FAQs - Taken from drop-in Live Q&A sessions

You've Got Questions?  We've Got Answers!

Vendor setup

When you are onboarding a new supplier, does one person do the entire task? Or do you split the job and have one person do the initial set up and a separate person or department take care of the banking information?
When onboarding a vendor using a manual process, one team member within a department can handle all related tasks (high level below but these can be customized per organization):  
  • Authenticate the Request (Vendor/Employee who submitted the request) 
  • Reviewing the Supporting Documentation
  • Performing Applicable Vendor Validations (IRS TIN Match, OFAC/Watchlist, VAT, etc) 
  • Performing Confirmation for Changes to Existing Vendor Data (Banking/Remit Address/Email, etc) 
  • Data Entry in Accounting System/ERP 
  • Sending Welcome Letter to New Vendor or Sending Notification to Existing Vendors for Changes to Vendor Record 
Some organizations may choose to split these tasks to different team members or different departments due to limited staff, etc. One aspect to keep in mind when determining if or how these tasks will be split, is Least Privileged Access. Least Privileged Access reduces fraud because it requires that access to vendors sensitive information (banking, SSN, etc) be restricted to only those that need access to that information.

When performing these steps, the more team members that are required in the process, the more team members that have access to vendor sensitive information – either within the Vendor Master File or through handling the supporting documentation. For example, if there are multiple team members that all have access to edit the Vendor Master File (and thus, already have access to vendor sensitive information) and the steps are split up – that should not be an issue.

If, however, team members outside of those that have access to edit the Vendor Master File are brought into the process, those team members will now also be exposed to the vendors’ sensitive information and will have access to perpetrate internal fraud or will now be susceptible to release vendor sensitive data in an external fraud scheme.
We have a vendor who notified us of a Name Change, no tax id change. However when we run the IRS Tin Match the new name is not matching. Do you know how the IRS match is updated and the timeframe this occurs in? The suppliers A/R wants us to change our system but we do not want to do this until the IRS Tin Match comes back as a match.
You are correct in not changing the Vendor Legal Name until you have some validation. If the IRS TIN Match does not show a match for the Legal Name + Tax ID combination there are really two choices: 

  1. Do not make the change. Go back to the vendor and require an updated W-9 with the correct Legal Name. As you are most likely aware, the points of contact at vendors don’t always know the correct vendor name (my last company had 500+ legal name/tax ids). For your own knowledge – If you use – you can enter in the EIN and “Test” for the vendor legal name. If the vendor’s Legal Name is in the EIN database will show you what the IRS currently shows. This might be helpful if you think the vendor is using the wrong Legal Name.
  2. Require an IRS Form 147C as Proof of the Name Change. If the vendor is insistent, have them contact the IRS and request a Form 147C. This is an EIN Verification Letter which proves how they are currently registered with the IRS (which can be different than the IRS TIN Match records if it hasn’t been updated with the legal name change yet*). They can call the IRS at 1-800-829-4933 to request one. Once they receive the letter, and it reflects the legal name change, they would submit that to you with the IRS Form W-9 and you would retain both as proof of due diligence and can use it as validation to update the vendor master file. If it shows a different vendor Legal Name than what they were submitting, then the vendor has the information they need to complete the W-9 correctly. For your own knowledge - It is possible that the IRS just haven’t updated their IRS TIN Match records yet. Given the normal IRS delay with updating the IRS TIN Match database + any additional delays caused by stimulus payments, childcare payments and all the other tasks that have suddenly been added to their plate – there could be significant delays in updates to their IRS TIN Match records now.

Check out the IRS Form W-9 Examples by Tax Classification training session that includes a one page Vendor Cheat Sheet for a workaround to this scenario and other tips. Watch the recording or sign up for a monthly live session on the 3rd Wednesday of each month.
I have an invoice that is made out to the Business name however we have the vendor created in the system under his individual name and ssn. Instead of creating a new vendor with the business name and TIN we want to pay using the individual name. Can you tell me if there is a risk in doing this?
There is no need to create a new vendor record if the Tax ID (in this case SSN) remains the same. Either the vendor needs to resend an invoice in his legal name, or the Company Name has to be added to the vendor record.

