Procurement Due Diligence Checklist: NGO & Donor Compliance Guide

What to do if procurement due diligence checklist signals appear

Use this as a practical response guide when a public-source issue appears during selection-stage review.

Situation	What to do	Evidence to keep	Escalate when
A preferred vendor matches a name on the World Bank Debarment List.	Cross-reference the registered address, registration number, and key personnel to confirm if it is a true match or a same-name false positive.	Official debarment entry printout, registry extract of the preferred vendor, and written identity analysis.	Escalate to the procurement lead and donor compliance officer if the identity is confirmed as a match.
The official company registry shows the vendor is currently in an inactive or dissolved status.	Request a current, certified copy of the company registration from the vendor and check the registry directly for recent filings.	Official registry screenshot showing status, correspondence with the vendor, and updated filings.	Escalate to finance and legal if the vendor cannot prove active legal status.
A search reveals the vendor shares an address with another competing bidder in the same tender.	Document the shared physical address and check the directors/owners of both companies to identify potential collusion.	Registry extracts for both bidders, mapping screenshots showing shared offices, and bid comparison notes.	Escalate to the internal audit committee or compliance officer for suspected bid collusion.
The vendor's founder is identified as a politically exposed person (PEP) or senior government official.	Review the organization's conflict-of-interest policies and assess if the official has any influence over the project's funding or approvals.	PEP registry record or official profile, internal conflict declaration, and risk assessment notes.	Escalate to executive management and donor compliance to review neutrality and compliance.
Minor adverse media alleges slow delivery or contract disputes on a previous donor project.	Check with the referenced donor or agency, and request past performance references or explanations from the vendor.	Media reports, performance reference letters, and vendor's formal response.	Escalate to the technical evaluation committee to incorporate findings into the past-performance scoring.

Search terms for procurement due diligence checklist

Adapt these examples to the legal name, acronym, country, local-language name, former names, directors, signatories and project locations.

"COMPANY NAME" AND (debarred OR suspended OR ineligible) "DIRECTOR NAME" AND ("COMPANY NAME" OR "FORMER NAME") "COMPANY NAME" AND ("contract terminated" OR "default" OR "breach of contract") "COMPANY NAME" AND ("procurement fraud" OR "bid rigging" OR "collusion") site:worldbank.org/en/projects-operations/procurement/debarred-firms "COMPANY NAME" site:sam.gov "COMPANY NAME" AND "exclusion" "COMPANY NAME" AND ("beneficial owner" OR "shareholder" OR "director") "COMPANY NAME" "COUNTRY" AND (lawsuit OR court OR litigation OR fraud)

What teams often miss in procurement due diligence checklist reviews

Failing to screen the individual signatories: Reviewers often check only the corporate entity name, missing that the signing director is personally debarred or under investigation.
Ignoring identical office coordinates: Missing that multiple independent bidders share a single suite, phone number, or IP address, suggesting bid-rigging.
Omitting localized transliterations: Searching only the English name of a local distributor while missing that their registered name in the local script is flagged on domestic registries.
Disregarding recently incorporated shell vendors: Failing to flag that a preferred vendor was registered only days before the tender was issued, with zero historical footprint.
Overlooking former company names: Skipping historical registry records that show the vendor recently rebranded to escape a history of poor performance or default.
Neglecting beneficial ownership structures: Vetting a joint-venture partner but failing to screen the ultimate parent company or controlling shareholders.
Relying on outdated offline spreadsheets: Using a downloaded debarment list from several months ago, overlooking recent listings or updates.

Realistic procurement due diligence checklist review scenarios

A country office selected a local construction firm for a school rehabilitation project. The team checked the firm's name against debarment lists and found no flags. However, they did not screen the board of directors.Risk: Two weeks into construction, a donor audit revealed that the firm's majority shareholder and managing director was a senior provincial education official. This created a direct conflict of interest, leading to the suspension of project funding.Reviewer response: The compliance officer should have required a list of directors and beneficial owners at the bidding stage and cross-referenced them with public civil service directories, documenting the findings in the procurement file before award.

