HeliosGroup/vendor-onboarding-l4
MCP Server
Active
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
rg4444
2026-03-21 20:17:36 +02:00
commit d1ca643d94
11 changed files with 1307 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
README.md Normal file
View File

@@ -0,0 +1,71 @@
# Vendor Onboarding & Approval — UAPF Level 4 Process Package
> **HeliosGroup** · Procurement Operations · Process-as-Code
## Overview
This repository contains a fully executable, AI-governed **Level-4 UAPF process package** for the end-to-end Vendor Onboarding & Approval workflow at HeliosGroup.
The process covers everything from initial vendor submission through sanctions screening, financial risk scoring, legal review, and IT provisioning — with AI agents orchestrating compliance checks at every gate.
## Process Summary
| Stage | Owner | AI Role |
|---|---|---|
| Vendor Submission | Procurement Officer | Form validation & completeness check |
| Sanctions & Compliance Screening | AI Compliance Agent | Real-time OFAC/EU sanctions lookup |
| Financial Risk Scoring | Finance & Tax | DMN-driven risk tier assignment |
| Legal Review | Legal & Contracts | AI-assisted contract clause review |
| IT Provisioning | IT Systems | Automated account & access setup |
| Approval & Activation | Procurement Officer | Final sign-off with audit trail |
## Repository Structure
```
vendor-onboarding-l4/
├── uapf.yaml # UAPF L4 package manifest
├── enterprise/
│ └── enterprise.yaml # Enterprise index reference
├── bpmn/
│ └── vendor-onboarding.bpmn.xml # Main process (5 swim lanes)
├── dmn/
│ └── vendor-risk-scoring.dmn.xml # Risk tier decision table
├── cmmn/
│ └── sanctions-exception.cmmn.xml # Sanctions escalation case
├── resources/
│ └── mappings.yaml # System & agent bindings
├── metadata/
│ ├── lifecycle.yaml
│ └── ownership.yaml
├── processgit.mcp.yaml # MCP server configuration
└── agent.chat.yaml # AI chat assistant configuration
```
## Key Features
- **AI-first design** — Sanctions screening, risk scoring, and contract review are all AI-executed tasks
- **Sanctions exception handling** — Dedicated CMMN case manages the full escalation path when a vendor matches a watchlist
- **DMN risk scoring** — Vendor risk tier is computed from country risk, financial health, and ownership structure
- **MCP-accessible** — All process data is queryable by AI agents via the built-in MCP server
- **Full audit trail** — Every decision is version-controlled and replayable
## Quick Start (Chat Assistant)
This repository includes an AI chat assistant. Click the **Chat** icon in the file tree to ask questions like:
- *"What should I do if the onboarding organization is under sanctions?"*
- *"Describe the full vendor onboarding process"*
- *"What documents are required for a Tier 1 high-risk vendor?"*
- *"Who approves vendors from high-risk jurisdictions?"*
## Standards & Compliance
- UAPF v1.0 compliant (Level 4 — executable process)
- BPMN 2.0 · DMN 1.3 · CMMN 1.1
- OFAC / EU Consolidated Sanctions List screening
- GDPR-aware data handling (vendor PII minimized)
- EU AI Act Art. 9 risk management documentation
---
*Powered by [ProcessGit](https://processgit.org) — Git for Processes*

