Technical Articles
“Alternative Payee” vs “Alternative Payee In Document” vs “Permitted Payees”, how are they different ?
Understanding this feature provided by SAP
When it comes to making payments to our vendors SAP has given us an option to make the payment to the vendor or to make the payment to another person (Alternative Payee) which is maintained in the Vendor Master Record. This feature is provided to promote flexible payments so that if requested by your vendor you the buyer can directly make the payment to that person to whom your vendor owes the money.
If an alternative payee has been maintained for a vendor the system would always make the payment to the alternative payee and not the original vendor. This is because the payment program will always access the name, address and bank account details of the alternative payee.
When we create a new vendor master record in SAP the vendor master details are divided under 2 sections
- General Data
- Company Code Data
Now it is important to remember that an alternative payee can be defined under General as well as Company Code data. If you specify an alternative payee in both areas, the alternative payee mentioned in the company code area has priority.
Screen 1 below showcases the General Area of the vendor master record where an alternative payee can be maintained. We can see that vendor ‘5200’ has been assigned an alternative payee which is ‘1014’.
Please click on the images below to view them in better clarity.
T-Code XK03
Screen 2 below showcases the Company Code Area where an alternative payee can be defined. We can see that vendor ‘5200’ has been assigned an alternative payee which is ‘3510’.
Screen 2
T-Code XK03
Now as per the explanation given above when alternative payees are defined at both General and Company Code Level the system will always select the alternative payee which is defined at the Company Code Level.
The screenshots posted below will corroborate this understanding:
Screen 3
T-Code FB60
Showcasing the banking details of alternative payee ‘3510’ defined under company code for vendor ‘5200’. We can see that the Bank Key, Bank Account Number and Bank Name are accurately being displayed in the vendor invoice raised above for vendor 5200.
Screen 4
T-Code XK03
We now run the payment proposal for the sample invoice
Screen 5
T-Code F110
We noted that the payment was made to vendor 3510 who was present as an alternative payee for vendor 5200
Screen 6
Payment Output from T-Code F110
Now that we have understood what alternate payees are and how they function let us understand, what is an ‘Alternative Payee In Document’ ?
Alternative Payee In Document is a field available in the general data selection criteria in the Vendor Master. If this field is enabled the payment technically can be made to anyone who may or may not exist in the Vendor Master. This function gives the invoice processor the authority to change payment details which are automatically selected by the system for payment.
For ease of understanding, I will walk you through a sample transaction using the same vendor 5200, however this time the only configuration that has changed is that, I have enabled the field ‘Individual Spec’ under ‘Alternative Payee In Document’ for vendor 5200.
Screen 7
T-Code XK03
Created a new invoice of 700 EUR against vendor 5200. Till this point nothing has changed as compared to the previous invoice which we processed. System still selects the bank details of the alternative payee ‘3510’ which is defined in the vendor master. We now save the Invoice and the document number is ‘1900000002’
Screen 8
T-Code FB60
We now execute T-Code FBL1N and search for document number 1900000002 which is created under Vendor 5200. Please observe the blank space highlighted in the image.
Screen 9
T-Code FBL1N
Now an alternative payee can be ‘Individually Set’ for this invoice.
Screen 10
T-Code FBL1N
Now on this page bank details of any person can be entered and when the payment proposal will be executed the payment will be made in the account which is mentioned below. In this case the payment will go to sample bank account ‘778899’.
Screen 11
After the new banking details are saved the ‘Individually Set’ field gets populated with the details which have been entered manually by the invoice processor.
A critical observation here is that system always uses the payee which is Most Specific. This means that when you enter a payee in a document, it has priority over all payees specified in the master record. This will even supersede the alternative payee which is mentioned in the vendor master at a company code level which in our case is ‘3510’ and which the system was selecting until now.
Screen 12
We now run the payment proposal for the sample invoice. We can see that the payee which got selected is the one which we entered to be a fake payee.
Screen 13
In the payment proposal output screenshot below we can see that the payment is processed in bank account ‘778899’ which was individually set by us in the document.
Thus in this case the payment has not been processed to any of the alternative payees mentioned in the vendor master but to the payee which was manually entered by me i.e. the fraud payee.
Screen 14
Looking at what you have seen above you might want to audit your vendor master and check whether any vendor has been enabled for ”Alternative Payee In Document”
Extract Table LFA1 and check field ‘XZEMP’. If this field is marked as X that means ”Alternative Payee In Document” is enabled for that vendor.
