Vendor Assistance for Supplier Onboarding Process Improvement-UPDATED

11-20-13 RFI

1

STATE OF TENNESSEE
FINANCE & ADMINISTRATION
REQUEST FOR INFORMATION
FOR
VENDOR ASSISTANCE FOR SUPPLIER ONBOARDING PROCESS IMPROVEMENT

RFI # 31701- 03832
2/20/2025

1. STATEMENT OF PURPOSE:

The State of Tennessee, Department of Finance & Administration – Division of Accounts issues
this Request for Information (“RFI”) for the purpose of soliciting proposals from qualified,
experienced service providers who will be able to provide products and services that will improve
our supplier onboarding and maintenance processes . The goal of this project is to reinforce fraud
prevention and achieve greater process efficiency by mitigating vulnerabilities and improving
controls and technologies in the State of Tennessee’s supplier onboarding and maintenance processes. We appreciate your input and participation in this process .

2. BACKGROUND

As recent events show, supplier payment fraud and weak onboarding controls are not theoretical risks; they are real and costly. For example, a legislative audit in Louisiana found over $1.3
million in public funds diverted via vendor -payment fraud and cyberattacks. ( New Orleans
CityBusiness )

The audit flagged “there were not appropriate controls over changes in banking information for
vendors,” and recommended that the parishes “adopt new internal control procedures and begin
using new software that requires all vendors to submit their banking information through a system
that subjects them to rigorous scrutiny before any payments are made.” ( New Orleans
CityBusiness )
In the 60 Minutes episode aired May 11, 2025, the show reported that federal and state
governments lose hundreds of billions of dollars annually to fraud schemes, including those
that exploit weak supplier onboarding, verification and payment -update processes.
(tvregular.com+3 cbsnews.com+3 podcasts.apple.com+3 )
The scale of this initiative is substantial: The State of Tennessee manages nearly 300,000 supplier records (active and inactive), adds approximately 18,000 new suppliers annually, and
processes more than 25,000 changes to existing supplier files each year . “Suppliers”
encompas ses individuals and entities providing goods and services, as well as s ocial service
providers such as foster care and housing assistance programs and other similar support
services. At this volume, automating supplier help- desk functions and implementing robust
identity and bank account verification is not simply an operational improvement but a critical

2 safeguard against large- scale fraud. Streamlining these processes will also deliver significant cost
savings by reducing check payments, eliminating redundant manual verifications, and minimizing
delays that negatively impact supplier relationships. In addition to the above statistics, we also
manage approximately 20,000 emails and approximately 2, 000 phone calls a year for inquiries
that must be addressed.

In short, this project for Tennessee is not just a technology upgrade ; it’s a critical step toward
balancing security, usability, and efficiency in government services. By achieving the goals of this
project , the State of Tennessee will continue to be a leader in AI for process improvement and
modernization.

The supplier onboarding and maintenance processes lack automation, resulting in long cycle
times, high significant manual effort, and limited fraud detection.

Project Goals include:
• Strengthening fraud prevention and verification controls
• Increase automation of supplier onboarding and maintenance activities
• Improve consistency and auditability of supplier data
• Enhance supplier self -service and transparency
• Enable staff to focus on higher -value review and oversight

Business Value
• Reduce staff -initiated “Request More Information” actions on registrations by 75%
Optimize the registration process to ensure accuracy while decreasing manual follow -up
efforts.

• Reduce pending emails by 75%
Improve workflow efficiency and response times

• Achieve 60% direct deposit adoption among newly onboarded suppliers
Encourage electronic payments for faster and more secure transactions

• Attain a 75% success rate in automated bank account and identity verifications
Minimize time -consuming manual verification and improve operational efficiency
In addition to the business value, we seek to also deliver the following Project Objectives:
• Reduced supplier onboarding and maintenance cycle times
• Minimize d manual effort of fraud detection
• Improved data accuracy and compliance to reduce rework, increase process efficiency, and
strengthen confidence in supplier and internal data used for operational and compliance decisions
Project Scope Includes
• AI Attendant for Supplier Help Desk pilot
• AI-based document validation and identity verification
• Automated bank account verification enhancements
• Integration with State of Tennessee’s ERP PeopleSoft system, Edison (read- only for
pilot) Reporting, metrics, and audit logging
• Align with data consolidation plans , to create a consolidated database for Supplier data,
which may include W -9s, SDDA forms, IRS TIN Match, Supplier Update and Email Deposit
Notification Forms, PNC verification logs, and other independent sources.