Based on your vendor being setup with their First and Last Name and SSN, it is most likely that their W-9 indicated their tax class as Individual/Sole-Proprietor/Single-Member LLC. When a vendor is an Individual/Sole-Proprietor/Single Member LLC, once the IRS TIN Match is successful, they should be setup in your Accounting System and ERP with their First and Last Name as their Legal Name. If they included their Company Name (DBA) on Line 2 as a Disregarded Entity, that should be entered into your system as well if the invoice will be billed in the Company Name. In this case, it appears that either the vendor did not enter the Company Name on the W-9 (they don’t always know how to fill out the W-9 accurately), or it was not entered on the vendor record in your system.

My recommendation for the next steps to resolve and post invoices:

Check the W-9 Submitted:
  • If the W-9 has a Company Name on Line 2 (Disregarded Entity), enter that on the vendor record based on your system (either John Doe DBA John Doe Lawncare or John Doe Lawncare in a separate DBA field)
  • If the W-9 does not have a Company Name on Line 2 (Disregarded Entity), then request a new W-9 and have the vendor add the Company Name on Line 2 (Disregarded Entity)

Adding a valid Company Name as a DBA on the vendor record will avoid invoice exceptions when the invoice arrives with the Company Name. There should be no risk of regulatory fines/penalties as long as the Vendor Legal Name and Tax ID combination matches IRS records (via TIN Match) and is pulled as the legal name on the 1099

Check out the IRS Form W-9 Examples by Tax Classification that includes what to watch out for when accepting your vendor's W-9, how to enter into the Accounting System/ERP and other tips.  Watch the recording or sign up for a monthly live session on the 3rd Wednesday of each month.
We set up a vendor for payment using the name in Line 2 of the w9 (putting the IRS name from line 1 in the record, but not using it as the remittance name) and they came back to us and said the invoice is in the other name. We have had this come up a couple times now and I’m thinking it’s what we discussed last time where independent contractors/mom and pops may not understand the importance of filling out their w9 properly, but I also want to make sure we are doing the set up process properly. What is the IRS requirement on how the w9 must connect to the vendor payment. If someone intentionally fills out their w9 wrong or if it doesn't tie to the payee info, is that a way for them to hide money from the IRS?

The IRS Requirement to protect your company from penalties/interest due to inaccurate filing is to have an

  • Accurate Filing – TIN and Legal Name Combination (Line 1 on W-9) + Amount Paid to Vendor
  • DBA (Line 2) is a Disregarded Entity and is not relevant to IRS > but “is” relevant to your System to Post invoices using DBA
  • Timely Filing – Send 1099’s and Filing According to the Published Deadlines


  • Create a W-9 Cheat Sheet to Send to Vendors
  • Standardize Vendor Legal Name Setup in your Accounting System/ERP for Naming Convention and DBA Field

Does Accounts Payable allow duplicate vendor records?

  • Never Allow – If your Accounting System/ERP allows for multiple payment methods, multiple payment terms, multiple remit information on the same vendor record (PeopleSoft/Lawson, etc)
  • Exception-basis – If your Accounting System/ERP does not allow for multiple payment methods, multiple payment terms, multiple remit information on the same vendor record (SAP ECC 6)

Check out the Duplicate Vendors training course to find duplicate vendors in your Accounting System/ERP with tips to avoid duplicate vendors. 

If duplicate vendor records are allowed, what criteria is used during the review and approval process (i.e. multiple pay terms, bank accounts & remits, etc)

Verify the tax ids are the same and if so, verify the difference in the payment terms, remit/payment information for the new vendor record.

Check out the Duplicate Vendors training course to find duplicate vendors in your Accounting System/ERP with tips to avoid duplicate vendors. 

Do ERP limitations or business processes contribute to the need for duplicate vendor records?

Yes. Accounting Systems/ERPs have different configuration settings. In systems like PeopleSoft where there is a setting to require a unique tax id, always set it to yes, so that duplicate vendors are not required. Then standardize setup for additional addresses and locations to accommodate the different payment methods, payment terms and remit information. For business processes that currently the setup of duplicate vendors (annual payments to a large volume of vendors for a specific event/cause) – review the process to identify the best course of action:

  • If Tax IDs are collected – Set them up as normal vendors and pay as normal to the one vendor record each time a payment is required
  • If Tax IDs are not collected – Set them up as One-Time vendors for each payment and inactivate them after the payment. Create a new vendor record for any subsequent payments. Best to keep these vendors as a separate account group/vendor type.

If the answer to above is yes, how do you solution for the risk of duplicate payments, fraud and spend visibility?