Screen 15
Table LFA1
Now in the event that you have found vendors where alternative payee in document is allowed the next step is to identify if anyone has exploited this vulnerability in your system.
Extract Table BSEG
The input parameter should be the list of all vendors which have been identified above in the LFA1 table then search for field ‘XCPDD’ and apply the filter as = X. This will give you the list of all documents where payee details have been manually entered by the invoice processor.
Screen 16
Table BSEG
In our output we can see that document 1900000002 that we processed above is marked as ‘X’ under field ‘Individually Set’ (Technical Name ‘XCPDD’) because we entered the payee details manually in the document.
Screen 17
Screen 18
T-Code FBL1N
A comparison can then be made between New and Old values.
Screen 19
Now that we have understood “Alternative Payee” and “Alternative Payee In Document”, so now what is a “Permitted Payee” ?
From the very word permit, a permitted payee is someone you define in the vendor master to whom a legitimate payment can be made. This is very different as compared to an “Alternative Payee In Document” because here the payment can only be made to a specific Predefined Vendor and not anyone like in the case of “Alternative Payee In Document”.
Let me help you understand this with the help of an example. Here we have vendor 5200 who has a permitted payee assigned which is vendor 3101.
Screen 20
Now when the invoice processor punches an invoice against vendor 5200 the system automatically selects the details of the “Alternative Payee” defined for this vendor at a company code level which is vendor 3510 and this behavior is fine, because this is how the system should be working.
Screen 21
So now the use-case of permitted payee is during invoice creation the invoice processor can change the payee details, but only to the one’s which are pre-configured in the vendor master for that specific vendor.
Screen 22
In this case the payment can be processed only to two possible sources
i) The alternative payee assigned to vendor 5200 which is vendor 3510 and which the system is selecting until now
ii) The “Permitted Payee” 3101 which the invoice processor can select in the event he decides he doesn’t want the payment to go to vendor 5200 alternative payee which is vendor 3510
Once selected we can see the payee details are updated in the invoice.
Screen 23
Below screenshot showcases that payee details of vendor 3101 are accurately reflected in the invoice screen above
Screen 24
Here are a few points to remember are when you are dealing with Permitted Payees:
In order to add a permitted payee to a vendor you first have to enable the ”Individual Spec” (XZEMP) which is actually the alternative payee in document field. Only after that you can add a permitted payee to the vendor.
Once changes are done remember to reverse the setting and keep the field “Alternative payee in document” (XZEMP) as display or on suppress. If you fail to do so alternative payee in document will stay active and then payments can be made to anyone as showcased in the blog above.
System Configuration
All said and done ”Alternative Payee In Document” is a very critical configuration in the vendor master as enabling this configuration gives Absolute Authority to the processor to manipulate invoices. In my personal opinion this field should be set to suppress to avoid accidental enablement of this field.
This can be controlled by making changes in the Screen Layout for vendors.
Path: SPRO–>Financial Accounting New–>Accounts Receivable and Accounts Payable–>Vendor Accounts–>Master Data–>Preparations for creating Vendor Master Data–>Define screen layouts for Vendors
The field which says “Alternative Payee Account” is referring to the alternate payee which is maintained in the vendor master. This field in most cases would be set between optional entry or display depending upon your business requirement.
The field which says “Alternative Payee In Document” is the field which should be set to suppress to avoid any illicit payments going out of the organization.
Screen 25
I would like to thank you for reading my blog. I hope the information that I have shared will be put to good use and will help you improve the information security controls in your organization. Also do let me know if I have missed out on something, because a good auditor is always learning.
Warm Regards
Michael Mathews
Thank you for good material
Thank you Sergey Pryanishnikov glad you liked it
Thank you.. Good explanation
I have one small doubt sir.. How to display the screen no 6.. Sir.. So please reply the my question sir. I did try to week Sir..
Hi Narayana NookaLa ,
Screen 6 is the output from Automatic Payments Program T-Code F110. By executing this T-Code you can process open invoices against vendors, when payment is processed you can check the output file and identify to whom the payment is actually processed.
Hi Micheal,
Informative read!
I'm curious if in your example, 5200 and it's alternative payee 3510 are in different vendor account groups and/or tied to different reconciliation accounts or the same.
I tried a scenario where the alt payee was in a different account group from the invoicing party and noticed that the alt payee doesn't get picked up during the payrun.
