Vendor Onboarding Agent
Screen, validate, create vendors - from sanctions list to ERP master data.
Extracts master data from vendor self-disclosure, validates VAT ID, checks sanctions lists, assesses risks and creates the vendor in the ERP. For elevated risk, the human decides.
Score Dashboard
What This Agent Does
Vendor onboarding is the process that creates a new business partner in the master data. It includes compliance checks (sanctions lists, VAT ID), data validation (bank details, address) and risk classification. Manually this is complex and error-prone - especially the duplicate check.
The Decision Layer breaks vendor onboarding into nine decision steps. The AI Agent extracts master data from the self-disclosure, assesses risks by industry and country and extracts payment terms from contracts. The rule engine validates VAT ID via EU VIES, checks sanctions lists, validates bank details and creates the vendor in the ERP. For elevated risk scores, the human decides.
The result: compliance checks are automatic and gap-free. No vendor is created without a sanctions list check. Duplicates are detected before they enter the system. And the risk assessment protects against business relationships with problematic partners.
Micro-Decision Table
Extract master data What master data is in the self-disclosure? AI Agent Vendor
LLM extraction from unstructured documents
Decision Record
Challengeable: Yes - fully documented, reviewable by humans, objection via formal process.
Challengeable by: Vendor
VAT ID validation Is the VAT ID valid? Rules Engine Vendor
API query against EU VIES database
Decision Record
Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.
Challengeable by: Vendor
Sanctions list check Is the vendor on a sanctions list? Rules Engine
API check against EU, OFAC and UN sanctions lists
Decision Record
Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.
Bank details validation Are the bank details technically correct? Rules Engine Vendor
IBAN and SWIFT validation by algorithm
Decision Record
Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.
Challengeable by: Vendor
Duplicate check (exact) Does this vendor already exist in the system? Rules Engine
Exact match on VAT ID and company name
Decision Record
Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.
Duplicate check (fuzzy) Could a similar vendor already exist? AI Agent
Fuzzy match for name variants and address differences
Decision Record
Challengeable: Yes - fully documented, reviewable by humans, objection via formal process.
Risk assessment How high is this vendor's risk? AI Agent
Scoring by industry, country, company size and historical data
Decision Record
Challengeable: Yes - fully documented, reviewable by humans, objection via formal process.
Extract payment terms Which payment terms apply? AI Agent Vendor
LLM extraction from contract documents
Decision Record
Challengeable: Yes - fully documented, reviewable by humans, objection via formal process.
Challengeable by: Vendor
Approval for elevated risk Is the vendor created despite elevated risk score? Human Auditor
Human judgement for risk score above threshold
Decision Record
Challengeable: Yes - via manager, works council, or formal objection process.
Challengeable by: Auditor
Decision Record and Right to Challenge
Every decision this agent makes or prepares is documented in a complete decision record. Affected parties (employees, suppliers, auditors) can review, understand, and challenge every individual decision.
Prerequisites
- ERP system with vendor master data management
- Access to EU VIES for VAT ID validation
- Access to sanctions list service (EU, OFAC, UN)
- Defined risk thresholds per industry and country
Governance Notes
GoBD relevance: medium - vendor master data is the basis for all postings. Incorrect master data leads to incorrect payments. Sanctions list compliance is legally mandated (EU regulations). VAT ID validation via EU VIES is a prerequisite for input tax deduction on intra-community deliveries. Paragraph 203 StGB relevant when the vendor is a professional secrecy holder (e.g. law firm as vendor).
§203 StGB-relevant data is encrypted end-to-end and never passed to AI models in plain text.
Process Documentation Contribution
Infrastructure Contribution
The Vendor Onboarding Agent builds the vendor compliance infrastructure. The sanctions list check is reused for periodic re-screening. The VAT ID validation is used by the Invoice Capture Agent and Account Coding Agent. The risk assessment feeds into the credit limit monitoring of the Receivables Management Agent.
Related Agents
Invoice Capture Agent
Read incoming invoices, verify mandatory fields, extract data - archived in GoBD-compliant format.
Account Coding Agent
GL account, cost centre, tax code - automatically coded, with confidence score.
Three-Way Matching Agent
Purchase order, delivery note, invoice - automatically matched, discrepancies routed.
Frequently Asked Questions
How often are sanctions lists checked?
At onboarding and periodically thereafter - frequency is configurable. EU sanctions lists are checked at every update. The agent documents every check with timestamp, so compliance is provable at any time.
What happens with a sanctions list hit?
The vendor is not created. The case is documented and escalated to the compliance department. No automatic override possible - sanctions list hits are not a discretionary decision.
How are duplicates prevented?
Two-stage: first exact match on VAT ID and company name, then fuzzy AI match for name variants. On duplicate suspicion, the existing master record is displayed and a manual decision requested. This prevents both duplicates and incorrect merges.
Implement This Agent?
We assess your finance process landscape and show how this agent fits your infrastructure.