Due Diligence

Vendor Due Diligence Checklist for India (Free PDF-Style Guide)

Onboarding a new supplier? Run through MCA status, charges, litigation, GST compliance and director background in this order - it's what credit teams at mid-size manufacturers actually use.

Onboarding a new vendor without a checklist is how finance teams end up approving payments to companies that MCA struck off six months ago. This ordered checklist covers the public-data checks you can finish in one sitting - before legal review, before the first PO, and definitely before any advance.

Layer 1: Entity identity (CIN and name)

  1. Collect CIN from invoice, registration form, or contract
  2. Verify on MCA master data - confirm Active status and legal name match
  3. Check incorporation date against claimed years in business
  4. Review master data fields: category, paid-up capital, registered office
  5. Flag any non-Active status immediately

Layer 2: Tax registration (GSTIN and PAN)

  1. Collect GSTIN from invoice - verify on GST portal (Active status)
  2. Confirm legal name on GST matches MCA company name
  3. Extract PAN from GSTIN (characters 3-12) and cross-check separately
  4. Compare registered address across MCA, GST, and invoice

Full walkthrough in our GSTIN verification guide and vendor KYC guide.

Layer 3: Directors and signatories

  1. Pull director list from MCA master data
  2. Verify DIN of the person signing your contract - DIN check guide
  3. Confirm DIR-3 KYC is current for key directors
  4. Map other companies where directors sit - look for shell patterns
Don't skip this for "small" vendors. The Rs 2 lakh vendor and the Rs 2 crore vendor often share the same director network. Shell company fraud doesn't scale with your PO size.

Layer 4: Filing compliance and financials

  1. Check filing history for recent AOC-4 and MGT-7
  2. Compare against annual filing deadlines - is the latest year filed?
  3. Review index of charges for existing bank security
  4. Scan for MCA red flags and warning signs

Layer 5: Bank and payment verification

  1. Collect bank account details on company letterhead
  2. Run penny-drop or bank account verification - holder name must match legal entity
  3. Reject personal accounts of directors for company payments
  4. Document all verification results with date and screenshot

Ready to run this on a live counterparty?

Order a full diligence report → Run an advanced search

Common questions

Which checks are mandatory vs optional?

Layers 1-2 and 5 are mandatory for any vendor. Layers 3-4 scale with contract value and risk.

How often should I re-run this checklist?

At onboarding and annually for active vendors. Immediately if payment behaviour changes or you hear about compliance issues.

What if the vendor is an LLP?

Replace CIN with LLPIN. LLPs file Form 8 and Form 11 instead of AOC-4 and MGT-7.

Can I automate this checklist?

Public-data layers (CIN, GSTIN, DIN, filings) can be batch-verified on Infyner. Bank verification still needs your payment gateway.

When should I involve legal?

After red flags surface, or for contracts above your internal threshold. This checklist is pre-legal screening, not a substitute for contract review.