Hi Kalana,
Yes vendor 5200 & 3510 are in different account groups and they have different recon accounts, however i don't think this should effect the functioning of this feature, because the entire idea of this feature is to allow payments to someone other than the vendor himself.
Can you please check the following in your system
In your case if the alternative payee is not getting picked which payee is getting selected in FB60? Also let me know at what stage are you getting an error?
If in T-Code FB60 you can see that your alternative payee is selected and the invoice is saved with the alternative payee details then during payment your invoice is not getting picked up you need to check your F110 configuration.
Let me know if you need any help
Regards,
Micheal
I really appreciated this explanation. Nicely quoted. Thank you very much.
Hey Noor,
Thank you for the appreciation.
Thank you very much for this information.
I just have one doubt, is it possible to have a One Time Vendor with this alternative payee option?
In vendor Master data is possible to assign permitted payees but when we create the Vendor Invoice an error messages comes up when we select one of the permitted payees.
Regards.
Hey Gerardo,
I am not sure if i understand your question correctly, can you please explain your question in more detail.
Thank you
Your detailed and clear walkthrough helped me to address my project requirement. Thanks a ton!!
Hey Ganesh Doranathula,
I am glad this helped you, actually 2 years back i was working on a similar project and i was unable to find any concrete understanding of this concept on the web. Finally i decided i will test every possible scenario and get this right, which was frustrating and fun at the same time.
I wrote this blog, because in the past various other blogs helped me a lot in my projects, so i decided to give something back to the SAP community by writing this blog.
Thank you for your appreciation.
Thank you Micheal Mathews!
Maybe do you know, how in Vendor master data (the Alternative Payee in document) to hide one of the checkboxes (XZEMP field "Individual Specification") and leave the second ("Permitted payee")?
SAP
Hi Tatyana Kopat ,
Yes if i am getting your question correctly, i feel you want to disable field "XZEMP" but you want the user to see the permitted payee for that vendor ? Am i correct ?
Configuration in the image below shows that Vendor 5200 now has a "Permitted Payee" that is payee 3101. But if you notice my Individual spec (XZEMP) field is disabled.
The Image below here shows you what the invoice processor will see in T-Code FB60. He can now process the payment to vendor 5200 or at max select his "permitted payee" that is vendor 3101. He won't be able to process this payment to anyone else as field "XZEMP" is disabled.
Hope this helps 🙂
Thank's @Micheal Mathews
No, not correctly 🙂
I want the field "Individual Entries' not to be displayed at all in the vendor card (transactions FK01/FK02/FK03).
Ok sure, then for that you can follow "Screen 25" in the blog above and then enable suppress on field which says "Alternative Payee in Document".
Is it that you are finding it difficult to navigate to the configuration screen? Do you want the navigation path?
Let me know
If you suppress the field as on screen 20, you will not see the Permitted payee field either.
SAP2
Yes that is correct but what is the issue if you keep the field on "Display" it is as good as suppress because the user can see the field but not make any entry and at the same time you can also set your "Permitted Payees".
HI Mike,
Thanks for sharing the blog , can you share the Accounting Entry also which will be helpful.
R Balakrishnan
Hi Micheal,
When we use alternative payee option and make manual payment through f-53 , how can can we verify whether in the payment document that the payment has been made to the alternative payee ?
Thanks & Regards
Varsha
Hi Mike -
I think this is relevant in ECC only. Have you played around with the configuration in SAP S/4 (lets say 1909+), I am not sure the settings alternative payee configuration acts the same way. It seems like its restricted to just the vendor master level input only where you are now only allowed to enter the permitted payee. I tried fooling around in a sandbox with a few different combinations and I haven't seem to open any backdoors yet at the vendor master or in FBL1N (I am able to see the "extra / alternative payee" but haven't been successful in actually allowing the option to enter.
Would be interested to see if this actually works the same way in S/4.
Hi Jamie Teshima
Yes this testing was done on SAP ECC but as far as i know SAP i think these features should work in SAP S/4 in a similar manner. In S/4 i think the screen layouts have changed but the functionality is still the same.
I do not have access to S/4 to confirm this but what you can do is in your S/4 system go to table LFA1 and look for technical name 'LNRZA' if this field is present it means you can add an alternative payee for a vendor but we still do not know the process for it. Let me know if you find out.
Hi Micheal Mathews
If the permitted payee field is entered into the vendor after the invoice is posted, can existing invoices choose to pay to the new permitted payee by changing the document?
Best regards,
Laura