Vendor Assistance for Supplier Onboarding Process Improvement

11-20-13 RFI 1 STATE OF TENNESSEE FINANCE & ADMINISTRATION REQUEST FOR INFORMATION FOR VENDOR ASSISTANCE FOR SUPPLIER ONBOARDING PROCESS IMPROVEMENT RFI # 31701- 03832 2/20/2025 1. STATEMENT OF PURPOSE: The State of Tennessee, Department of Finance & Administration – Division of Accounts issues this Request for Information (“RFI”) for the purpose of soliciting proposals from qualified, experienced service providers who will be able to provide products and services that will improve our supplier onboarding and maintenance processes . The goal of this project is to reinforce fraud prevention and achieve greater process efficiency by mitigating vulnerabilities and improving controls and technologies in the State of Tennessee’s supplier onboarding and maintenance processes. We appreciate your input and participation in this process . 2. BACKGROUND As recent events show, supplier payment fraud and weak onboarding controls are not theoretical risks; they are real and costly. For example, a legislative audit in Louisiana found over $1.3 million in public funds diverted via vendor -payment fraud and cyberattacks. ( New Orleans CityBusiness ) The audit flagged “there were not appropriate controls over changes in banking information for vendors,” and recommended that the parishes “adopt new internal control procedures and begin using new software that requires all vendors to submit their banking information through a system that subjects them to rigorous scrutiny before any payments are made.” ( New Orleans CityBusiness ) In the 60 Minutes episode aired May 11, 2025, the show reported that federal and state governments lose hundreds of billions of dollars annually to fraud schemes, including those that exploit weak supplier onboarding, verification and payment -update processes. (tvregular.com+3 cbsnews.com+3 podcasts.apple.com+3 ) The scale of this initiative is substantial: The State of Tennessee manages nearly 300,000 supplier records (active and inactive), adds approximately 18,000 new suppliers annually, and processes more than 25,000 changes to existing supplier files each year . “Suppliers” encompas ses individuals and entities providing goods and services, as well as s ocial service providers such as foster care and housing assistance programs and other similar support services. At this volume, automating supplier help- desk functions and implementing robust identity and bank account verification is not simply an operational improvement but a critical 2 safeguard against large- scale fraud. Streamlining these processes will also deliver significant cost savings by reducing check payments, eliminating redundant manual verifications, and minimizing delays that negatively impact supplier relationships. In addition to the above statistics, we also manage approximately 20,000 emails and approximately 2, 000 phone calls a year for inquiries that must be addressed. In short, this project for Tennessee is not just a technology upgrade ; it’s a critical step toward balancing security, usability, and efficiency in government services. By achieving the goals of this project , the State of Tennessee will continue to be a leader in AI for process improvement and modernization. The supplier onboarding and maintenance processes lack automation, resulting in long cycle times, high significant manual effort, and limited fraud detection. Project Goals include:

• Strengthening fraud prevention and verification controls
• Increase automation of supplier onboarding and maintenance activities
• Improve consistency and auditability of supplier data
• Enhance supplier self -service and transparency
• Enable staff to focus on higher -value review and oversight

Business Value

• Reduce staff -initiated “Request More Information” actions on registrations by 75%

Optimize the registration process to ensure accuracy while decreasing manual follow -up efforts.

• Reduce pending emails by 75%

Improve workflow efficiency and response times

• Achieve 60% direct deposit adoption among newly onboarded suppliers

Encourage electronic payments for faster and more secure transactions

• Attain a 75% success rate in automated bank account and identity verifications

Minimize time -consuming manual verification and improve operational efficiency In addition to the business value, we seek to also deliver the following Project Objectives:

• Reduced supplier onboarding and maintenance cycle times
• Minimize d manual effort of fraud detection
• Improved data accuracy and compliance to reduce rework, increase process efficiency, and

strengthen confidence in supplier and internal data used for operational and compliance decisions Project Scope Includes

