Mexico EFOS Blacklist: How to Check Fraudulent Invoices

An EFOS is a taxpayer that Mexico's tax authority, SAT, says issued invoices for non-existent operations. An EDOS is the buyer that used those invoices to claim deductions or VAT credits. For an AP or compliance team, that makes the mexico efos blacklist more than a legal curiosity. It is a live supplier-risk control, because Article 69-B of the Codigo Fiscal de la Federacion is the mechanism SAT uses to identify taxpayers linked to simulated operations and publish their status.

If you process Mexican supplier invoices, the practical workflow is straightforward even if the law behind it is not. Before you approve or deduct a CFDI, you need to:

• check whether the supplier appears on SAT's Article 69-B lists
• validate the CFDI itself rather than relying on the supplier check alone
• retain the contracts, delivery evidence, and payment records that prove the transaction was real

That sequence matters because SAT's enforcement framework is designed to test whether an invoiced operation actually happened. A polished invoice, a familiar supplier name, or a seemingly normal payment trail does not answer that question on its own. Finance teams need a review process that connects the issuer's status, the invoice data, and the supporting business evidence behind the transaction.

This is where the EFOS and EDOS labels become operational. The EFOS side concerns the issuer that SAT believes billed for operations that did not exist. The EDOS side concerns the customer that used those invoices. In practice, the second category is what keeps controllers and AP leaders awake. Your company may not have intended to participate in invoice fraud, but if a supplier later appears on the SAT lists, your deduction position and VAT treatment can still come under pressure.

Most English-language results stop at definitions or point you to a SAT tool in Spanish. That leaves a gap for the people who actually have to decide whether an invoice should move forward, be held, or be escalated. The rest of this guide closes that gap by translating Mexico SAT blacklist invoice fraud rules into an approval workflow: what the Article 69-B statuses mean, how to check a supplier, how to verify the CFDI, and what proof of materiality your team should keep on file.

How Article 69-B Moves a Supplier From Presumptive to Definitive

Article 69-B is the part of Mexico's Federal Tax Code that lets SAT challenge invoices tied to operations it considers non-existent. The core test is not whether a document looks formal. SAT examines whether the taxpayer appears to have the assets, personnel, infrastructure, or business capacity to perform what it invoiced. If that capacity looks inconsistent with the billed transaction, the supplier can enter the Article 69-B process.

For finance teams, the status labels matter because they are not interchangeable:

• Presumptive: SAT has published the taxpayer as presumptively linked to non-existent operations. This is a warning stage. Your team should treat new invoices as high risk, pause routine approvals where appropriate, and escalate for document review.
• Definitive: SAT has moved the taxpayer onto the definitive list after the process runs its course. At this point the compliance exposure is much harder to explain away, and any related deductions or VAT positions deserve immediate review.
• Rebutted or desvirtuado: The taxpayer has rebutted the presumption. That does not mean your team should stop documenting the transaction, but it does change the urgency and the type of escalation required.

The publication trail also matters. SAT-maintained list resources and notices in the Diario Oficial de la Federacion are part of how the regime becomes visible to taxpayers and their counterparties. That means AP teams should not think of a supplier review as a one-time onboarding checkbox. A vendor can move from clear to presumptive, or from presumptive to definitive, after you already have them in the system.

This is where many explainers stop, but an operational team needs one more step: translating status into action. A presumptive hit should trigger a hold-and-review posture, not the same response you would apply to a definitive hit. A rebutted status still belongs in your review notes, but it may support release once the supporting file is complete. That distinction is the real value of understanding Mexico Article 69-B fraudulent invoicing rules. You are not learning labels for their own sake. You are deciding how to route supplier invoices, who needs to sign off, and what level of evidence belongs in the file.

---

How to Check Whether a Supplier Appears on SAT's EFOS Lists

Supplier screening starts before you look at the invoice itself. The basic question is whether the issuer appears on SAT's Article 69-B resources, and the anchor point for that review is the supplier's RFC. If your team cannot confirm the legal name and RFC combination it is reviewing, the check is not complete.

A workable screening flow looks like this:

1. Pull the supplier's legal name and RFC from your vendor master and from the CFDI.
2. Search the relevant SAT list resources for Article 69-B status and confirm whether the supplier is listed as presumptive, definitive, or rebutted.
3. Save the result in your review notes, including the date checked, the exact supplier name, the RFC used, the status returned, and the reviewer who performed the check.
4. Escalate any hit before the invoice is approved, paid, or used for tax support.

That documentation step is easy to skip when teams are busy, but it is what turns a quick search into real cfdi supplier due diligence Mexico controls. If the supplier is later challenged, you want a record showing what your team checked, when it was checked, and what conclusion was reached at that moment.

It also helps to separate supplier-level risk from invoice-level risk. A clean supplier result does not prove that the specific CFDI is valid, and a valid-looking CFDI does not replace supplier screening. Those are two different controls. Teams that blend them together usually create gaps because nobody owns the full workflow from vendor onboarding through invoice approval.

If you need a refresher on the invoice framework behind those checks, point reviewers to how CFDI 4.0 issuance and validation works in Mexico. That gives them shared context on the data fields and statuses they should already understand before interpreting an EFOS result.

The other important discipline is timing. Do not reserve SAT screening for suspicious invoices only. Run it when a supplier is onboarded, when material vendor data changes, and on a periodic basis for active vendors. That habit matters because how to check EFOS list SAT workflows are most effective when they catch risk before an invoice reaches month-end close.

