When it comes to supplier onboarding, regulators are raising their expectations. Instead of if due diligence was done – they’re starting to ask how well it was done, how consistently it’s applied, and whether the process can hold up to scrutiny.
As legal frameworks like the EU Corporate Sustainability Due Diligence Directive and the UK Economic Crime Act come into effect, organizations are under growing pressure to operationalize their compliance at the intake level.
According to Michael Volkov, CEO of The Volkov Law Group and former federal prosecutor, the stakes are growing clearer.
“Intake is your first opportunity to set the tone – and the controls – for the entire supplier relationship,” he says. “If you’re not asking the right questions from the start, you’re probably not prepared for what happens when things go wrong.”
Onboarding isn’t just a process; it’s a signal
Michael has seen the consequences of weak supplier vetting up close. In his work advising companies on third-party risk, corruption exposure and ethics programs, onboarding is one of the most common sources of vulnerability.
“It’s easy to think of onboarding as a task to complete,” he notes. “But it’s actually a moment where the organization signals how seriously it takes risk. That first interaction sets expectations – for your team; for the supplier; and, increasingly, for regulators.”
Inconsistent intake practices, missing documentation and siloed vetting criteria can quickly become more than internal headaches; they become liabilities.
The real cost of a weak intake process
With global enforcement shifting, companies need to be ready to defend how they chose their suppliers – and what they did when red flags appeared. And it’s not just large multinationals under the microscope anymore.
Michael points out that enforcement agencies are expanding their focus to include companies of all sizes – particularly those operating in sensitive regions or industries.
“If something goes sideways and the documentation doesn’t exist, that’s not just a compliance miss – that’s a legal risk,” he says. “And if the organization can’t explain its process, it may not be given the benefit of the doubt.”
Consistency builds confidence – and resilience
For Jan Stappers, Regulatory Solutions Director at NAVEX, the message from regulators is increasingly about visibility and maturity. “It’s no longer enough to say you have a process,” he says. “Regulators want to see that you’re applying it consistently – and that you’re capturing decisions in a way that holds up over time.”
That may sound like a heavy lift, but Jan and Michael both emphasize that even incremental improvements in intake consistency, documentation and internal coordination can go a long way in reducing exposure and improving audit readiness.
Want to go deeper?
Michael and Jan will continue this conversation during an upcoming session, Meet the Mark: Aligning Supplier Intake with Global Regulatory Requirements, on June 17. They’ll talk about what regulators are really asking for, where organizations often fall short, and how to strengthen onboarding without creating more friction for the business.
If you’re looking for a practical, grounded discussion on risk, regulation and responsible supplier relationships, we’d love to have you join us.
