Alternatively, businesses are required to register the root public deterministic key, so the tax collectors can generate all the public keys that the business will be using. Random audits and/or micro-payments to consumers for reporting transactions mean the collectors can cross-check against the public addresses. If a business requests payment to an address that isn't derived from the right root key, it's obvious they are not reporting all their income.