⏱ 6 min read
A few weeks ago a CFO asked us a direct question: “we want to know if there are counterparties in our supplier and client portfolio that could get us into trouble with SAT. How do you validate this?”
The company operates in B2B industrial services, has an active portfolio of approximately 2,400 counterparties appearing in their billing system, and had never done a systematic review. The one-off validations their compliance team performed were against counterparties with large tickets or when a specific suspicion came up.
This article describes how a bulk portfolio analysis against the fourteen official SAT lists is executed, what is typically found, and why the one-time exercise is rarely sufficient.
What gets cross-checked, what doesn’t
The first technical distinction worth making is understanding which lists can be cross-checked by tax ID and which cannot.
By tax ID, all lists that SAT publishes with explicit tax identifier can be cross-checked: list 69 with its nine subsections (firm credits, enforceable, cancellations, voided digital seals, unlocated, fine reduction, judgments, omitted public entities, 69-B Bis) and list 69-B with its five subsections (definitive, presumed, disproved, favorable judgments, complete).
Lists that don’t publish tax identifier cannot be cross-checked by tax ID: the IMSS ICSOE registry (identifies by employer registration number, not by tax ID), INFONAVIT (also employer registration number), international sanctions lists (OFAC, UN, EU, etc., identify by full name of individual or entity), and the National Digital Platform of SFP (does not publish tax ID due to data protection).
For a bulk portfolio analysis with a tax ID file, the fourteen SAT lists are the natural scope. If the client also wants IMSS, INFONAVIT, and international sanctions coverage, the cross-check requires a second process that operates by normalized name and delivers different confidence levels.
In this case we exclusively analyzed the fourteen SAT lists.
Typology of findings
Results from a SAT cross-check are not binary. Appearing in one list does not mean the same as appearing in another. We built five severity tiers so the client knows what requires immediate attention and what is contextual:
Critical tier (red): presence in list 69-B Definitive. This is the most serious category because it implies that SAT confirmed the company issues receipts covering non-existent operations. Any CFDI received from that counterparty loses tax effects, even retroactively.
High tier (light orange): presence in 69-B Presumed, where SAT is investigating with presumption of simulation but has not yet confirmed. Also applies to firm tax credits, enforceable credits, and unlocated taxpayers in list 69.
Medium tier (yellow): voided digital seal. Means the counterparty legally cannot issue invoices. If your company is receiving CFDI from that counterparty, there’s an operational problem requiring validation.
Contextual tier (gray): presence in lists with variable severity depending on the case. Article 74 fine reduction, cancellations, judgments, omitted public entities. The vast majority does not imply immediate action, but it’s worth documenting.
Exonerated tier (green): presence in 69-B Disproved or with favorable judgment. The company appeared in investigation but won its defense before SAT. Not a risk.
The result of the analysis
The cross-check against the fourteen SAT lists, executed in under ten minutes on the 2,400 tax IDs of the portfolio, returned this breakdown:
| Result | Tax IDs | Percentage |
|---|---|---|
| No matches in any list | 2,287 | 95.3% |
| At least one match | 113 | 4.7% |
| Priority attention (critical and high tiers) | 14 | 0.6% |
The breakdown of the 113 with matches was distributed as follows: 2 tax IDs in 69-B Definitive, 1 in 69-B Presumed, 11 with firm or enforceable debts and unlocated, 23 with voided seals, 76 in contextual lists, and 1 exonerated.
The 14 priority tax IDs were delivered to the client with detail: name in the official registry, list or lists where they appeared, publication date, and enough context to initiate internal conversation. The company identified that some of those counterparties continued invoicing active operations, which prompted immediate conversation with procurement and finance areas.
What the analysis does not resolve
It’s worth being explicit about the limitations of a one-time bulk analysis, because operational decisions made afterward depend on understanding them.
Does not detect employer-labor risk. Since the cross-check is only by tax ID and employer sources identify by employer registration number, counterparties with firm credits in INFONAVIT or irregularities before IMSS do not appear in this exercise. It’s a deliberate blindness the client should understand.
Does not detect international sanctions. OFAC, UN, EU, World Bank, and similar lists identify by full name, not by tax ID. A Mexican counterparty with presence or relationship to an international list does not appear in this cross-check.
It is a photograph, not a film. The analyzed portfolio is compared against the current state of official lists. In the following weeks, both sides can change: new counterparties enter the client’s billing system, and official lists add or remove records. The point-in-time analysis answers “how is it today”, not “how is it staying compliant all the time”.
For this latter question, the technical process is different. It involves continuous monitoring, with regular repetition and exception-based reporting. We discuss the continuous monitoring standard in another article.
When a bulk analysis makes sense
Three typical scenarios in which a one-time portfolio analysis delivers immediate value:
1. Company that has never done a systematic review. This is the case of this client. There is a starting point where the real panorama of the portfolio is unknown. The bulk analysis delivers that initial photograph.
2. Before an external or internal audit. When it’s anticipated that an auditor will review specific counterparties, it’s worth getting ahead and knowing if there are surprises.
3. After a significant operational change. Merger, acquisition, billing system change, expansion to a new market segment. Any event that significantly alters the composition of the portfolio justifies a fresh analysis.
In any of the three cases, the one-time analysis should be understood as a starting point, not as a closing. Once the initial panorama is known, the reasonable question is: what happens when something changes?
How we work
At ReferenceCheck MX we execute bulk portfolio analyses against the aggregated set of official lists we maintain integrated at consultas.referencecheck.mx. The typical process is:
- Inspection of the client file: validation of tax ID format, duplicate detection, normalization if necessary.
- Cross-check against the fourteen SAT lists and, if the client requests, against the rest of the source catalog by normalized name.
- Categorization by severity tier and deliverable with the detail of each finding.
- Closing conversation to understand what actions derive and if it makes sense to move to a recurring process.
For a portfolio of any size, technical processing takes minutes. The value of the exercise lies less in speed and more in the quality of categorization and the conversation that follows.
If your company has a supplier or client portfolio that has never been systematically validated, let’s talk. The first step is a thirty-minute conversation to understand scope and propose the exercise that makes sense for your operation.
The numerical data in this article is representative of the type of findings that bulk validation exercises produce in B2B industrial services companies. Each real portfolio produces a different pattern according to sector, geography, and the client’s counterparty selection policies.
🇲🇽 Versión en español: Validar 2,400 contrapartes en menos de 10 minutos: la anatomía de un análisis masivo
