Why the ABCs of Vendor Vigilance Became Fundamental in 2025

Supply chain choke points swelled, tariffs shifted long-standing buyer-supplier relationships, and finance and procurement leaders did their best to maintain business-as-usual in an increasingly atypical trade environment.

At the same time, the steady state of uncertainty created an opportunity for fraudsters. One of the bigger supply chain stories of 2025 wasn’t the existence of tariffs themselves, but how quickly seemingly minor blind spots in vendor oversight turned into material financial, legal and reputational threats.

When a company gets caught off guard by the true origin of its products, the story rarely stays technical. It can become a narrative about transparency, accountability and trust.

Against this operating backdrop, the ABCs of vendor vigilance, Auditing country of origin, Benchmarking trade risk and Confirming classification, became increasingly critical. What once lived in procurement checklists and compliance silos became a cross-functional operating priority, spanning finance, legal, supply chain, risk and marketing.

The lesson of 2025 was a durable one. In a world of complex supply chains and politicized commerce, knowing your vendors became fundamental to doing business at all. That made vendor vigilance not just a defensive play, but a competitive one.

Read also: Managing Third-Party Risks Emerges as Key B2B Issue

From ABCs to Competitive Advantage

What’s changed isn’t just tariffs. It’s the realization that compliance failures often don’t originate with deliberate wrongdoing, but with fragmentation, including incomplete supplier disclosures, outdated assumptions about country of origin, misclassified Harmonized System codes, or third parties whose own subcontracting practices are poorly understood.

Findings from PYMNTS Intelligence in the August edition of the 2025 Certainty Project, “Vendors and Vulnerabilities: The Cyberattack Squeeze on Mid-Market Firms,” found that supplier blind spots tend to cluster where responsibility is diffuse.

Procurement teams focus on price and continuity. Logistics teams focus on delivery. Finance teams focus on landed cost. Compliance teams focus on rules. But few organizations have a single, shared view of vendor risk that integrates all those lenses.

The report found that attackers frequently compromise a vendor first, then use the trust relationship to infiltrate their target firm, with 38% of invoice fraud cases and 43% of phishing attacks stemming from compromised vendors.

That was the case this year across the freight economy, where the National Insurance Crime Bureau estimated that criminals were absconding with $35 billion in cargo theft losses annually in just the United States.

One of the most persistent challenges in trade compliance is opacity beyond the first tier. Companies may have a contractual relationship with a supplier in Vietnam or Mexico, but limited insight into where that supplier sources raw materials or intermediate goods. When tariffs target specific countries or products, that lack of visibility becomes a liability.

Harmonized System, or HS, codes are foundational to tariff assessment, yet they remain one of the most error-prone areas of trade compliance. Suppliers may reuse legacy codes, apply overly generic classifications or fail to update codes when product designs evolve. These errors can go unnoticed for years until a tariff change or customs audit exposes them, often retroactively.

Read the report: Vendors and Vulnerabilities: The Cyberattack Squeeze on Mid-Market Firms

Why Vendor Vigilance Isn’t Just Procurement’s Problem

Auditing origin claims requires more than collecting certificates. It involves understanding the supplier’s production process, reviewing bills of materials, and verifying that the applicable rules of origin are met. This is particularly challenging in industries with frequent design changes or where suppliers substitute inputs based on availability. Effective audits are collaborative but rigorous, combining education with verification.

Technology can play a role here, but it is not a silver bullet. Automated classification tools and origin calculators can accelerate analysis, yet they depend on accurate underlying data. Without disciplined data governance and accountability, automation simply scales errors faster.

The companies most vulnerable in this environment are not those with the largest tariff exposure, but those with the least transparency. Complacency often stems from a belief that a company has “always done it this way” or that suppliers will alert buyers if something changes. Experience suggests otherwise. Suppliers operate under their own cost pressures and may adjust sourcing without fully appreciating downstream compliance implications.

At the same time, not all vendors pose equal risk, and treating them as such is inefficient. By scoring vendors based on factors like sourcing complexity, jurisdictional exposure, historical compliance issues and documentation quality, companies can prioritize oversight where it matters most.

In today’s trade environment, knowing your vendors is no longer enough. You must understand them, verify them and continuously reassess them. That responsibility no longer belongs to a single team. It belongs to the enterprise.

For all PYMNTS B2B coverage, subscribe to the daily B2B Newsletter.