Sales Tax Questions
Deep Dive How-To

How do I build a sales tax compliance roadmap for the next 12 months?

TL;DR

A compliance roadmap for a scaling ecommerce brand has four phases: nexus audit, registration, ongoing filing automation, and historical exposure remediation. The order matters. Registering before you understand your full nexus footprint can create obligations you weren't ready for. A CSP-based platform handles registration, filing, and SST enrollment in one motion — and a dedicated onboarding manager can run the full process without consuming your controller's time.

Most mid-market brands have a compliance posture that looks like one of two things: (1) they’ve been collecting and filing based on whatever the developer set up in Shopify two years ago and haven’t thought about it since, or (2) they just discovered they have nexus in 15 states where they’re not registered and are in triage mode.

The 12-month roadmap is for either situation. It converts compliance from a background anxiety into a structured program with known costs, named owners, and a calendar.

Month 1–2: Nexus audit and exposure assessment

Everything starts here. You can’t build a compliance program without knowing where you actually have obligations.

Complete nexus analysis:

  • Pull sales data by ship-to state for the prior 5 years
  • Map economic nexus crossing dates by state (when did you first hit the threshold?)
  • Map physical nexus events by state and date (FBA inventory placements, employee hires, 3PL changes, trade shows)
  • Compare against your current registration list
  • Identify gaps: states with nexus but no registration

Exposure calculation: For each gap state, estimate back tax liability:

  • Sales in the state × the applicable tax rate = tax due
  • Plus interest from original due date
  • Less potential exemptions (marketplace-facilitated sales may be excluded depending on state)

This produces the exposure map (dollar amount by state) which drives the remediation prioritization.

Deliverable: Complete nexus map with current registration status and quantified exposure for each gap state.

Month 1–3 (parallel): Historical remediation

If the nexus audit reveals unregistered states, the remediation track starts immediately, in parallel with the forward-looking buildout.

VDA decisions:

  • Engage a SALT attorney or CPA for states with material exposure
  • File VDA applications (the MTC program covers up to 39 states in one application)
  • For states not in the MTC program (California), file individual VDAs

Register prospectively while VDA processes:

  • Register in all gap states immediately, begin collecting tax on current sales regardless of historical resolution status
  • SST states: one registration covers all 24 through your CSP
  • Non-SST states: individual DOR registrations

Timeline: VDA processing takes 3–6 months through the MTC program; individual state VDAs take 1–4 months each.

Month 2–3: Software stack selection and implementation

With the nexus map in hand, evaluate your current software against what the compliance program needs:

Evaluation criteria:

  • Jurisdiction-level calculation accuracy (rooftop, not zip code)
  • AutoFile coverage for all nexus states (both SST and non-SST)
  • SST CSP enrollment (covers 24 states at no charge, ask specifically whether the platform functions as a CSP)
  • Integration with all your commerce channels (Shopify, Amazon, Etsy, wholesale)
  • Exemption certificate management if B2B volume warrants it

Implementation steps:

  1. Configure transaction data feeds from all channels
  2. Set up nexus configuration (all registered states)
  3. Configure ACH bank account for payment remittance
  4. Enable zero-return filing
  5. Parallel-run: file manually alongside the new system for one period to confirm accuracy
  6. Go live

Timeline: 30–45 days from contract to live, assuming integration complexity is moderate.

Month 2–4: Internal ownership assignment and calendar setup

The compliance program needs a named owner with explicit calendar time.

Name the owner. Typically CFO, controller, or senior accountant. At smaller brands, this might be the founder. The owner is responsible for: monthly filing verification, state notice management, nexus threshold monitoring, and escalation to the SALT advisor when needed.

Set the recurring calendar:

CadenceTask
MonthlyVerify AutoFile submissions processed; review state notices; check for anomalies in filing data
QuarterlyReconcile filings against transaction data; review exemption certificate expirations; nexus threshold report
AnnuallyFull nexus review; software contract review; update registrations for business changes; SALT advisor review

Establish the SALT advisor relationship. Engage a fractional SALT attorney or CPA for: annual nexus review, audit representation (if triggered), product taxability opinions, and strategic guidance. Retainer typically runs $4,000–$10,000/year for most mid-market brands.

