PTAS Finsuite · Vendor Management

Vendor onboarding in 72 hours. Not nine working days.

PTAS Finsuite Vendor Management handles the five checks that actually decide whether a vendor is safe to pay: structural validation, KYC, bank account penny drop, AI risk scoring, and approval. Your procurement team stops chasing PAN cards. The ERP master stays clean.

Built for finance teams that pay only the right vendors
ISO/IEC 27001-aligned Penny drop via NPCI GSTIN · PAN · MSME live lookup SAP · Oracle · Tally · Dynamics
Where vendor onboarding actually bleeds

The risk isn't the vendor that fails onboarding. It's the one that passes it.

Every finance team has a story about the vendor that slipped through. Clean paperwork, a plausible bank account, a name close enough to someone real — and six months later a reversed payment and a hard conversation with the auditor. Manual onboarding is where these slip through.

9–14

Days to onboard a typical Indian vendor

Most teams we audit take between nine and fourteen working days end to end. The time is not spent validating — it is spent chasing. Chasing the GST certificate, the cancelled cheque, the signed MSA, the approver who is on leave, the buyer who needs to confirm the category.

PTAS customer audits across India manufacturing and services, 2024.
~3%

Of vendor master records are duplicates

Same PAN, same bank account, two different names. Or the same legal entity entered under a dba, a typo, and an old acronym. The duplicates do not hurt until the payment team pays both — and even then, not for a while.

Typical duplicate rate on un-cleaned vendor master data.
0

Real penny drop checks in most AP tools

Most platforms validate the IFSC format. That is not a bank account check. A valid-looking IFSC and a ten-digit account number give you nothing if the account does not exist, is frozen, or belongs to someone else. Only a real credit confirms that.

Observed across tools evaluated in 2024–2025.
Five stages · one vendor record

Every vendor goes through the same five gates. You approve the last one.

The stages run in sequence, not in parallel. If structural validation fails, KYC does not start. If KYC fails, penny drop does not run. This is deliberate — it keeps the audit trail clean and the cost per record low. By the time a record hits your approver, it has already cleared four gates.

Vendor Onboarding Workflow

Vendor: Pritasha Solutions Ltd · Code: WF-4022-0006 · Value: ₹3,200,000.00
Pending approval
Steps completed
4/5
Current stage
Manager approval
Elapsed time
69d 20h
Risk score
35/100
Structural validation
KYC verification
Penny drop
Risk scoring
Manager approval
L1 approval Awaiting approval
  • Started24-02-26
  • SLA deadline25-02-26 (48h)
  • Remaining levels0 level(s)
  • Assigned toSunil · Procurement
  • Approval chainL1 ⇛ posted to ERP
Activity timeline
08:00
Workflow initiated for Pritasha Solutions Ltd
08:00
Risk scoring completed successfully
17:00
Penny drop completed successfully
11:00
KYC verification completed successfully
17:40
Structural validation completed successfully
14:32
Manager approval assigned to Sunil

The screenshot above is a real workflow view. The record ID, approver, and risk score change per vendor; the five stages do not.

What each stage actually does

Five gates. No hand-off to a human unless something fails.

Each stage writes its own audit line with a reason code. When an auditor asks why vendor 4022-0006 was approved, the answer is one screen and six log entries. Not forty emails.

  1. Structural validation

    Format checks on GSTIN, PAN, CIN, IFSC, and MSME Udyam number. Typos are caught here before anything expensive runs.

  2. KYC verification

    DocPro reads the uploaded documents, pulls the numbers, and matches them against the entered values. A mismatch blocks the record.

  3. Penny drop

    A one-rupee credit goes to the bank account. The returned beneficiary name is fuzzy-matched against the vendor name on record.

  4. Risk scoring

    The AI model combines sanctions screening, adverse media, director lookups, and network history into a 0–100 score with reason codes.

  5. Manager approval

    The cleared record lands in the approver's queue with the full audit trail. One approval posts it to the ERP vendor master.

Create-new-vendor wizard

A seven-step form that a buyer can finish in under ten minutes.

The wizard collects what we actually need and nothing we don't. Each step can be saved as a draft. Vendors can fill the same wizard themselves through the self-service portal — the fields are identical, and the record lands in the pending queue when they submit.

