ReevolSource

Supplier due-diligence playbook

By the Reevol Source editorial team · Updated 2026-04-18

Supplier due-diligence playbook

TL;DR: Vetting an overseas supplier takes roughly 15-25 business days and costs between $800 and $3,500 in audit and verification fees, which is cheap insurance against a $50,000 order gone wrong. The core sequence is fixed: pull the registration certificate from the country's official registry, commission a third-party factory audit (SGS, Bureau Veritas, TUV, or Intertek), run an AQL-based sample inspection, verify banking through a reference letter, and lock your first three shipments under FOB plus pre-shipment inspection with payment via Alibaba Trade Assurance or an L/C. Skip any step on your first order and you are gambling, not sourcing. This playbook gives you the exact documents to request, the numbers to plug into AQL tables, and the quote patterns that predict fraud.

Why this matters

The International Chamber of Commerce estimates trade-based fraud costs importers billions annually, with SMEs disproportionately hit because they skip steps large buyers treat as mandatory. A 2023 ICC International Maritime Bureau report flagged that small buyers placing sub-$100,000 orders in categories like electronics, PPE, and textiles are the prime targets for shell-company scams out of Shenzhen, Yiwu, and Delhi. The typical loss pattern: 30% deposit wired via T/T, radio silence after week four, a Gmail address that stops responding, and a "factory" that was a rented meeting room in a business center.

The pain does not stop at outright fraud. Legitimate factories fail audits for preventable reasons: no social compliance certificate, subcontracting to unlisted workshops, mixing Grade A and Grade B stock in the same carton. Miss these at the PO stage and you inherit them at customs, where a WCO non-compliance hold can tie up a container for 30-60 days at $150-$300 per day in demurrage. Due diligence is not paranoia, it is the cheapest line item on your cost sheet.

Step 1: Verify the legal entity before anything else

Before you send a product spec, a target price, or even a friendly WhatsApp message with your logo on it, confirm the company legally exists and is in good standing. This step costs $0-$50 and eliminates roughly 20% of candidate suppliers in under 30 minutes.

Company registration lookup per country

Every serious trading nation maintains a public registry. Ask the supplier for their business license or registration number, then verify it yourself. Never accept a PDF scan as proof, always cross-check against the official database.

Country Registry What to check Cost
China National Enterprise Credit Information Publicity System (GSXT) Unified Social Credit Code (18 digits), registered capital, business scope, legal representative Free
UK Companies House Company number, filing history, PSC register, accounts status Free
France SIRENE / INSEE SIREN (9 digits), SIRET (14 digits), NAF code, établissement status Free
Germany Handelsregister HRB number, managing directors, share capital €1-€4.50 per document
India MCA21 CIN (21 characters), ROC filings, director DIN Free lookup, ₹100 for docs
Vietnam National Business Registration Portal Enterprise code, charter capital, legal representative Free
USA Secretary of State (per state, e.g., Delaware, California) Entity number, good standing status, registered agent $10-$20

For Chinese suppliers specifically, the old AQSIQ (General Administration of Quality Supervision, Inspection and Quarantine) was merged into SAMR (State Administration for Market Regulation) in 2018, so current import/export licensing and quality supervision data now flows through SAMR and the General Administration of Customs (GACC). Any supplier exporting food, cosmetics, or medical devices to your country must be GACC-registered, and you can verify that code against the GACC public database.

Check three numbers on the business license: registered capital (under RMB 1 million is a red flag for an "established manufacturer"), establishment date (under 2 years old plus a claim of "15 years experience" is a lie), and business scope (if it says "trading" only, they are not the factory).

Tax ID and VAT cross-checks

For EU suppliers, run the VAT number through VIES to confirm it is active and matches the company name. A supplier who gives you an invalid or mismatched VAT number on their proforma is either dodging tax or not who they claim to be. In both cases, walk.

For Chinese suppliers, request the General VAT Taxpayer certificate (一般纳税人) alongside the business license. A small-scale taxpayer (小规模纳税人) cannot issue the 13% VAT invoices needed for export rebates, which means their pricing is either unsustainable or they are reselling through a third party.

