W D
GoBD-compliant §203 StGB-compliant Q2

Vendor Onboarding Agent

Screen, validate, create vendors - from sanctions list to ERP master data.

Extracts master data from vendor self-disclosure, validates VAT ID, checks sanctions lists, assesses risks and creates the vendor in the ERP. For elevated risk, the human decides.

Score Dashboard

Agent Readiness 75-82%
Governance Complexity 31-38%
Economic Impact 64-71%
Lighthouse Effect 28-35%
Implementation Complexity 34-41%
Transaction Volume Weekly

What This Agent Does

Vendor onboarding is the process that creates a new business partner in the master data. It includes compliance checks (sanctions lists, VAT ID), data validation (bank details, address) and risk classification. Manually this is complex and error-prone - especially the duplicate check.

The Decision Layer breaks vendor onboarding into nine decision steps. The AI Agent extracts master data from the self-disclosure, assesses risks by industry and country and extracts payment terms from contracts. The rule engine validates VAT ID via EU VIES, checks sanctions lists, validates bank details and creates the vendor in the ERP. For elevated risk scores, the human decides.

The result: compliance checks are automatic and gap-free. No vendor is created without a sanctions list check. Duplicates are detected before they enter the system. And the risk assessment protects against business relationships with problematic partners.

Micro-Decision Table

Human
Rules Engine
AI Agent
Each row is a decision. Expand to see the decision record and whether it can be challenged.
Extract master data What master data is in the self-disclosure? AI Agent Vendor

LLM extraction from unstructured documents

Decision Record

Model version and confidence score
Input data and classification result
Decision rationale (explainability)
Audit trail with full traceability

Challengeable: Yes - fully documented, reviewable by humans, objection via formal process.

Challengeable by: Vendor

VAT ID validation Is the VAT ID valid? Rules Engine Vendor

API query against EU VIES database

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Challengeable by: Vendor

Sanctions list check Is the vendor on a sanctions list? Rules Engine

API check against EU, OFAC and UN sanctions lists

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Bank details validation Are the bank details technically correct? Rules Engine Vendor

IBAN and SWIFT validation by algorithm

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Challengeable by: Vendor

Duplicate check (exact) Does this vendor already exist in the system? Rules Engine

Exact match on VAT ID and company name

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Duplicate check (fuzzy) Could a similar vendor already exist? AI Agent

Fuzzy match for name variants and address differences

Decision Record

Model version and confidence score
Input data and classification result
Decision rationale (explainability)
Audit trail with full traceability

Challengeable: Yes - fully documented, reviewable by humans, objection via formal process.

Risk assessment How high is this vendor's risk? AI Agent

Scoring by industry, country, company size and historical data

Decision Record

Model version and confidence score
Input data and classification result
Decision rationale (explainability)
Audit trail with full traceability

Challengeable: Yes - fully documented, reviewable by humans, objection via formal process.

Extract payment terms Which payment terms apply? AI Agent Vendor

LLM extraction from contract documents

Decision Record

Model version and confidence score
Input data and classification result
Decision rationale (explainability)
Audit trail with full traceability

Challengeable: Yes - fully documented, reviewable by humans, objection via formal process.

Challengeable by: Vendor

Approval for elevated risk Is the vendor created despite elevated risk score? Human Auditor

Human judgement for risk score above threshold

Decision Record

Decider ID and role
Decision rationale
Timestamp and context

Challengeable: Yes - via manager, works council, or formal objection process.

Challengeable by: Auditor

Decision Record and Right to Challenge

Every decision this agent makes or prepares is documented in a complete decision record. Affected parties (employees, suppliers, auditors) can review, understand, and challenge every individual decision.

Which rule in which version was applied?
What data was the decision based on?
Who (human, rules engine, or AI) decided - and why?
How can the affected person file an objection?
How the Decision Layer enforces this architecturally →

Prerequisites

  • ERP system with vendor master data management
  • Access to EU VIES for VAT ID validation
  • Access to sanctions list service (EU, OFAC, UN)
  • Defined risk thresholds per industry and country

Governance Notes

GoBD-compliant §203 StGB-compliant

GoBD relevance: medium - vendor master data is the basis for all postings. Incorrect master data leads to incorrect payments. Sanctions list compliance is legally mandated (EU regulations). VAT ID validation via EU VIES is a prerequisite for input tax deduction on intra-community deliveries. Paragraph 203 StGB relevant when the vendor is a professional secrecy holder (e.g. law firm as vendor).

§203 StGB-relevant data is encrypted end-to-end and never passed to AI models in plain text.

Process Documentation Contribution

The Vendor Onboarding Agent documents: all compliance checks (sanctions lists with timestamp, VAT ID validation), the risk assessment with scoring rationale, the duplicate check and the final creation decision. During audits, it is traceable that every vendor was properly screened.

Infrastructure Contribution

The Vendor Onboarding Agent builds the vendor compliance infrastructure. The sanctions list check is reused for periodic re-screening. The VAT ID validation is used by the Invoice Capture Agent and Account Coding Agent. The risk assessment feeds into the credit limit monitoring of the Receivables Management Agent.

Does this agent fit your process?

We analyse your specific finance process and show how this agent fits into your system landscape. 30 minutes, no preparation needed.

Analyse your process

Related Pages

Decision Layer
Governance layer between AI agent and target system. Every decision documented and challengeable.
GoBD Compliance
GoBD, §203 StGB, and tax audit readiness as architecture constraint.
Finance AI Agents
All Finance agent services at a glance.

Related Agents

Invoice Capture Agent

Read incoming invoices, verify mandatory fields, extract data - archived in GoBD-compliant format.

Q1
D
Readiness: 87-94%
Economic: 78-85%
Governance: 21-28%
Micro-Decisions: 8
Daily

Account Coding Agent

GL account, cost centre, tax code - automatically coded, with confidence score.

Q1
D K
Readiness: 82-89%
Economic: 76-83%
Governance: 26-33%
Micro-Decisions: 10
Daily

Three-Way Matching Agent

Purchase order, delivery note, invoice - automatically matched, discrepancies routed.

Q1
W
Readiness: 89-96%
Economic: 81-88%
Governance: 16-23%
Micro-Decisions: 6
Daily
Back to Catalog

Frequently Asked Questions

How often are sanctions lists checked?

At onboarding and periodically thereafter - frequency is configurable. EU sanctions lists are checked at every update. The agent documents every check with timestamp, so compliance is provable at any time.

What happens with a sanctions list hit?

The vendor is not created. The case is documented and escalated to the compliance department. No automatic override possible - sanctions list hits are not a discretionary decision.

How are duplicates prevented?

Two-stage: first exact match on VAT ID and company name, then fuzzy AI match for name variants. On duplicate suspicion, the existing master record is displayed and a manual decision requested. This prevents both duplicates and incorrect merges.

What Happens Next?

1

30 minutes

Initial call

We analyse your process and identify the optimal starting point.

2

1 week

Discover

Mapping your decision logic. Rule sets documented, Decision Layer designed.

3

3-4 weeks

Build

Production agent in your infrastructure. Governance, audit trail, cert-ready from day 1.

4

12-18 months

Self-sufficient

Full access to source code, prompts and rule versions. No vendor lock-in.

Implement This Agent?

We assess your finance process landscape and show how this agent fits your infrastructure.