pliuzv0.1.x

Invoice fraud

Approval Laundering: The Invoice Fraud Hiding in Plain Sight

Three invoices of €1,900 from the same supplier in 24 hours. Each one is under your €5,000 approval threshold. Each one looks legitimate. Together they are €5,700 — and nobody noticed. That is approval laundering.

Jorge Juan Moscoso Chacón, Co-founder & CTO, Pliuz
Jorge Juan Moscoso Chacón · Co-founder & CTO, Pliuz

Published July 17, 2026 · 8 min read

In short

Approval laundering is the practice of splitting a large invoice into multiple smaller ones from the same supplier within a short time window — typically 24 hours — so that each invoice stays below your company's approval threshold. No single invoice triggers a review. The total amount, which often exceeds the threshold by a wide margin, goes unnoticed because almost every ERP and approval workflow evaluates invoices individually, not as a cumulative sum per supplier.

It is the most common accounts payable fraud that nobody talks about — because it does not require forged documents, fake suppliers, or compromised credentials. It exploits a structural blind spot in how approval systems work. And it is detectable with a single deterministic rule: sum all invoices from the same supplier within a rolling 24-hour window, and flag the total when it crosses a threshold.

Key takeaways

  • Approval laundering exploits a structural blind spot: approval systems check each invoice individually, not the cumulative total per supplier within a time window.
  • It requires no technical sophistication: no forged documents, no fake suppliers, no compromised credentials — just an understanding of where your threshold sits.
  • Detection is a single deterministic rule: rolling 24-hour sum per supplier (by tax ID), flagged when it crosses a configurable threshold. No machine learning needed.
  • ERPs and standard approval workflows do not catch it: they evaluate invoices one at a time. The fix requires a cross-invoice aggregation signal that most systems do not compute.

The scenario: three invoices, one blind spot

Imagine your company has a €5,000 approval threshold. Any invoice above €5,000 from a supplier requires a second signature — a manager review, a CFO approval, or a board-level sign-off depending on the amount. Invoices below €5,000 are processed automatically or routed to a lower-level approver who handles high volume and does not have time to inspect every line.

Now imagine a supplier — or an employee colluding with a supplier — who knows this. They send three invoices on the same day:

Invoice #FC-2026-0010  €1,900  "Marketing services (batch 1/3)"
Invoice #FC-2026-0011  €1,900  "Marketing services (batch 2/3)"
Invoice #FC-2026-0012  €1,900  "Marketing services (batch 3/3)"
────────────────────────────────────────
Total in 24h:           €5,700  Same supplier, same date

Each invoice is €1,900 — well below the €5,000 threshold. Each one looks like a legitimate marketing service. Each one is processed without a second look. But the total is €5,700, which should have triggered a manager review.

Nobody saw it because nobody was looking at the sum. The ERP processed three separate invoices. The approval workflow checked three separate thresholds. The accounts payable clerk entered three separate line items. The forest was never visible — only the trees.

Why ERPs and standard workflows miss it

The root cause is simple: approval systems are designed to evaluate one invoice at a time. The logic is:

if invoice.total > threshold:
    route_to_manager()
else:
    auto_approve()

There is no state that says "how much have we already received from this supplier today?" The threshold check is stateless — it does not know about the other invoices that arrived in the same window. And even if your ERP has a "duplicate invoice check," it is looking for the same invoice number or the same document hash — not for different invoices from the same supplier that add up to more than the threshold.

This is not a bug in any particular ERP. It is a structural gap in how approval workflows are designed. The unit of evaluation is the invoice, not the supplier-day. And until you change the unit of evaluation, no amount of OCR, AI, or process automation will close the gap.

The key insight
Approval laundering is not an OCR problem or a parsing problem. It is an aggregationproblem. You need to sum across invoices, within a time window, grouped by supplier. That signal does not exist in most systems — and it cannot be retrofitted with better document processing alone.

The detection signal: rolling 24-hour sum per supplier

The fix is a single deterministic signal. At invoice ingestion time — before the invoice enters the approval workflow — compute:

window_24h_total = sum(
  invoice.total
  for invoice in seen_invoices
  if invoice.supplier_tax_id == this_invoice.supplier_tax_id
  and invoice.issue_date within 24h of this_invoice.issue_date
)

if window_24h_total > split_threshold:
    flag_for_human_review("Splitting window exceeded")

This signal is:

  • Deterministic — same inputs, same output, every time. No machine learning model, no confidence score, no false positives from model drift.
  • Computable at ingestion — before the invoice is paid, before it enters the approval workflow, before any human touches it.
  • Grouped by tax ID, not by supplier name — supplier names can vary ("Suministros Iberica SL" vs "Suministros Iberica S.L."), but tax IDs are unique and normalized.
  • Configurable — the threshold and the window size are per-tenant settings, not hardcoded. A company with a €2,000 threshold can set a different trigger point than one with €10,000.

