A few years ago, if a bank or a PE investor asked about your vendor ESG practices, it was a formality. A policy document, a few lines in the annual report, and the conversation moved on. That is no longer the case. Indian institutional investors, lenders, and rating agencies are now asking specific questions about your supply chain - and they want data, not intentions. Most companies are discovering this gap only when they are already in the middle of a fundraise or credit renewal.
Why This Is Happening Now in India
Three things have come together at the same time to push vendor ESG onto the due diligence agenda in India.
SEBI’s BRSR framework now requires the top 1,000 listed companies to report on their supply chain sustainability practices. This is not optional or box-ticking - SEBI has made it a mandatory disclosure, and the requirement is moving progressively to smaller listed entities. When your company has to publish vendor ESG data in its annual report, it means you actually need to collect that data from your vendors first.
Global ESG pressure on Indian exporters is coming through European regulations - the EU Corporate Sustainability Reporting Directive (CSRD) and the EU Deforestation Regulation (EUDR) - which require European buyers to verify their supply chain practices. If you are supplying to an Indian company that exports to Europe, their ESG obligations flow down to you and your vendors.
Indian lenders and PE funds - particularly those with foreign limited partners or international refinancing arrangements - are incorporating ESG into their credit and investment processes. This is partly regulatory, partly driven by LP pressure, and partly because ESG failures create real financial risk that lenders have started pricing.
If you are seeking a credit facility renewal, a new term loan, a private equity investment, or a credit rating review, the question about your vendor ESG practices is coming. The companies that have thought about this in advance will answer quickly and credibly. The rest will scramble - and in some cases, that scrambling costs them better terms or more time.
The Actual Questions Lenders and Investors Are Asking
The questions vary by institution and transaction type, but a common pattern has emerged. Here is what is being asked - and how hard each question is to answer without prior preparation:
Do you have a vendor code of conduct covering environmental, social, and governance standards?
Most companies have a document here. This question is easy to answer - but it is only the starting point. A policy without implementation evidence has low credibility with serious reviewers.
What percentage of your critical vendors have been assessed against your ESG standards in the last 12 months?
This is where most companies get stuck. Having a code of conduct is different from having assessed vendors against it. The answer cannot be “we plan to assess them” - the question is about what has already happened.
Do you monitor your vendors for GST compliance, regulatory penalties, and legal proceedings on an ongoing basis?
This is a governance question dressed in operational language. A vendor with a GST cancellation, a pending court case, or a regulatory penalty is a governance risk. Lenders want to know you are watching for this - not finding out after the fact.
Have any of your top 10 vendors had labour law violations, environmental penalties, or regulatory notices in the past two years?
This requires you to actually know. Most companies rely on what vendors self-report, which is unreliable. The expectation is that you have independently verified at least for your highest-dependency vendors.
What is your process for removing or replacing a vendor that fails your ESG standards?
A process question. Most companies have not documented this. The answer should describe a real workflow - not a theoretical one - with examples of where action was taken or considered.
How do you ensure your sub-vendors (vendors of your vendors) meet your ESG requirements?
The hardest question. Very few Indian companies have visibility beyond their first-tier vendors. Honest acknowledgement of the limitation - combined with a credible plan - is better than an overconfident claim.
The Difference Between a Policy and Evidence
This is the most important distinction in vendor ESG due diligence, and most companies miss it.
A policy says: “We require all vendors to comply with applicable environmental and labour laws and to follow our code of conduct.”
Evidence says: “We assessed 43 of our 67 critical vendors in FY25. Of these, 6 had pending court cases that we had not been aware of. 2 of those had GST registration status issues. We resolved 4 of the 6 through direct engagement, and replaced 2 vendors.”
The second answer is credible. The first is not - because any company can write a policy. What serious investors and lenders are looking for is whether the company has a system for actually knowing what is happening in its supply chain.
Data from vendor monitoring systems - GST status checks, court record searches, financial analysis - that can be pulled and shown as evidence. Concrete and specific.
Annual vendor audits with findings documented. Better than nothing, but static. Does not catch what changes between audits.
Vendor self-declarations and signed codes of conduct without independent verification. Reviewers know these are not reliable - and they say so.
No documentation at all. The answer “we manage this informally” is a red flag to institutional reviewers and tends to result in additional conditions on the transaction.
Governance Data You Probably Already Have
Here is something most companies do not realise: a large portion of what counts as vendor ESG governance data in India is already publicly available - and much of it may already be part of your vendor risk or procurement monitoring.
The following data points are what institutional reviewers consider governance signals. If you are collecting any of these already, you are closer to answering ESG due diligence questions than you think:
The point is: governance ESG is not separate from the financial and legal risk monitoring you should already be doing for your vendors. If you are tracking court cases, GST status, and regulatory penalties for your vendor risk programme, you already have most of what you need to answer the governance pillar of ESG due diligence.
What Credit Rating Agencies Are Looking For
India’s major rating agencies - CRISIL, ICRA, CARE, India Ratings - have all incorporated ESG factors into their methodology in recent years. For companies seeking or maintaining credit ratings above AA-, supply chain governance is now a factor that can influence the final rating.
Rating analysts are specifically looking at three things when they assess supply chain ESG:
Single-vendor dependency. A company that relies on one or two vendors for a critical input, with no alternative and no contingency plan, scores poorly. This is both an operational risk and a governance concern - it means the board has not addressed a known vulnerability.
Whether you have a system or just a policy. Rating analysts will ask whether vendor risk is monitored continuously or only at onboarding. A company that can show it receives alerts when a vendor’s GST registration changes or a court case is filed will score better than a company that audits vendors once every two years.