  • Work with the AP team members that post invoices so they know what the standardizations are remittance/payment information so they can post invoice to the right one. For example, in PeopleSoft you can name a location to indicate what the payment is form, so if they are trying to post to a location for bank ATM fees (which typically has a different bank account than other bank fees) they know which location to select.
  • Use a duplicate recovery tool that can match multiple combinations of criteria such as vendor name, vendor id, address, invoice number, invoice amount ,etc. These can be run prior to payments to identify any duplicates before payments are generated.
  • Document your processes and train the Vendor team members that maintain vendor records so that everyone is setting up vendors the same way.

Check out the Duplicate Vendors training course to find duplicate vendors in your Accounting System/ERP.

We have about a 100 or so duplicate Vendors in our VMF. I’ve blocked the Vendors that have the same Tax ID’s, address and payment information. The remaining Vendor’s have the same Tax ID however the addresses are different. How do I go about validating these Vendors to ensure they are not duplicates and could possibly different entities?

  • This can happen if the Accounting System/ERP (Non-SAP type ERPs) is not restricted to one Tax ID. In most systems, this is a configuration “checkbox” and can be turned on to prevent duplicate vendor records.
  • If they have the same Tax ID – they should be under the same vendor record – with multiple addresses. If using SAP this would mean additional partnership PI (Remit address vendor records) vendors, or additional Business Partners – all with the same vendor id and tied to the VN/Business Partner.
  • To confirm, reach out to the vendor and let them know you are doing a clean-up and request all documentation you require for onboarding including additional remit addresses.
  • When companies submit additional addresses – it may not be obvious that they moved, so an additional address (or vendor id) is created, and the previous address is not inactivated.
  • Perform all validations including the IRS TIN Match
  • Typical Duplicate Vendors found: 5%

Check out the Duplicate Vendors training course to find duplicate vendors in your Accounting System/ERP with tips to avoid duplicate vendors. 

We received a request to update the Tax ID for a company because it’s now under a new ownership. All information will remain the same except the Tax ID, phone number and email. Is it necessary to create a NEW Vendor ID?

Changes to Vendor Tax ID – Inactivate existing vendor record and create a new vendor record with the new Tax ID. Why? Tax reporting is linked to the Tax ID, and any historical activity linked to the Tax ID on the existing vendor record should remain intact for reporting and auditing purposes. If there are any open Purchase Orders, work with the vendor and Procurement team to determine if they will need to be closed and reopened using the new vendor record. Future Purchase Orders and invoices will need to use the new Vendor ID.

Check out training session 3 Step Vendor Setup & Maintenance Process for vendor setup internal controls and best practices.

We have several hundred US Vendors in our VMF without a Tax ID. What are the consequences if any, for not having this information?

  • No ability to do IRS TIN Matches, which can lead to IRS CP2100/CP2100A Notifications and penalties 
  • Additional manual labor following the B-Notice Process following notification from the IRS that the Legal Name/Tax ID combination did not match IRS Records
  • Reduced ability to verify that vendors are real.

Check out training session 3 Step Vendor Setup & Maintenance Process for vendor setup internal controls and best practices.

What are best practices for establishing international vendors? As a W8 is secured in lieu of a W9 there is no tax ID for matching against a database like TINCheck. How do we ensure we are not conducting business with foreign organizations that we should not be, i.e. terrorist affiliated organizations? Are there recommended documents to secure for those providing goods? Are there recommended documents to secure for those providing services?

For International/Non-US/Foreign vendors, you can really think of them as going through the same process as the Domestic/US Vendors – but adding additional steps depending on the Country:

Step 1:
Many International Vendors (Individuals/Entities) also have IRS Issued Taxpayer Identification Numbers (EIN/ITIN)

  • If available enter in EIN/ITIN, if not leave blank > IRS TIN Match will be done if EIN/ITIN entered
  • Enter in Vendor Legal Name > Watchlists will be checked based on the Vendor Legal Name

Step 2: Global Registration Numbers

  • Validate the Registration Number based on Country (VAT for UK or GST for India or Business Number for Canada, etc)
  • Use the Vendor Validation Reference List which has limited International Countries or the Global Vendor Registration Numbers (100+ Countries)
  • Get the Vendor Setup Toolkit that includes the Global Registration Numbers for 100+ Countries

Step 3 Address Validation

  • Use the Universal Postal Union (Free) or ($) which costs but does give you address status (Vacant, Inactive, PO Box Only)

For any vendors that appear on these watchlists the scope of the Vendor team should end with knowing when to reject (not setup) a vendor in the Accounting System or ERP and forward for follow-up. Further due diligence training such as anti-bribery activity and risk screening (such as personal screening required for some C-Suite level positions of the vendors based on country) is recommended to be handled outside of the Vendor Team since it requires specialized training. That due diligence is the next step where additional documentation may be requested by those performing the risk screening.

