How to automatically check if a company is legitimate before paying them

Why payment fraud starts with an unverified company

Most business payment fraud does not involve sophisticated technical attacks. It starts with a company name and a bank account — and a process that does not verify whether that company is real, active, or authorised to receive money.

When a human accounts payable team processes an invoice, they typically cross-reference the supplier against an approved vendor list built from a prior onboarding process. That onboarding process — however inconsistent — usually includes at least a registry check and sometimes a sanctions screen.

When an AI agent processes the same invoice, it does none of this by default. It sees a company name, reads the invoice, and approves the payment. The gap between what humans do inconsistently and what agents do not do at all is where fraud concentrates.

The four checks every AP team does manually

A robust supplier onboarding process checks four things before a new vendor is added to an approved list:

• Is the company registered? (Registry lookup — Companies House, ACRA, SEC, etc.)
• Is the company currently active? (Active/dissolved/dormant status)
• Who are the directors and beneficial owners? (Officers list, UBO disclosure)
• Is anyone associated with this company on a sanctions list? (OFAC, UN, EU, HMT, MAS)

These four checks take a human analyst 10–30 minutes per supplier and get skipped under time pressure. They take an AI agent under two seconds when connected to the right tool.

Why agents skip these checks by default

The problem is not that agents are careless. The problem is that the information needed to verify a company is not available in the agent's context. An LLM does not have a live connection to UK Companies House, Singapore ACRA, or OpenSanctions. It can hallucinate a verification, but it cannot actually perform one.

Without a tool that makes the registry call for it, the agent's only option is to proceed on the information it has been given — which is exactly what the fraudster wants.

How the Bizfile MCP server automates it in one tool call

The Bizfile MCP server gives any MCP-compatible agent access to live registry data across 210M+ companies in 130+ jurisdictions, plus sanctions screening across 328 global lists.

The agent calls validate_counterparty with a company name and optional country code. The server queries UK Companies House, Singapore ACRA, and OpenCorporates simultaneously, runs AI-powered risk analysis across the results, and returns a structured JSON response with:

• Company registration status (active / dissolved / dormant)
• Registered address and incorporation date
• Directors and officers list
• KYC confidence score (HIGH / MEDIUM / LOW)
• AI risk score (0–100)
• Agent action field: PROCEED / EDD / BLOCK

For sanctions screening, the agent calls screen_counterparty separately. This screens both the company name and all listed officers against 328 global sanctions lists via OpenSanctions and returns a CLEAR or MATCH verdict.

What the verdict means and how to act on it

The agent_action field is designed to be consumed directly by an orchestrator without additional interpretation:

• PROCEED — Company verified, risk score low. Agent may approve the payment or continue onboarding.
• EDD (Enhanced Due Diligence) — Registry data returned but risk signals present. Route to a human reviewer before proceeding.
• BLOCK — Company not found, dissolved, or high-risk signals detected. Do not proceed without manual investigation.

The agent does not need to interpret a prose summary or make a judgement call. The verdict is a machine-readable instruction.

Example workflow: invoice received → counterparty check → payment or hold

Here is what an agent payment approval workflow looks like with counterparty verification added:

• Invoice received from new supplier "Meridian Trade Solutions Ltd"
• Agent extracts company name and country from invoice
• Agent calls validate_counterparty("Meridian Trade Solutions Ltd", "GB")
• Server returns: risk_score 72, KYC confidence LOW, agent_action EDD — company registered 11 days ago, director is sole shareholder with no prior trading history
• Agent calls screen_counterparty("Meridian Trade Solutions Ltd")
• Server returns: CLEAR — no sanctions matches
• Agent routes invoice to human reviewer with risk summary attached
• Human approves or rejects based on the enriched context

The entire verification step takes under three seconds. The human reviewer receives a structured risk briefing rather than an unverified invoice and a blank approval request.

Adding Bizfile MCP to your agent

The server runs on SSE transport with no install required. Add it to your agent configuration and the tools become available immediately: