Most Indian companies run a KYC check when they onboard a new vendor. They collect the GST certificate, a copy of the PAN, maybe an MCA extract, and perhaps a bank statement. The file gets signed off, the vendor gets added to the system, and that’s the end of it. The problem is that this check reflects what a vendor looked like on one particular day. It tells you nothing about what they look like six months later - or right now.
A vendor’s GST registration can get suspended. A court case can get filed against the promoter. A director can become a defaulter on other companies. None of these events notify you. You only find out when there’s already a problem: a delayed delivery, a compliance issue, or an invoice that cannot be honoured.
Why Vendor KYC Goes Stale So Quickly
Vendor KYC is designed to answer one question: “Is this vendor safe to work with right now?” But the answer to that question changes constantly. Here are the four data points that change most often - and most significantly - after a vendor is onboarded:
KYC at onboarding is a photograph. Vendor risk is a video. A single photograph tells you nothing about what happens next. Yet most procurement teams make ongoing decisions - renewing contracts, increasing order volumes, extending payment terms - based on a photograph that was taken when the vendor first joined the system.
What Actually Changes After a Vendor Is Onboarded
Let’s be specific. Here are the kinds of changes that happen to vendors in India - after onboarding - that companies almost never catch in time.
GST registration gets suspended or cancelled. The GST department can suspend a vendor’s registration for non-filing of returns, for mismatch in input tax credit claims, or for suspicion of fraudulent activity. When this happens, the vendor can technically still operate, but any invoice they raise during this period cannot be used to claim input tax credit. If you continue purchasing from them without knowing their status has changed, you are effectively paying tax twice - once to them, and once to the government when your ITC gets rejected.
A court case gets filed against the promoter or the company. Debt Recovery Tribunal cases, NCLT insolvency proceedings, and civil suits filed by banks or other creditors are public record. But they are not announced. You have to look for them. A vendor who was clean at onboarding may have a DRT case filed against them three months later, because a bank finally ran out of patience. If you are not monitoring this, you will not know until the vendor starts having cash flow problems that affect your orders.
A director gets disqualified. Under Section 164(2) of the Companies Act, a director who has not filed returns for three consecutive years, or whose company has defaulted on certain obligations, gets disqualified from holding directorship. The MCA publishes these lists. A disqualified director cannot legally run the company - but many do, informally, until someone checks. This is a compliance and governance risk that onboarding KYC will never catch, because the disqualification may happen years after the vendor was added to your system.
Financial health deteriorates. When a vendor files annual accounts with MCA, their profit and loss, balance sheet, and cash flow position become publicly available. A vendor with three consecutive years of revenue decline, rising debt, and shrinking net worth is a vendor who may not be able to deliver on a large order twelve months from now. The onboarding check will show FY22 accounts. If you never look again, you are flying blind on FY23 and FY24.
The Risk Window: When Onboarding KYC Stops Being Useful
In practical terms, vendor KYC done at onboarding has a useful life of approximately 3–6 months. After that, the information is outdated enough to create meaningful blind spots.
Figures are illustrative, based on common procurement risk patterns. Apply your own context and judgment.
This creates a gap - often a very large one. Vendors that were safe to work with at onboarding get renewed, get larger contracts, and get added to critical supply chains without anyone checking whether they are still safe to work with. The first sign of a problem is usually operational: a delayed delivery, a quality failure, or an invoice query that uncovers a GST status issue.
Why Most Procurement Teams Do Not Monitor Vendors Continuously
The honest answer is not that procurement teams do not care - it is that continuous monitoring is genuinely hard to do manually at scale.
There are too many vendors. A mid-sized Indian manufacturer may have 200–500 active vendors. Manually checking each one on the GST portal, the MCA website, the NCLT case tracker, and a DRT database every quarter is not realistic with a normal procurement team. So it does not happen.
The data is spread across many places. GST status is on the GST portal. MCA filings and director data are on the MCA website. NCLT cases are on the NCLT website. DRT cases are on individual DRT portal websites, which are not centralised. Adverse news requires a separate search. There is no single place to look for all of this at once.