Month 3–5: Exemption certificate program (B2B brands)

If you have wholesale, B2B, or mixed channels with exempt customers, the certificate program is a separate workstream:

  1. Audit current certificates: Pull all active exempt accounts and confirm certificates are on file, current, and valid for the correct states
  2. Fill gaps: Re-request certificates from exempt accounts that have lapsed, expired, or are missing
  3. Implement renewal tracking: Set 60–90 day expiration reminders by account and state
  4. Configure storage: Ensure certificates are indexed by customer and period (not just by customer) for audit retrieval

Month 6: First 90-day review checkpoint

At 90 days post-launch, review:

  • Are all active-permit states filing on schedule with no missed periods?
  • Are state notices being received and routed correctly?
  • Is the data feed from each commerce channel complete and accurate?
  • Are any new nexus threshold states approaching the trigger?
  • Is the internal owner actually spending the planned time on compliance?

Issues found at the 90-day mark are early enough to correct before they become compounding problems.

Month 9–12: Annual review preparation

Before the end of the program year:

  • Pull year-end reconciliation: total tax collected per state vs. total tax filed
  • Verify no states were missed in the filing calendar
  • Update the nexus analysis for new states crossed during the year
  • Review software contract terms for upcoming renewal
  • Meet with SALT advisor to review the year and assess any strategic changes (new channels, new product lines, international expansion, potential M&A)

What the finished program looks like

A mid-market brand that completes this roadmap has:

  • Known, documented nexus in every state with obligations
  • Historical exposure either resolved (VDA) or quantified and addressed in the balance sheet
  • AutoFile running on schedule across all nexus states
  • SST enrollment covering the 24-state block at no charge
  • Named internal owner with a functioning compliance calendar
  • SALT advisor relationship for strategic and expert work
  • Exemption certificate program (if B2B) with audit-ready records

This is not a one-time project, it’s the transition from reactive to proactive. The annual review, quarterly checkpoints, and monthly verification are what keep it current as the business changes.

Frequently asked questions

What should a sales tax compliance roadmap include?
A 12-month roadmap covers six workstreams: (1) complete nexus audit to establish where you actually have obligations; (2) historical exposure assessment and remediation plan if gaps are found; (3) software stack evaluation and implementation; (4) ongoing compliance calendar with named owner; (5) exemption certificate program if B2B volume warrants it; and (6) a 90-day review checkpoint to verify the program is running correctly. The roadmap converts compliance from reactive to proactive.
How long does it take to go from nothing to a functioning compliance program?
For a mid-market brand starting from scratch, a complete compliance program takes 90–120 days to implement: 30 days for nexus audit and exposure assessment, 30–45 days for VDA filings and new registrations (in parallel), 30–45 days for software implementation and testing, and a 30-day parallel-run period before going live. SST registration through a CSP compresses the registration timeline significantly for SST states.
Who should own the compliance roadmap internally?
The roadmap owner should be the CFO or controller at most mid-market brands. The day-to-day execution owner (the person checking filings monthly, managing notices, and running the compliance calendar) is often a senior accountant or operations manager. These can be the same person at smaller brands. The strategic oversight (nexus decisions, audit response, SALT advisor relationship) stays with the CFO or whoever holds the advisor relationship.
What does a compliance roadmap cost to implement?
Implementation costs: nexus audit by a SALT advisor ($3,000–$8,000); VDA filings if historical exposure exists ($10,000–$30,000+ in professional fees, plus back taxes and interest); software implementation ($500–$2,000 in setup time plus subscription); registration fees (minimal, most states are free through SST). Ongoing annual cost depends on the stack and nexus footprint, typically $10,000–$25,000/year for a well-designed mid-market program.

Looking for more answers on this topic?

Browse Sales Tax for Mid-Market & Scaling Brands

Related questions