A procurement team evaluated three bids for agricultural supplies. All three bidders provided different corporate names and separate registration certificates. The files were reviewed for selection based on individual name checks.Risk: During a post-award review, an auditor noticed that all three registration certificates listed the exact same physical address and registered email domain. The bids were collusive, steered by a single family-owned conglomerate.Reviewer response: The reviewer should have mapped the registered addresses of all shortlisted bidders during the due diligence phase. Shared coordinates should have triggered immediate escalation to the internal audit team before any agreement was signed.

An NGO finalized an agreement with a logistics vendor using a newly registered entity name. The vendor claimed to have ten years of regional experience, but the physical registry records showed the entity was incorporated less than six months prior.Risk: The vendor repeatedly defaulted on delivery schedules. An investigation revealed the vendor's previous company had been sued for default and terminated by another international agency, prompting them to rebrand.Reviewer response: The reviewer should have requested history on former corporate names and checked the registry for the incorporation date. Any discrepancy between claimed experience and registry history should have been flagged for the technical committee.

Sample file-ready language for procurement due diligence checklist

Use wording like this in the partner, vendor, grant or procurement file, then tailor it to the source, identity match and internal policy.

No relevant findingsA public-source search was conducted on [Date] for [Vendor Name] and its listed directors using official registries, major donor debarment lists, and media archives. No matches, exclusions, or significant adverse findings were identified. The vendor and key personnel are currently assessed as clear of restricted-party matches based on the sources reviewed. The procurement file is complete for this step.

Possible finding requiring clarificationDuring public-source review on [Date], a record was identified on [Source Name] under the name [Name], which matches a key director of the vendor. However, the available records lack unique identifiers (such as date of birth or registration number) to confirm a definitive match. The file is being referred to the procurement lead to request formal clarification and identity documents from the vendor.

Same-name false positiveA search for [Vendor Name] returned a matching record on the [Sanctions/Debarment Database]. A comparative review of unique identifiers reveals that the sanctioned entity is registered in [Country A] with registration number [Number], whereas the preferred vendor is registered in [Country B] under registration number [Number] with entirely different beneficial owners. This is documented as a false positive; no further action is required.

Critical signal requiring escalationA public-source review on [Date] identified that [Vendor Name] is currently listed on the [World Bank Debarment List / SAM.gov] as an excluded entity under the grounds of [Grounds], with an active exclusion period running through [End Date]. This matches the registration number and address of the preferred supplier. The file is hereby escalated to Legal, Compliance, and Senior Management for immediate review under donor rules before any contract finalization.

Lessons learned for stronger procurement due diligence checklist files

A name search is only as reliable as the identifiers used to back it up; always tie names to official corporate registry IDs or passport numbers.
Registry status is dynamic; check local corporate registries right before contract signing, not just at the initial expression of interest stage.
Collusion is often visible in the corporate registry details; matching physical addresses, phone numbers, or registration dates of competitors are critical signs.
Keep detailed records of what was checked, who checked it, and when, so that the procurement file remains defensible during donor-mandated audits.
Rebranding is a common method used to bypass debarment; checking the history of name changes and director associations is an essential control.

Understanding Public-Source Screening in Supplier Onboarding

For NGO, UN-system, and donor-funded procurement teams, checking registries and debarment lists is a vital step before awarding contracts. It acts as an independent layer alongside standard technical, financial, and eligibility evaluations. A complete procurement file must document that a vendor, its key signatories, and beneficial owners do not appear on restricted lists or have unresolved compliance signals.

Crucially, a finding is not a final conclusion. It is a signal for deeper human review. The file should show what was checked, what was found, what was dismissed, and what follow-up was taken before a final decision was reached by the authorized selection committee.

Establishes a transparent audit trail for internal and external donor audits.
Protects funding from being diverted to debarred, inactive, or shell entities.
Enables procurement officers to identify risks before signing binding agreements.

Timing Your Due Diligence in the Procurement Cycle

Conducting public-source checks too early wastes time on unviable bids, while conducting them too late-such as after contract signature-creates severe compliance liabilities. The optimal moment is during the selection stage, once a preferred supplier or a shortlist of finalists has been identified but before any award notice is issued or agreement signed.

This step should also be repeated during periodic agreement renewals, contract extensions, or when there is a significant shift in the vendor's ownership, key management personnel, or operating location. Ensuring a consistent workflow prevents oversight when personnel changes occur.

