← Insights
Educational · Updated 26 May 2026 · 6 min read

Vendor Master Data Quality in India: What Good Looks Like When You Measure It

Vendor master data quality in Indian mid-market companies: the four dimensions that define a healthy vendor master and what diagnostics typically find.

Vendor masters that score 93 or 95 out of 100 on a health check can still carry hundreds of vendors sharing bank accounts with other vendors, thousands of fuzzy-name duplicates, and GSTIN records that were valid at onboarding and cancelled since. The score reflects format checks passing, not data integrity. A structured diagnostic finds the gap.

A healthy vendor master is not one that has been recently cleaned. It is one where GSTIN status, MSME registration, bank details, and duplicate records are continuously verified against live sources. For Indian mid-market companies, the gap between what the ERP reports and what a diagnostic measures is typically large enough to affect compliance calculations and payment controls.

The four dimensions that define vendor master health

Finance teams talk about vendor master quality as a single problem. In practice it is four distinct data dimensions, each with its own failure mode and its own downstream consequence.

GSTIN validity rate is the share of active vendor records where GSTIN status has been verified as active against the GST portal, not just format-checked at onboarding. A correctly formatted GSTIN is not the same as an active one. Vendors lose GSTIN registration through cancellation, suspension, or lapses in return filing. The ERP does not track this. Once a vendor is onboarded with a valid GSTIN, that record stays valid in the system regardless of what happens on the portal.

Under Section 16(2)(c) of the CGST Act, as typically interpreted, ITC is blocked when a supplier’s returns are unfiled for more than two consecutive tax periods. Transacting against a cancelled or non-compliant GSTIN creates ITC reversal exposure that the vendor master cannot flag if it only holds the onboarding-state GSTIN.

MSME registration currency is the share of vendors marked as MSME-registered where Udyam portal status has been verified within the current financial year. Certificates held on file go stale. Vendors obtain registration after onboarding, let registrations lapse, or graduate out of MSME status as their turnover grows. Each of these changes the 43B(h) liability position for outstanding invoices. An unverified MSME field means the exposure calculation is not reliable. The 43B(h) disallowance is being tracked against a status that may no longer be current. For the mechanics of how this exposure accumulates, see MSME 43B(h): Calculating Your Company’s Actual Payment Exposure.

Duplicate record rate is the share of active records that are functional duplicates of another record in the same master. ERP duplicate-check flags catch the straightforward case: same vendor name, same GSTIN, two records. They miss two India-specific patterns that create the most payment risk.

The first is multi-branch vendors. A large hotel group or a national distributor with locations across multiple states will have a separate GSTIN for each state registration. In a well-governed vendor master, these sit under a single parent entity with multiple tax registration nodes. In most mid-market ERPs, each state GSTIN has been entered as a completely separate, unlinked vendor record. From the ERP’s perspective, these are different vendors. Payment approvals, spend limits, and duplicate-invoice controls all operate at the individual record level. The finance team has no view of aggregate exposure to a single counterparty.

The second is name variants created as workarounds. A vendor gets re-entered under a slightly different name to bypass a payment hold or handle a GST registration change. In several cases we have seen in diagnostics, the duplicate was created during Covid-era disruptions and never deactivated. Each variant is a live payment channel to the same underlying entity.

When fuzzy-name duplicate rates run above 15% of the vendor population, the master typically requires structural remediation, not a one-time cleanup.

Bank detail currency is the share of active vendor records where bank account details have been verified since onboarding. Bank account changes are the primary vector for payment fraud in AP functions. A vendor master where bank details were collected at onboarding and never re-verified is carrying fraud exposure proportional to its size and the time elapsed since verification.

What diagnostics typically find

When these four dimensions are measured rather than assumed, the pattern that emerges most consistently is the gap between the ERP’s reported state and the actual state. The ERP shows no errors because it checks fields at the values they held at onboarding. The diagnostic checks current state against live sources.

GSTIN validity tends to show the largest gap. Finance teams generally assume GSTIN issues affect a small fraction of the vendor base. The measured rate of status mismatches, where the GST portal shows cancelled, suspended, or non-compliant status against a record the ERP treats as active, is typically several times higher than the team’s estimate.

The multi-branch duplicate problem is invisible in standard AP reports. Vendor masters we have run diagnostics on have scored between 93 and 96 on automated health checks while carrying hundreds of vendors sharing bank accounts with other vendor records and thousands of name-variant duplicates. The ERP flagged none of them, and no control was operating at the entity level.

MSME status is the dimension most directly connected to a current compliance liability. The failure modes are the same as those documented in the 43B(h) article: vendors onboarded before obtaining Udyam registration, vendors whose registration has lapsed, vendors who have graduated out of MSME status. Each category affects the 43B(h) calculation differently.