Check out training session 3 Step Vendor Setup & Maintenance Process for vendor setup internal controls and best practices.

We have a case where we were asked to create the vendor under the disregarded entity name.
  • ABC company was recently acquired by XWZ company and their name changed from ABC to DEF as a DISREGARDED ENTITY NAME.
  • Their W9 shows XWZ inc and also disregarded entity name of DEF. They (DEF) cannot accept a PO showing XWZ . They need the PO to show DEF.
If we create the vendor with disregarded name only would be a problem?

Some of the basic goals in the vendor setup and maintenance process is to ensure your vendor data is real and accurate, minimize liability for your company (regulatory fines, watchlists, etc) and ensure your vendor can be successfully paid.  This often contradicts with the goal of the vendor, and sometimes even Purchasing or other internal departments.


In this context, let’s focus on the W-9 which contains the vendor legal name, disregarded entity (dba) and tax id. Here is how the vendor should be setup based on the W-9:


  • Line 1 > Vendor Legal Name
    • This is the name that the company will file all income paid from your company and all other companies they do business with. 
    • If the vendor is reportable it is the name that needs to be on the 1099 and on the filing to the IRS and along with the tax id, needs to match IRS TIN records.
    • Needs to be setup as the legal name in your Accounting System/ERP (especially if this is the field that will be pulled onto the 1099)
  • Line 2 > Business Name/Disregarded Entity/DBA
    • Most likely this is the name the invoices will come in
    • Not used at all in IRS reporting by the vendor
    • If the vendor is reportable it will not be used by companies they do business with (the legal name is used for the 1099/IRS filing)
    • Needs to be setup in your Accounting System/ERP in the dba or other field to allow invoices to post
  • EIN > Tax ID
    • This is the tax id that the company will file all income paid from your company and all other companies they do business with. 
    • If the vendor is reportable it is the tax id that needs to be on the 1099 and on the filing to the IRS and along with the vendor legal name, needs to match IRS TIN records


There are really two questions that I see need to be asked (could be more):


  1. Does the Vendor Legal Name + Tax ID combination on the submitted W-9 match IRS records?
    1. If yes – set the vendor up with the as mentioned above
    2. If no – request a W-9 that does match IRS records
  2. Will the Invoices or Purchase Order be in the Disregarded Entity / DBA Name?
    1. If yes – Add the Disregarded Entity / DBA Name in your Accounting System/ERP in such a way that allows invoices to be posted and the PO to also include the Disregarded Entity / DBA (probably can’t remove the vendor legal name though – depending on the system)


Based on the W-9 received, it if matches IRS records, this is how the vendor setup should be in your Accounting System/ERP:


  1. Vendor Legal Name Field – “XYZ’
  2. DBA Field – “DEF”
  3. Tax ID Field – XX-XXXXXXX


For this specific scenario it appears that “J” wants the Purchase Order / Vendor Setup to be their name only – and not include “XYZ”.  If this is true - they have to give you a W-9 with “J” in Line 1 and  the Vendor Legal Name + Tax ID combination needs to match IRS Records. Then the vendor setup can be as they want it:


  1. Vendor Legal Name Field – “DEF”
  2. DBA Field – N/A
  3. Tax ID Field – XX-XXXXXXX


The team members at “DEF” will most likely continue to make their case, because my guess is they don’t have a separate tax id - but you can make it simple for them.  Tell them that you can only setup US vendors that have a vendor legal name + tax id combination that matches IRS records, or withhold 24% to avoid potential regulatory notices and compliance fines with the IRS.  Then stick to it.  


Training Resource:  IRS W-9 EXAMPLES BY TAX CLASSIFICATION - WHAT TO LOOK FOR WHEN ACCEPTING FROM YOUR VENDOR – Live Training 3rd Wednesday of each month, or watch on-demand anytime.

Vendor Validations

How are you verifying your vendor TINs for 1099 purposes?

Verifying that the Vendor Legal Name + Tax Identification Number matches IRS TIN Records is a best practice for onboarding and maintaining vendors.