• AI Attendant for Supplier Help Desk pilot
• AI-based document validation and identity verification
• Automated bank account verification enhancements
• Integration with State of Tennessee’s ERP PeopleSoft system, Edison (read- only for

pilot) Reporting, metrics, and audit logging

• Align with data consolidation plans , to create a consolidated database for Supplier data,

which may include W -9s, SDDA forms, IRS TIN Match, Supplier Update and Email Deposit Notification Forms, PNC verification logs, and other independent sources. Respondents are invited to respond to the RFI with a response to a single component, either AI Agent or Identi ty and Banking Verification, or both. 3 3. COMMUNICATIONS : 3.1. Please submit your response to this RFI to: Rebekah Jenkins, MPA |Enterprise IT Business Program Support Lead 901 Rep. John Lewis Way North, Nashville, TN 37243 Cell: 615- 906-4840 rebekah.w.jenkins@tn.gov 3.2. Please reference RFI # 31701- 03832 with all communications to this RFI. 4. RFI SCHEDULE OF EVENTS: EVENT TIME (Central Time Zone) DATE (all dates are State business days) 1. RFI Issued 02/20/2026 2. Vendor Written Questions and Comments Deadline 2:00pm 03/04/2026 3. State Response to Written Questions and Comments 03/17/2026 4. RFI Response Deadline 2:00pm 03/31 /2026 5. GENERAL INFORMATION: 5.1. Please note that responding to this RFI is not a prerequisite for responding to any future solicitations related to this project and a response to this RFI will not create any contract rights. Responses to this RFI will become property of the State. 5.2. The information gathered during this RFI is part of an ongoing procurement. In order to prevent an unfair advantage among potential respondents, the RFI responses will not be available until after the completion of evaluation of any responses, proposals , or bids resulting from a Request for Qualifications, Request for Proposals, Invitation to Bid or other procurement method. In the event that the state chooses not to go further in the procurement process and responses are never evaluated, the responses t o the procurement including the responses to the RFI, will be considered confidential by the State. 5.3. The State will not pay for any costs associated with responding to this RFI. 6. INFORMATIONAL FORM S: The State is requesting the following informat ion from all interested parties. Please fill out the following forms : 4 RFI #31701- 03832 TECHNICAL INFORMATIONAL FORM 1. RESPONDENT LEGAL ENTITY NAME: 2. RESPONDENT CONTACT PERSON: Name, Title: Address: Phone Number: Email: 3. Vendors should describe:

• Lessons learned from prior public sector deployments
• Whether the vendor’s services or products are available through cooperative purchasing

agreements, statewide contracts, or other government contract vehicles, including identification of the cooperative(s) or contract(s), if applicable

• Organizational overview (years in operation, ownership structure, financial stability, core

competencies)

• Experience delivering similar solutions in:

o Public sector o Highly regulated industries

• At least 2 –3 relevant case studies including:

o Scope o Scale (users, suppliers, transactions) o Technologies used o Measurable outcomes

• Demonstrated experience in:

o Supplier ecosystem management o Identity verification o Automation of onboarding workflows o AI-driven service models 4. Solution Overview & Architecture Vendors should describe:

• High-level solution architecture, including major components and data flows
• Cloud deployment model, SaaS, PaaS, on- prem, or hybrid
• Hosting environment and cloud service provider, if applicable
• Multi -tenant versus single- tenant options
• How the solution supports both the initial pilot and future enterprise scale
• Any assumptions or dependencies the State should be aware of
• Is the vendor proposing their support model or integration of State support model
• Include a simple architecture diagram if available.
• Description of:

o Core modules/components o Data flow between components o API architecture

• Alignment with enterprise architecture principles:

o Modular design o API-first 5 o Event -driven capabilities o Scalability patterns o High availability and disaster recovery model o Infrastructure dependencies 5. AI Attendant for Supplier Help Desk Capabilities Vendors should address:

• Supported interaction channels, such as web, email, chat, voice, or SMS
• Natural language processing, context -aware dialogue, understanding capabilities , and

dynamic tone and persona adjustment

• Types of supplier inquiries supported out of the box
• Ability to route inquiries to staff when confidence thresholds are not met , including

preservation of conversation context and clear handoff mechanisms

• Knowledge base management, including how content is created, updated, and governed
• Human- in-the-loop features for review, override, and training
• Accessibility and multilingual support
• Describe in detail:
• AI-powered capabilities:
• Virtual agent
• AI model governance:
• Training data sources
• Accuracy monitoring
• Accessibility compliance (e.g., ADA, WCAG)
• Include performance metrics where available.

