Vendor Bank Change Verification Playbook

Bank change requests are a top fraud vector. Most fraud succeeds because verification is informal.

This playbook installs a beginner-safe workflow that:

• requires independent verification
• creates consistent evidence
• prevents urgent reroute pressure from bypassing controls
• makes audit evidence easy to produce

Not legal advice.

What you will install

1. Verification workflow and stages
2. Independent verification script and requirements
3. Evidence checklist
4. Escalation rules
5. Post-incident review template

Verification workflow (minimum viable)

Stages:

1. request intake
2. risk classification (new vendor, unusual amount, urgent request)
3. independent verification (out-of-band contact)
4. approval to update vendor master data
5. hold period or test payment (optional)
6. release and log

Independent verification rules

Beginner-safe rule:

• do not verify using contact info from the bank change request email

Use:

• existing vendor record contacts
• vendor portal contact
• known phone numbers from prior invoices or contracts

Templates

A) Verification call script (copy/paste)

Copyable template (TEXT)
Copy
Vendor Bank Change Verification Script

Hello, this is [Name] from [Company]. We received a request to update your payment details.

To confirm:
1) Are you requesting a bank change today?
2) What is the reason for the change?
3) Please confirm the last invoice number you issued to us.
4) Please confirm the remit-to address currently on file.
5) We will only accept bank detail updates through [approved method]. Do you agree?

Outcome:
- Verified: yes/no
- Verification method: phone / portal / other
- Evidence captured:
- Next action:

B) Evidence checklist (copy/paste)

Copyable template (TEXT)
Copy
Bank Change Evidence Checklist

- Request source captured
- Risk classification completed
- Independent verification completed out-of-band
- Approval recorded
- Vendor master data update log captured
- Payment hold/test payment decision recorded (if applicable)