Supplier Verification Checklist

What Is Supplier Verification — and Why Does It Matter?

Supplier verification is the structured process of confirming — through independent, primary sources — that a supplier is a legitimately registered legal entity, financially solvent, owned by identifiable individuals, operationally capable of delivering what it promises, and safe to transact with. For businesses sourcing goods or services across borders, it is the primary defence against supplier fraud, procurement fraud, and business email compromise targeting supply chain payments. The stakes are high. A single fraudulent supplier transaction — whether a ghost company collecting an advance payment, a legitimate supplier impersonated at the payment stage, or a counterparty that takes deposit funds and disappears — can result in losses ranging from tens of thousands to millions of euros. Unlike consumer fraud, B2B fraud losses rarely attract the same regulatory protection frameworks, making prevention and rapid post-fraud action the only effective responses.  

How Supplier Fraud Actually Operates

Understanding the mechanics of supplier fraud is the foundation of effective prevention. The most prevalent schemes targeting businesses transacting with European suppliers are: Ghost supplier fraud: A fraudulent entity is created — with a convincing website, fabricated company registration, and professional communications — to collect advance payments or deposits for goods or services that are never delivered. Ghost suppliers frequently target new vendor relationships, import/export transactions, and high-value one-off purchases. Supplier impersonation and BEC fraud: Criminals compromise or spoof the email communications of a legitimate, verified supplier and substitute fraudulent bank account details for genuine payment instructions. The business pays the correct amount to the wrong account. This is the highest-volume B2B fraud category by value in Europe and is specifically concentrated in international wire transfer contexts. Invoice fraud: Fraudulent invoices are submitted — either by an external party impersonating a known supplier or by an insider — for goods or services not delivered, inflated quantities, or entirely fabricated transactions. Advance fee and procurement fraud: A fraudulent supplier requests substantial upfront payment — framed as a deposit, import duty, compliance fee, or material advance — and disappears upon receipt. Common in commodity trading, construction supply, and manufacturing contexts. Sanctions and compliance exposure: Engaging a supplier that is subject to international sanctions, owned by sanctioned individuals, or connected to money laundering networks exposes the buying company to regulatory liability independent of any direct financial loss.  

Layer 1: Corporate Registration and Legal Existence

Why Registration Verification Is the Starting Point

Every legitimate supplier must be registered with a national company authority. This creates a public record — independent of anything the supplier presents — confirming legal existence, incorporation date, registered address, directors, and in most EU jurisdictions, filed financial accounts. A supplier that cannot be verified through a national registry either does not exist as claimed or is deliberately obscuring its corporate identity.

Corporate Registration Checklist

• The supplier’s exact legal entity name is confirmed on the relevant national company registry
• The company registration number provided by the supplier matches the registry entry precisely
• The incorporation date is consistent with the supplier’s claimed operating history
• The registered address is a verifiable physical business location — not solely a virtual office or residential address
• Annual filings and confirmation statements are current — no unexplained gaps in filing history
• No winding-up orders, dissolution notices, or insolvency proceedings are recorded
• The company has not recently changed its name — check the name history on the registry
• The company type is appropriate for the nature of business claimed (trading company, manufacturer, distributor)
• The supplier’s VAT registration number has been verified through the EU VIES system (ec.europa.eu/taxation_customs/vies) for EU-registered entities

 

Layer 2: Financial Health and Credit Assessment

Why Financial Health Matters in Supplier Verification

A supplier’s financial condition determines its ability to deliver — and its risk of disappearing with advance payments. A company with deteriorating finances, significant debt, or qualified audit reports presents a material delivery risk even where it is not deliberately fraudulent. For high-value or long-term supply relationships, financial assessment is not optional.