Base details

 
 
 
 
Select type
Select business category
Not applicable
Select payment terms

Each step saves independently. Procurement can start a record, send the portal link to the vendor for the compliance and bank steps, then pick up from review.

Vendor master · one source of truth

Every vendor, every status, every risk level — one screen.

Filter by status, sort by risk, search by ERP code or PAN. The list syncs to your ERP vendor master in near real-time, so what your finance team sees is what your ERP sees.

☰ All ◎ Approved ◷ Pending ✎ Draft
Show 10 entries
Sr no.NameVendor codeEmail TypeERP codeRisk levelStatus DateModify dateActions
1 Deloitte Consulting India Ltd finance@deloitte-india.in Consulting ERP-A4-015 07-Mar-2026
2 Accenture Advisory India Pvt Ltd ops@accenture-adv.in Consulting ERP-A4-014 05-Mar-2026
3 Cognizant Systems India Ltd admin@cognizant-ind.in IT Services ERP-A4-013 Initiated 03-Mar-2026
4 Oracle India Solutions Pvt Ltd finance@oracle-india.in IT Services ERP-A4-012 Initiated 01-Mar-2026
5 Bosch Auto Components India Ltd procurement@bosch-auto.in Manufacturing ERP-A4-011 Low Failed 19-Feb-2026
6 Siemens India Technologies Pvt Ltd ops@siemens-india.in IT Services ERP-A4-010 Low Failed 18-Feb-2026
7 Larsen Toubro Services Ltd finance@lt-services.in Manufacturing ERP-A4-009 Medium Rejected 17-Feb-2026
8 Adani Logistics Pvt Ltd admin@adani-logistics.in Manufacturing ERP-A4-008 Medium Rejected 15-Feb-2026
9 Bajaj Finserv Partners Pvt Ltd ops@bajaj-finserv.in Consulting ERP-A4-007 Medium Pending approval 14-Feb-2026
10 Mahindra Agri Solutions Ltd finance@mahindra-agri.in Manufacturing ERP-A4-006 Medium Pending approval 12-Feb-2026
Showing 110 of 15 entries
Previous 1 2 Next
AI risk scoring · 0 to 100

A score you can actually explain to the board.

Every signal has a weight. Every weight is visible. The score on the record is a number, but clicking on it shows you the six or seven factors that pushed it up or down. No black box.

35
Risk score · 0 to 100 · Low
GSTIN format & live lookup PASS
PAN authentication PASS
Penny drop name match 98% match
Sanctions & PEP screening Clear
Adverse media scan 1 low-severity hit
MCA director lookup 3 directors verified
Duplicate check (PAN + bank) No match

What goes into the score

The model is a weighted ensemble, not a neural-net oracle. Weights are tunable per tenant because a consulting vendor and a raw-material supplier do not carry the same risk profile.

  • 1 Structural signals. Valid GSTIN, PAN format, MSME Udyam, CIN, and IFSC. Wrong formats pull the score down fast.
  • 2 Sanctions and PEP. OFAC, EU, UN lists, plus domestic watch lists. Any hit triggers a hard review.
  • 3 Adverse media. Scanned for fraud, regulatory actions, insolvency, litigation. Severity-weighted, not a count.
  • 4 Director & ownership graph. MCA data cross-referenced. A director also listed on a disqualified company's board is a real flag.
  • 5 Network history. Payment behaviour and dispute rate across the anonymised Finsuite customer base. A vendor that chargebacks elsewhere is not neutral.
  • 6 Behavioural checks. Bank account changes, address updates, and beneficial owner changes over time.
What it ships with

The boring things that keep a vendor master clean.

Feature lists on product pages are usually aspirational. This is what is in the box today. If you need something here, it works. If it's not here, it's either not a feature or it's on the roadmap — and we'll say which.

Structural validation

GSTIN, PAN, CIN, IFSC, and MSME Udyam format checks plus a live lookup against the respective government portal. Invalid records never reach KYC.

Automated KYC extraction

DocPro reads the uploaded KYC documents (certificates, cancelled cheque, company incorporation, Aadhaar, PAN card) and matches the extracted fields to what the vendor entered.

Penny drop via NPCI

A one-rupee credit hits the vendor account. The bank returns the beneficiary name, which is fuzzy-matched against the vendor name with a tunable threshold.

