Vendor Due Diligence India: Complete Enterprise Checklist 2026

Why Vendor Due Diligence Is Non-Negotiable

Third-party risk management has become a board-level concern for Indian enterprises. The risks from unvetted vendors include supply chain disruption, data breaches through third-party access, regulatory fines for engaging non-compliant suppliers, reputational damage from association with fraudulent vendors, and financial exposure from vendor insolvency or fraud.

High-profile supply chain frauds in India — including fake GST invoice networks, ghost vendor schemes, and procurement kickbacks — have cost enterprises hundreds of crores and triggered regulatory scrutiny.

What Vendor Due Diligence Covers

Company Verification

• MCA (Ministry of Corporate Affairs) registration verification
• GST registration and filing status
• Company financials and annual return filing history
• Director background checks (see below)
• Registered address verification
• Bank account and IFSC verification

Director / Promoter Background Checks

• Identity verification of all named directors
• DIN (Director Identification Number) verification
• Disqualification status check (MCA disqualified directors list)
• Criminal and court record check for key directors
• Previous company associations and their track record

Compliance Verification

• GST compliance status and filing regularity
• Income Tax return filing history
• Provident Fund and ESI compliance (if applicable)
• Industry-specific licences and certifications
• FSSAI (for food suppliers), drug licences (for pharma), etc.

Financial Health Check

• Credit bureau check (CIBIL Commercial)
• Bank default or NPA status
• Litigation and lien history
• Insolvency proceedings (IBBI check)

Vendor Due Diligence by Risk Tier

Tier 1: Strategic Vendors (Critical Supply Chain)

Full due diligence package — company verification, director background checks, financial health, compliance status, on-site audit facilitation, reference checks from 3+ existing clients, and annual re-verification.

Tier 2: Important Vendors (Significant Spend or Access)

Standard package — company verification, director DIN and disqualification check, GST compliance, criminal record check for key contacts, and biennial re-verification.

Tier 3: Routine Vendors (Low Risk, Low Spend)

Lightweight verification — GST registration check, MCA registration confirmation, and basic identity check for primary contact. Annual spot checks.

Individual Background Checks for Vendor Personnel

For vendors whose staff will access your premises, systems, or data, you should require individual background verification of all such personnel — similar to your own employee BGV standards. This applies to:

• IT service providers with system access
• Security agencies and their deployed personnel
• Housekeeping and facility management companies
• Courier and delivery personnel with sensitive document access
• Consultants and interim professionals

Building a Vendor BGV Programme

1. Define your vendor risk tiers based on spend, access, and criticality
2. Document the required verification level for each tier
3. Include BGV requirements in your standard vendor contract terms
4. Establish a re-verification schedule (annual, biennial)
5. Define the process for handling vendor verification discrepancies
6. Maintain a verified vendor registry in your procurement system

Regulatory Drivers for Vendor Due Diligence

• RBI guidelines: Banks must conduct due diligence on all outsourced service providers
• SEBI regulations: Listed companies must vet material related-party transactions
• DPDP Act: If a vendor processes personal data of your employees or customers, a Data Processing Agreement and compliance verification is mandatory
• Companies Act 2013: Related party transaction disclosure and audit committee review requirements