No one owns the job. Vendor onboarding KYC typically belongs to procurement or finance. But ongoing vendor health monitoring falls into a gap - procurement focuses on delivery and price, finance focuses on payments, and legal gets involved only when there is already a problem. Nobody is assigned to proactively watch for GST suspensions or court filings.
The consequences feel distant until they are immediate. A vendor with a slightly deteriorating balance sheet is still delivering on time today. The incentive to escalate is low. But when the problem does materialise - a vendor unable to supply, an ITC rejection, a promoter arrest - the consequences are immediate and often expensive.
What Continuous Vendor Monitoring Actually Looks Like
Continuous monitoring does not mean checking every data point every day. It means setting up a system where significant changes to key risk signals are caught quickly - and where your team gets alerted when something changes, not when it is too late.
Here is what a well-designed continuous vendor monitoring framework tracks for each vendor:
Registration status (Active / Suspended / Cancelled). Filing regularity. Turnover trend year on year. Any change in status triggers an immediate alert - especially suspension, which affects your ITC.
Annual return filing status. Director disqualification under Section 164(2). Change in directors or key officers. Striking-off notice. Any of these changes the governance risk profile of the vendor significantly.
New DRT case filed against the company or its promoters. New NCLT insolvency proceeding. Public CIBIL default disclosures. A newly filed case can change a vendor’s risk profile overnight.
Net worth trend from MCA annual accounts. Revenue decline year on year. Debt-to-equity moving above 2x. These are slower signals, but a vendor with three years of deteriorating accounts is a supply continuity risk you need to plan for.
The goal is not to check all of these manually. The goal is to build a system - or use a platform - that monitors these signals automatically and surfaces changes to your team when they happen, not months later.
How the Risk Builds Up When You Are Not Watching
This is the typical pattern when a vendor deteriorates without anyone noticing:
Vendor is onboarded cleanly. GST active, MCA filings current, no court cases, financial health acceptable. KYC file closed.
6 months later: GST registration goes into provisional suspension due to mismatch in returns. Vendor continues operating. Nobody at your company checks the GST portal.
9 months in: A DRT case gets filed by a bank against the vendor’s promoter for a ₹1.8 crore loan default. The case is on the DRT portal. Your procurement team does not look there.
12 months in: The vendor starts missing delivery timelines. Quality dips. They ask for advance payments to “manage cash flow.” Your operations team is frustrated but has no visibility into why.
15 months in: The vendor cannot fulfil a critical order. Your production line is disrupted. You scramble for an alternative supplier. The GST suspension is confirmed - the invoices raised over the last 9 months have ITC claims that are now being questioned by your tax team.
Both signals - the GST suspension and the DRT case - were visible and publicly available. They were missed because nobody was assigned to look for them continuously. This is the practical cost of treating KYC as a one-time exercise.
A Practical Framework: Building Continuous Vendor Monitoring Into Your Process
Segment Your Vendor Base First
Segment Your Vendor Base First
Identify your critical vendors - those where a supply disruption would stop your production or delivery within 30 days. These need the most frequent monitoring.
Separate high-spend vendors even if they are not operationally critical - financial exposure justifies monitoring.
Tier the rest: Tier 1 (critical/high spend) gets monthly monitoring. Tier 2 (moderate) gets quarterly. Tier 3 (low risk, easily replaceable) gets annual.
Monthly Checks for Tier 1 Vendors
Monthly Checks for Tier 1 Vendors
Verify GST registration status on the GST portal using the vendor’s GSTIN. Active status is the minimum requirement for safe transacting.
Check for new NCLT filings against the company or its promoters on the NCLT case status portal.
Run a basic adverse news search on the company name and key promoter names.
Quarterly Checks for Tier 1 and Tier 2 Vendors
Quarterly Checks for Tier 1 and Tier 2 Vendors
Check MCA for any change in directors. A director leaving suddenly, or a new director being added who has a history of disqualification, is a governance signal.
Look up DRT cases on the relevant DRT website for the vendor’s registered state.
Review public CIBIL default disclosures for the company and its key promoters.
Annual Checks for All Active Vendors
Annual Checks for All Active Vendors
Pull the latest MCA annual accounts and check net worth trend over 3 years. A consistent decline is a slow-burn risk signal.
