Compliance for Billing Software certified by the Portuguese Tax Authority (Autoridade Tributária Portuguesa - AT)

About the project

In 2022, the Portuguese government launched new laws that required certified billing software to make a series of changes to their systems. MagniFinance, being a certified software, needed to stay updated and implement all the changes on time to maintain its license.

The project lasted for about three months, and the deliverables included "pull requests" for all complete and functional interfaces with simulated API call data in JSON format ("Mocks"). There were three important legal updates in total.

The work consisted of the following deliverables:

1. Mandatory implementation of series communication to the AT (Tax Authority) for obtaining the ATCUD code, and requirement for all documents issued on the platform to have this code; See blog post with the result of the work

2. Requirement for Qualified Digital Signature by the certifying entity (SAFE) on the documents issued by the platform;See the blog post of the result of the job

3. Implementation of electronic invoicing EDI (Electronic Data Interchange) - Integration and communication of invoices to existing brokers;

4. Other adjustments requested by the AT during periodic inspections.

My role

I was responsible for analyzing the technical and legal requirements in the government's official documentation, designing and prototyping the solutions, and implementing these changes on the front end of the platform.

The process

The work followed the following phases throughout the compliance project with the new government rules:

1. Researching legislative changes: It was necessary to identify all the points that needed to be changed and the requirements to comply with the rules. We also registered with government agencies and accredited private entities to access documentation and sandbox accounts for API integration testing.

2. Reading technical documentation and gathering legal requirements: During the analysis of the technical documentation, we identified several legal requirements related to government and private API integrations. For example, integrating an API for series communication to obtain an authenticity code for certified invoices (ATCUD). We also needed to integrate an API for digital signature processes on invoices and electronic invoicing (EDI) communication. All these requirements and potential solutions were identified and transformed into user stories for the development team.

3. Benchmarking: As these were novelties, not all competitors had made them available to their customers. We could only analyze a few competitors who had some implemented documentation and YouTube videos about their solutions.

4. High-fidelity prototyping: With the research inputs, I started creating a high-fidelity prototype using Figma, showcasing the identified solution hypotheses. Although high-fidelity, it allowed quick changes as only a few parts of the interface needed modification. One of the requirements was to ensure that these changes were seamless for users, meaning they should have the least impact on platform functionality and be as simple as possible.

5. Prototype validation with the Development team and CEO All solutions were presented to the development team and the CEO of the company for final validation before moving to the front-end implementation phase. I presented two to three solution ideas for each problem, and the solutions were discussed with the team, with feedback incorporated into the prototypes in two presentation, feedback, and adjustment cycles.

6. Front-end development For development, I had to create some JSON data mocks to simulate API responses. Using AngularJS, CSS, Bootstrap, and HTML, I made the approved changes from the prototype.

7. Creation of User Stories for the Development team (Dev): As some requirements depended on the Dev team, and I had the most knowledge on these topics within the company, I was responsible for creating User Stories for the development team.

8. Supporting Dev team in quality testing: After the functionalities were ready, I helped validate compliance with the requirements to confirm the delivery and move to production.

9. Documentation and knowledge sharing: To ensure that the entire company had a deep understanding of the subject, I wrote a blog post explaining all the changes and the new configuration steps to disseminate the changes internally and externally.

10. Announcement of new features: All changes made should also be announced to inform clients and potential leads that the platform was updated according to the legislation. I made some changes to our landing page to promote the new functionalities.

Results

The most important achievement in all these projects was meeting the deadlines for the launch and the respective legal requirements. Furthermore, the necessary configurations had a reduced impact on platform usage by customers.

Learnings

The project, in my view, was very challenging and ambitious due to the short timeframe I had to complete it. Additionally, I was responsible for several stages, from research and requirement gathering to delivery. The main takeaways were:

1. Having everything centralized in one person is a significant risk for the company. I felt immense pressure because there was no room for error. The entire company depended on flawless work, and any failure would mean the main service offered by the company had to be halted, impacting thousands of customers and causing irreparable damage to the company.

2. Conducting research and gathering technical requirements gave me a deep understanding and greater confidence in the solutions I was creating.

3. The strategy of creating a front-end interface with mock data worked very well when ensuring that there would be no deviations in requirements when passing information to the development team (back-end). This approach guaranteed that everything would proceed without rework in this project.