boxes in 30 days and move elsewhere.

How did so many companies manage to fall for this fraud?

  • Error number 1: No one questioned the validity of the request from what appeared to be the Red Cross;
  • Error number 2: The address was never verified.

Checking the U.S. Postal Service address verification database or a phone call to the Red Cross headquarters to verify the accuracy of the post office box would have been all that was needed to avoid this huge theft!

Fraud, especially in difficult financial times, is increasing. Validating vendors to confirm their legitimacy and correct address can help deter fraud within a company.

W-8 and W-9 Processing

Before making payments to vendors, organizations are responsible for obtaining from vendors the appropriate forms, including tax forms such as W-9’s and W-8’s. Organizations are also responsible for verifying that vendors are not included on databases, like the OFAC/SDN list, as companies, organizations or individuals that are prohibited by the U.S. government from doing business with U.S. companies.

Current regulatory law requires any U.S. organization issuing U.S. source income payments to vendors to properly obtain the tax identification number (TIN) and legally related name from each payee along with their tax status — individual, corporation, LLC, LLP, partnership or other designation. In many cases, depending on the type of payment, the payer is required to obtain a certified copy of a Form W-9 from a U.S. Payee or a Form W-8 from a foreign payee.

Failure to obtain the TIN, legal name and status places the payer in the position of being required to withhold federal tax and possibly state withholding tax from each payment.

Obtaining accurate Employer Identification Numbers, names, and addresses from vendors enables accurate 1099’s to be sent to the IRS at filing time. Inaccurate 1099’s, i.e., those that do not match with the information in the IRS database, result in discrepancies that generate B-notices from the IRS. B-notices are your notification to correct the error and re-file or provide the IRS with an explanation as to why the error cannot be corrected. Correcting errors incurs the cost of research time, while failure to correct errors can result in fines and penalties that continue to increase.


The Treasury Department enforces regulations that prohibit doing business with companies that are on specific lists. One of these lists is the Specially Designated Nationals, or SDN, compiled by the Office of Foreign Assets Control. All vendors should be checked against the SDN database.

As defined by the Treasury Department, “the Office of Foreign Assets Control administers and enforces economic sanction programs primarily against countries and groups of individuals, such as terrorists and narcotics traffickers. The sanctions can be either comprehensive or selective, using the blocking of assets and trade restrictions to accomplish foreign policy and national security goals… Prohibited transactions are trade or financial transactions and other dealings in which U.S. persons may not engage unless authorized by OFAC or expressly exempted by statute… As part of its enforcement efforts, OFAC publishes a list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called ‘Specially Designated Nationals’ or ‘SDNs.’ Their assets are blocked and U.S. persons are generally prohibited from dealing with them.”

Often, these companies and individuals have names that do not sound dangerous. Fines for engaging in prohibited transactions are substantial, reaching hundreds of millions, even billions of dollars.

There are also other lists to check against depending on your industry, including the Excluded Individuals and Entities and U.S. Post Office Address Validation; please contact us if you would like a more extensive explanation or list of them.

Many of the steps involved in verifying vendors and validating the accuracy of vendor information can be automated with a vendor self-service portal. Using the portal reduces onboarding costs, improves the accuracy of the vendor master file, and protects against non-compliance and associated penalties.

Learn how VendorInfo helps companies and non-profits verify their vendors against OFAC and other critical lists. Call (678) 335-5735 today or request more information.

Lets Talk!

Vendor Inquiries

— Simplified

Please enable JavaScript in your browser to complete this form.