Bank detail currency is the dimension most teams have least visibility into. The last-verified date for bank details rarely appears on standard AP reports. In diagnostics, a material share of active vendor records show bank details that have not been re-verified since onboarding.

What good looks like as a measured state

A well-maintained vendor master has defined verification cadences for each dimension, not a one-time cleanup schedule.

GSTIN status should be verified against the GST portal at minimum quarterly, and before any payment run above a threshold the finance team sets. A vendor master where all active records have been GSTIN-verified within the last 90 days is in a materially different risk position than one where verification was last done at onboarding.

MSME status should be verified against the Udyam portal at the start of each financial year and flagged for re-verification whenever a vendor’s invoice volumes suggest a turnover change. A one-time certificate collection at year-end does not satisfy this. The disallowance under 43B(h) crystallises during the year, not at year-end.

Duplicate checks should include a PAN-level deduplication run across the full master, not just the ERP’s built-in name and GSTIN checks. Multi-branch vendors should be mapped to a single parent entity so that payment controls, approval limits, and 43B(h) tracking operate at the entity level rather than the record level.

Bank details should be re-verified on a trigger basis: any change request, any period of inactivity beyond a defined threshold, and on a scheduled cycle for high-value vendors.

A Finance Operations Diagnostic maps all four dimensions, measures current state against these criteria, and produces a prioritised remediation list with the specific records carrying the highest downstream risk. The companies that manage vendor master quality as a continuous process rather than a periodic project find the cost of maintenance is lower than the cost of the errors it prevents.

If you have not measured your vendor master against these four dimensions, a Diagnostic is the starting point.

Key observations

  • Vendor master health is measurable across four dimensions: GSTIN validity rate, MSME registration currency, duplicate record rate, and bank detail currency.
  • A high ERP health score reflects format checks passing, not data integrity. The gap between what the ERP reports and what a structured diagnostic finds is typically significant.
  • ERP duplicate-check flags miss the two most common India-specific duplicate patterns: multi-branch vendors entered as separate unlinked records, and name-variant workarounds that were never deactivated.
  • GSTIN status must be verified against the GST portal, not inferred from format validity. A correctly formatted GSTIN and a currently active GSTIN are not the same thing.
  • A well-maintained vendor master has verification cadences per dimension: quarterly for GSTIN status, annually for MSME registration, PAN-level deduplication for duplicates, and trigger-based re-verification for bank details.

Frequently asked questions

What are the main dimensions of vendor master data quality?
Vendor master health is measured across four dimensions: GSTIN validity rate (share of records verified as active against the GST portal), MSME registration currency (Udyam portal status verified within the current financial year), duplicate record rate (including multi-branch and name-variant duplicates the ERP does not flag), and bank detail currency (share of records where bank account details have been re-verified since onboarding).
Why does a high ERP health score not mean the vendor master is clean?
ERP health scores typically reflect automated format checks: whether a GSTIN is 15 characters, whether a PAN follows the correct pattern. They do not check whether a GSTIN is currently active on the GST portal, whether an MSME registration is still valid on the Udyam portal, or whether duplicate records represent the same legal entity. A vendor master can score 95 out of 100 on format checks while carrying material compliance and fraud exposure in the underlying data.
How do duplicate vendor records get created even when ERP duplicate checks are enabled?
ERP duplicate checks match on name and GSTIN within a single record. They miss two common India-specific patterns. The first is multi-branch vendors where each state registration has a different GSTIN, so each branch is treated as a separate vendor. The second is name variants created as workarounds, where a vendor is re-entered under a slightly different name. Both patterns produce active, separate records that no automated check flags as duplicates.
How often should GSTIN status be verified for active vendors?
GSTIN status should be verified against the GST portal at minimum quarterly and before any payment run above a threshold the finance team sets. Verifying at onboarding only is not sufficient because vendors can lose GSTIN registration through cancellation, suspension, or lapses in return filing after they have been onboarded. A vendor master verified within the last 90 days is in a materially different risk position than one last verified at onboarding.
What is the connection between vendor master data quality and Section 43B(h) compliance?
Section 43B(h) of the Income Tax Act, as typically interpreted, disallows deductions on payments to MSME-registered vendors made beyond 45 days of the invoice date. Calculating and managing this exposure accurately depends on knowing which vendors are currently MSME-registered under the Udyam portal. If MSME status in the vendor master is unverified or outdated, the 43B(h) exposure calculation is unreliable regardless of how carefully payment dates are tracked.

Published by IQSS

IQSS is a Finance Operations Intelligence firm for Indian mid-market companies. We build and run the intelligence layer between your ERP and your finance team's decisions.

See what a Diagnostic finds in your data.

Five days. Your vendor master and AP data. A ranked set of findings and a clear recommendation on where to start.

Request a Diagnostic