Free and Low-Cost Financial Assessment Tools

Companies House (UK): Full filed accounts including balance sheets, profit and loss statements, and audit reports are publicly available free of charge for UK companies. Download and review the last two to three years of accounts. Creditsafe — creditsafe.com: A global credit reference platform offering company credit scores, payment behaviour data, and financial summaries. Basic company reports are available at low cost across most EU jurisdictions. Particularly useful for assessing payment behaviour — how promptly a company pays its own suppliers is a reliable indicator of financial health. Dun & Bradstreet — dnb.com: D&B’s DUNS number system covers hundreds of millions of businesses globally. D&B reports provide credit risk scores, payment indices, and financial summaries. Relevant for larger or higher-risk supplier relationships. EU VAT VIES System — ec.europa.eu/taxation_customs/vies: Verifies the validity of EU VAT registration numbers in real time. A supplier claiming EU VAT registration that cannot be verified through VIES is either not registered or providing false credentials. National Insolvency Registers: Most EU member states maintain publicly accessible insolvency registers. In the UK, search the Insolvency Service register (gov.uk/search-bankruptcy-insolvency-register). In Germany, the Insolvenzbekanntmachungen portal (insolvenzbekanntmachungen.de). In France, BODACC (bodacc.fr) publishes insolvency notices.

Financial Health Checklist

• Filed accounts are current, accessible, and show a solvent entity with positive net assets
• Revenue figures are consistent with the supplier’s claimed scale and capacity
• Accounts have been prepared — and audited where required — by a named, verifiable accounting firm
• No going concern qualification is included in the most recent audit report
• No insolvency proceedings, administration, or receivership notices are recorded
• The supplier’s VAT registration is confirmed valid through the EU VIES system
• A credit reference check shows no significant adverse payment history or elevated credit risk score
• The supplier’s capital base is consistent with its ability to fund and deliver the contract in question

 

Layer 3: Beneficial Ownership and Sanctions Screening

Why Ownership and Sanctions Checks Are Non-Negotiable

Engaging a supplier that is ultimately owned or controlled by a sanctioned individual, a politically exposed person (PEP), or a criminal network exposes the buying company to regulatory liability, reputational damage, and — in the most serious cases — criminal prosecution for sanctions violations. In the current geopolitical environment, with extensive sanctions regimes targeting Russian, Belarusian, Iranian, and other entities, sanctions screening is a compliance requirement for any business with European banking relationships.

Beneficial Ownership Verification

EU Beneficial Ownership Registers: Under the EU’s Anti-Money Laundering Directives (AMLD4, AMLD5, AMLD6), EU member states are required to maintain registers of the beneficial owners of legal entities. Access varies by country but is progressively improving. In the UK, the Persons of Significant Control (PSC) register on Companies House provides free public access to beneficial ownership data. The EU’s BORIS interconnected register system is expanding cross-border access. OpenCorporates — opencorporates.com: The world’s largest open database of company information, aggregating data from over 140 jurisdictions. Useful for tracing corporate structures and identifying connected entities across multiple countries. OpenSanctions — opensanctions.org: A free, consolidated sanctions and politically exposed persons database aggregating data from OFAC (US), EU Consolidated Sanctions List, UN sanctions lists, and numerous national sanctions regimes. Searchable by company name or individual name.

Sanctions and PEP Screening Tools

OFAC SDN List — sanctionssearch.ofac.treas.gov: The US Treasury’s Office of Foreign Assets Control publishes a searchable list of sanctioned individuals and entities. Relevant for any business with US dollar transactions or US-connected banking relationships. EU Consolidated Sanctions List — eeas.europa.eu/topics/sanctions: The European External Action Service maintains the EU’s official consolidated sanctions list, covering all EU restrictive measures. Mandatory screening for any EU-connected transaction. UN Sanctions List — scsanctions.un.org: The UN Security Council’s consolidated sanctions list. Applies globally as a matter of international law. World-Check and Refinitiv (commercial): For businesses requiring comprehensive ongoing screening, commercial PEP and sanctions databases provide broader coverage and ongoing monitoring. Relevant for high-risk or high-volume supplier relationships.