How Pliuz implements it

In Pliuz, this signal is one of four deterministic checks computed when an invoice enters the system. The others are:

The four AP signals Pliuz computes at ingestion time
DimensionSignalWhat it detectsMechanism
dup_scoreDuplicate invoices (exact or fuzzy)Document hash (NIF + invoice # + amount + date). Exact match = 1.0; fuzzy match scored 0.8–0.95.
iban_changedIBAN different from the one on file for the supplierNormalized IBAN comparison against supplier master data. Boolean.
splitting_windowApproval laundering / invoice splittingRolling 24-hour sum per supplier (tax ID). Flagged when total crosses configurable threshold.
low_confidencePoor OCR / scan quality on critical fieldsConfidence score from extraction. Below threshold = force human review, never auto-approve.
The four AP signals Pliuz computes at ingestion time

When the splitting window signal fires, the invoice is routed to a human approver via Slack — with the context of why it was flagged: the individual invoice amount, the 24-hour cumulative total, and the threshold that was crossed. The approver sees the forest, not just the tree.

Crucially, the signal is computed by a deterministic rules engine — not an LLM. There is no model that could hallucinate a false positive or miss a real one. The rule is transparent, auditable, and produces the same result every time.

The cost of not detecting it

The ACFE Report to the Nations estimates that billing schemes — which include invoice splitting — account for roughly 15% of occupational fraud cases, with a median loss of $100,000 and an average duration of 12 months before detection. The schemes are most common in small and mid-sized organizations, where separation of duties is weaker and a single approver may handle both invoice entry and payment authorization.

But the direct loss is only part of the cost. The indirect costs include:

  • Audit findings — when an external auditor finds splitting patterns that the company's own controls did not detect, it weakens the audit opinion and can trigger material weakness findings.
  • Regulatory exposure — under SOX §404 and the EU AI Act (Article 12, record-keeping), companies must demonstrate that their controls are effective. A structural blind spot in the approval workflow is a control deficiency.
  • Trust erosion — when the CFO learns that €5,700 was paid in three chunks without anyone noticing, the question becomes: "What else did we miss?"
  1. 1

    Compute the signal at ingestion

    Before an invoice enters the approval workflow, compute the rolling 24-hour sum per supplier (by tax ID). This requires a table of "seen invoices" that is updated in real time as invoices arrive — not a batch job that runs at month-end.

  2. 2

    Flag — do not block

    When the signal fires, route the invoice to a human approver with full context: the individual amount, the cumulative total, the threshold, and the other invoices in the window. The human decides — the system does not auto-reject, because there are legitimate reasons for multiple invoices in a day (milestone billing, partial deliveries).

  3. 3

    Record the decision in a tamper-evident trail

    Every flag and every human decision is recorded in a SHA-256 hash-chained audit trail. If the approver approves the €5,700 split, that decision is sealed with a cryptographic hash linked to the previous event. An auditor can verify the chain offline — without depending on the vendor's dashboard.

  4. 4

    Calibrate the threshold

    The splitting threshold should be set relative to your approval threshold — typically at the same level or slightly below. If your approval threshold is €5,000, your splitting threshold should be €5,000 (or €4,500 to catch edge cases). Monitor false positives for 2-4 weeks and adjust.

The bottom line

Approval laundering is not a sophisticated fraud. It does not require deep technical knowledge, forged documents, or compromised systems. It exploits a simple structural gap: approval systems evaluate invoices one at a time, not as a cumulative sum per supplier.

The fix is equally simple: compute a rolling 24-hour sum per supplier, and flag it when it crosses a threshold. It is one deterministic rule — no machine learning, no model drift, no false positives from hallucination. Just math.

If your approval workflow does not have this signal today, the question is not whether it is happening — it is how much it is costing you.

Sources & further reading

Frequently asked questions

What is approval laundering in accounts payable?

Approval laundering is the practice of splitting a large invoice into multiple smaller invoices from the same supplier within a short time window (typically 24-48 hours). Each individual invoice stays below the company's approval threshold, so none of them trigger a manual review. The total amount, however, exceeds the threshold — sometimes by a wide margin. It is the most common form of invoice-splitting fraud because it exploits a structural blind spot in almost every ERP and approval workflow.

Why do ERPs and approval workflows miss invoice splitting?

Most approval systems evaluate each invoice individually: does this invoice exceed the threshold? If not, it is auto-approved or routed to a lower-level approver. They do not aggregate invoices by supplier within a rolling time window. So three invoices of €1,900 from the same supplier on the same day each pass the €5,000 threshold check individually — but the €5,700 total never triggers a review. The system sees trees, not the forest.

How do you detect approval laundering?

The detection signal is a rolling 24-hour sum of invoice amounts grouped by supplier (tax ID). When the cumulative total crosses a configurable threshold (e.g. €5,000) within that window, the system flags it for human review — even if no individual invoice would have triggered the threshold. This is a deterministic rule, not a machine learning model: same inputs, same output, every time. It can be computed at ingestion time, before any invoice is paid.

Is approval laundering the same as invoice duplication?

No. Invoice duplication is submitting the same invoice twice (same number, same amount, same supplier) — either accidentally or intentionally. Approval laundering is submitting different invoices (different numbers, possibly different descriptions) that are designed to stay under an approval threshold. Duplication is detectable by comparing invoice numbers and document hashes; approval laundering requires aggregating amounts across invoices within a time window. They are distinct fraud vectors that require distinct detection signals.

How common is invoice splitting fraud in practice?

According to the Association of Certified Fraud Examiners (ACFE), billing schemes — which include invoice splitting — account for approximately 15% of occupational fraud cases, with a median loss of $100,000 per case. The schemes typically last 12 months before detection. Small organizations (fewer than 100 employees) are disproportionately affected, but the pattern exists at every company size. The fraud relies on the structural blind spot, not on sophisticated technical manipulation.

Keep reading