Trade activity verification

Pull the supplier's actual export history from customs trade data platforms. UN Comtrade gives you country-level aggregates, while commercial platforms like ImportGenius, Panjiva, and Tradesparq show bill of lading records for US-bound shipments and some EU routes. If a supplier claims to ship 40 containers a month to Europe but appears in zero BOL records over the past 24 months, the claim is fiction.

Cross-reference the supplier's stated customers. If they list Walmart, Tesco, and Carrefour on their website, the BOL data should show at least some shipments to those consignees or their nominated forwarders. No records, no credibility.

Step 2: Commission a third-party factory audit

A document check proves the company exists on paper. A factory audit proves they can make the product. For any order above $20,000, or any supplier you have not used before, this step is non-negotiable.

Choosing between SGS, Bureau Veritas, TUV, and Intertek

The big four third-party inspection firms dominate the market and all four publish standardized audit protocols. Prices are similar, scheduling windows differ by region.

Firm HQ Typical audit cost (China) Lead time Strongest in
SGS Geneva $700-$1,200/day 5-10 days General manufacturing, textiles, food
Bureau Veritas Paris $650-$1,100/day 5-10 days Industrial, construction materials, consumer goods
TUV Rheinland / TUV SUD Cologne / Munich $800-$1,400/day 7-14 days Electronics, automotive, machinery
Intertek London $700-$1,200/day 5-10 days Toys, hardlines, textiles, retail supply chains

For a standard 1-day factory audit in Guangdong or Zhejiang, budget $800-$1,000 all-in. For electronics or medical devices requiring a specialist auditor, 2 days at $1,500-$2,500. Travel surcharge applies if the factory is more than 100 km from a major inspector hub (add $150-$400).

The audit types you actually need:

  • Initial Factory Evaluation (IFE) or Supplier Qualification Audit: 1 day, covers legal status, production capacity, QC systems, certifications. This is the entry ticket.
  • Social Compliance Audit (SA8000, SMETA 4-pillar, BSCI): 1-2 days, covers labor hours, wages, health and safety, subcontracting. Mandatory if you sell to EU retailers or under the US UFLPA.
  • Technical / Process Audit: 1-3 days, specific to your product category, reviews equipment, tooling, process controls, calibration records.

Do not accept the supplier's existing audit report at face value. Check that (1) the audit was conducted within the last 12 months, (2) the factory name and address match the entity you are buying from, and (3) the report was commissioned by a buyer or the firm directly, not paid for by the factory to shop for a friendly auditor.

What the auditor must physically verify

Brief your auditor in writing. A generic audit checklist will miss your specific risks. Require the report to document:

  1. Business license on the wall matches the entity on your proforma invoice. Photograph it.
  2. Production lines running your product category, with photos of equipment nameplates and count of operators per line.
  3. Raw material warehouse with at least 2 weeks of stock corresponding to your product specs.
  4. QC lab with functional test equipment (tensile tester, colorimeter, salt spray chamber, whatever applies). Calibration stickers within date.
  5. Subcontractor list. If more than 20% of production value is outsourced, that is a red flag for a trading company dressed as a factory.
  6. Certifications: ISO 9001, ISO 14001, sector-specific (BRCGS for food, IATF 16949 for automotive, ISO 13485 for medical). Verify certificate numbers on the certifying body's public registry, not on the paper the supplier hands over. Fake ISO certificates cost $50 on Taobao.

The single most useful data point is monthly production capacity versus current order book. If a factory claims 500,000 units/month capacity and shows you 50,000 units in WIP across the floor, either capacity is overstated or they are dying for work, both of which change your negotiation stance.

Step 3: Set AQL sampling levels that match your risk tolerance

Every first-time shipment gets a pre-shipment inspection under ISO 2859-1 / ANSI/ASQ Z1.4 AQL sampling. This is the single highest-ROI quality control step in the process. A $300 inspection catches defects before the container leaves the port.

Sample AQL plans per defect tier

AQL (Acceptable Quality Limit) is the maximum percentage of defective units the buyer will tolerate in a lot. Defects are classified into three tiers, and each tier gets its own AQL.

