27 June 2017 by Richard Hurwitz
New technology will enable businesses to be far more agile in response to opportunities and challenges
The digital revolution is gathering pace. Characterised by a fusion of technologies and attitudes blurring the line between the physical and digital spheres, this shift brings with it changes in behaviours and a new operating environment for businesses.
It is not only small, nimble start-ups taking advantage of new technology; large corporates are also using the power of digital technology to rewire markets and empower customers. Companies that are agile, collaborative and data-driven – in their customer interactions and back office processes too – are edging ahead of their competitors.
To the world of compliance, this digital transformation offers immense opportunities, but also a new set of challenges. Business processes must be run in as responsible a way as ever, based on solid models informed by performance, position and prospects, and founded on the principle that ongoing monitoring and stewardship responsibilities must be met.
Businesses must achieve all this in a digital world where it seems rules are there to be broken.
There are many examples of new challenges thrown up by businesses attempting to navigate digitalisation. Two currently in the spotlight have the challenges of managing a digital workforce and maintaining security in a digital world. The experiences of Uber and TalkTalk demonstrate well the complexity of digital compliance.
Uber, a company often cited as a star of the digital business model, has received some fairly intense scrutiny regarding its relationship with its workforce. In a judgment handed down last October, an employment tribunal ruled that Uber drivers are workers and not self-employed contractors.
The case was brought by current and former Uber drivers, largely to address the company’s decision not to pay the National Minimum Wage or holiday pay, although two drivers also made whistleblowing claims. Uber’s defence centred on it being a technology business providing an operating platform, not a transport provider, shifting compliance responsibilities dramatically.
Similarly, compliance is important when it comes to maintaining security. Increasingly, businesses are moving critical infrastructure online, making them more vulnerable to digital threats. One high-profile example of a business that has experienced the dark side of digitalisation is TalkTalk.
In late 2015, a cyber attack breached the accounts of 157,000 customers to steal data, and as a direct result the company lost 101,000 customers and suffered costs of £60 million. The attack also prompted a £400,000 fine from the Information Commissioner Elizabeth Denham, who said TalkTalk had failed to scan its infrastructure properly for possible threats. Better compliance checks could potentially have prevented the attack from happening in the first place.
The Uber and TalkTalk examples highlight that compliance processes must be watertight to avoid events that are not only expensive but can cause lasting damage to a brand.
Despite the teething pains, this fourth industrial revolution powered by digital transformation brings with it a more efficient and effective way of doing business that should not be ignored. Besides the benefits of online banking, next-day delivery and streaming content, day-to-day business processes are also smoother.
All this change will have an impact on regulations, and compliance in business processes needs to be watertight – from order to cash.
As an electronic invoicing specialist, one conundrum we frequently encounter at Tungsten Network is whether an electronic invoice is legal in a particular jurisdiction. The answer, perhaps surprisingly to some, is far from clear. In the EU, the European Commission has issued a Directive on Electronic Invoicing in Public Procurement (2014/55/EU) to mandate the use of electronic invoicing for all member states’ public sector procurement by 2018. Elsewhere, however, the status is different.
Take India, for example. Until now, the question of whether e-invoicing could be compliant has been far from clear cut. Tungsten has been able to ensure compliance in terms of tax and regulatory requirements in 47 countries, but our members requested we add India to our network to become the 48th. Increasing numbers of businesses see opportunities in the fast-developing market of the subcontinent, so it made sense for us to pursue this.
The main obstacle was whether digital signatures were legally permitted to prove the authenticity of invoices. Businesses use these to attest to invoices’ authenticity; it entails attaching an encrypted code to any electronically transmitted document to verify
its contents and the sender’s identity. This acts as a way of ensuring important information and documentation has not been compromised and is secure, accurate and up to date.
Working closely with the regional governments of eight key states, Tungsten demonstrated the benefits and helped establish e-invoicing as legally acceptable in India. As ever in the world of compliance, however, the situation continues to evolve. Later this year the Indian Government is expected to introduce a new Goods and Services Tax nationally, superseding the current state-level requirements.
I use the India example as it demonstrates neatly the vital role compliance professionals play in enabling businesses to run as efficiently and effectively as possible.
In theory, electronic invoicing is possible anywhere, however legal requirements around invoicing are constantly shifting. Keeping up to date with global compliance issues is important, and something on which Tungsten spends considerable time and resources. It is also something about which our members care deeply, which is why we created an ‘Introduction to Compliance’ guide that explains the complexities of invoice requirements in countries around the world.
Tungsten’s entry into India supports the Indian Government’s commitment to digitalisation as it seeks to tackle corruption and mitigate its vast black economy. Several countries around the world have already embraced e-invoicing to fight fraud and tax evasion, and businesses are readying themselves to support Indian business and government in their digital development.
If you have the proper controls and checks in place, e-invoicing is an exceptionally efficient way for a business to keep on top of compliance, because checking documents electronically is a much faster and more accurate process than performing manual reviews. This aspect of e-invoicing can be very appealing to governments as well, because fraudulent invoices can be identified more effectively.
The prospect of a stronger economy with less money leaking out illicitly can make digitalisation very attractive. Latin American countries such as Brazil and Mexico, for example, mandated the use of electronic invoicing to ensure their VAT gaps are filled.
Europe is also now making real progress to increase adoption. Germany is currently preparing to join Austria, Spain and Italy in making e-invoices mandatory for public sector processing of accounts.
A draft law currently working its way through the Bundestag states that invoices will have to be transmitted and received electronically, and contain structured data, in a format that enables electronic processing, which means emails of PDF files will not be sufficient.
Understanding the landscape in Europe is important, where the goal is less about the VAT gap and more about tackling barriers to pan-European trade that result from varying invoicing systems and standards.
This is also the motivation behind the previously mentioned EU Directive on Electronic Invoicing in Public Procurement. The European Commission estimates e-invoices could deliver annual benefits of up to €40 billion, as they are easy to process, reach the customer faster, and can be stored centrally at very low cost.
Achieving these savings, however, requires new compliance regulations to ensure a standardised format and process across the EU, something currently under discussion.
To ensure businesses are fighting fit for the digital age they must maintain the highest compliance standards. From an accounts payable perspective, aside from automation, there are some strategies that can help.
First, it is important everyone in the business is aware of the danger of cyber scams and fraud. Tactics used by fraudsters include embedding viruses in attachments, attaching bogus invoices to emails, and sending duplicate invoices. If staff are knowledgeable about these potential routes, attempts to attack a business are far more likely to be spotted in time.
Another strategy is to take steps to achieve ISO 27001, the Information Security Management Standard, which provides independent verification that a business is committed to guaranteeing the confidentiality, integrity and availability of information.
It covers a wide set of processes and controls, and demonstrates the importance of the security of information throughout all aspects of the business, including: legal, technology, product, projects, and customer relationship management.
We deal with vast reams of customer data, and the security of this information is paramount, so we use this as our baseline.
The digital revolution will enable businesses to be far more agile in response to opportunities and challenges on the horizon. To ensure continued success, however, a strategy that focuses on resilience, as well as responsiveness, is crucial.
A reputation as a responsible business continues to be the greatest asset of many organisations, digital or otherwise. To maintain it requires detailed thought and careful planning by compliance professionals, enabled by developments in technology.