The Supplier Due Diligence Problem

Due diligence is a governance obligation, not an administrative task. Yet in practice, it is treated as one. A thorough check on a single supplier takes days: company searches, financial analysis, reference checks, compliance verification, sanctions screening, insurance validation. Multiply that by the number of new suppliers onboarded annually, and the maths does not work. AI makes thorough due diligence practical at scale, bringing the practice closer to the standard it was always meant to meet.

The Scale Problem

A mid-size NZ enterprise might onboard 30 to 100 new suppliers per year. A large enterprise, 200 or more. Each one should receive due diligence proportionate to the risk: financial health, compliance history, reputational risk, insurance coverage, and regulatory standing.

In practice, thorough due diligence happens for the biggest suppliers (where the risk justifies the time investment) and cursory checks happen for everyone else. The suppliers that slip through with minimal vetting are often the ones that cause problems: the small contractor without adequate insurance, the specialist vendor with undisclosed conflicts, the offshore supplier with sanctions exposure.

The problem is not lack of diligence. It is lack of capacity. A procurement team of two or three people cannot spend days on every supplier check and still manage the rest of their responsibilities.

41%

of NZ enterprises report performing only basic due diligence on suppliers below a spend threshold

Source: NZISM, Procurement Risk Survey, 2025

What AI Due Diligence Covers

Financial Health Indicators

Where financial information is available, the AI analyses indicators: revenue trends, profitability, debt levels, and working capital. For NZ companies, this often means analysis of filed financial statements supplemented by credit bureau data. The output is not a credit rating. It is a structured assessment of financial stability indicators with flagged concerns.

Compliance and Regulatory Standing

The AI checks the supplier against regulatory databases: WorkSafe NZ notices, Commerce Commission actions, Privacy Commissioner findings, and sector-specific regulatory records. For international suppliers, this extends to offshore regulatory databases and enforcement actions.

Sanctions and Restricted Party Screening

Sanctions screening is increasingly important for NZ enterprises with international supply chains. The AI screens supplier entities, directors, and beneficial owners against sanctions lists: UN Security Council, OFAC, EU, and NZ-specific designations. This screening needs to be current (lists update frequently) and thorough (including name variations and associated entities).

Reputational Risk

The AI scans public sources for reputational risk indicators: media coverage, legal proceedings, customer complaints, and social media sentiment. This is not about finding every negative comment. It is about identifying patterns that suggest systemic issues: repeated compliance failures, ongoing legal disputes, or sustained negative coverage.

Due diligence is not just about protecting the organisation. It is about ensuring the supply chain meets the ethical and cultural standards the organisation has committed to. For NZ enterprises with Māori data sovereignty obligations, procurement decisions need to consider whether suppliers can meet those obligations. This is a governance question, not a procurement convenience.

Loading demo...

The Risk-Based Approach

Not every supplier needs the same level of due diligence. AI enables a tiered approach:

Tier 1: Standard screening (all suppliers). Automated company search, sanctions screening, and basic compliance check. Takes minutes. Flags obvious issues.

Tier 2: Enhanced assessment (medium-risk suppliers). Financial health analysis, regulatory standing review, and reputational scan. Semi-automated with human review of flagged items.

Tier 3: Deep due diligence (high-risk suppliers). Comprehensive analysis including beneficial ownership investigation, detailed financial review, site visits, and reference checks. AI assembles the research; humans conduct the assessment.

The AI handles Tier 1 entirely and does most of the research for Tiers 2 and 3. The human due diligence team focuses their expertise on assessment and judgement rather than data gathering.

Ongoing Monitoring

Due diligence should not be a point-in-time exercise. A supplier who was financially healthy at onboarding can deteriorate. A supplier with a clean compliance record can acquire one.

AI enables continuous monitoring of the supplier base: automated re-screening against sanctions lists, monitoring for regulatory actions, and periodic financial health checks. When a supplier's risk profile changes, the system alerts the procurement team.

This is where the real value of AI due diligence lives. Not just faster initial checks, but ongoing awareness of supplier risk across the entire portfolio.

Implementation

Risk framework definition (1-2 weeks). Define supplier risk tiers and the due diligence requirements for each. This is a governance decision, not a technical one.
Source integration (2-3 weeks). Connect to data sources: Companies Office API, credit bureaus, sanctions databases, regulatory databases, and media monitoring.
Model configuration (2-3 weeks). Configure the analysis models for NZ-specific requirements and your organisation's risk appetite.
Workflow integration (1-2 weeks). Integrate with your procurement and supplier management processes.
Validation (2-3 weeks). Run in parallel with manual due diligence. Compare thoroughness and accuracy.

Total: 8-13 weeks to production. The first week of production typically identifies risk exposures in the existing supplier base that manual processes had missed.

Thorough supplier due diligence should not be a luxury reserved for the biggest contracts. AI makes it standard practice for every supplier relationship.