Process Compliance – Unveiling Myths and Reality

This piece aims to demystify compliance in procure-to-pay (P2P) processes, addressing the confusion prevalent in the market. With years of experience in this domain, I understand the frustration organizations face when seeking suitable solutions.

Despite assuming this topic had been thoroughly covered, a recent conversation with an old colleague altered my perspective. He works for a large multinational organization struggling to automate its AP processes after several failed attempts using a combination of physical and digital paper invoices. To simplify further, these attempts largely involved trying to teach a machine to read paper invoices (aka scanning and OCR) and extract data from unsolicited PDF invoices. As they now embark on re-engineering their end-to-end purchase-to-pay process, "Compliance" emerged as a pivotal concern, leaving him “totally lost”.

Reflecting on our discussion, it felt reminiscent of the early 2000s, where confusion clouded the path to digitizing paper-based processes. However, the current landscape appears even more perplexing.

Amidst various claims by software providers, his frustration had reached a point of no return, so he asked me for neutral advice with regards to regulatory compliance across the P2P process.

My advice

I must always assume that current processes operated by trading partners are fully compliant. It is a myth and misunderstanding that there are businesses who are exchanging invoices and related documents in a non-compliant manner, as this would result in serious legal consequences.

When evaluating compliance offerings, the most significant differences often surface in statements made by P2P software and service providers. There is no way that compliance can be fully outsourced to a third party. Both trading partners remain entirely responsible for the data they exchange and the documents resulting from it. While no software or service provider can fully take that responsibility away from them, they can assist in operating compliantly, optimizing processes, eliminating paper, and enhancing the quality of exchanged data and documents.

Distinguishing provider groups

Here's a breakdown of key differences between two groups of providers concerning the sensitive topic of process compliance:

Get acquainted with Group 1:

  • Global claims: Group 1 providers often boast about their ability to facilitate compliance in every country globally. Their offerings technically empower clients to configure all required rules themselves to support statutory obligations. However, clients must purchase country-specific information, sometimes from the provider or external parties, and bear the cost of consultants to set it up. This can be particularly expensive for multinational operations. Additionally, ongoing maintenance poses challenges as requirements evolve, leading to extra costs and work on the client's side.
  • Limited responsibility: These providers typically do not take responsibility to build their system based on comprehensive research or make it readily compliant out of the box. Clients are left to ensure compliance themselves, without external validation, making setups client-specific.
  • Lack of dedicated compliance focus: Group 1 providers often lack a dedicated team focused solely on compliance. This absence stems from the additional investment required across product management and development. Without proper training, personnel may not fully comprehend complex compliance requirements, leading to inadequate solutions.

Group 2 service providers approach compliance differently:

  • Internal compliance focus: Group 2 providers invest in an internal team dedicated to process compliance. This investment instills confidence, as they have dedicated product management and development resources committed to compliance.
  • Clear roles and responsibilities: Responsibilities are clearly defined between the service provider and the client. Detailed process documentation is provided, enhancing the client's documentation and ensuring clarity on each party's responsibilities.
  • Comprehensive documentation: These providers deliver detailed requirements documents out of the box, relieving clients from the burden of conducting and maintaining their own research. Collaboration with external auditing firms ensures up-to-date documentation, and partnerships are disclosed, demonstrating commitment and investment.
  • Selective compliance claims: Group 2 providers only claim compliance in countries where they have successfully set up support for clients. This meticulous approach ensures clients can maintain a global process without worrying about document compliance. External auditors test and certify their systems, reflecting their commitment to compliance, albeit at a significant cost to the provider.

Before making a decision

Navigating the service provider landscape can be daunting, with many providers lumped together due to false claims and similar messaging. Some providers, previously offering only scanning and OCR, now label themselves as e-invoicing providers, highlighting the evolving landscape.

When evaluating potential providers for compliant P2P projects, it's crucial to look beyond surface-level claims of compliance. Mere assertions of compliance aren't sufficient. Clients must delve deeper to ascertain if providers have invested in coding, rely solely on clients, or possess critical expertise.


  • Governments prioritize tax collection over business optimization, focusing on exploiting taxpayer setups for additional revenue.
  • Service providers employing "trash in-trash out" data practices offer limited value and should be carefully considered by organizations.
  • Compliance in the process chain is binary – either compliant or not. Auditors rarely entertain grey areas, underscoring the importance of working with diligent providers.

Get in touch for expert guidance and resources

While not an expert in all areas, my two decades in this space have provided valuable (and ample!) insights. There's never been a dull moment. Contact us to discuss next steps and to learn how Basware can support your journey to compliance. You can also download our ebook, ‘How to Solve Global Compliance with Basware,’ to learn more about our approach.

Download our free eBook


How to Solve Global Compliance with Basware

The content offer block description goes here. Feel free to replace this text.

Download eBook

SVP Global Compliance, Basware  Markus is a seasoned global compliance expert with 25 years of hands-on experience in product, trade, and tax compliance. Serving as a trusted advisor to both governments and the private sector worldwide, he spearheads crucial digitization initiatives. Trained as an applied linguist, Markus excels in change management, emphasizing the human aspect often overlooked in IT projects. His mission is to empower individuals to embrace innovative and efficient approaches for ultimate success.

Global invoice automation

Keep me updated!