Preferred Option Selection: Run comprehensive checks before the evaluation committee signs off.
Annual and Multi-Year Renewals: Re-verify vendor and registry status prior to extending agreements.
Material Vendor Changes: Re-screen if the company changes its legal name, registration, or board members.

Defining the Search Parameters: Beyond the Trading Name

A common vulnerability in procurement reviews is searching only the local trading name. A thorough file checks the complete legal name, any previous or former names, local-language transliterations, and acronyms. It must also cover the individuals who control the vendor: key directors, shareholders, beneficial owners, and authorized contract signatories.

Documenting registration numbers, tax identifiers, and official headquarters addresses is essential to rule out false positives. When screening in multi-lingual contexts, always check both the local script and Latin transliterations to ensure no relevant records are missed.

Legal Entity Details: Registered legal name, active status, registry ID, and trade aliases.
Ownership and Leadership: Founders, majority shareholders, beneficial owners, and executive board members.
Operational Grounding: Registered physical addresses, local branches, and secondary operating locations.

Documenting Your Search to Withstand Donor Audits

Auditors do not just look at the final approval; they examine the exact steps taken to verify the vendor. A high-quality procurement due diligence file must include the search term used, the specific database accessed, the date of the search, and the name of the reviewer. If a potential match was dismissed as a false positive, the file must document the evidence supporting that conclusion.

Since online registries, debarment portals, and media pages change frequently, preserving a snapshot of the search results is critical. Exporting PDF records of the search screen or capturing timestamps prevents disputes during subsequent project audits.

Search History Logging: Record the date, database URL, and exact search strings applied.
False-Positive Documentation: Explicitly record why a same-name listing is not an identity match.
Durable Evidence: Save registry extracts and search summaries to the official procurement file.

Exposing Conflict of Interest and Related-Party Risks

Procurement teams must be vigilant against related-party links that undermine fair competition. This includes identifying if a bidding company is owned by, or shares offices with, another bidder in the same round, or if a vendor has family or business ties to the NGO's staff or partner officials. Public registries and corporate mapping can often reveal these overlaps.

Look closely at registration addresses. If multiple bidders share the exact same physical address, suite number, or contact phone number, it indicates potential collusion or single-source steering. These signals must be documented and escalated to the compliance or procurement oversight lead.

Shared Registry Elements: Check for identical registration addresses, emails, or phone numbers.
NGO Staff Overlaps: Review board members and key directors against the organization's internal conflict-of-interest disclosures.
Coordinated Bidding: Note indicators of multiple bids originating from the same ultimate parent company.

Navigating Low-Information Registries and Informal Contexts

In many humanitarian and development contexts, official company registries may be offline, incomplete, or require physical visits to access. Where formal public registries are unavailable, reviewers must rely on alternative secondary sources such as local business associations, official gazettes, and reputable local-language media.

When public records are sparse, procurement teams should require bidders to provide certified copies of their registration, tax clearances, and ownership declarations. The reviewer can then cross-reference these provided documents against accessible public databases and maps to verify their physical and legal existence.

Alternative Verification: Utilize official government gazettes, municipal trade licenses, and tax records.
Self-Declaration Validation: Cross-verify supplier-provided paperwork with any available public mentions.
Risk Mapping: Document local contextual limits in the file to show auditors why certain checks were restricted.

Connecting Due Diligence Findings to the Selection Process

Due diligence findings should not exist in a silo; they must inform the overall evaluation. For example, if a registry search reveals a vendor was only incorporated three weeks before the tender was issued, this operational signal should be communicated to the technical evaluation committee to assess the firm's capacity to deliver.

Similarly, if media reports or legal archives indicate unresolved contract disputes or terminations for poor performance, this should prompt the procurement team to request formal reference letters or clarify the past performance directly with the supplier before finalizing the contract.

Operational Capacity Check: Match registration dates and historical records against claimed experience.
Performance Track Record: Look for public indicators of past contract terminations or default actions.
Integrity Context: Assess how pending civil litigation or regulatory inquiries affect delivery risk.

Addressing Labor, Environmental, and Safeguarding Signals

Vendor due diligence is not limited to financial debarment and corporate structures. It also encompasses the vendor's adherence to international standards regarding labor practices, environmental regulations, and safeguarding. Major donors increasingly require that suppliers demonstrate a commitment to preventing exploitation and abuse.