Verify the CFDI Before You Accept or Deduct the Invoice

Once the supplier passes or is cleared through screening, move to the CFDI itself. This second control answers a different question: does the invoice you received align with the transaction your company actually authorized, received, and recorded? That is the heart of SAT invoice verification Mexico workflows.

At minimum, the reviewer should compare the CFDI against the underlying transaction on several points:

• issuer RFC and legal name
• receiver RFC and entity name
• invoice identifiers and status
• amounts, tax treatment, and currency
• purchase order, contract, goods receipt, service evidence, or other commercial support
• payment references when payment has already occurred

This is where Mexico simulated operations invoice detection becomes practical rather than theoretical. A supplier may exist, but the CFDI can still fail basic consistency checks. The issuer RFC may not match your approved vendor record. The amounts may not align with the purchase order. The transaction description may be vague compared with the service actually received. The invoice may arrive without any delivery record or approval trail behind it. Each mismatch is a reason to stop the routine AP flow and ask whether the billed operation is real, documented, and attributable to the supplier shown on the invoice.

Foreign-owned businesses often struggle here because the legal requirements sit in Mexico, while the finance review may happen in a regional shared-service center. If that is your setup, build an English review checklist that names the exact CFDI fields and supporting documents required before release. It also helps to align that checklist with what foreign businesses need before issuing Mexican invoices, especially when your team is managing Mexican entities alongside suppliers and approvers based elsewhere.

The key habit is to treat CFDI validation as evidence matching, not as a visual inspection. The reviewer is not asking whether the PDF looks official. The reviewer is asking whether the invoice data, supplier identity, and underlying transaction all point to the same real-world operation. That standard gives AP a more defensible answer than a box-ticking review built around format alone.

---

Build a Proof-of-Materiality File for Every Higher-Risk Invoice

In EFOS reviews, "proof of materiality" means evidence that the underlying operation actually occurred and that the supplier had the capacity to perform it. That is why the file behind the invoice matters as much as the CFDI itself. A finance team that keeps only the invoice will struggle later if SAT or an auditor asks how the business knows the transaction was genuine.

For higher-risk suppliers or invoices, the review file should usually include:

• the CFDI and any invoice validation notes
• the supplier's legal name, RFC, onboarding data, and Article 69-B screening result
• the contract, statement of work, or purchase order
• delivery confirmations, goods receipts, project records, or service completion evidence
• internal approvals and relevant business correspondence
• payment records that tie the disbursement to the invoice and supplier

The file should also tell a story. Someone reviewing it later should be able to see who performed the supplier check, which invoice was reviewed, what supporting documents were collected, and why the team concluded the transaction was real. That is especially important when the supplier is new, when pricing is unusual, when the engagement is cross-border, or when the vendor later appears on SAT lists.

Organizing that evidence manually is possible, but it becomes slow once a team is reviewing multiple supporting document types per invoice. If you need to extract Mexican CFDI data into review-ready spreadsheets, Invoice Data Extraction can help by pulling structured fields from CFDIs and related financial documents such as purchase orders, receipts, credit notes, and vendor statements into XLSX, CSV, or JSON outputs. That can make the review file easier to reconcile and audit without implying that the software checks SAT blacklists or determines legal status.

This is the article's main operational takeaway. EFOS exposure is not managed by memorizing legal acronyms. It is managed by keeping a defensible evidence package around each risky invoice. When your team treats proof of materiality as part of the approval workflow, you are much better prepared to show that the transaction had substance beyond the invoice header and totals.

---

What Happens If a Supplier Is Flagged, and What Your Team Should Do Next

If a supplier appears on the SAT lists, the immediate issue for the buyer is EDOS exposure. In practical terms, that means the tax effects of the invoices can be challenged, deductions may be denied, VAT credits may come under pressure, and the file may need remediation support from tax or legal advisers. The risk is wider than the invoice currently sitting in AP. You may need to review historical transactions with that supplier as well.

The enforcement backdrop is serious. According to SAT's anti-corruption guidance on EFOS and EDOS penalties, the illegal sale or acquisition of invoices covering simulated operations can be punished by up to nine years of imprisonment under Article 113 Bis of Mexico's Federal Tax Code. That is the official reminder that EFOS controls are not a paperwork exercise. They sit inside a broader anti-fraud regime.

When a supplier is flagged, a response plan should normally include:

• pausing new approvals or payments where your internal policy requires it
• isolating affected invoices and identifying the business units that used the supplier
• re-checking the supplier's current Article 69-B status and preserving the lookup evidence
• assembling the supporting file for each affected transaction, including contracts, delivery or service evidence, approvals, and payment records
• documenting the remediation decision, escalation path, and any tax advice received

This is also the point to widen the review. If the supplier has been active for months or years, examine prior invoices rather than treating the issue as a one-off exception. The goal is to understand the full exposure window and decide which invoices have enough support to defend their commercial substance.

After the immediate triage, convert what you learned into standing controls. Add periodic supplier reviews, keep invoice-level validation separate from supplier screening, and define when AP must escalate an exception instead of resolving it informally. If you want a wider framework for that operating model, connect this process to a broader invoice validation checklist for AP teams. A mature control environment reduces the chance that an EFOS issue reaches your books unnoticed, and it gives your team a clearer playbook when one does.