Beneficial Ownership and Sanctions Checklist

• The beneficial owners of the supplier — individuals owning 25% or more of shares or exercising control — have been identified and verified
• Beneficial owners are disclosed in the relevant national register and are consistent with information provided by the supplier
• All beneficial owners, directors, and key contacts have been screened against OFAC, EU, and UN sanctions lists with no matches
• Named individuals have been screened for PEP status — political exposure does not automatically disqualify a supplier but requires enhanced due diligence
• The supplier’s corporate structure does not involve entities in high-risk jurisdictions or opaque ownership layers without explanation
• No adverse media results connect the supplier, its directors, or beneficial owners to financial crime, fraud, or regulatory enforcement

 

Layer 4: Operational Credibility and Track Record

Verifying That a Supplier Can Deliver

Corporate registration and financial solvency confirm a supplier exists and is financially stable. They do not confirm it can actually deliver the goods or services contracted. Operational verification assesses whether the supplier has the infrastructure, capacity, and track record to perform.

Operational Verification Methods

Physical address verification: Use Google Maps Street View to assess whether the registered or operational address corresponds to a genuine business premises consistent with the supplier’s claimed activity. A manufacturing company operating from a residential address or a shared serviced office presents an obvious red flag. Trade references: Request a minimum of three verifiable trade references from existing customers of similar transaction scale. Contact references directly — using contact details independently sourced, not provided by the supplier — and ask specific questions about delivery reliability, payment terms, dispute resolution, and overall commercial conduct. Industry registration and certification: Many supply sectors require specific certifications, industry body memberships, or regulatory approvals. Verify these independently with the issuing body — ISO certifications, food safety approvals, pharmaceutical licences, export licences, and sector-specific qualifications should all be confirmable through the issuing authority. Site visits and virtual verification: For high-value or critical supplier relationships, a physical site visit — or a video-verified tour conducted live — provides direct evidence of operational capability. A supplier that refuses or repeatedly delays a site visit without credible explanation is concealing something material about its operations. LinkedIn and professional presence: Verify that named account managers, directors, and technical contacts have verifiable professional histories consistent with their claimed roles. A supplier whose entire team consists of recently created LinkedIn profiles with no connection networks is presenting fabricated professional identities.

Operational Credibility Checklist

• The supplier’s operational address corresponds to a genuine business premises consistent with its claimed activity
• A minimum of three trade references have been verified using independently sourced contact details
• All claimed industry certifications, licences, and regulatory approvals have been confirmed with the issuing authority
• Named personnel have verifiable professional histories consistent with their roles
• The supplier’s website domain was registered at a date consistent with its claimed operating history
• For high-value relationships, a physical or video-verified site visit has been conducted
• The supplier can demonstrate examples of comparable contracts successfully completed
• No significant adverse reviews, complaints, or fraud reports appear in trade community forums, industry publications, or business review platforms

 

Layer 5: Contract and Payment Safety

Why Payment Safety Is a Verification Layer, Not an Afterthought

Business email compromise targeting supplier payments is the highest-value B2B fraud category in Europe. Criminals specifically target the payment instruction stage — intercepting legitimate supplier communications and substituting fraudulent bank account details. Verification of the supplier’s legal and operational credentials means nothing if the payment lands in a criminal’s account.

Payment Instruction Verification Protocol

Always verify bank details by phone before first payment and on any change: Every time a supplier provides bank account details — for the first payment or following any change — verify those details by calling the supplier on a phone number sourced independently from the supplier’s original onboarding documents or the company registry. Never rely on contact details included in the same communication as the payment instruction. Treat any mid-transaction change of bank details as a fraud signal: Legitimate suppliers do not routinely change bank accounts mid-transaction. Any communication requesting payment to a new or different account — regardless of how plausible the explanation — must be verified through an established, independently confirmed contact before any payment is made. Dual authorisation for large payments: Implement internal controls requiring two independent authorisations for any payment above a defined threshold. This single control prevents the most common internal and external invoice fraud scenarios.