AI risk scoring

0 to 100 score combining sanctions, adverse media, MCA data, historical behaviour, and duplicates. Weights are tunable per vendor type and business unit.

Duplicate detection

Matches across PAN, GSTIN, bank account, registered name, and fuzzy address. Any hit blocks new record creation and shows the existing record for merge.

L1–L5 approval workflow

Configurable by amount, category, BU, and vendor type. Each level has an SLA in hours; misses escalate. Delegation during leave is built in.

Two-way ERP sync

Native connectors for SAP, Oracle, Dynamics, Tally, NetSuite, QuickBooks, Xero, Zoho. Changes flow both ways and both systems stay consistent.

Self-service vendor portal

Signed link, the vendor fills the same seven-step wizard, uploads documents, submits. Your queue gets the record with the risk score already computed.

Audit trail per record

Every stage, every field change, every approval and rejection writes an immutable log line. Export to CSV or stream to your SIEM.

How we think about the category

Manual onboarding vs. generic P2P vs. Finsuite Vendor Management

We are biased. We also answer these questions honestly during sales calls, so here they are.

Capability Manual / spreadsheet Generic P2P module Finsuite Vendor Management
GSTIN + PAN live lookup ✗ format only ◐ optional add-on ✓ native
Penny drop bank verification ◐ via third party ✓ native, NPCI rails
AI risk score with reason codes ✗ manual risk tagging ✓ explainable
Duplicate detection (PAN + bank) ◐ name only ✓ multi-field signature
Vendor self-service portal
Two-way ERP sync ✓ within suite only ✓ multi-ERP connectors
Approval SLA & escalation ✗ email reminders ✓ with delegation
Audit trail per record ◐ patchy ✓ immutable log
Deploy in your own cloud ✗ SaaS only ✓ SaaS or BYOC
ERP & ecosystem

The vendor master lives in your ERP. We keep it honest.

Native connectors for the ERPs and accounting systems most of our customers run. For anything outside the list, REST APIs and webhooks do the job. Bi-directional, so changes on either side flow the other way.

SAP · ECC & S/4HANA
Oracle Fusion · EBS
Microsoft Dynamics 365
Tally Prime
NetSuite
QuickBooks Online
Xero
Zoho Books
SAP Business One
REST API & webhooks
Who actually uses this

Different industries, same five gates.

The workflow does not change much by industry. The weights on the risk score, the approval thresholds, and the document set do. Here is how three common setups look in practice.

Manufacturing

Multi-plant supplier onboarding

Raw-material and contract-manufacturing vendors get stricter structural checks and a lower risk threshold for approval. Plant-level cost centres get their own approvers. SAP S/4HANA syncs on every approved record.

Financial services

Regulated vendor onboarding

Sanctions and PEP screening weight is high; adverse media scan runs monthly after onboarding, not just once. Bank account change triggers a re-verification through penny drop, always. CMK deployment in the customer's AWS.

IT services & GCCs

Global contractor onboarding

Cross-border vendors use a shorter wizard that swaps GSTIN and PAN for the local equivalent (EIN, VAT, ABN). Same risk model, different signals. Oracle Fusion vendor master stays in sync across regions.

Security & compliance

Vendor data is sensitive. We treat it that way.

The platform handles PAN, bank account numbers, and director IDs. The defaults lean paranoid. If you need stricter, we have an answer.

Encryption at rest & in transit

AES-256 at rest, TLS 1.3 in transit. Customer-managed keys (CMK) on enterprise contracts so you hold the unlock.

Data residency

India, EU, US, and APAC regions available. Data never leaves the chosen region, including logs and audit events.

Role-based access

Field-level permissions on bank details and director data. SSO via SAML and OIDC. SCIM user provisioning for enterprise.

ISO/IEC 27001-aligned

Controls mapped to 27001. DPAs signed before any data moves. SOC 2 Type II evidence pack shared under NDA on request.

Bring-your-own cloud

Single-tenant deployment in your AWS, Azure, or GCP account. Air-gapped option for defence and regulated workloads.

Immutable audit log

Every record mutation — field change, bank update, approval, rejection — writes a signed log line. Stream to your SIEM on syslog or webhook.

Questions buyers actually ask

Questions we get on every demo

We answer the rest on a call. These are the ones that come up first.

What does penny drop verification actually check?