Validation should be done individually at original vendor setup or when name or tax id changes are submitted by the vendor, or in bulk as part of a recurring vendor master file clean-up to ensure that no information has changed. The vendor master file clean-up is recommended to be done monthly, quarterly, or at the very least annually prior to your 1099 distribution and filing to avoid the additional work required and/or fines when the IRS notifies you that Vendor Legal name + Tax Identification Number combinations that you filed, did not match IRS records.

While there are various tools (vendor portal, risk management screeners, etc) that have a direct API with IRS records or that can verify the existence of both on different databases, there are two direct options for the Vendor Team to verify the Vendor Legal Name + Tax Identification Number against IRS records:

  • IRS e-Services – Free but requires registration by each team member that can take weeks. Individual and bulk validations.
  • – Paid subscription plan, but immediate access is available and additional validations that includes Address Standardization, Watchlists (OFAC, etc), Social Security Death Master File check and Exempt Organizations validation, so it consolidates multiple validation steps into one. Individual and bulk validations.

Check out Vendor Validations Explained training session for a demo of how to use and the breakdown of every watchlist and other validation the service provides.  

I would like to know can TINCheck be used to obtain Tax ID’s that are missing in your Vendor Master File?

No – does not have a way to search for missing Tax IDs.

If you are cleaning your vendor master file and are missing Tax IDs the best way is to contact the vendor and have them complete a W-9 so you have supporting documentation. Alternatively, here are some other options:

  • Security Exchange Commission – Sometimes Tax IDs are listed on financial reporting documents.
  • Melissa Data - Non-Profit Vendors
  • EIN Finder – Subscription required.

We have recently started purchasing more inventory from international companies. Apart from doing an OFAC check, is their any other best practices we should do to ensure we are staying compliant and safe from scammers?
Global Registration Number Validations included in the Toolkit for immediate download for Training Pass Members
  • IRS TINCheck - If Non-US Vendor has a Tax ID (many do not)
  • Validate Registration # or Verify Format – based on Country

Address Check

  • No PO box only – require a physical address
  • Check Google Earth
  • Check Address Status on (Vacant, Inactive, PO Box Only, Not Mailable)

Other Validations/Reviews

If we periodically run supplier reports against the OFAC list, how long should we keep the file comparisons? If we do get a match, how long should we keep a record of the match? According to the FFIEC, banking rules require that "Banks must keep a full and accurate record of each rejected transaction for at least five years after the date of the transaction." Thanks.

The information on the US Treasury site agrees with what you indicated the Federal Financial Institutions Examination Council (FFIEC) requires for banking institutions:

“Banks must keep a full and accurate record of each blocked or rejected transaction for at least five years after the date of the transaction. For blocked property, records must be maintained for the period the property is blocked and for five years after the date the property is unblocked."

This policy was also reiterated by the nongovernmental OFAC Sanctions Attorney Firm, Price Benowitz. They report:

"A person engaging in any transaction that is subject to U.S. economic sanctions must keep full and accurate records of each such transaction for a period of five years from the date of the transaction. People or businesses that are holding blocked property must keep full and accurate records regarding such property for the entire time the property is blocked and for five years after the property has been unblocked.“

For non-financial institutions (payors), additional considerations should be given to the supporting documentation related to the transaction. That includes the W-9 and banking details from the vendor record as well as the invoice, purchase order from the payment. Retention of the latest proof of confirmation that the vendor is not on a watchlist should be based on their latest transaction. My recommendation is to use the same retention schedule for the watchlist results file as is required for the Invoice/purchase order. The standard for invoice activity is 7 years, but your company may have a separate retention schedule.

You may also want to follow-up internally to see if there is a separate retention schedule or risk management policy or procedure for risk compliance. It should also include an internal process for when a vendor legal name appears on a watchlist.

I performed a TIN Check today on a new Vendor. It came back saying it was a duplicate TIN and the name was not in the local register. This vendor is a landlord, and they just purchased a building that we lease. They are an LLC and have filed recent paperwork with the SEC.

  • Duplicate TIN Error Message: A “Duplicate TIN” error message means you have searched the same Tax ID more than once (or twice) in the same 24-hour period. This can happen if you are searching my different Vendor Legal Names in an attempt to find the correct match. When this happens, you can wait 24 hours and retry the search or have another registered user perform the search.

  • TIN Match Unsuccessful: Vendors legitimately establish themselves and/or businesses to accept client work – or they make Legal Name changes and/or establish new businesses as a result of a merger or acquisition and thus have a new Tax ID. The vendor will file with the IRS, but there can be some lag time before it hits IRS records, rendering the TIN Match unsuccessful. When that happens request from the vendor proof from the IRS that their Legal Name + Tax ID combination is successful – by requiring them to submit either the form they received when they initially filed with the IRS (CP575) or if they do not have that form they can call the IRS at 1-800-829-4933 and request an Employer Identification Number (EIN) Verification Letter (147C). When you receive the 147C letter – you can accept the IRS TIN Mismatch and keep the letter on file.