Contract Verification

Before executing any significant supplier contract:

• Confirm the contracting entity’s exact legal name matches the verified company registry entry
• Confirm the signatory has authority to bind the company — check Companies House or the relevant registry for director status
• Ensure the contract specifies delivery terms, quality standards, and consequences for non-performance in enforceable detail
• For advance payments or deposits, negotiate escrow arrangements or stage payments tied to verified delivery milestones where the supplier relationship is new or unproven
• Confirm governing law and jurisdiction for dispute resolution — EU jurisdiction clauses provide access to EU civil enforcement mechanisms that are significantly more effective than offshore arbitration clauses for recovery purposes

Contract and Payment Safety Checklist

• The contracting entity’s legal name in the contract matches the verified company registry entry exactly
• The contract signatory’s authority to bind the company has been confirmed
• Bank account details have been verified verbally using an independently sourced phone number before first payment
• Internal dual-authorisation controls are in place for payments above the defined threshold
• Any mid-transaction change of bank account details has triggered an independent verification call before any payment was made
• Advance payments or deposits are protected by escrow, stage payment milestones, or bank guarantees
• The contract specifies enforceable delivery terms, quality standards, and remedies for non-performance
• Governing law and dispute resolution jurisdiction are specified — EU jurisdiction is preferred for cross-border enforcement
• All payment instructions have been archived with full supporting documentation

 

Master Supplier Verification Checklist

Layer 1 — Corporate Registration

• Legal entity confirmed on national company registry
• Registration number verified exactly
• Incorporation date consistent with claimed history
• Registered address is a genuine business location
• Annual filings are current with no gaps
• No insolvency or dissolution proceedings recorded
• No unexplained recent name changes
• VAT number verified through EU VIES

Layer 2 — Financial Health

• Filed accounts are current and show positive net assets
• No going concern qualification in audit report
• No insolvency notices in national insolvency register
• Credit reference check shows no significant adverse history
• Capital base is consistent with contract delivery capacity

Layer 3 — Beneficial Ownership and Sanctions

• Beneficial owners identified and confirmed on national register
• All individuals screened against OFAC, EU, and UN sanctions lists
• PEP screening completed for all named individuals
• No adverse media connecting supplier to financial crime
• No opaque offshore ownership structures without explanation

Layer 4 — Operational Credibility

• Operational address verified as genuine business premises
• Three trade references verified through independent contact
• All certifications and licences confirmed with issuing authority
• Named personnel independently verifiable
• No adverse trade reviews or fraud reports identified

Layer 5 — Contract and Payment Safety

• Contracting entity matches verified registry entry
• Signatory authority confirmed
• Bank details verified by phone through independent contact
• Dual-authorisation controls in place for large payments
• No payment made following unverified account change request
• Advance payments protected by escrow or stage milestones
• EU jurisdiction clause in contract for dispute resolution

 

If Supplier Fraud Has Already Occurred

Act within hours. Contact your bank immediately to initiate a payment recall for any wire transfers. The SWIFT gpi recall mechanism allows recall requests to be transmitted to the receiving bank — success rates decline sharply after the first 24 hours as funds are moved onward. Preserve all evidence. Archive every communication, contract, invoice, payment instruction, and banking confirmation. Do not delete emails or alter any records — these form the evidentiary basis for every recovery mechanism that follows. Do not alert the fraudulent supplier. Any contact warning the supplier of an investigation triggers immediate asset movement and communication blackout. File formal reports. Report to your national police financial crime unit, your national financial intelligence unit, and — for EU-connected supplier fraud — to the relevant national authority where the supplier was registered. Reports to Action Fraud (UK), BKA (Germany), BEFCS (France), or equivalent bodies create formal records that support civil proceedings and may trigger broader investigations. Engage specialist legal support. Supplier fraud involving European entities creates legal leverage through EU civil enforcement mechanisms, asset freezing orders, and cross-border judgment recognition under Brussels I Recast (Regulation EU 1215/2012). These mechanisms require prompt engagement — courts will not preserve assets or evidence indefinitely without active legal proceedings.