Respondents are invited to respond to the RFI with a response to a single component, either AI Agent or Identi ty and Banking Verification, or both.

3 3. COMMUNICATIONS :

3.1. Please submit your response to this RFI to:
Rebekah Jenkins, MPA |Enterprise IT Business Program Support Lead
901 Rep. John Lewis Way North, Nashville, TN 37243
Cell: 615- 906-4840
rebekah.w.jenkins@tn.gov

3.2. Please reference RFI # 31701- 03832 with all communications to this RFI.
4. RFI SCHEDULE OF EVENTS:

EVENT
TIME
(Central Time
Zone)
DATE
(all dates are State
business days)
1. RFI Issued 02/20/2026
2. Vendor Written Questions and Comments
Deadline 2:00pm 03/04/2026
3. State Response to Written Questions and
Comments 03/17/2026
4. RFI Response Deadline 2:00pm 03/31 /2026

5. GENERAL INFORMATION:
5.1. Please note that responding to this RFI is not a prerequisite for responding to any future
solicitations related to this project and a response to this RFI will not create any contract
rights. Responses to this RFI will become property of the State.
5.2. The information gathered during this RFI is part of an ongoing procurement. In order to
prevent an unfair advantage among potential respondents, the RFI responses will not be
available until after the completion of evaluation of any responses, proposals , or bids
resulting from a Request for Qualifications, Request for Proposals, Invitation to Bid or other
procurement method. In the event that the state chooses not to go further in the
procurement process and responses are never evaluated, the responses t o the
procurement including the responses to the RFI, will be considered confidential by the State.
5.3. The State will not pay for any costs associated with responding to this RFI.
6. INFORMATIONAL FORM S:
The State is requesting the following informat ion from all interested parties. Please fill out the
following forms :

4

RFI #31701- 03832
TECHNICAL INFORMATIONAL FORM
1. RESPONDENT LEGAL ENTITY NAME:
2. RESPONDENT CONTACT PERSON:
Name, Title:
Address:
Phone Number:
Email:

3. Vendors should describe:

• Lessons learned from prior public sector deployments
• Whether the vendor’s services or products are available through cooperative purchasing
agreements, statewide contracts, or other government contract vehicles, including identification
of the cooperative(s) or contract(s), if applicable
• Organizational overview (years in operation, ownership structure, financial stability, core
competencies)
• Experience delivering similar solutions in:
o Public sector
o Highly regulated industries
• At least 2 –3 relevant case studies including:
o Scope
o Scale (users, suppliers, transactions)
o Technologies used
o Measurable outcomes
• Demonstrated experience in:
o Supplier ecosystem management
o Identity verification
o Automation of onboarding workflows
o AI-driven service models
4. Solution Overview & Architecture

Vendors should describe:
• High-level solution architecture, including major components and data flows
• Cloud deployment model, SaaS, PaaS, on- prem, or hybrid
• Hosting environment and cloud service provider, if applicable
• Multi -tenant versus single- tenant options
• How the solution supports both the initial pilot and future enterprise scale
• Any assumptions or dependencies the State should be aware of
• Is the vendor proposing their support model or integration of State support model
• Include a simple architecture diagram if available.
• Description of:
o Core modules/components
o Data flow between components
o API architecture
• Alignment with enterprise architecture principles:
o Modular design
o API-first

5 o Event -driven capabilities
o Scalability patterns
o High availability and disaster recovery model
o Infrastructure dependencies
5. AI Attendant for Supplier Help Desk Capabilities

Vendors should address:
• Supported interaction channels, such as web, email, chat, voice, or SMS
• Natural language processing, context -aware dialogue, understanding capabilities , and
dynamic tone and persona adjustment
• Types of supplier inquiries supported out of the box
• Ability to route inquiries to staff when confidence thresholds are not met , including
preservation of conversation context and clear handoff mechanisms
• Knowledge base management, including how content is created, updated, and governed
• Human- in-the-loop features for review, override, and training
• Accessibility and multilingual support
• Describe in detail:
• AI-powered capabilities:
• Virtual agent
• AI model governance:
• Training data sources
• Accuracy monitoring
• Accessibility compliance (e.g., ADA, WCAG)
• Include performance metrics where available.
6. Identity Verification and Fraud Prevention