  • LLC for Leased Building: It is important that the W-9 specify whether the Limited Liability Company (LLC) is a “S” or “C” Corporation or a “P” Partnership. An LLC that is treated as a Corporation for tax purposes is not reportable on the IRS 1099, but a Partnership is.

Check out Vendor Validations Explained training session for a demo of how to use and the breakdown of every watchlist and other validation the service provides.  

1099-MISc and 1099-NEC

We are starting to get 1099’s returned in the mail. Is there a better way to verify addresses are mailable – we already use the TINCheck to standardize addresses when we onboard vendors.

Verify that your Vendor Team members are actually performing the standardization and updating your Vendor Master File accordingly.

  • In addition to USPS mail format provided by TINCheck, also verify that your Vendor Team members are following your address conventions. For e.g. putting the DBA on line 1 of the address, etc.

  • Use that not only provides the standardization of the mailing format based on USPS standards, but it also gives you the status that can help you identify those that are not mailable and those that are mailable, but you still receive calls from the vendor saying they did not receive them (last 2):

o Not Mailable

o Mailable – Vacant

o Mailable - Inactive

Check out the Address Standardization training session.

We will need your advice and guidance on how to properly handle these scenarios below, when processing 1099's.

Whenever there is a doubt – mark the vendor as reportable and send the applicable 1099. That being said the reportability is based on 1) Type of Payment; and 2) Vendor Tax Classification. For these two scenarios – see by responses below, but also make sure you verify with a tax professional.

Husband and wife landowners per the agreement we cut one check to Mr.& Mrs. Smith.

It’s ok to set a vendor up as Husband and Wife. Best practice is to enter the person whose SS# was entered on the W-9 first in the Vendor Legal name field. It may not matter, however, when filing with the IRS since the Name Control field will use the first four characters of the Surname.

  • The 1099 can be in the name of the Husband and Wife with whoever's SS# was used for the setup (and that matched IRS records)

Then we have two landowners one has an LLC and the other one has a social security number.

For the Landowners that have an LLC reportability depends on which LLC:

  • Tax Classification > Limited Liability Company Tax Classification
  • Limited Liability Company – “S” for S-Corporation – Not Reportable
  • Limited Liability Company – “C” for C-Corporation – Not Reportable
  • Limited Liability Company – “P” for Partnership – Reportable

For the Landowner that has a Social Security Number

Check the Tax Classification:

  • Sole Proprietorship/Individual/Single Member LLC - Reportable
  • Limited Liability Company – “P” for Partnership – Reportable

Check out the 1099 training for reportability and other required information from an Accounts Payable Perspective.

Vendor is a sole proprietor but using an LLC. For example - Company, LLC For tax purposes do you set them up using their company name and tax ID or with their name and SSN?

Set them up based on their W-9 form.

Many vendors that select the tax classification for Sole Proprietors/Individuals/Single Member LLCs – don’t always know how to complete the W-9 correctly – meaning they don’t understand that their name is the Legal Name and the Disregarded Entity is their DBA. The IRS TIN Match will be your support for pushback if they enter their DBA as the Legal Name in Line 1.

If their tax classification is Sole Proprietorship/Individual/Single Member LLC their W-9 should be completed as follows:

  • Line 1 Name: Jane Doe
  • Line 2 Name: Doe Flower Shop (or blank) (Also important if their invoices will be in their DBA name)

As for the Tax ID – it can be either the SSN or the EIN since and EIN is not required unless they have employees (for payroll taxes). A best practice to consider is to require the EIN when there is one since the SSN is always considered sensitive personal information, and it can also be one way of ensuring the same vendor is not set up under their SSN once, then setup again under their EIN – avoiding the potential for duplicate vendors. I have personally tried this in the past with mixed results because asking for the EIN (if available) is an extra touchpoint and many small vendors are confused by this question.

Setup will be as follows:

  • Vendor Name – Legal Name (W-9, Line 1)
  • DBA (separate field or Legal name + DBA Name in same field) = Disregarded Entity (W-9, Line 2)
  • Tax ID – SSN or EIN as noted on the W-9

Does the $600 Threshold apply to the combined amounts of both forms?