Defect tier Definition Typical AQL Example
Critical Renders product unsafe or illegal to sell 0 Exposed live wire, sharp edge on children's toy, lead paint
Major Reduces usability, likely to cause return 2.5 Zipper doesn't close, product doesn't power on, wrong color
Minor Cosmetic, unlikely to trigger return 4.0 Small scratch, loose thread, printing misaligned by 1-2 mm

AQL 6.5 exists and is sometimes used for minor defects on very low-value items (promotional giveaways, $0.50 unit cost), but for any serious commercial import, 2.5 major / 4.0 minor / 0 critical is the industry baseline.

Worked example using General Inspection Level II on a shipment of 3,200 units:

  • Lot size 3,201-10,000 → sample size code letter L → sample size 200 units
  • At AQL 2.5 for major defects: accept if ≤ 10 defects, reject if ≥ 11
  • At AQL 4.0 for minor defects: accept if ≤ 14 defects, reject if ≥ 15
  • At AQL 0 for critical: any critical defect = reject entire lot

Write these exact numbers into your PO as the acceptance criteria. "Good quality" is not a spec, "AQL 2.5 major / 4.0 minor / 0 critical per ISO 2859-1 Level II single sampling" is.

Tightening AQL for high-risk categories

For electronics, medical, or safety-critical goods, tighten to AQL 1.5 major / 2.5 minor. For the first three orders from a new supplier, also switch from General Inspection Level II to Level III, which increases sample size by roughly 60% and costs an extra $50-$100 per inspection. Once the supplier has cleared three consecutive shipments with zero majors, you can drop back to Level II or even Reduced inspection, but never below AQL 2.5 on majors without a written quality agreement and corrective action history.

Who runs the inspection

The same four firms that do factory audits also do pre-shipment inspections, at $250-$350 per man-day in China and Vietnam, $300-$450 in India, and $400-$550 in Turkey or Eastern Europe. Book the inspection when the supplier reports 80% production complete and 100% packed, never at 100% complete, because once everything is sealed in cartons the inspector can only open a fraction.

Require the inspection report to include: photos of the actual product against your approved golden sample, carton markings versus your shipping mark spec, weight and dimension checks on at least 5 cartons, and a barcode scan test. Reject the shipment if any item fails until the supplier reworks and passes re-inspection at their cost, a clause you must include in your PO terms.

Step 4: Verify financial standing with a bank reference letter

Financial due diligence is the step most SMEs skip and most fraud victims wish they had done. A bank reference letter costs the supplier nothing beyond a request to their relationship manager and tells you whether a real bank has a real account for a real company.

Bank reference letter format

Request the letter on the bank's letterhead, signed by a named officer, with direct contact details. The standard format includes:

[Bank name and branch address] Date

To Whom It May Concern,

We confirm that [Supplier Company Name, full legal name as registered], registered at [address], holding account number [XXXX-XXXX-XXXX-XXXX] in [USD/EUR/CNY], has maintained a banking relationship with our institution since [date, ideally 3+ years].

The account has been operated in a satisfactory manner. Average monthly turnover over the past 12 months has been in the range of [USD X - USD Y]. No dishonored instruments have been recorded.

This letter is provided for information purposes at the request of our customer and without responsibility on the part of the bank or its officers.

[Signature, name, title, direct phone, email]

Three things to verify after you receive it:

  1. Call the bank directly using a number from the bank's official website, not the number on the letter. Ask reception to connect you to the named officer. If the person does not exist, the letter is forged.
  2. Bank account name must match the legal entity on your proforma invoice, exactly. If the PI says "Shenzhen ABC Electronics Co., Ltd" and the beneficiary account is "Hong Kong XYZ Trading Limited," stop. This is the number one vector for payment diversion fraud.
  3. Account currency and jurisdiction. A mainland Chinese manufacturer asking you to pay a Hong Kong or Singapore account is not automatically fraud, but it is an anomaly that needs a written explanation (usually tax optimization via an offshore invoicing entity). Get the explanation in writing and verify the offshore entity's registration separately.