79
agent.chat.yaml Normal file
View File

@@ -0,0 +1,79 @@
version: "1.0"
ui:
name: "Helios Procurement AI"
subtitle: "Vendor Onboarding & Compliance Assistant"
welcome_message: |
Welcome to the **HeliosGroup Vendor Onboarding Assistant**.
I have full knowledge of our vendor onboarding process, risk scoring rules, sanctions procedures, and compliance requirements.
Ask me anything — for example:
- *"What should I do if the vendor is under sanctions?"*
- *"Describe the full vendor onboarding process"*
- *"What documents are required for a high-risk vendor?"*
- *"Who approves a Tier 1 vendor from a high-risk country?"*
quick_questions:
- "What should I do if the onboarding organization is under sanctions?"
- "Describe the full vendor onboarding process step by step"
- "What documents are required for vendor onboarding?"
- "How is vendor risk tier calculated?"
- "Who has authority to approve a high-risk Tier 1 vendor?"
- "What is the difference between a direct and indirect sanctions match?"
llm:
provider: "anthropic"
model: "claude-sonnet-4-5"
api_key_ref: "ANTHROPIC_API_KEY"
max_tokens: 1500
temperature: 0.2
system_prompt: |
You are the HeliosGroup Procurement AI Assistant — an expert on the company's
Vendor Onboarding & Approval process.
You have access to the complete process documentation through MCP tools, including:
- The full BPMN onboarding workflow with 5 swim lanes
- DMN risk scoring rules (Tier 1/2/3 classification)
- CMMN sanctions exception and escalation case
- System and agent resource mappings
Your role is to help procurement officers, legal staff, and finance teams
understand and navigate the vendor onboarding process confidently.
Communication style:
- Be clear, concise, and actionable
- Always cite the specific process step or rule when relevant
- For sanctions questions, be precise about escalation paths
- For risk questions, explain the scoring criteria clearly
- Use numbered steps for procedural answers
When a user asks about sanctions, always:
1. Explain what the AI Compliance Agent does first (automatic screening)
2. Describe the escalation path to Legal
3. Mention the CMMN exception case that is opened
4. Clarify that direct matches require CEO/CLO review
When a user asks about risk tiers:
- Tier 1 = Enhanced Due Diligence, CPO + legal approval, 30-day review
- Tier 2 = Standard Due Diligence, Director approval, 10-14 days
- Tier 3 = Simplified Due Diligence, Officer approval, 5-7 days
mcp:
use_repo_mcp: true
allowed_tools:
- search
- get_entity
- list_entities
- describe_model
- generate_document
access:
visibility: "public"
rate_limits:
requests_per_minute: 20
requests_per_day: 200
max_conversation_turns: 30
history:
enabled: false

13
enterprise.yaml Normal file
View File

@@ -0,0 +1,13 @@
kind: uapf.enterprise.index
level: 0
enterprise:
id: heliosgroup
name: HeliosGroup
description: >
HeliosGroup enterprise process catalog — AI-governed operational
processes across procurement, finance, legal, and IT domains.
packages:
- ref: ../vendor-onboarding-l4
level: 4
domain: procurement
description: Vendor Onboarding & Approval with AI compliance screening

18
lifecycle.yaml Normal file
View File

@@ -0,0 +1,18 @@
kind: uapf.metadata.lifecycle
status: stable
version: 1.0.0
effectiveFrom: "2026-01-01"
effectiveUntil: null
reviewCycle: annual
lastReview: "2026-01-15"
nextReview: "2027-01-15"
approvals:
- approver: Chief Procurement Officer
date: "2026-01-15"
status: approved
- approver: Chief Legal Officer
date: "2026-01-15"
status: approved
- approver: Chief Compliance Officer
date: "2026-01-15"
status: approved

75
mappings.yaml Normal file
View File

@@ -0,0 +1,75 @@
version: "1.0"
mappings:
- taskId: Task_ValidateSubmission
type: human_role
resource: procurement-officer
role: Procurement Officer
- taskId: Task_RegisterVendor
type: system_api
resource: master-data-management
endpoint: /api/v1/vendors/register
- taskId: Task_SanctionsScreening
type: ai_agent
resource: ai-compliance-agent
capabilities:
- ofac_screening
- eu_sanctions_lookup
- un_consolidated_list
endpoint: /api/v1/compliance/sanctions-check
- taskId: Task_OwnershipCheck
type: ai_agent
resource: ai-compliance-agent
capabilities:
- ubo_analysis
- corporate_structure_mapping
- pep_screening
- taskId: Task_RiskScoring
type: decision_engine
resource: dmn-engine
decisionRef: Decision_VendorRiskTier
inputs:
- countryCode
- creditScore
- ownershipStructure
- annualContractValue
- yearsTrading
- taskId: Task_LegalReview
type: human_role
resource: legal-counsel
role: Legal & Compliance Officer
- taskId: Task_ContractDrafting
type: human_role
resource: legal-counsel
role: Contract Specialist
ai_assist: true
ai_capabilities:
- clause_suggestion
- risk_clause_detection
- taskId: Task_CreateVendorProfile
type: system_api
resource: sap-erp
endpoint: /api/v1/vendors/create
system: SAP S/4HANA
- taskId: Task_ProvisionPortalAccess
type: system_api
resource: vendor-portal
endpoint: /api/v1/access/provision
- taskId: Task_SetupPaymentDetails
type: system_api
resource: treasury-system
endpoint: /api/v1/payment/setup
- taskId: Task_IntegrateERP
type: system_api
resource: sap-erp
endpoint: /api/v1/vendors/activate
system: SAP S/4HANA

