Vendor Financial Due Diligence Checklist: 8 Things to Review Before You Depend on a Supplier

What "due diligence" actually means when applied to vendor finances

The phrase "vendor due diligence" gets used loosely. In most procurement programs, it describes the process of collecting a SIG questionnaire, running a sanctions check, confirming the vendor has an active business license, and storing the documents somewhere auditors can find them. That is compliance due diligence. It has real value for regulatory purposes.

Financial due diligence answers a narrower and more operationally important question: what is the probability this vendor will be unable to deliver on their commitments in the next 12 to 24 months? The signals that answer that question are financial signals, not compliance signals. A vendor can pass a SIG questionnaire in full and file for Chapter 11 three weeks later. Envelope 1 Packaging did exactly that in 2024 after passing routine vendor assessments.

This checklist covers the eight areas that financial due diligence requires. It is not a substitute for a full credit analysis on strategic suppliers, but it will catch the situations where a supplier should be reviewed more carefully before you commit.

The 8-item vendor financial due diligence checklist

1. Trade payment performance

How does this vendor pay its own suppliers? Stretching payables is the first sign of a cash squeeze. A vendor who was paying in 30 days a year ago and is now averaging 75 days is managing a liquidity problem. The data lives in commercial credit bureau trade payment files from D&B, Experian Business, and Equifax Business. Pull a trade payment score at onboarding and track changes quarterly for strategic suppliers. A single quarter of deterioration is not alarming. A consistent trend over two quarters is.

2. Liens and UCC-1 filings

Search the relevant state SOS filings for UCC-1 financing statements against the vendor's legal name. A single secured lender is normal. Multiple stacked liens from different lenders — especially if filed within the last 18 months — suggests the supplier has been borrowing against its assets to fund operations. This does not mean they are in immediate distress, but it means their assets are encumbered. If they file for bankruptcy, you are an unsecured creditor at the back of a long line.

3. Federal court records

Search PACER for prior bankruptcy filings, judgments, and significant litigation. A supplier that emerged from a Chapter 11 four years ago with a restructuring plan attached is not disqualified, but the terms of that plan — especially any surviving debt obligations — are relevant to whether they can absorb volume increases or weather a bad quarter. A supplier with multiple outstanding judgments is a different risk category than one with none.

4. Ownership and entity structure

Who actually owns this company? A foreign parent creates supply chain dependency risks that the subsidiary's financials do not capture. A private equity-owned business with significant leveraged buyout debt is carrying a capital structure that makes it vulnerable to market downturns in a way that an equivalent revenue-size founder-owned business is not. If a vendor is a subsidiary, the relevant financial analysis runs at the parent level, not the entity you are contracting with.

5. Revenue concentration and customer dependencies

A vendor whose top three customers represent 80% of their revenue has a concentration problem. If one of those customers reduces orders significantly or files for bankruptcy, the vendor's revenue base can shrink by 30% overnight. Harvest Sherwood Food Distributors filed for bankruptcy in 2024 in part because the concentration of its grocery retail customer base amplified the impact of margin compression across that sector. Asking about customer concentration as part of onboarding is reasonable for any supplier that represents more than 5% of your procurement spend.

6. Financial statements (if obtainable)

Public vendors file quarterly 10-Qs and annual 10-Ks with the SEC. For private suppliers — which is most of them — you can request audited financials, but many will decline. If they provide statements, look at three things: the current ratio (current assets divided by current liabilities — below 1.0 is a liquidity warning), debt-to-EBITDA (above 5x for a manufacturing or distribution business is elevated), and gross margin trend (compressing margins over two to three consecutive years signals eroding pricing power). You do not need to run a full valuation model. You are looking for flags.

7. News and industry signals

A 20-minute news search at onboarding catches material events that structured data misses. Search the vendor's name alongside "bankruptcy," "layoffs," "plant closure," "investigation," and "leadership change" for the last 24 months. A new CFO with a restructuring background is a different signal than a CFO hired to lead growth. Industry-level signals matter too: a supplier facing significant tariff pressure or a major raw material cost increase deserves a different risk weight than one in a stable supply market.

8. Insurance and financial capacity to perform

Request certificates of insurance for coverage types relevant to the contract: general liability, errors and omissions, product liability if applicable. The face values matter less than whether coverage is active and whether the insurer is financially rated. A vendor with a lapsed professional liability policy is not a distress signal on its own, but it often clusters with other signals in companies managing cash tightly and letting non-critical expenses lapse.

What questionnaires miss

A SIG questionnaire asks vendors to self-report their policies, procedures, and certifications. The vendor fills it out. The data is as accurate as the vendor's answers. The timeline captures a single moment.

None of the eight items on this checklist appear in a standard SIG. Trade payment trends are not self-reported. UCC lien filings are public records, not disclosures. Revenue concentration is not a SIG line item. The questionnaire tells you whether the vendor has a written information security policy. It does not tell you whether the vendor is six months from a cash crisis.

OneTrust and Venminder have built real platforms for compliance and security questionnaire management. That work has genuine value for regulatory and audit purposes. But positioning those tools as full vendor risk management is only accurate if "risk" means "compliance and cyber risk." For teams that also need to know whether a supplier will still be operating next year, those platforms do not cover it.

How often to run this checklist

For strategic suppliers — any vendor whose failure would disrupt production, delivery, or service — this checklist should run at onboarding and then feed into a continuous monitoring program rather than a calendar review. The signals that matter most (trade payment trends, new UCC filings, news) change continuously. Running a check annually and treating it as current is theater. A supplier can move from financially stable to insolvency proceedings in 90 days under the right conditions.

For non-strategic vendors, a lighter check at onboarding (trade payment score, lien search, news scan) with an annual refresh is proportionate. The rigor should match the cost of the supplier failing.

Credit Pulse runs items 1, 2, 3, and 7 continuously for every monitored supplier, surfacing changes without requiring manual data pulls. For strategic suppliers, the platform adds items 4, 5, and 6 as part of the initial onboarding assessment — using research agents rather than analyst hours.

Connecting the checklist to your broader VRM program

Vendor financial due diligence is one layer of a complete vendor risk program. The other layers — cyber risk, compliance, geographic concentration, regulatory exposure — all matter. The point is that most programs have the compliance and cyber layers covered and the financial layer either absent or relying on self-reported questionnaire data. That gap is where most of the actual supplier disruption comes from.

For the framework that puts this checklist into context, see Vendor Financial Risk: The Missing Layer in TPRM. For a step-by-step walk-through of how to run a financial assessment on a specific supplier, see How to Assess a Supplier's Financial Health. For the early warning signals that show up in vendor financial data before a bankruptcy, see Vendor Bankruptcy Risk: 7 Early Warning Signs Your Supplier Is in Trouble. If you want to go deeper on the supplier credit risk angle specifically, Supplier Credit Risk: A Practical Guide for Vendor Managers covers the credit lens in detail.