Reviewers should check public records, regulatory archives, and media for warnings, fines, or public complaints regarding workplace safety, child labor, or sexual exploitation and abuse (SEA) related to the vendor's operations or leadership. While a complaint on social media is not proof, it requires a structured internal risk review.

Regulatory Enforcement: Scan for environmental, labor union, or safety-standard regulatory actions.
Safeguarding Risks: Check for public allegations or historical actions relating to misconduct by key leaders.
Supply Chain Tracing: Verify whether major subcontractors or raw material providers are subject to ethical issues.

The Role of Human Judgment and IntegrityFile

While software and screening tools can compile databases and flag potential matches, they lack the contextual understanding required for complex NGO and donor procurement. An automated search cannot evaluate whether a local supplier operating in a post-conflict zone is a genuine risk or merely sharing a generic corporate name. Human judgment must guide every step.

By structuring your workflow, IntegrityFile helps compliance teams document their public-source review at the selection stage. IntegrityFile maps out what was checked, what was found, what was dismissed, and what follow-up was taken, providing an audit-ready compliance file before contract signatures are finalized.

Contextual Assessment: Evaluate the source's credibility, age, and local political environment.
Proportionate Review: Ensure the depth of the check matches the scale and risk profile of the procurement.
Reasoned Decisions: Keep the final authority over selection within the organization's structured committees.

Useful public sources

Source availability varies by country and entity type. These references are starting points for building a documented review file, not substitutes for internal approval or legal review.

UN Global Marketplace (UNGM)The official procurement portal of the United Nations system, containing supplier registration, debarment, and procurement sanctions data. World Bank Debarment ListOfficial database of firms and individuals ineligible to participate in World Bank-financed contracts, crucial for checking development-finance exclusions. System for Award Management (SAM.gov) ExclusionsThe US Government registry used to identify entities excluded from receiving federal contracts, subcontracts, and financial assistance. UK Find and Update Company InformationProvides access to company registry filings, active status, director details, and historical filings in the United Kingdom, useful for verifying corporate structures.

Sample follow-up questions

Has the vendor or any of its current directors, officers, or key shareholders ever operated under a different corporate name or trade alias?
Can the vendor provide a complete list of beneficial owners who hold more than a 10% equity stake in the company?
Is any director, owner, or key officer of the vendor currently employed by, or related to, any staff member of this organization or the donor agency?
Has the vendor or its key management been subject to any contract termination, performance default, or debarment by any donor or government agency in the past five years?

False-positive handling

Verify the jurisdiction: a local vendor in Kenya is highly unlikely to be the same as an excluded trading company in the United Kingdom with the same name.
Check corporate structures: many large global conglomerates share words in their name, but the local branch may be a completely separate entity with a different registration profile.
Compare industry fields: if an exclusion is listed for a defense contractor and the preferred vendor is a local agricultural cooperative, verify registration IDs to confirm they are distinct entities.

What this does not replace

This public-source review does not replace sanctions screening, vendor eligibility checks, legal review, safeguarding investigation, procurement approval, donor clearance, or any required internal decision process. It helps create a documented record for human review.

Frequently asked questions

Is a public-source due diligence check required for all procurement thresholds?

Requirements vary by donor, funding stream, and internal organization policy. Generally, higher-value contracts require more detailed, documented reviews, but screening basic debarment lists is good practice for all preferred vendors.

What should I do if a vendor is debarred by a donor other than the one funding my current project?

Document the finding in the file. Check your organization's policy and the current donor's regulations, as many donors have cross-debarment agreements or policies regarding risk-sharing with compromised vendors.

How do I document checks when a country does not have an online company registry?

Request certified physical registration and tax documents directly from the vendor. Note in your procurement file that the official online registry was unavailable, and detail the alternative sources and documents used to verify the vendor's existence.

Does finding an adverse media article mean we must immediately reject the vendor?

No. A finding is a signal, not a conclusion. Assess the credibility of the media source, the severity of the allegations, and the vendor's response. Document this reasoning in the file and escalate if internal thresholds are met.

How often should long-term agreements (LTAs) with suppliers be re-screened?

LTAs should be re-screened at regular intervals, typically annually or upon renewal, to ensure that the supplier's legal status, debarment status, and ownership have not changed during the contract period.