Dig Deeper: Vendor Due Diligence Is Archaeology in Disguise

I recently watched a documentary on Göbekli Tepe—a 12,000-year-old archaeological site buried under the soil of southeastern Turkey. What looked like a dusty hill turned out to be a prehistoric temple complex that rewrote human history.

That got me thinking about procurement.
Because vendor due diligence isn’t a checklist—it’s excavation.

🧱 Layer by Layer: What Lies Beneath a Supplier Profile?
Procurement often stops at ISO certificates, credit scores, and one-time vetting.
But what we really need to uncover often sits three layers deep:

• Undisclosed beneficial ownership

• Tier-2 labor violations

• Sanctioned or politically exposed affiliates

• Financial fragility disguised by shell structures

• Dependency on risky subcontractors

This is more than concern—it’s economic fact. According to PwC, shallow supplier vetting contributes to tens of billions in annual losses, driven by compliance hits, cyber breaches, and supply disruptions.

References:

Who owns third-party risk: Breaking down management and compliance silos

CRO and risk management leaders: Latest findings from PwC’s Pulse Survey

🏺 Archaeology Teaches Us to Cross-Reference, Not Assume
Göbekli Tepe wasn’t understood through one scan—it took years of digging, mapping, and validating.
Procurement needs the same mindset:

🧬 Supplier Ecosystem Excavation

• Who really owns the supplier?

• What sub-tiers are involved in production?

• Where are raw materials sourced from—and how?

• What dormant or offshore entities are hiding in the value chain?

🚨 Case in Point: The ESG Timebomb
A European electronics company was fined €9 million after cobalt from Congolese child-labor mines was found in its supply chain.
The company relied on Tier-1 certificates.
It took investigative journalists—not auditors—to uncover the issue.

Procurement signed the contract. Procurement took the fall.

🛠️ How to Practice Real Procurement Archaeology
Here’s how seasoned vendor managers are digging deeper:

1. Trace Ownership Across Shell Structures
   Use platforms like Orbis, Sayari, Dun & Bradstreet for ultimate beneficial ownership (UBO) tracing.

2. Screen for ESG + Sanctions Beyond the Surface

   • Check suppliers, subsidiaries, and subcontractors

   • Use Refinitiv World-Check, OFAC, and EU sanctions lists

3. Audit Tier-2 and Tier-3

   • Mandate disclosure via flowdown clauses

   • Request sub-tier risk self-assessments

   • Use tools like IntegrityNext and EcoVadis for remote auditing

4. Score Beyond Finance
   Build risk scorecards covering:

   • Cybersecurity

   • Data handling

   • ESG violations

   • Human rights records

   • Geo-political volatility

🧠 Ask These Questions (Most Don’t):

• Who benefits from this supplier’s profits?

• Is the supplier using undisclosed subcontractors?

• Have their sites been independently audited in the past 3 years?

• Does their insurance policy truly cover the full scope of work?

• Could any part of this supply chain create reputational damage?

If the answer to any of these is “We’re not sure”—you’re not doing due diligence.
You’re decorating it.

🔚 Final Thought:
You don’t evaluate a vendor.
You excavate them.

Because risk doesn’t sit on the homepage.
It’s buried—quietly, dangerously, expensively.

📥 Coming Soon on Procure Nerds
➡️ Download: The Real-World Due Diligence Risk Scorecard Template
Practical. Plug-and-play. Battle-tested.

📰 Subscribe here to get notified when it drops:
👉 https://newsletter.procurenerds.com