24
ownership.yaml Normal file
View File

@@ -0,0 +1,24 @@
kind: uapf.metadata.ownership
owner:
team: procurement-ops
contact: procurement@heliosgroup.com
department: Group Procurement Operations
stakeholders:
- name: Legal & Compliance
role: Process Reviewer
contact: legal@heliosgroup.com
- name: Finance & Tax
role: Risk Scoring Owner
contact: finance@heliosgroup.com
- name: IT & Systems
role: Integration Owner
contact: it@heliosgroup.com
- name: Group Risk Committee
role: Oversight
contact: risk@heliosgroup.com
escalation:
level_1: procurement@heliosgroup.com
level_2: legal@heliosgroup.com
level_3: cpo@heliosgroup.com

54
processgit.mcp.yaml Normal file
View File

@@ -0,0 +1,54 @@
version: 1
server:
name: "HeliosGroup Vendor Onboarding MCP"
description: >
MCP server for the HeliosGroup Vendor Onboarding & Approval process package.
Provides AI agents with structured access to process definitions, risk scoring
rules, sanctions handling procedures, and compliance requirements.
instructions: >
This server exposes the complete Vendor Onboarding & Approval process at HeliosGroup.
Use 'search' to find process steps, compliance rules, or risk criteria by keyword.
Use 'get_entity' to retrieve full details of specific tasks, decisions, or cases.
Use 'list_entities' to browse by type (task, decision, case, resource).
Use 'generate_document' to produce a formatted process summary.
Key entities: vendor-onboarding-process (BPMN), vendor-risk-scoring (DMN),
sanctions-exception (CMMN), resource-mappings.
sources:
- path: "bpmn/vendor-onboarding.bpmn.xml"
type: "xml"
description: >
Main vendor onboarding BPMN process — 5 swim lanes covering Procurement,
AI Compliance, Legal, Finance, and IT. Includes sanctions screening path,
parallel compliance checks, risk-tiered due diligence, and IT provisioning.
- path: "dmn/vendor-risk-scoring.dmn.xml"
type: "xml"
description: >
Vendor risk scoring DMN decision tables. Computes risk tier (1/2/3),
required due diligence level, approval authority, and review timeline
based on country risk, financial health, and ownership structure.
Includes country risk classification and FATF/sanctions list checks.
- path: "cmmn/sanctions-exception.cmmn.xml"
type: "xml"
description: >
Sanctions exception and escalation CMMN case. Activated when AI agent
detects a sanctions match. Covers initial assessment, legal investigation,
executive escalation (for direct matches or contracts > €500K),
and formal resolution with audit trail.
- path: "resources/mappings.yaml"
type: "xml"
description: >
System and agent resource mappings — shows which AI agents, human roles,
and enterprise systems (SAP ERP, vendor portal, treasury) handle each task.
- path: "uapf.yaml"
type: "xml"
description: "UAPF package manifest with process metadata, owners, and tags."
- path: "README.md"
type: "xml"
description: "Process overview, stage summary table, compliance standards."