For orders above $50,000, also request the supplier's most recent audited financial statements or the equivalent. In China, the annual report filed via GSXT shows total assets, liabilities, and revenue. A factory claiming $30 million annual revenue that filed $2 million with the authorities is lying to one of you, and tax authorities do not have a sense of humor.

Step 5: Recognize and reject red-flag quote patterns

After the paperwork checks out, the quote itself is the next filter. Scammers and unreliable suppliers reveal themselves in pricing and payment terms. These patterns are not subtle once you know what to look for.

The 25% below market rule

Get at least three quotes for the same RFQ before committing. Calculate the median. Any quote more than 20-25% below the median is suspect. The supplier is either (a) quoting a different (lower) spec and hoping you do not notice until shipment, (b) planning to substitute materials, (c) a trading company reselling someone else's capacity with a bait price, or (d) a scam with no intent to ship.

USITC and Eurostat Comext publish HS-code-level import unit values by country of origin. Pull the 12-month average import unit value for your HS code and source country, and compare it to your quotes. If your supplier's FOB price is 30% below the average CIF unit value in USITC data, math is telling you something.

The 100% upfront T/T demand

Standard industry payment terms for a new supplier relationship are 30% T/T deposit, 70% balance against copy of B/L or 30% T/T deposit, 70% against documents at sight via L/C. Deviation from this, upward, is a red flag.

  • 100% T/T in advance: reject outright for a first order. No legitimate factory requires this from a new buyer above $5,000.
  • 50% deposit: acceptable only for tooling, molds, or fully custom orders where the supplier has real sunk cost.
  • Payment to a personal account (individual name, not the company): absolute reject, every time.
  • Last-minute account change by email: this is business email compromise fraud, currently responsible for over $2.7 billion in losses per the FBI IC3 2022 report. If the account changes, call the supplier on a known phone number and verify verbally. Never rely on email confirmation.

Legitimate suppliers, especially those with 5+ years of export experience, expect 30/70 terms with a new buyer and will offer OA (open account) 30-60 days only after 6-12 months of clean payment history.

Quote completeness as a signal

A professional quote contains: exact product specification with all tolerances, HS code, country of origin, Incoterm and named port, packaging details (inner carton, master carton, dimensions, gross weight), MOQ, lead time from deposit receipt, validity period, currency, payment terms, and named bank account. A one-line WhatsApp message saying "$2.15 per piece, let me know" is not a quote, it is a fishing line. Request a formal proforma invoice and see how fast and how thoroughly it comes back. Three days, full detail: professional. Two weeks, missing fields: disorganized or disinterested, either way a problem.

Step 6: Use escrow or trade assurance for the first orders

Until you have shipped and paid for at least three orders cleanly, keep your money in an instrument that lets you claw it back. The cost is 0.5-3% of order value, which is cheaper than any of the alternatives to getting cheated.

Alibaba Trade Assurance mechanics

Alibaba Trade Assurance is the most accessible escrow for SMEs sourcing from China. Funds are held by Alibaba (via a partner bank) until you confirm receipt meeting the order contract. Coverage includes on-time shipment and pre-shipment product quality as specified in the order.

How it actually works:

  1. Place the order on Alibaba.com with a supplier that offers Trade Assurance. Coverage amount is set by Alibaba based on the supplier's track record and typically ranges from $3,000 to over $1 million.
  2. Pay via credit card, T/T, or Boleto (Brazil) into the Trade Assurance account. Credit card adds 2.95% fee, T/T is free but slower.
  3. Supplier ships. You have 30 days after delivery (default) to file a dispute.
  4. If the product does not match the order contract spec, file a dispute with evidence (photos, inspection report, emails). Alibaba reviews and can order refund or partial refund from the held funds.

Limits to understand: Trade Assurance is not a bank guarantee. It protects you within the Alibaba ecosystem and up to the supplier's assurance limit. It does not cover disputes over unwritten verbal agreements, specs not in the order contract, or orders paid outside the platform. Always put your full spec, AQL criteria, and inspection requirements into the order contract on Alibaba, not in a separate WhatsApp conversation.

