Zum Inhalt springen
IJONIS Logo
IJONIS
Back to projects
FinMantis

FinMantis: Beneficiary Risk Control Platform

SaaS control layer for supplier bank detail validation, multi-level approval workflows, and audit-ready compliance with OCR and AVS integrations.

ReactTypeScriptFastAPIPostgreSQLTailwind CSSGoogle Document AIFirebase AuthVisit website
www.finmantis.com
FinMantis platform dashboard showing supplier verification workflow and approval pipeline
Case Study

The Problem

Every year, businesses lose millions to supplier payment fraud — fraudulent bank detail changes, compromised supplier accounts, and social engineering attacks that redirect payments to criminal accounts. Traditional controls rely on spreadsheets, email approvals, and manual phone verification. These are slow, inconsistent, and leave no defensible audit trail.

For finance teams managing hundreds of suppliers, the risk compounds: a single fraudulent bank detail change can result in six- or seven-figure losses. Regulators increasingly demand demonstrable controls, and "we called to verify" is no longer an acceptable answer.

The Solution

We built a standalone SaaS control layer that governs the entire lifecycle of supplier bank details — from initial capture through validation, multi-level approval, and ongoing audit. FinMantis sits between the supplier and the ERP system, ensuring no bank detail reaches the payment engine without structured verification.

The platform combines OCR-assisted document verification with automated bank account verification (AVS), enforces maker-checker segregation of duties at system level, and maintains an immutable audit trail for every action.

Features

Maker-Checker Enforcement

The core control: the preparer who submits a supplier record can never be the approver. This segregation of duties is enforced at system level — not by policy, not by training, but by architecture. The system simply does not allow it.

Configurable Multi-Level Approval Workflows

Organizations configure their own approval chains: single approval for low-risk changes, dual approval for bank detail updates, multi-step escalation for high-value suppliers. Each step is assigned to specific roles or individuals.

Supplier Portal with OTP Authentication

Suppliers submit their own bank details through a secure portal. Access is controlled via HMAC-signed invitation tokens and OTP verification — no passwords to manage, no credentials to compromise.

OCR-Assisted Document Verification

When suppliers upload bank confirmation letters, Google Document AI extracts account holder name, bank name, account number, and branch code. The system automatically cross-references extracted values against the manually entered data and flags any discrepancies for human review.

Automated Bank Account Verification

Before any supplier record can be approved, the system runs an automated AVS check against banking networks. This confirms the account exists, is active, and matches the declared account holder — catching errors and fraud before payment.

Immutable Audit Trail

Every action in the system is logged to an append-only audit trail: who did what, when, and what changed. Creation, edits, approvals, rejections, reassignments — all recorded with before/after values. Nothing can be modified or deleted.

Role-Based Access with Workflow Assignment

Users are assigned roles that determine what they can see and do. Preparers create records, approvers review them, admins configure workflows. Each role maps to specific permissions within the approval pipeline.

Preparer Reassignment

When a preparer is unavailable or leaves the organization, pending work can be reassigned to another preparer without breaking the audit chain. No supplier record becomes orphaned.

Super Admin Console

Platform-wide tenant management with MFA. Super admins provision new organizations, manage user accounts across tenants, and monitor system health — all from a single console.

Results

  • Fraud risk reduction: Structured verification through OCR cross-checks, automated AVS, and enforced multi-level approval eliminates the manual gaps that fraud exploits
  • Audit-ready compliance: The immutable audit trail provides a complete, defensible record of every supplier bank detail change — ready for internal audit, external audit, or regulatory review
  • Faster supplier onboarding: The supplier portal with OTP authentication lets suppliers submit their own details, eliminating back-and-forth emails and manual data entry
  • Operational control: Maker-checker enforcement and configurable approval workflows ensure no bank detail change bypasses established controls

FinMantis demonstrates how AI agents and document intelligence can transform financial controls — turning manual verification into automated, auditable workflows.

Results

Fraud risk reduction and audit-ready compliance through structured verification and maker-checker enforcement

Frequently Asked Questions

What is maker-checker enforcement?+

Maker-checker is a segregation-of-duties control where the person who prepares a supplier record can never approve it. FinMantis enforces this at system level — no configuration needed, no workarounds possible.

How does the OCR verification work?+

When a supplier uploads a bank confirmation letter or statement, Google Document AI extracts account details automatically. The system cross-references extracted data against manually entered fields and flags any mismatches for review.

Can approval workflows be customized per organization?+

Yes. Each tenant can configure single-approval, dual-approval, or multi-step escalation workflows. Approval chains can be assigned by role, department, or transaction threshold.

What happens when a preparer leaves the company?+

FinMantis includes preparer reassignment so no supplier record becomes orphaned. Admins can reassign pending work to another preparer without losing audit history.

Is the audit trail tamper-proof?+

The audit trail is append-only by design. Every action — creation, edit, approval, rejection, reassignment — is logged with timestamp, user, and before/after values. Records cannot be modified or deleted.

Sources & References

More Case Studies
AI Readiness Check: Interactive Assessment Tool website preview
01

AI Readiness Check: Interactive Assessment Tool

Interactive assessment evaluating company automation readiness with AI-generated action plans.

Next.jsGoogle GeminiSupabase
Audit Engine: AI-Readiness Assessments at Scale website preview
02

Audit Engine: AI-Readiness Assessments at Scale

AI-readiness assessments with personalized roadmaps. Batch-process 10 companies in parallel with agentic research.

Claude AISupabaseTypeScript
www.flat-magic.com
Flat Magic: 500 Products in 3 Minutes Instead of 6 Hours website preview
03

Flat Magic: 500 Products in 3 Minutes Instead of 6 Hours

AI-powered Amazon product analysis. Automatic product variation detection with Gemini AI.

ReactTypeScriptFastAPI
Live
Let's talk

Interested in a similar project?.

Keith Govender

Keith Govender

Managing Partner

LinkedInWhatsApp
Book appointment

Auch verfügbar auf Deutsch: Jamin Mahmood-Wiebe

Send a message

This site is protected by reCAPTCHA and the Google Privacy Policy Terms of Service apply.