How frequently should supplier KYC be refreshed?

Supplier KYC should be refreshed annually for active high-risk or high-spend suppliers, and every 2-3 years for lower-risk suppliers. Trigger-based refresh should occur when: a change of address or bank details is notified, a change in company ownership occurs, a supplier is flagged in an AML alert, or the supplier's VAT registration lapses. New supplier onboarding always requires full KYC regardless of refresh cycle.

Does Peppol network registration substitute for supplier KYC?

Peppol network registration is not a substitute for full supplier KYC. Peppol registration verifies that a business has a valid participant ID and access point, but does not verify the business's legal standing, beneficial ownership, or financial health. Peppol registration reduces invoice spoofing risk (invoices via Peppol come from authenticated access points) but does not address the wider KYC requirements for AML compliance, sanctions screening, or commercial credit risk assessment.

Concept Definition

What is supplier KYC and how does it relate to invoice fraud prevention?

Know Your Customer (KYC) for suppliers involves verifying the identity, legal status, VAT registration, and beneficial ownership of businesses before adding them to the approved supplier list. Supplier KYC prevents fraudulent suppliers from being added to the master data and reduces the risk of paying invoices to fraudulent entities. In e-invoicing, Peppol participant ID verification adds a network-level identity check to supplement traditional KYC.

What does a supplier KYC process include?

Supplier KYC process elements: (1) Legal entity verification: company registration, trading name, registered address, directors from official registry; (2) VAT number validation: VIES lookup or local tax authority verification; (3) Bank account verification: confirm account belongs to the legal entity (not a fraudulent account); (4) Beneficial ownership: identify ultimate beneficial owners above 25 percent threshold for AML purposes; (5) Sanctions screening: screen against OFAC, EU, UN sanction lists; (6) Ongoing monitoring: periodic re-verification and alert for changes.

Frequently Asked Questions

How frequently should supplier KYC be refreshed?: Supplier KYC should be refreshed annually for active high-risk or high-spend suppliers, and every 2-3 years for lower-risk suppliers. Trigger-based refresh should occur when: a change of address or bank details is notified, a change in company ownership occurs, a supplier is flagged in an AML alert, or the supplier's VAT registration lapses. New supplier onboarding always requires full KYC regardless of refresh cycle.
Does Peppol network registration substitute for supplier KYC?: Peppol network registration is not a substitute for full supplier KYC. Peppol registration verifies that a business has a valid participant ID and access point, but does not verify the business's legal standing, beneficial ownership, or financial health. Peppol registration reduces invoice spoofing risk (invoices via Peppol come from authenticated access points) but does not address the wider KYC requirements for AML compliance, sanctions screening, or commercial credit risk assessment.

What is supplier KYC and how does it relate to invoice fraud prevention?

What does a supplier KYC process include?

Frequently Asked Questions

Related Concepts

Related Regulations

Related Use Cases