Vendor Onboarding After Acquisition: Why “Trust and Word Docs” Isn’t a Strategy With Ryan LLC
Enjoy the replay of our chat with Ben Lao, Head of Global Procurement, Ryan LLC
Watch our Fireside Chat!
Mergers and acquisitions can feel like a business growth cheat code: instant customers, expanded market reach, new revenue streams, and a bigger footprint overnight.
But there’s a less glamorous side of M&A that doesn’t show up in the deal announcement: vendor onboarding and supplier authentication.
When your company acquires another organization, you don’t just inherit staff and contracts—you inherit an entire vendor master file and all the risk that comes with it. And if you’re like most teams, you’re inheriting it without the headcount needed to manage it safely.
As one procurement leader put it in the video above:
“Supplier onboarding looked like email and Word documents and trust.”
That approach may feel fast and harmless—until the day it isn’t. And for companies aiming for stronger compliance (SOC readiness, auditability, or public-company expectations), it’s simply no longer defensible.
This article breaks down why acquisition-driven vendor onboarding is a growing risk area, what happens when processes rely on “security theater,” and how teams can build a scalable vendor authentication approach—especially when resources are limited.
Table of Contents
Why Vendor Onboarding Gets Harder After an Acquisition
The Big Question: Are Vendors Being Requalified After an Acquisition?
The Compliance Gap: What Worked Before Won’t Work Now
“Security Theater” and the Illusion of Controls
The Email Risk No One Wants to Talk About
The Hard Truth: You Can’t Staff Your Way Out of This
A Realistic Approach: Proactive Outreach and Spend-Based Prioritization
The International Supplier Challenge: Compliance vs. Adoption
Why Vendors Avoid “Support” (Even When They Need Help)
The Good News: Vendor Networks Get Easier Over Time
The Takeaway: Growth Requires a Supplier Risk Strategy
Want More Personalized Support With Vendor Onboarding After Acquisition?
Want Regular Tips About Vendor Onboarding After Acquisition?
Why Vendor Onboarding Gets Harder After an Acquisition
When a company acquires another business, the vendor master file usually comes along for the ride. That vendor list may include:
- Hundreds (or thousands) of suppliers
- Outdated contact information
- Suppliers that no longer exist
- Vendors that were never properly verified
- Inconsistent data formats and incomplete tax info
- Bank accounts recorded with minimal validation
Even if the acquired company had a process, the acquiring company is still responsible for proving due diligence. That means re-authentication becomes the expectation.
And yet, in reality, most procurement and AP teams are trying to handle acquisitions with tiny teams.
In the video above, the procurement leader describes a “huge team of three.” That’s not uncommon. Most vendor onboarding and master data teams aren’t built for acquisition-scale onboarding—especially when the acquisitions keep coming.
The Big Question: Are Vendors Being Requalified After Acquisition?
A key moment in the video above centers on an important question:
“When you acquire a company, are you re-qualifying all the vendors in their vendor master to get them into yours?”
The answer? They’re supposed to.
Because vendor requalification is about proving:
- The supplier is legitimate
- The supplier contact is real
- The banking information is valid
- The supplier aligns with compliance expectations
- The vendor record is audit-ready
But “supposed to” and “actually can” are two very different realities.
The Compliance Gap: What Worked Before Won’t Work Now
One of the biggest drivers behind improving supplier onboarding is compliance pressure—especially if a company is preparing for audit scrutiny, new investors, or a public offering.
In the video above, the procurement leader explains that their old process didn’t meet SOC expectations, and that became obvious once the business matured and the bar got higher.
Here’s what supplier onboarding looked like before:
- Someone creates the vendor in the ERP
- They email the vendor a Word document (“supplier information form”)
- The vendor completes it and emails it back
- Someone claims they verified the banking info via phone call
- AP receives the form and a confirmation email
That last part is the problem.
Even if someone truly makes a phone call, the process lacks standardization and auditability.
“What does that really do? Are you really doing it? How do we prove that?”
The short version: you can’t. Not consistently. Not at scale. Not in a way that holds up under scrutiny.
“Security Theater” and the Illusion of Controls
One of the most useful concepts raised in the video above is security theater—and it’s a phrase more teams should learn.
Security theater is when a process looks like risk management without actually reducing risk.
Examples include:
- A penny test fraudsters can intercept
- A callback to a number the vendor provided (which could be fraudulent)
- Accepting bank letters or letterhead without validation
- Relying on email chain history as proof
- Checking a “verified” box without evidence
These steps often create the illusion of control. But when fraud happens, organizations discover their process had holes large enough to drive a wire transfer through.
It gets worse when onboarding is decentralized:
“Because it was decentralized… what level of validation were they actually doing?”
The answer is usually: inconsistent standards, minimal proof, and no centralized audit trail.
The Email Problem No One Wants to Talk About
Another major risk factor discussed in the video above is how vendor data gets collected and stored.
The procurement leader expresses discomfort with the old method:
“I hated the idea that we’re sending sensitive banking information via email. Unsecured email… too dangerous.”
