Vendor Change Requests

Common scenario

A small company receives a message that appears to come from a regular supplier. The message says the supplier has moved to a new accounting system and asks that the next payment use updated instructions. The request arrives shortly before a normal payment date.

Warning signs

• The request changes a payment destination, payment method, mailing address, or payment link.
• The timing lines up with an open invoice or expected payment.
• The sender says the change is urgent, temporary, or confidential.
• The message asks staff not to contact the usual vendor representative.
• The writing style, sender address, or signature differs from past vendor messages.
• The change is sent as an attachment, link, or new portal invitation outside the normal process.
• The request bypasses the person who normally manages the vendor relationship.
• The sender resists a callback through contact information already on file.

Questions to ask

• Is this request changing where money or documents will be sent?
• Did the change come through the vendor's normal contact path?
• Can we confirm the request using contact information already in our records?
• Has the internal vendor owner approved the change?
• Is there pressure to skip our normal update process?
• Do we need a second internal reviewer before the next payment?
• Have we separated vendor update approval from invoice payment approval?

Verification workflow

• Pause the vendor update and any related payment until the change is reviewed.
• Find vendor contact information from existing records, not from the new message.
• Use a known channel to confirm whether the vendor requested the change.
• Have the internal vendor owner review the change before records are updated.
• Require a second internal approval for any new money destination.
• Record the date, reviewer roles, and verification method in the vendor file.
• Update records only through the normal business process after approval.

Example internal policy

• Vendor payment changes require known-channel confirmation before records are updated.
• No employee may change vendor payment details from an email, text, call, or attachment alone.
• A second internal reviewer must approve new money destinations.
• The person approving the invoice should not be the only person approving the payment change.
• Payments may be delayed when a vendor change is still being verified.

What not to do

• Do not update payment details using contact information inside the change request.
• Do not send money to a new destination as a test.
• Do not rely on a familiar logo, signature, or existing email thread alone.
• Do not skip verification because the vendor relationship is long-standing.
• Do not share private vendor, customer, banking, tax, login, or document information in response.
• Do not confront the sender or try to investigate them directly.
• Do not process a related payment while the change is unresolved.

If something already happened

• Stop future payments to the changed destination while the request is reviewed.
• Notify the owner, bookkeeper, and vendor relationship owner through internal channels.
• Preserve the request, approval notes, and timeline in the normal record system.
• Use known vendor contact information to confirm the real vendor's status.
• Review recent payments and pending invoices connected to the same vendor.
• Restore vendor records only through the approved internal process.
• Discuss what control failed and update the approval checklist.