Penny drop sends a one-rupee credit to the vendor bank account and reads the beneficiary name that comes back from the bank. The returned name is matched against the vendor name on the record using fuzzy match with configurable thresholds. A mismatch blocks the record until a human reviews it. This is the single most reliable way to catch fake or mistyped bank accounts before you ever pay into them. Format checks on IFSC codes do not catch any of that.

How is the AI risk score calculated?

The score combines signals from structural checks (valid GSTIN, PAN, MSME), sanctions and PEP screening, adverse media scanning, MCA director lookups, historical payment and dispute patterns across the anonymised Finsuite customer base, and behavioural changes like bank-account updates. Each signal has a weight you can tune by vendor type and business unit. The output is a 0 to 100 number with the contributing reason codes visible, so a reviewer can see exactly why a vendor scored 72.

Which compliance checks run during Indian vendor onboarding?

GSTIN format validation and live lookup against the GSTN portal, PAN format check and Income Tax authenticity call, MSME Udyam registration verification, CIN lookup against MCA, TDS section and rate applicability, and 80G or 12A certification checks for NGO payees. The checks run in parallel where the upstream APIs allow it, take under forty seconds per vendor on average, and each writes its own audit line.

Can vendors onboard themselves?

Yes. The vendor portal takes a signed link by email. The vendor fills the same seven-step wizard your team would fill, uploads KYC documents, and submits. Your team sees the record in the pending queue with the AI risk score already computed and the penny drop already complete. Self-service cuts the onboarding touch time on your side by roughly 60 to 70 percent on typical accounts. The wizard does not hide anything — what the vendor fills is what your team sees.

How does Finsuite sync the vendor master back to my ERP?

Two-way, near real-time. When a record is approved in Finsuite, it creates or updates the vendor in SAP (ECC or S/4HANA), Oracle Fusion, E-Business Suite, Dynamics 365, Tally Prime, NetSuite, QuickBooks, Xero, or Zoho Books through a native connector. Changes made directly in the ERP flow back into Finsuite, which keeps both systems consistent. For anything outside the connector list, the sync runs over REST API or scheduled file drops.

How are duplicate vendors detected?

A new vendor record is checked against every existing record on PAN, GSTIN, bank account number, registered name, and a fuzzy match on address. Any hit blocks the creation and shows the matching record for merge. This catches the common case of the same legal entity getting onboarded twice under slightly different names, which otherwise shows up as a payment ambiguity six months later when the same invoice gets paid twice.

What approval workflow does the platform support?

Up to five levels, configurable by amount threshold, business unit, vendor type, and category. Each level has an SLA in hours. If an approver misses the SLA, a reminder goes out; if they miss it again, the record escalates to the next level or a named backup. Delegation during leave is built in — the approver sets it up once in their profile. Every approval or rejection writes an audit line with the reason code.

How long does the full onboarding take end to end?

For a clean vendor with complete documents, the five workflow stages complete in under an hour of processing time — structural, KYC, penny drop, risk scoring, and waiting for the approver is the slowest part. The total elapsed time depends on your approval SLAs. A single-approver setup with a responsive manager closes the same day. The old average for manual Indian vendor onboarding is nine to fourteen days; Finsuite customers typically run at 24 to 72 hours.

Can I deploy on-premise or in my own cloud account?

Yes. Standard SaaS runs on our multi-tenant cloud in your region of choice. For regulated workloads, Finsuite ships as a single-tenant deployment in your AWS, Azure, or GCP account, or fully on-premise with an air-gap option. CMK (customer-managed keys) are available from single-tenant onwards. A DPA is signed before any vendor data moves, regardless of the deployment model.

How does Vendor Management relate to AP Automation?

Vendor Management owns the vendor master — who the vendor is, whether they are safe to pay, what their terms are. AP Automation owns the invoice flow — what they billed, whether it matches the PO, whether it should be paid now. They share the same vendor record, and the same DocPro extraction engine underneath. You can license them separately. Most finance teams run both because the same vendor fraud that Vendor Management catches at onboarding also surfaces in AP Automation as a bank-account change on an invoice.

Send us last month’s vendor onboarding queue.

Fifty of your pending vendor records, the messier the better. We run them through Finsuite Vendor Management and send back the structural validation, penny drop outcomes, AI risk scores, and the duplicates we would have flagged. No slide deck. Just output you can put next to what you have now.