Vendor onboarding via email introduces multiple risks:
- Bank details move through insecure channels
- Vendor info lives across personal inboxes
- Sensitive documents end up on desktops
- There’s no single source of truth
- Retention is inconsistent
- Audit retrieval is painful (or impossible)
Even worse, organizations end up with vendor forms scattered across dozens of users and locations.
That creates both a security risk and a record retention risk.
The Hard Truth: You Can’t Staff Your Way Out of This
A big theme in the video above is resource constraint. Even when the need is obvious, hiring support still isn’t always an option.
Angela shares a best-practice example: a hospital system acquired multiple hospitals and was required by the CFO to qualify all vendors. They built a project plan and hired two temps whose job was:
- Email vendors to notify them an invitation was coming
- Send the official onboarding invite
- Call vendors to drive completion
- Put vendors on payment hold if they didn’t comply
Result: 7,000 vendors onboarded in under a year.
But the procurement leader responds with an all-too-common barrier:
“There’s no appetite from my CEO to add any resources.”
This is the core reality across many organizations:
→ vendor onboarding is critical… but rarely headcount-priority.
So how do teams make progress anyway?
Answer: prioritize intelligently and automate wherever possible.
A Realistic Approach: Proactive Outreach + Big Spend Focus
Even with limited resources, the procurement team described doing one thing very right: acting proactively.
They mandate that acquisitions provide supplier contacts, and they send onboarding invitations immediately.
That matters, because acquisition onboarding fails when teams wait for vendors to surface later.
If you wait until a vendor invoices again, you inherit risk silently—and the first time you enforce onboarding is when money is already on the line.
The second lever is focus:
“It’s on the big spend guys.”
That’s practical and scalable. If you don’t have leverage like payment holds and don’t have a call team, then use limited human time where risk is highest:
- High-spend vendors
- Vendors paid frequently
- Vendors with prior bank changes
- Suppliers paid internationally
- Suppliers with incomplete or inconsistent data
This is how organizations reduce risk without needing a large team.
The International Supplier Challenge: Compliance vs. Adoption
In the video above, the procurement leader also highlights a growing issue: international acquisitions and supplier bases.
International supplier onboarding introduces additional complexity:
- Vendors may distrust third-party onboarding
- Cultural norms may discourage digital registration
- Suppliers insist on their own “paperwork” instead
- Some refuse MFA or certain authentication steps
As he explains:
“They outright flat out say they will not do it. ‘Here’s your piece of paper… go.’”
That’s a reminder that vendor onboarding isn’t only a process problem—it’s a change management problem. For global adoption, organizations need:
- Clear messaging that onboarding is required
- Internal alignment on enforcement policies
- Supplier education that explains why
- Consistent communication from the buying org
- An easy support pathway vendors understand
Why Vendors Avoid “Support” (Even When They Need Help)
One of the most relatable moments in the video above comes from a vendor behavior problem:
“They don’t want to reach out to PaymentWorks support… they want to work only with us.”
This is incredibly common.
Many vendors—especially those in AR—don’t think of themselves as “software users.” They see onboarding as paperwork, not as interacting with a platform.
Even the word “support” can confuse or intimidate.
Angela notes that some vendors even click “Sales” on demo request forms because they think that’s the best way to get help with a registration form.
That’s why successful onboarding requires:
- Vendor experience that feels intuitive
- Communication that reinforces legitimacy
- Support that reads as “help,” not technical support
- Reminders that onboarding is authentication—not payment processing
The Good News: Vendor Networks Get Easier Over Time
One of the most optimistic insights from the video above is the flywheel effect.
Once suppliers onboard into a centralized network, future onboarding becomes easier because vendors can reuse existing information.
Angela explains:
“There’s a 37% chance that the vendor you invite is already on the network somewhere.”
That number varies by industry, but the point stands:
every supplier onboarding investment improves the process long-term.
The more suppliers that are verified, the more future acquisitions can rely on existing validated profiles rather than starting from scratch.
This is how vendor master data becomes cleaner over time—without endless manual effort.
The Awareness Takeaway: Growth Requires a Supplier Risk Strategy
If your company is acquiring businesses—especially frequently—vendor onboarding needs to stop being a side project.
- A scalable, defensible approach includes:
- A re-authentication policy
- Standardized onboarding intake (no Word docs via email)
- Centralized validation and audit trails
- Risk-based prioritization
- Vendor-friendly workflows and support paths
Vendor onboarding after acquisition isn’t just about maintaining vendor records. It’s about protecting the business from:
- Fraud
- Bad payment data
- Compliance failures
- Audit exposure
- Operational chaos
Because when vendor onboarding is weak, fraudsters don’t need to break in.
They just need to wait for someone to trust the wrong email.
Want More Personalized Support With Vendor Onboarding After Acquisition?
Schedule some time to speak with our team
Want Regular Tips About Vendor Onboarding After Acquisition?
Let us show you how we can help
We’d love to walk through your process with you and talk about security, compliance, efficiency and sleeping better at night.
empty space
© Copyright 2026 - PaymentWorks