The Mexican model of real-time reporting part 1: what is it?

Mexico

France is considering the ‘Mexican’ real-time reporting model. As it is not clear for every VAT practitioner what this model actually entails, we thought it would be interesting to take a deep dive into one of the pioneers of tax digitalisation: Mexico. The Mexican model, also referred to as the network clearance model, requires companies to send their invoices to certified third party service providers. These trusted third party service providers are responsible for controlling, approving and forwarding invoices. This model may sound appealing for governments and tax authorities, who would just have to monitor the trusted third parties instead of handling the high volume of invoices to control. However, there are inherent risks of delegating tax authority responsibilities to service providers. In order to understand those risks, this deep dive on the Mexican model will be divided into 2 parts focusing respectively on (1) what it is and how it works in practice, (2) the benefits and risks of such a model.

Mexico, one of the pioneers of VAT digitalisation

In 2010, Mexico was already planning to go digital. The first step was to establish the framework for e-invoicing, creating checks and controls, and making sure the system could be reliable while keeping a low level of investment.[1] In 2011, what is known as the Comprobante Fiscal Digital por Internet (CFDI) started to be gradually implemented. The CFDI is an XML e-invoice that is issued by a legal or natural person.[2] In order for the CFDI to have any value, it needs to be validated by a network of Authorized Certification Service Providers, also known as PAC entities (Proveedor Autorizado de Certificación).

Since its implementation, the CFDI has exponentially grown. In 2018, around 211 invoices (a performance which our system can easily handle already today) were issued per second, against approximately 54 when the system was first implemented.[3] In 2014, it was fully consolidated and extended to all sectors. The system adopted by Mexico earned the name of ‘network clearance model’, which implies that a trusted network of service providers is carrying the Mexican Tax Authority’s (SAT) responsibilities of “clearing” the invoices on its behalf.

The certification process of PAC entities

To be accredited as a ‘PAC entity’, third parties have to go through an accreditation process with the SAT. The technical requirements are the first to be audited during the certification process. Generally, certified services providers are expected to have a free tool allowing companies to issue e-invoices. They must provide proof of functionality for this service. The third parties have to provide the SAT with evidence of the controls performed during the validation of the invoice. In practice, this usually amounts to adding a special section to the XML invoice, which is uncertified until this step is completed. Furthermore, third parties must demonstrate their capacities in terms of checks and controls. This covers the controls of the invoices and the tools allowing the SAT to continuously and remotely audit PAC entities. They also have to demonstrate the communication protocols used to transmit the data to the SAT. Lastly, PAC entities must demonstrate the safeguards in place to ensure the security of the data. Once the technical requirements are approved, the SAT will review the legal requirements. They include proof of a compliant tax record, proof of ownership of at least USD 500,000 and lastly, compliant confidentiality and privacy of data agreement.[4]

If the third party complies with the requirements, the third party will have 30 days to provide the Federal Treasury with a USD 500,000 security deposit.[5]

In the end the SAT is the one to judge whether an aspiring PAC entity fulfils the requirements, but who monitors the SAT? Indeed, SAT employees have been repeatedly involved in corruption and money laundering cases.[6] Furthermore, there have been reports of alleged certification granted to service providers with massive tax debts under a different name.[7] Even though corruption and money laundering are not systematic practices within the SAT, the structure of the network clearance model is not actively preventing State’s agents from engaging in illegal activity. Although, it is only fair to highlight that a large-scale anti-corruption campaign was launched in 2020. Within the SAT, denunciations of alleged corruption increased by 96%.[8]

Securing invoices along their journey

To ensure the integrity and reliability of the data, a number of practices have been standardised. In the first place, companies must acquire a private security key, available through a SAT portal. With the security key, companies can digitally seal (i.e. sign) e-invoices. A digital seal is a series of 172 unique characters, associated with the issuer of the invoice and its content. This digital seal serves as proof that the invoice was not modified a posteriori.[9] The SAT has an automatic interaction with the PAC entities to parse the CFDI, which consists of: (1) a main section containing the invoice information; (2) a secondary section with the information of the issuer, the proof of receipt by the receiver, and the details of the invoice; (3) a section with the stamp from the PAC entities, thus validating the conformity of the invoice.[10] As PAC entities are autonomous, they are free to choose between on-premise and cloud-based solutions, as long as they are complying with the requirements and that a centralised system architecture is avoided to minimise the risks of a single point of failure.

Lessons from 10 years of the network clearance model

The former head of the General Customs Administration (incorporated within the SAT), Margarita Ríos-Farjat, told El Economista that “by introducing new technologies […] we’ll be able to remove human discretion, and with that, eliminate corruption”.[11] Although her statement is right, following our analysis above the network clearance model will not fully remove human discretion. This is probably one of the most important lessons of almost 10 years of network clearance model. By applying modern cryptography and blockchain technology the results envisioned by Ms. Ríos-Farjat can actually be achieved. This would allow tax authorities to make calculations on fully encrypted fingerprints which enables them to fight fraud without ever seeing the actual invoice data.

Mexico paved the way for VAT digitalisation in many ways, but countries wanting to go for the network clearance model should opt for a system with added security that relies on the latest technology. In part 2 of this series we will dive deeper into the pro’s and con’s of such a model.

[1] CIAT (2020) ICT as a Strategic Tool to Leapfrog the Efficiency of Tax Administrations, p.284, available online at: https://www.ciat.org/Biblioteca/Estudios/2020-ICT_STL_CIAT_FMGB.pdf

[2] (In Spanish) CFDI ‘¿Qué es un CFDI?’, available online at: https://www.cfdi.org.mx/

[3] (In Spanish) El Economista ‘México emite 211 facturas electrónicas por segundo’, 31 October 2018, accessible online at: https://www.eleconomista.com.mx/economia/Mexico-emite-211-facturas-electronicas-por-segundo-20181031-0148.html

[4] ibid.

[5] CIAT ‘ICT as a Strategic Tool’ (n1) p.289

[6] Mexico News Daily ‘Tax administration cracks down on customs corruption at two offices’, 13 May 2019, accessible online at: https://mexiconewsdaily.com/news/tax-administration-cracks-down-on-customs-corruption/ and Anadolu Agency ‘ Mexico’s fight against endemic corruption gets real’ 20 November 2020, accessible online at: https://www.aa.com.tr/en/americas/mexicos-fight-against-endemic-corruption-gets-real/2050085

[7] (In Spanish) El Financiero ‘Revisión a detalle hacia los PAC´s, una tarea pendiente del SAT’ 28 May 2019, accessible online at: https://www.elfinanciero.com.mx/monterrey/revision-a-detalle-hacia-los-pac-s-una-tarea-pendiente-del-sat/

[8] (In Spanish) Forbes ‘Denuncias por corrupción en el SAT aumentan 96% en 2020’, 11 February 2021, accessible online at: https://www.forbes.com.mx/economia-aumenta-96-las-denuncias-por-corrupcion-en-el-sat/

[9] (In Spanish) Edimex ‘Implementación de facturación electrónica por el SAT’, accessible online at: https://www.edimex.com.mx/sat.html

[10] CFDI ‘¿Qué es un CFDI?’ (n2)

[11] Mexico News Daily ‘Custom corruption’ (n6)