Vendors should describe:
• Identity verification methods supported , such as document validation, biometric,
behavioral, database checks, or combinations
• Bank account verification approaches, including real -time and post -verification methods ,
such as: Ongoing monitoring of invalid routing numbers
• Fraud detection models and scoring methodologies , such as risk scoring, behavioral
analytics, anomaly detection
• How are false positives and false negatives handled
• Ability to adapt models based on emerging fraud patterns
• Auditability of verification and fraud decisions
• The NIST SP 800- 63 Identify Assurance Level (s) *IAL1, IAL2, IAL3) supported by the
solution, including how the level is achieved and validated.
• Ability to apply different IAL levels based on transaction risk (e.g., new onboarding vs.
Banking updates).
• Techniques used to detect and prevent potential duplicate identities
• Compliance with relevant standards
• Auditability and traceability of identity events
• Integration with third -party verification services (if applicable)
7. Supplier Onboarding and Maintenance Automation

Vendors should outline:
• End-to-end onboarding automated and human workflow support
• Supplier self -service capabilities for registration and updates
• Controls for user account creation for self -service capabilities
• Automation of disabling/inactivation of user accounts due to inactivity and supplier files
due to lack of payment activity
• Validation of W -9/W-8, TIN matching, address , banking information (including account
ownership) , and contact information such as phone number and email address

6 • Controls of changes to sensitive supplier data
• Controls for supplier creation to prevent duplication
• Exception handling and escalation workflows
• How data accuracy, completeness, and compliance are enforced
• Automated notification capabilities
• Workflow configurability vs. hard- coded processes
• Provide process diagrams where possible.
8. Integration and Interoperability

Vendors should provide:
• Integration approach with PeopleSoft E RP, read- only for pilot , including governance and
monitoring tools
• API standards supported, REST, SOAP, etc.
• Pre-built connectors
• Middleware compatibility
• Data exchange formats
• Support for batch and real -time integration
• Experience integrating with ERP or financial systems in public sector environments
• Alignment with future data consolidation initiatives
9. Data Management, Security, and Privacy

Vendors should describe:
• Data storage, residency, disposal, and retention practices
• Encryption standards, in transit and at rest utilizing F IPS 140-2 or 140- 3.
• Role-based access controls and authentication methods
• Compliance with relevant standards, such as SOC 2, ISO 27001, or similar
• Privacy controls related to PII and financial data
• Incident response and breach notification processes
• Identity and access management model
• Data ownership policy
• Whether any supplier or State data is used for model training or analytics and under what
conditions.
10. Reporting, Metrics, and Audit Logging

Vendors should explain:
• Standard reports and dashboards provided
• Metrics related to automation rates, verification success, fraud detection, and cycle time
reduction
• Audit logs available for supplier and state employee actions and system decisions
• Export and integration options for reporting data
• Custom reporting capabilities
11. Implementation Approach and Pilot Support

Vendors should include:
• Proposed approach for the AI Attendant pilot
• Estimated implementation timeline in public sector and key milestones
• Roles and responsibilities for vendor and State
• Change management and training approach
• Dependences , constraints, and key risks
• Lessons learned from similar public sector implementations
12. Scalability and Future Roadmap

Vendors should describe:

7 • Ability to scale transaction volumes and user counts
• Support for additional agencies or programs
• Product roadmap related to identity verification, fraud prevention, and AI capabilities
• Approach to continuous improvement and innovation
13. Assumptions, Risks, and Constraints

Vendors should clearly identify:
• Key assumptions underlying their solution
• Known risks and proposed mitigation strategies
• Technical or operational constraints the State should consider
• Third -party dependencies
• Licensing limitations

COST INFORMATIONAL FORM
Note: 3 -15 are narrative prompts , not mandatory pricing tables
1. Describe what pricing units you typically utilize for similar services or goods (e.g., per hour, each,
etc.:
2. Describe the typical price range for similar services or goods

3. Pricing Model Overview

Vendors should describe:
• Pricing model structure, such as subscription- based, usage- based, transaction- based, or
hybrid
• Cost drivers, including number of suppliers, transactions, verifications, users, or channels
• How pricing differs between pilot and enterprise- scale deployment
• Minimum commitments, if any
• Flexibility of pricing as scope evolves
4. Pilot Cost Estimates