6. Identity Verification and Fraud Prevention Vendors should describe:

• Identity verification methods supported , such as document validation, biometric,

behavioral, database checks, or combinations

• Bank account verification approaches, including real -time and post -verification methods ,

such as: Ongoing monitoring of invalid routing numbers

• Fraud detection models and scoring methodologies , such as risk scoring, behavioral

analytics, anomaly detection

• How are false positives and false negatives handled
• Ability to adapt models based on emerging fraud patterns
• Auditability of verification and fraud decisions
• The NIST SP 800- 63 Identify Assurance Level (s) *IAL1, IAL2, IAL3) supported by the

solution, including how the level is achieved and validated.

• Ability to apply different IAL levels based on transaction risk (e.g., new onboarding vs.

Banking updates).

• Techniques used to detect and prevent potential duplicate identities
• Compliance with relevant standards
• Auditability and traceability of identity events
• Integration with third -party verification services (if applicable)

7. Supplier Onboarding and Maintenance Automation Vendors should outline:

• End-to-end onboarding automated and human workflow support
• Supplier self -service capabilities for registration and updates
• Controls for user account creation for self -service capabilities
• Automation of disabling/inactivation of user accounts due to inactivity and supplier files

due to lack of payment activity

• Validation of W -9/W-8, TIN matching, address , banking information (including account

ownership) , and contact information such as phone number and email address 6 • Controls of changes to sensitive supplier data

• Controls for supplier creation to prevent duplication
• Exception handling and escalation workflows
• How data accuracy, completeness, and compliance are enforced
• Automated notification capabilities
• Workflow configurability vs. hard- coded processes
• Provide process diagrams where possible.

8. Integration and Interoperability Vendors should provide:

• Integration approach with PeopleSoft E RP, read- only for pilot , including governance and

monitoring tools

• API standards supported, REST, SOAP, etc.
• Pre-built connectors
• Middleware compatibility
• Data exchange formats
• Support for batch and real -time integration
• Experience integrating with ERP or financial systems in public sector environments
• Alignment with future data consolidation initiatives

9. Data Management, Security, and Privacy Vendors should describe:

• Data storage, residency, disposal, and retention practices
• Encryption standards, in transit and at rest utilizing F IPS 140-2 or 140- 3.
• Role-based access controls and authentication methods
• Compliance with relevant standards, such as SOC 2, ISO 27001, or similar
• Privacy controls related to PII and financial data
• Incident response and breach notification processes
• Identity and access management model
• Data ownership policy
• Whether any supplier or State data is used for model training or analytics and under what

conditions. 10. Reporting, Metrics, and Audit Logging Vendors should explain:

• Standard reports and dashboards provided
• Metrics related to automation rates, verification success, fraud detection, and cycle time

reduction

• Audit logs available for supplier and state employee actions and system decisions
• Export and integration options for reporting data
• Custom reporting capabilities

11. Implementation Approach and Pilot Support Vendors should include:

• Proposed approach for the AI Attendant pilot
• Estimated implementation timeline in public sector and key milestones
• Roles and responsibilities for vendor and State
• Change management and training approach
• Dependences , constraints, and key risks
• Lessons learned from similar public sector implementations

12. Scalability and Future Roadmap Vendors should describe: 7 • Ability to scale transaction volumes and user counts

• Support for additional agencies or programs
• Product roadmap related to identity verification, fraud prevention, and AI capabilities
• Approach to continuous improvement and innovation

13. Assumptions, Risks, and Constraints Vendors should clearly identify:

• Key assumptions underlying their solution
• Known risks and proposed mitigation strategies
• Technical or operational constraints the State should consider
• Third -party dependencies
• Licensing limitations

COST INFORMATIONAL FORM Note: 3 -15 are narrative prompts , not mandatory pricing tables 1. Describe what pricing units you typically utilize for similar services or goods (e.g., per hour, each, etc.: 2. Describe the typical price range for similar services or goods 3. Pricing Model Overview Vendors should describe:

• Pricing model structure, such as subscription- based, usage- based, transaction- based, or

hybrid

• Cost drivers, including number of suppliers, transactions, verifications, users, or channels
• How pricing differs between pilot and enterprise- scale deployment
• Minimum commitments, if any
• Flexibility of pricing as scope evolves