Check GST turnover year on year. A 20%+ decline in a vendor’s overall business is a sign they may not have the capacity or financial stability to continue delivering at the same level.
Formally refresh your KYC file and document the review date. This protects you in the event of an audit or a legal dispute.
Immediate Action Triggers - Stop and Review Now
Immediate Action Triggers - Stop and Review Now
GST registration suspended or cancelled. Pause invoicing and purchasing immediately. Clarify status before continuing.
New NCLT insolvency petition filed against the vendor or its key promoter. Escalate to legal and finance immediately.
Director disqualification published by MCA for a director at the vendor company. Flag for legal review before the next order.
Adverse news involving promoter arrest, regulatory penalty, or plant shutdown. Do not wait for operational impact - escalate now.
What This Looks Like in Practice
Consider an auto-components manufacturer in Pune with 300 active vendors. Their Tier 1 supplier list has 40 vendors who supply parts that are directly on the production line - no alternative in the short term.
Without continuous monitoring: Each of these 40 vendors was last formally reviewed at onboarding. One vendor has had a GST suspension since Q3 of the previous year. Another has a new DRT case against the promoter. A third has filed annual accounts showing negative net worth for two years running. None of these facts are known to the procurement team.
With continuous monitoring: The GST suspension is caught within 3 weeks of it being issued. Procurement pauses new purchase orders and contacts the vendor for clarification. The vendor resolves the suspension within a month by filing their pending returns. No production disruption. The DRT case is flagged and reviewed - the amount involved is small enough that procurement decides to watch rather than act, but the information is on record.
The difference is not a large team or an expensive investigation. It is a structured process that checks publicly available data at regular intervals - and assigns someone to act on what they find.
Why This Is Especially Important for Indian Companies Right Now
A few India-specific reasons why continuous vendor monitoring has become more important in the last 2–3 years:
GST compliance enforcement has tightened. The GST department has been increasingly aggressive about suspending registrations for return mismatches and fake ITC claims. This means your vendors are more likely to face GST-related actions than they were a few years ago - and you need to know when this happens, because your ITC is directly affected.
NCLT and DRT caseloads have increased. Insolvency proceedings and debt recovery tribunal cases have gone up steadily. A vendor who is financially stressed is more likely to face legal action from their own lenders - and that action, once filed, changes the risk profile of working with them completely.
SEBI BRSR requirements are pushing listed companies to monitor their supply chains. If your company is listed or supplies to listed companies, the governance standards for vendor monitoring are rising. Showing that you have a documented, ongoing vendor risk process is becoming a compliance requirement, not just a good practice.
Supply chain disruptions are expensive in India’s current environment. Raw material costs, logistics constraints, and tighter working capital across the system mean that vendor failures have a larger downstream impact than they did three or four years ago. The cost of being caught unprepared is higher than it used to be.
Live Vendor Risk Monitoring - Without Adding to Your Team's Workload
Privue monitors GST registration status, MCA director data, court records, and financial health signals for your entire vendor base - automatically. When something changes, your team gets an alert. You do not need to manually check four different government portals on a monthly cycle. The monitoring runs in the background. Your procurement team sees the vendors that need attention, not a list of 300 to check themselves.
What You Should Do Next
List your top 20–30 vendors by criticality and spend. For each one, check their GST registration status right now on the GST portal. This takes 15 minutes and will show you immediately whether you have a problem you did not know about.
Ask your procurement team when the last formal review of each Tier 1 vendor was done. If the answer is “at onboarding” or “we do not know,” you have a process gap that needs to be fixed before it creates a supply disruption.
Assign clear ownership. Someone needs to be responsible for vendor monitoring - not just vendor onboarding. If it is not anyone’s job, it will not get done. Even one person with a clear checklist and a monthly calendar reminder is infinitely better than nothing.
Evaluate whether manual monitoring is realistic at your scale. For companies with more than 50 critical vendors, automated monitoring through a platform is significantly more reliable than a manual process - and typically costs less than the disruption cost of one missed vendor failure.
Vendor KYC at onboarding is necessary. But it is not enough. The question is not whether you check your vendors - it is how often, on what signals, and who is responsible for acting when something changes.