Vendors should provide:
• Estimated costs for an AI Attendant pilot, including setup, configuration, and licensing
• Duration assumptions for the pilot
• Any one- time versus recurring costs
• Items included and excluded from the pilot cost estimate
5. Ongoing and Enterprise -Scale Costs

Vendors should outline:
• Estimated recurring costs for ongoing operations post -pilot
• Cost implications for expanding to full supplier onboarding, identity verification, and bank account verification
• Volume- based pricing thresholds and discount structures
• Cost impacts of adding agencies, programs, or additional use cases
6. Implementation and Professional Services

Vendors should outline:
• One- time implementation or onboarding fees
• Professional services offerings and rate structures
• Whether implementation services are required or optional

8 • Assumptions regarding State -provided resources
7. Integration and Customization Costs

Vendors should outline:
• Costs associated with ERP integration, including PeopleSoft Edison
• Custom development or configuration fees, if applicable
• API usage or data transfer costs
• Cost implications of future integrations
8. Data, Security, and Compliance Costs

Vendors should outline:
• Any additional costs related to enhanced security, compliance, or audit requirements
• Fees for data storage, retention, disposal, or archival beyond standard thresholds
• Costs associated with regulatory or audit support
9. Support, Maintenance, and Service Levels

Vendors should provide:
• Standard support tiers and associated costs
• Service level agreement options and pricing impacts
• Upgrade and maintenance policies, including cost implications
10. Cost Transparency and Total Cost of Ownership

Vendors should describe:
• Approach to cost predictability and transparency
• Known or potential cost escalation factors
• Typical total cost of ownership over one, three, and five years, at a high level
• Termination, transition, or exit -related costs, if applicable
11. Assumptions, Constraints, and Risks

Vendors should clearly state:
• Assumptions used in developing cost estimates
• Constraints that may affect pricing
• Risks that could impact cost stability and how they are mitigated
12. Scalability and Volume Sensitivity

Vendors should clearly state:
• How costs change as supplier counts, transaction volumes, or verification frequency
increase
• Thresholds where pricing materially shifts
• Protection against unexpected cost spikes
13. Change Management and Training Costs

Vendors should clearly state:
• Costs associated with training State staff and suppliers
• Availability of standard versus customized training materials
• Costs related to onboarding additional agencies or user groups
14. Data Migration and Historical Data Use

Vendors should clearly state:
• Whether historical supplier data can be ingested or referenced
• One- time or ongoing costs for data migration or normalization
• Costs associated with validating or cleansing legacy data

9 15. Performance Guarantees and Financial Remedies

Vendors should clearly state:
• Whether pricing is tied to performance metrics or outcomes
• Availability of service credits or financial remedies tied to SLAs
• Any guarantees related to automation rates or verification success

ADDITIONAL CONSIDERATIONS
1. Please provide input on alternative approaches or additional things to consider that might benefit
the State:
2. Vendors are encouraged to identify any additional cost considerations not explicitly requested that
could materially impact total cost of ownership, affordability, or financial risk for the State.
3. Governance, Oversight, and Operating Model

Vendors should outline:
• Recommended governance model for AI oversight
• Roles and responsibilities between vendor and State
• How model updates, rule changes, and policy shifts are managed
• Support for audit, compliance reviews, and legislative inquiries
4. AI Ethics, Transparency, and Explainability

Vendors should outline:
• How AI decisions are explainable to staff, auditors, and suppliers
• Bias detection and mitigation approaches
• Human review and override capabilities
• Alignment with responsible AI principles
5. Supplier Experience and Accessibility

Vendors should outline:
• Supplier -facing user experience design principles
• Accessibility compliance, such as WCAG standards
• Language support and usability for small or low -tech suppliers
• Transparency of verification status and next steps
6. Regulatory and Policy Alignment

Vendors should outline:
• Relevant regulatory frameworks they support
• Experience with audits, legislative oversight, or public records requests
• Alignment with State finance, procurement, and data policies
7. Future Solicitations

Subsequent to this RFI, the State would like to send future procurement/bid invites to vendors that
participate.
• Please provide info on which public sector cooperative purchasing agreements (if any) you
currently provide these services ( Ex NASPO) .
• Please confirm if you are already registered vendor with the State of Tennessee (have a TN
Supplier ID#).