Every compliance team I've talked to runs the same expensive stack: LexisNexis for entity verification, D&B for company data, Thomson Reuters for sanctions screening. The annual bill? $200K-500K depending on volume.
But here's the thing: 80% of what those suites do is aggregate public data that's freely available from government sources. The remaining 20% is proprietary scoring and UI.
If you're a startup, mid-market firm, or just tired of paying enterprise prices for public records, here's how to build a functional vendor screening workflow using free government APIs.
The 4-Check Vendor Screening Framework
Every vendor due diligence process needs to answer four questions:
- Is this company real? (Entity verification)
- Is this company in good standing? (Registration status)
- Is this company sanctioned or debarred? (Watchlist screening)
- Who are the principals? (Beneficial ownership)
Check 1: Entity Verification via Secretary of State
Every US company registers with its state's Secretary of State. These filings confirm:
- Legal entity name and type (LLC, Corp, LP)
- Registration date and status (Active, Dissolved, Suspended)
- Registered agent and principal address
- Officers and directors (in most states)
Instead of paying D&B $0.50-2.00 per lookup, you can query state SOS databases directly.
For California: CA Business Leads - SOS Entity Search ($0.002/result)
For Texas: TX Business Leads - SOS Filing Search ($0.002/result)
Multi-state: US Business Entity Search covers FL, NY, IL, and more ($0.002/result)
Check 2: Federal Contractor Status via SAM.gov
SAM.gov is the federal government's System for Award Management. If a company does business with the US government, it's registered here. More importantly, SAM.gov maintains the exclusion list -- companies debarred from federal contracts.
SAM.gov Federal Contracts & Awards Search lets you search by company name, DUNS, or CAGE code ($0.002/result).
A company that's excluded from federal contracting is a red flag for any vendor relationship.
Check 3: Sanctions and Watchlist Screening
OFAC (Office of Foreign Assets Control) maintains the SDN list -- entities sanctioned by the US Treasury. Doing business with a sanctioned entity can result in criminal penalties up to $20M and 30 years imprisonment.
OFAC Sanctions Search queries the SDN list programmatically ($0.002/result). Run this check on every vendor, every time.
Check 4: Domain and Digital Footprint via WHOIS
A legitimate vendor has a registered domain with consistent WHOIS data. Red flags:
- Domain registered in the last 6 months
- WHOIS registrant doesn't match the company name
- Domain registered in a different country than claimed HQ
WHOIS Domain Lookup returns registration dates, registrant info, and nameservers ($0.002/result).
Putting It Together: Cost Comparison
| Check | Enterprise Suite | DIY with Public APIs |
|---|---|---|
| Entity verification | $0.50-2.00/lookup | $0.002/result |
| SAM.gov exclusion | Bundled ($$$) | $0.002/result |
| OFAC sanctions | $0.10-0.50/check | $0.002/result |
| WHOIS verification | $0.05-0.20/lookup | $0.002/result |
| Total per vendor | $1-5+ | $0.008 |
At 10,000 vendor checks per year, that's $10K-50K vs $80. The math speaks for itself.
When NOT to DIY
This approach works for initial screening and ongoing monitoring. It does NOT replace:
- AML/KYC requirements with regulatory-mandated data sources
- Beneficial ownership registries that require FinCEN BOI filings
- Credit risk scoring (you still need D&B or Experian for that)
But for the 80% of due diligence that's just "confirm this company exists and isn't on a watchlist," public APIs are more than sufficient.
Automate It
All of these actors support the Model Context Protocol (MCP), which means you can wire them into AI agents, n8n workflows, or any automation platform that speaks HTTP.
The future of vendor screening isn't paying $500K/year for a dashboard. It's composable data APIs that cost pennies per check.
Building compliance automation? I'd love to hear what checks you're running and what data sources you're using. Drop a comment below.
Top comments (0)