No. The $600 threshold is applied separately to the 1099-MISC amount and the 1099-NEC amounts. 

Check out the 1099 training for reportability and other required information from an Accounts Payable Perspective.
Does the Combined Federal/State Filing Program include 1099-NEC?

Beginning with the 2021 Tax Year – yes. When the 1099-NEC was used for the 2020 Tax Year, it was not included in the Combined Federal/State Filing Program.

Check out the 1099 training for reportability and other required information from an Accounts Payable Perspective.

What if my vendor has payments that belong on the separate 1099-MISC and 1099-NEC forms?

Issue the vendor both a 1099-NEC and 1099-MISC separately. Note that if the information is incorrect, the IRS will issue separate penalties for both forms.

Check out the 1099 training for reportability and other required information from an Accounts Payable Perspective.

Email/ERP security

How does your team secure them, so the soc security numbers are properly protected?

The best way to secure them is to get them out of email, but still not Scan/Fax/Mail since these options still risks the sensitive information being seen by others, or the printed/hardcopy being left on the machines or desks.

Here are some options:

  • Encrypted email - The vendor has to initiate, and they are probably going to forward first vs you requesting
  • Password Protect W-9 - Add a password - then send the W-9 in one email and the password in another. A lot for the vendor to do.
  • Automation Tool - If you have an eInvoicing or other AP Automation tool that has messaging and upload capability - request that all W-9's (and banking information) be submitted through the tool vs email. Their successful sign-in has the added authentication that they are the vendor.
  • Vendor Self-Registration Portal - Authentication through sign-in and allows the vendor to self-manage. Takes time to implement, can be costly, and you must be cognizant to make it enticing for vendors to register - otherwise adoption will be low.

Check out this training session to secure your vendors sensitive data. 

We have an external indicator on our emails when we receive an email that is not from someone in our company is that enough?

It used to be. Now email account takeover, fueled by successful phishing campaigns to obtain user credentials is making it a risk. Talk to your IT team to see if it is a concern at your company and go from there. However, it does not hurt to authenticate your employees first – it may take longer but avoiding fraudulent payments should be worth it.

Check out the training session on Authentication.

Is it industry/best practice to maintain payment information (contact and/or financial) in the Vendor Master if a Payables platform is being used to maintain the information for payment processing?

That is a valid question given that many 3rd Party Providers have payment solutions that will store the vendor remit information and, in some cases, retain the liability for any fraudulent payments. In addition to processing the payments to the vendors, they will also take responsibility for updates to vendor’s remit information. There are also e-Invoicing and other solutions that allow the vendor to maintain and store their banking information, and If either of these are your scenario, there may be no need to retain vendor banking information in Accounting System/ERP.

Not storing vendor banking information in the Accounting System/ERP benefits the company and the Vendor Team:

  • Removes the fraud risk associated with accepting banking changes via email
  • Eliminates the manual effort/time in making confirmation phone calls
  • Reduces email and phone inquiries from internal employees and vendors related to changes to remit information
  • Reduces the potential for occupational/internal payment fraud by eliminating access to view or update banking information

Since not all 3rd Party Providers are alike, there are points to consider before making the decision:
  • Does your provider offer fraud liability protection?
  • What are their security controls? MFA, etc? Bring in Information Security or IT to assess their system/cloud controls.
  • What are their fraud prevention tactics to prevent social engineering (has happened before) within their team?

There are most likely more questions that your leadership and security teams will want to know that are not listed here, especially those that are unique to your company or industry before making the decision. In the interim, please see the blog post below for more information on how to mitigate the risk of storing your vendor’s banking in your Accounting System/ERP:

Debra R Richardson, LLC Blog: Are You Putting Your Vendors’ Banking at Risk in Your VMF?

one-time vendors

Do you have any training on One Time Vendors specifically policy & procedures?

One-time vendor policies and procedures are company specific. It depends on your Accounting System/ERP, the types of payment methods available, Corporate Card Program policies/features.

Check out training on One-Time Vendors to learn the 3 basic types and best practices for payments.

If payment is made to a One Time Vendor and they do require a 1099 what would be the correct course of action?
  • One-time vendors are no different that regular vendors for IRS reporting.
  • Send them a 1099-MISC/NEC and include the vendor in your annual IRS Tax Filing.

Check out 1099-NEC and 1099-MISC training from and Accounts Payable Perspective. 

Do you have any guidance on 1099 requirements and exceptions?

