← Back to blog

The 7 checks every vendor due diligence must include

Vendor Risk · July 2026 · 4 min read

Most vendor failures were visible in the data before the contract was signed. Here is the checklist we see mature procurement and risk teams converge on.

The seven checks

  1. Identity & registration: GSTIN, PAN, CIN/LLPIN — verified against registries, not photocopies.
  2. Financial health: turnover trend, leverage and cash-flow signals from filings and banking data.
  3. Legal exposure: litigation, arbitration and cheque-bounce history across forums.
  4. Compliance hygiene: GST filing regularity, EPFO deposits, statutory dues.
  5. UBO mapping: who actually controls the entity — and whether they appear on watchlists.
  6. Group linkages: related entities that share risk (and sometimes share your money).
  7. Physical verification: for critical suppliers, on-ground confirmation that capacity and operations match claims.

Digital-only vs physical DD

Not every vendor needs a site visit. A sensible policy tiers the depth by exposure: digital-only checks clear low-value vendors in hours, while physical verification is reserved for single-source and high-value suppliers.

Due diligence isn’t a gate you pass once. The vendors you onboarded last year are the risk you carry this year — monitoring must continue after approval.

Automating these seven checks turns vendor onboarding from a weeks-long bottleneck into a same-week process — without lowering the bar.

See Finoscale on your own data

Book a live demo — bring one counterparty name and we’ll show you what our AI finds.