4. Pilot Cost Estimates Vendors should provide:

• Estimated costs for an AI Attendant pilot, including setup, configuration, and licensing
• Duration assumptions for the pilot
• Any one- time versus recurring costs
• Items included and excluded from the pilot cost estimate

5. Ongoing and Enterprise -Scale Costs Vendors should outline:

• Estimated recurring costs for ongoing operations post -pilot
• Cost implications for expanding to full supplier onboarding, identity verification, and bank account verification
• Volume- based pricing thresholds and discount structures
• Cost impacts of adding agencies, programs, or additional use cases

6. Implementation and Professional Services Vendors should outline:

• One- time implementation or onboarding fees
• Professional services offerings and rate structures
• Whether implementation services are required or optional

8 • Assumptions regarding State -provided resources 7. Integration and Customization Costs Vendors should outline:

• Costs associated with ERP integration, including PeopleSoft Edison
• Custom development or configuration fees, if applicable
• API usage or data transfer costs
• Cost implications of future integrations

8. Data, Security, and Compliance Costs Vendors should outline:

• Any additional costs related to enhanced security, compliance, or audit requirements
• Fees for data storage, retention, disposal, or archival beyond standard thresholds
• Costs associated with regulatory or audit support

9. Support, Maintenance, and Service Levels Vendors should provide:

• Standard support tiers and associated costs
• Service level agreement options and pricing impacts
• Upgrade and maintenance policies, including cost implications

10. Cost Transparency and Total Cost of Ownership Vendors should describe:

• Approach to cost predictability and transparency
• Known or potential cost escalation factors
• Typical total cost of ownership over one, three, and five years, at a high level
• Termination, transition, or exit -related costs, if applicable

11. Assumptions, Constraints, and Risks Vendors should clearly state:

• Assumptions used in developing cost estimates
• Constraints that may affect pricing
• Risks that could impact cost stability and how they are mitigated

12. Scalability and Volume Sensitivity Vendors should clearly state:

• How costs change as supplier counts, transaction volumes, or verification frequency

increase

• Thresholds where pricing materially shifts
• Protection against unexpected cost spikes

13. Change Management and Training Costs Vendors should clearly state:

• Costs associated with training State staff and suppliers
• Availability of standard versus customized training materials
• Costs related to onboarding additional agencies or user groups

14. Data Migration and Historical Data Use Vendors should clearly state:

• Whether historical supplier data can be ingested or referenced
• One- time or ongoing costs for data migration or normalization
• Costs associated with validating or cleansing legacy data

9 15. Performance Guarantees and Financial Remedies Vendors should clearly state:

• Whether pricing is tied to performance metrics or outcomes
• Availability of service credits or financial remedies tied to SLAs
• Any guarantees related to automation rates or verification success

ADDITIONAL CONSIDERATIONS 1. Please provide input on alternative approaches or additional things to consider that might benefit the State: 2. Vendors are encouraged to identify any additional cost considerations not explicitly requested that could materially impact total cost of ownership, affordability, or financial risk for the State. 3. Governance, Oversight, and Operating Model Vendors should outline:

• Recommended governance model for AI oversight
• Roles and responsibilities between vendor and State
• How model updates, rule changes, and policy shifts are managed
• Support for audit, compliance reviews, and legislative inquiries

4. AI Ethics, Transparency, and Explainability Vendors should outline:

• How AI decisions are explainable to staff, auditors, and suppliers
• Bias detection and mitigation approaches
• Human review and override capabilities
• Alignment with responsible AI principles

5. Supplier Experience and Accessibility Vendors should outline:

• Supplier -facing user experience design principles
• Accessibility compliance, such as WCAG standards
• Language support and usability for small or low -tech suppliers
• Transparency of verification status and next steps

6. Regulatory and Policy Alignment Vendors should outline:

• Relevant regulatory frameworks they support
• Experience with audits, legislative oversight, or public records requests
• Alignment with State finance, procurement, and data policies

7. Future Solicitations Subsequent to this RFI, the State would like to send future procurement/bid invites to vendors that participate.

• Please provide info on which public sector cooperative purchasing agreements (if any) you

currently provide these services ( Ex NASPO) .

• Please confirm if you are already registered vendor with the State of Tennessee (have a TN

Supplier ID#).