  • One-time vendors are no different that regular vendors for IRS reporting.
  • If paid via your Corporate Card Program (P-Card/Virtual Card, etc) then the card issuer will handle the 1099 distribution to vendors and filing.

Check out 1099-NEC and 1099-MISC training from and Accounts Payable Perspective. 

What are best practices for paying refunds to customers? Currently we set them up as a vendor and send check payments which is very manual, and someone has to go to the office for this massive check run and then get our CFO to sign.

These can be tricky since customers, not thinking about their future deposit refunds, they don’t make you aware they have moved. So if you send a check and it is uncashed it can require the escheatment process for that customer’s state.

Here are some alternatives

3rd Party Solution Providers

  • Send pay file and company will issue checks, or ACH or Card payments
  • No vendor record may be required

Paying In-House

  • Card Program – Take advantage of Rebates plus fraud protection – May not have to setup vendor record.
  • Checks – send to check processor to send checks (still have to deal with returns) – Most likely need a vendor record. Better fraud protection than an ACH.
  • ACH – Most risky – collecting bank details (or use bank details from customer accounts)

Vendor Record

  • Avoid vendor record if possible
  • If vendor record required – create a separate account group
  • Inactivate vendor record right after payment

Check out training on One-Time Vendors to learn the 3 basic types and best practices for payments.

vendor banking

Should I be doing an audit of bank information used for ACH payments? We have come across a few old bank accounts within our vendor master causing payments to bounce back. Wondering if anyone does an annual audit looking for old bank information.

Not sure if the failing payments are due to bank branch details (mergers/acquisitions) or to old vendor bank account information, but here are some tips that can help:

  • Re-Validate Bank Branch Details- As part of your Vendor Master File Clean-up, you should revalidate bank branch details since banks merge and are acquired resulting in new routing numbers.
  • Re-Validate Bank Account Ownership- If you have the service – validate bank account ownership (Early Warning/GIACT/nsKnox). If you do not have bank account ownership service then you should investigate each bounce back and collect updated banking information from the vendor.
  • Process Notice of Change (NOC) Notices– Keep in mind not to miss the “NOC” Notice of Change that will be sent from your bank if the vendor’s bank says they needed to change the account number to post the payment to the vendor’s account. This could happen if the vendor retained the same bank, just changed their account number.
  • Bank Information Tables – if your system has a bank information table for bank branch details this should be cleaned out and included in your vendor master file cleanup. This table is prone to entry errors and is likely never cleaned of old routing numbers, SWIFT/BIC codes, etc. SAP's bank table is a great example.
  • Inactivate Vendors after 15, 18 or 24 months– This will require the collection of new vendor information and will update banking information for future successful payments.

Is adding or updating the vendor's banking from an invoice copy to the Vendor Master Data file compliant or not? Where can I find additional information on the compliance?

Adding vendor banking to the vendor master file for Accounts Payable payments from an invoice is not a compliance issue, since there are no regulatory fines or assessments associated with this activity.  There are, however, at least two issues I see that it poses:  


  1. Ability to Identify a Change in Banking based on an invoice received – Unless you have an AP automation platform that detects bank changes as invoices are submitted (some platforms have this feature), then relying on the invoicing tool or the user when receiving invoice manually to detect a change in banking may result in that missed change not being updated prior to the next payment.   
  2. Fraud – Especially if invoices are received by mail, they can be intercepted by cybercriminals to change the banking information.  This method ensures that there are no changes to the invoice format or numbering scheme making the banking information appear legitimate.


Best practice is to have an existing vendor change process to update vendor banking separate from the invoice submission/collection process.


  1. Require a Company Branded ACH Form
    1. Only send it to vendors that you have authenticated is the actual vendor. 
    2. Change it every year, so that if a prior year form is submitted, it can be a red flag for fraud.  
    3. Require authenticating data such as the tax id, remit address and existing banking
  2. Validate Banking Information
    1. Validate Bank Branch information including the Routing#, SWIFT/BIC Codes and IBAN to increase potential for successful payments and reduce Notice of Changes and potential Nacha fines.
    2. Validate Bank Ownership by matching the Vendor Legal Name and/or Tax ID (depending on the method/solution) to the Bank Account Holder name and/or Tax ID to reduce the potential for making a fraudulent payment.

    Check out this training session on how to buld a Banking ACH Form to collect banking to avoid fraud. 

check back soon

Didn't See Your Question?  Join the Friday Drop-In Live Q&A Session
Write your awesome label here.