Alternative escrow and payment protection

  • Letter of Credit (L/C) at sight: standard for orders above $50,000, issued by your bank, guarantees payment to the supplier only against compliant shipping documents. Costs 0.15-0.75% of L/C value plus fees. The ICC UCP 600 rules govern L/C practice globally.
  • Documentary Collection (D/P): cheaper than L/C, bank releases documents to buyer only against payment. Less protection than L/C but cheaper. Suitable for $20,000-$50,000 range.
  • PayPal / credit card: offers chargeback protection but most serious suppliers will not accept above $5,000 due to 3-4% fees and high fraud reversal risk on their side.
  • Third-party escrow (Escrow.com, Payoneer Escrow): useful for non-Alibaba suppliers. Fees 0.89-3.25% depending on amount and method.

Use the cheapest instrument that matches your order size and supplier history. First-ever order from an Alibaba supplier at $8,000: Trade Assurance via T/T. First-ever order from an off-platform supplier at $40,000: L/C at sight. Ongoing supplier with 10+ clean shipments: 30/70 T/T open terms.

Step 7: Incoterms that protect the buyer in a new relationship

Your Incoterm choice determines who controls the goods, who pays for what, and critically, at what moment risk transfers from seller to buyer. The ICC Incoterms 2020 rules define 11 terms, but only a few make sense for a first-time buyer.

FOB with pre-shipment inspection

For ocean freight, FOB (Free On Board) [named port of loading] is the baseline for new relationships with Asian suppliers. Under FOB:

  • Seller clears export customs, delivers goods on board the vessel you nominate.
  • Seller pays all costs to that point, including inland transport to port and terminal handling charges at origin.
  • Risk transfers from seller to buyer once goods are on board.
  • Buyer nominates the forwarder, arranges ocean freight, insurance, destination charges, import clearance.

Why FOB beats CIF for the SME buyer:

  1. You control the forwarder, which means you know the real freight cost, real sailing date, and your forwarder works for you, not the supplier. A supplier-nominated forwarder at destination often charges $200-$800 in inflated "local charges" (D/O fees, manifest fees, CIC) that you cannot negotiate because the cargo is hostage.
  2. You see the bill of lading as the shipper or notify party directly.
  3. Pre-shipment inspection happens before goods are on board, giving you a clean point to halt shipment if AQL fails. Write into the PO: "Payment of balance is conditional on pre-shipment inspection pass certificate issued by [SGS/BV/TUV/Intertek]."

Specify the exact named port (FOB Shenzhen, FOB Ningbo, FOB Shanghai), not just "FOB China." Port matters because terminal handling charges vary by $100-$400 per container between Chinese ports.

When to avoid EXW and DDP

  • EXW (Ex Works) looks cheap on paper because the supplier quotes only the factory gate price. In practice, you become responsible for export clearance in a country where you are not resident, which is a nightmare. Most Chinese suppliers cannot legally let a foreign buyer act as the exporter of record without a Chinese entity. Avoid EXW unless you have a freight forwarder in the origin country who will handle export clearance under a power of attorney, and even then it is a pain for marginal savings.
  • DDP (Delivered Duty Paid) sounds like all-inclusive bliss, supplier handles everything to your door. In reality, DDP from Chinese suppliers often involves grey-channel customs clearance in your country, under-declared values, fake consignees, or unlicensed importers. If customs audits and the paperwork is fiction, you are on the hook as the ultimate buyer. EU TARIC filings and CBP ACE records are permanent, a grey DDP shipment today is an audit problem five years from now. Use DDP only with established suppliers who use reputable licensed customs brokers at destination, and always be named as the importer of record yourself.

CIF as a middle ground

CIF (Cost, Insurance, Freight) [named port of destination] moves shipping and minimum cargo insurance to the supplier. This is acceptable for suppliers you trust, but in a first-order context the loss of forwarder control usually outweighs the convenience. If you do use CIF, require that (1) the supplier books with a major NVOCC or carrier you name, (2) insurance covers 110% of CIF value under ICC (A) clauses, not the supplier-default ICC (C) which covers almost nothing, and (3) you are named as consignee on the B/L.

Step 8: Reference calls that actually surface problems

The last step before you sign the PO is the reference call. Ask the supplier for three current customers, ideally in your region or a comparable market. A supplier who cannot or will not provide references is telling you something.