Who owns vendor ESG at the leadership level. Rating agencies look for evidence that supply chain ESG is a board or senior management agenda item - not just a compliance department exercise. A dedicated risk committee that reviews vendor risk data quarterly is more credible than a one-time ESG report.
What PE Investors Ask - And Why Their Questions Are Different
Private equity investors - particularly those with international LPs or ESG-aligned mandates - tend to ask questions that are more forward-looking than what banks or rating agencies typically focus on.
A PE investor is not just asking whether your current vendor base is clean. They are asking whether your vendor monitoring capability can scale with the business they are planning to build. The questions typically cover:
Portfolio-level risk exposure. What is the aggregate ESG risk across your top 50 vendors? Are there clusters of risk in any particular geography, sector, or input category? PE investors who manage portfolios across sectors want to understand whether your supply chain has systemic vulnerabilities - not just individual vendor issues.
Remediation track record. Have you actually removed a vendor for ESG reasons? What happened? This question is designed to test whether your vendor ESG programme has teeth. A company that has never acted on a non-compliant vendor - despite having a code of conduct - raises questions about how serious the programme really is.
Data infrastructure. Can you produce an ESG vendor report at short notice? Many PE firms will ask for a vendor risk summary as part of due diligence. Companies that have to manually pull spreadsheets from multiple teams, with data that is 12 months old, are at a disadvantage compared to companies that can produce a current, system-generated view.
What Preparedness Looks Like in Practice
Consider two mid-sized Indian manufacturers, both seeking a ₹200 crore term loan from the same bank. Both have a vendor code of conduct. Both have 60–80 vendors in their active supply chain.
Company A pulls together a presentation with their vendor list, a copy of their code of conduct, and a signed declaration from vendors confirming compliance. When asked about specific vendors, they go back to the team and return the next day with answers. The bank asks for additional disclosures and adds a covenant requiring an independent ESG audit within 12 months.
Company B presents a live dashboard showing vendor monitoring status - GST registration checked monthly, court record searches updated quarterly, MCA director-level checks done at onboarding and annually. They flag 4 vendors with open court cases and explain what they did about each. The bank has fewer follow-up questions. The documentation requirement is lighter. The covenant asks only for annual self-reporting.
Both companies had roughly the same vendor base. The difference was not what their vendors looked like - it was whether they had a system for knowing, and whether they could demonstrate that system clearly during the diligence process.
Continuous Vendor Monitoring That Answers the Governance Questions Before They Are Asked
Privue monitors your vendor base continuously across GST status, court records, MCA director data, regulatory penalties, and financial health signals - giving you a current, evidence-based view of your vendor governance position. When an investor or lender asks about your vendor ESG practices, you have a system-generated answer - not a scramble. India-specific data. No manual data pulling. Built for the questions your institutional reviewers are actually asking.
A Practical Checklist: Getting Ready for ESG Due Diligence
Governance Foundation
Governance Foundation
Have a vendor code of conduct that covers environmental compliance, labour standards, and governance - and make sure your top 20 vendors have signed it or acknowledged it in writing.
Document your vendor onboarding process. At a minimum, record that GST registration, MCA director checks, and court record searches were done at the time of onboarding.
Make sure someone at CFO, CPO, or Risk Head level owns vendor ESG monitoring formally. A policy with no owner is a liability in a due diligence conversation.
Ongoing Monitoring
Ongoing Monitoring
Check GST registration status of your top 50 vendors at least quarterly. A vendor with a suspended GST registration cannot legally raise invoices - your input tax credit is at risk.
Run court record searches (DRT, NCLT) for your top 20 vendors at least annually. Document the results, even when clean.
Monitor adverse news for your highest-dependency vendors. A regulatory penalty or a promoter-level issue will show up in the news long before it shows up in a formal database.
Preparing for Due Diligence
Preparing for Due Diligence
Be able to produce a vendor risk summary - showing status of your top vendors across GST, legal, and financial health - within 48 hours of being asked. If this takes two weeks, the system needs work.
Document at least one example of a vendor-level action you took based on a risk signal. This proves the programme has real consequences.
Acknowledge honestly what you do not yet cover - particularly sub-vendors. Reviewers respect a credible plan more than an overconfident claim.
SEBI BRSR Alignment
SEBI BRSR Alignment
If you are a listed company or expect to be in the top 1,000 by market cap, start collecting the BRSR supply chain data points now - before the reporting deadline, not after.
Map your BRSR supply chain disclosures to your investor ESG questions. The overlap is significant. One system feeding both reduces the data collection burden substantially.
What You Should Do Next
Run a quick audit of what you can currently answer. Go through the six due diligence questions in this article and be honest about which ones you can answer with data today versus which ones you would struggle to answer. That gap is your preparation priority.
Start with your top 20 vendors by spend or criticality. Check their GST registration status and run a quick court record search. Document the results - even a clean result is evidence that you checked.
Assign ownership. This does not need a new team or a new budget. It needs a named person who is accountable for vendor governance monitoring and who reports to the CFO or Risk Head quarterly.
If a fundraise, credit renewal, or rating review is within 18 months, move faster. The time to build the evidence base is now - not during the due diligence process itself, when everything is urgent and the data quality scrutiny is highest.
The ESG due diligence questions are not going away. They are getting more specific, not less. The companies that answer them credibly - with systems and evidence rather than policies and intentions - will have a smoother path to capital, better credit terms, and fewer covenants on their loans. The effort required is not large. The difference between being prepared and being unprepared, however, can be significant.