Profiden
Profiden

Employee Verification

Pre/Post Employee White Collar Blue Collar GIG Works

KYC & Onboarding

Identity Verification Address & Contact Verification AML & Risk Screening

B2B Risk Assessment

Vendor Onboarding Director & UBO Check GST & MCA Checks Financial Health View all solutions
Banks & NBFCs Fintech & Payments IT & Technology Staffing & Gig Healthcare Real Estate Gaming & Crypto E-Commerce & Retail
Platform Blog Company Careers
Log in Request demo
Fintech KYC Vendor Due Diligence Compliance February 20, 2026 · 3 min read

Vendor Due Diligence: A Practical Guide for Procurement and Finance Teams

Onboarding a vendor without proper due diligence is one of the most underestimated business risks in India. This guide covers what to verify, how to do it efficiently, and why the traditional paper-based process no longer works at scale.

PR
Priya Mehta
Head of Product — B2B Solutions at Profiden. Previously led risk operations at a leading Indian enterprise software company.

The Cost of Skipping Vendor Due Diligence

In 2023, a mid-size Indian manufacturer discovered it had been paying invoices to a vendor for 18 months before realising the company had been dissolved 14 months prior. The vendor entity — a shell — had continued to operate bank accounts and file invoices while the directors had moved funds offshore. The exposure: ₹4.2 crore in fraudulent payments, a GST audit, and a lengthy litigation process with no realistic recovery path.

This is not an unusual story. Vendor fraud in India is structurally underreported because the reputational cost of disclosure often exceeds the financial cost of quiet resolution. What it tells us is that vendor onboarding without adequate due diligence is not a theoretical risk — it is a near-certain cost, with timing as the only variable.

What Vendor Due Diligence Actually Means in 2025

Vendor due diligence covers five domains:

1. Entity Legitimacy

Confirm that the vendor entity actually exists, is in good standing, and is what it claims to be:

  • GST verification: Real-time lookup against the GSTN database — confirms GSTIN validity, filing status, registration address, and business category
  • MCA21 lookup: Company registration status, incorporation date, registered address, and current filing compliance — a company that has not filed returns in two years is a material risk signal
  • Trade licence and sector-specific registrations: Relevant for regulated industries — food, pharma, finance

2. Director and Beneficial Owner Verification

Verify the individuals who control the entity — not just its paper existence:

  • Director identity verification (PAN + DIN cross-check via MCA)
  • Check whether any director appears on the SFIO disqualified directors list
  • UBO (ultimate beneficial owner) mapping for complex structures
  • PEP and sanctions screening for directors — a material requirement for BFSI vendor panels

3. Financial Health Indicators

A vendor that cannot fulfil its obligations due to financial distress is as risky as a fraudulent one:

  • Credit bureau check (CIBIL or Experian commercial) for outstanding defaults
  • ITR filing status — a vendor that has not filed taxes in two years is a red flag regardless of what they claim their turnover to be
  • NCLT and DRT pending cases — litigation database checks for insolvency petitions or debt recovery proceedings

4. Adverse Media and Reputation

A manual web search is not a due diligence process. Structured adverse media screening covers:

  • News mentions linking the entity or its directors to fraud, regulatory action, or criminal proceedings
  • Consumer complaints on public forums that indicate systemic operational failures
  • ED / CBI / SFIO investigation mentions in regulatory filings

5. Bank Account Verification

Before adding a vendor to your payment list, verify that the bank account they have provided belongs to the entity name on record. Penny drop verification — sending a test transaction and confirming the account name — takes under 30 seconds via API and prevents misdirected payments to accounts controlled by fraudulent actors.

The Process Problem: Paper-Based Onboarding at Scale

The traditional vendor onboarding process involves collecting photocopies of GST certificates, incorporation documents, PAN cards, and bank statements — and then manually verifying them against government portals. At 10–20 vendors a month, this is manageable. At 100+ vendors a month, it breaks down in predictable ways:

  • Verifications are spot-checked rather than comprehensive
  • Documents are verified once at onboarding and never refreshed
  • There is no audit trail of what was verified, when, and by whom

The fix is to move to API-based due diligence — where every check is run programmatically at onboarding, the result is stored with a timestamp, and re-verification is triggered automatically on a schedule or on a risk event.

Building a Vendor Risk Tier Framework

Not all vendors carry the same risk. A one-time courier service does not need the same due diligence as a managed IT services provider with access to your internal systems. A practical tier framework:

  • Critical vendors (Tier 1): Access to systems, high-value payments, regulated services → Full due diligence + annual re-verification
  • Standard vendors (Tier 2): Regular supply relationships → Entity + director check at onboarding + biennial re-verification
  • Transactional vendors (Tier 3): One-time or low-value → GSTIN validity + bank account verification only
Tags KYC Vendor Due Diligence Compliance
PR
Priya Mehta

Head of Product — B2B Solutions at Profiden. Previously led risk operations at a leading Indian enterprise software company.

More Articles

You might also like

Fintech Apr 17, 2026

How Fintech Lenders Are Cutting Fraud by 40% with Better KYC

RO
Rohan Verma
Fintech Jan 9, 2026

GST and MCA Data for Vendor Onboarding: What You Can Verify in Real Time

AD
Aditya Prasad

Ready to verify with confidence?

See how Profiden's identity and background verification platform can work for your team.

Request a demo More articles