What to ask and what to listen for

Never ask "Are they a good supplier?" because the answer is always yes. Ask specifics:

  1. "What percentage of your orders from them shipped on time in the last 12 months?" Good answer: 85%+ with specific lateness averages. Evasive answer: "They are generally on time."
  2. "What was your worst quality incident and how did they handle it?" You want to hear about a real incident and a real remedy, because every supplier has issues, and the honest reference will describe how issues were resolved. If the reference claims zero issues in 3 years of business, they are either a tiny account or a plant.
  3. "What are their payment terms with you?" If the reference has 60-day open account and you are being offered 30/70 T/T only, that is normal for a new buyer, but cross-check that the reference actually has volume history (ask how many shipments, over how long).
  4. "Who is the QC person at the factory who actually responds when something goes wrong?" You want a name. A real reference gives you a name. A fake reference gives you "oh, the sales team handles it."

Two reference calls of 15 minutes each will tell you more than a 40-page audit report, when you ask the right questions.

Red flags to watch for

Treat any single one of these as cause to halt the process and demand an explanation. Treat any two together as cause to walk away.

  • Email domain is Gmail, Yahoo, QQ, or 163, not the company domain (@supplier-company.com).
  • Business license registered less than 12 months ago, or registered capital below RMB 500,000 for a claimed manufacturer.
  • Phone number reachable only by WhatsApp, never answered on landline.
  • Address on Google Maps shows a residential building, shopping mall, or empty lot.
  • Prices 25%+ below the median of other quotes for the same spec.
  • Payment to a Hong Kong, Singapore, or UK LLP account when the supplier is a mainland China factory, with no written explanation.
  • Last-minute payment account change via email.
  • Refusal to accept L/C or Trade Assurance, demanding 100% T/T.
  • No response to a written request for ISO 9001 certificate number for public verification.
  • Sample provided is suspiciously perfect and arrives in 2 days (it was bought off the shelf).
  • Sample arrives in branded packaging of a known brand the supplier does not claim to produce for.
  • Factory auditor reports "no production running on day of visit" without a credible explanation (Chinese New Year window is credible, a random Tuesday in June is not).
  • Company director name on the business license does not match the bank account name or the PI signatory.
  • Website has stock photos from other factories (reverse image search flags these in 30 seconds).
  • Claims to be "the manufacturer for Apple / Samsung / IKEA" with no NDA restriction and no proof.

What Reevol's AI Sourcing Agent does here

Reevol's AI Sourcing Agent automates the mechanical parts of this playbook so you can focus on the judgment calls. Specifically:

  • Registry lookups: the agent pulls GSXT, Companies House, SIRENE, MCA21, and Handelsregister records on every shortlisted supplier and flags mismatches between the business license and the proforma invoice in under 60 seconds.
  • Trade data cross-check: the agent queries bill of lading databases and UN Comtrade to verify the supplier's claimed export volumes against real shipment records, returning a confidence score per supplier.
  • Certification verification: the agent validates ISO 9001, BSCI, SA8000, and sector-specific certificate numbers against the issuing bodies' public registries, catching the $50 fake certificates automatically.
  • Quote anomaly detection: the agent compares your incoming quotes against HS-code-level import unit values from USITC and Eurostat, flagging any quote more than 20% below the regional median with the specific benchmark source.
  • Audit and inspection booking: the agent routes audit and AQL inspection bookings to SGS, Bureau Veritas, TUV, or Intertek based on product category, region, and lead time, and tracks report delivery against your PO timeline.
  • Payment and Incoterm templates: the agent generates PO language with Incoterms 2020 FOB clauses, AQL acceptance criteria (critical 0 / major 2.5 / minor 4.0 per ISO 2859-1 Level II), and bank reference verification steps pre-filled.

You still decide whether to place the order. The agent makes sure you are deciding with complete information, in hours instead of weeks.

Sources

Want Reevol to run this for you?

Reevol's AI Sourcing Agent handles vetting, RFQ, negotiation, QC, shipping, and payment end-to-end.

Meet the AI Sourcing Agent