145
sanctions-exception.cmmn.xml Normal file
View File

@@ -0,0 +1,145 @@
<?xml version="1.0" encoding="UTF-8"?>
<cmmn:definitions xmlns:cmmn="http://www.omg.org/spec/CMMN/20151109/MODEL"
xmlns:cmmndi="http://www.omg.org/spec/CMMN/20151109/CMMNDI"
xmlns:dc="http://www.omg.org/spec/CMMN/20151109/DC"
id="SanctionsExceptionCase"
targetNamespace="https://processgit.org/heliosgroup/sanctions-exception">
<cmmn:case id="Case_SanctionsException" name="Sanctions Exception &amp; Escalation Case">
<cmmn:casePlanModel id="CasePlanModel_1" name="Sanctions Match — Manual Review &amp; Override Process">
<!-- Stage 1: Initial Assessment -->
<cmmn:planItem id="PI_InitialAssessment" definitionRef="Stage_InitialAssessment">
<cmmn:entryCriterion id="EC_1" sentryRef="Sentry_CaseOpened"/>
</cmmn:planItem>
<!-- Stage 2: Legal Investigation -->
<cmmn:planItem id="PI_LegalInvestigation" definitionRef="Stage_LegalInvestigation">
<cmmn:entryCriterion id="EC_2" sentryRef="Sentry_AssessmentComplete"/>
</cmmn:planItem>
<!-- Stage 3: Executive Escalation (conditional) -->
<cmmn:planItem id="PI_ExecutiveEscalation" definitionRef="Stage_ExecutiveEscalation">
<cmmn:entryCriterion id="EC_3" sentryRef="Sentry_EscalationRequired"/>
</cmmn:planItem>
<!-- Stage 4: Resolution -->
<cmmn:planItem id="PI_Resolution" definitionRef="Stage_Resolution">
<cmmn:entryCriterion id="EC_4" sentryRef="Sentry_DecisionMade"/>
</cmmn:planItem>
<!-- Milestone: Case Closed -->
<cmmn:planItem id="PI_CaseClosed" definitionRef="Milestone_CaseClosed">
<cmmn:entryCriterion id="EC_5" sentryRef="Sentry_ResolutionComplete"/>
</cmmn:planItem>
<!-- SENTRIES -->
<cmmn:sentry id="Sentry_CaseOpened">
<cmmn:planItemOnPart id="POP_1" sourceRef="PI_InitialAssessment">
<cmmn:standardEvent>create</cmmn:standardEvent>
</cmmn:planItemOnPart>
</cmmn:sentry>
<cmmn:sentry id="Sentry_AssessmentComplete">
<cmmn:planItemOnPart id="POP_2" sourceRef="PI_InitialAssessment">
<cmmn:standardEvent>complete</cmmn:standardEvent>
</cmmn:planItemOnPart>
</cmmn:sentry>
<cmmn:sentry id="Sentry_EscalationRequired">
<cmmn:ifPart id="IP_1">
<cmmn:condition id="Cond_1"><cmmn:body>sanctionsMatchType == "DIRECT" || contractValue &gt; 500000</cmmn:body></cmmn:condition>
</cmmn:ifPart>
</cmmn:sentry>
<cmmn:sentry id="Sentry_DecisionMade">
<cmmn:planItemOnPart id="POP_3" sourceRef="PI_LegalInvestigation">
<cmmn:standardEvent>complete</cmmn:standardEvent>
</cmmn:planItemOnPart>
</cmmn:sentry>
<cmmn:sentry id="Sentry_ResolutionComplete">
<cmmn:planItemOnPart id="POP_4" sourceRef="PI_Resolution">
<cmmn:standardEvent>complete</cmmn:standardEvent>
</cmmn:planItemOnPart>
</cmmn:sentry>
<!-- STAGE DEFINITIONS -->
<!-- Stage 1: Initial Assessment -->
<cmmn:stage id="Stage_InitialAssessment" name="Initial Sanctions Assessment">
<cmmn:planItem id="PI_ReviewAlert" definitionRef="Task_ReviewSanctionsAlert"/>
<cmmn:planItem id="PI_ClassifyMatch" definitionRef="Task_ClassifyMatchType">
<cmmn:entryCriterion id="EC_S1_1" sentryRef="Sentry_S1_AlertReviewed"/>
</cmmn:planItem>
<cmmn:planItem id="PI_CheckFalsePositive" definitionRef="Task_CheckFalsePositive">
<cmmn:entryCriterion id="EC_S1_2" sentryRef="Sentry_S1_Classified"/>
</cmmn:planItem>
<cmmn:sentry id="Sentry_S1_AlertReviewed">
<cmmn:planItemOnPart id="POP_S1_1" sourceRef="PI_ReviewAlert">
<cmmn:standardEvent>complete</cmmn:standardEvent>
</cmmn:planItemOnPart>
</cmmn:sentry>
<cmmn:sentry id="Sentry_S1_Classified">
<cmmn:planItemOnPart id="POP_S1_2" sourceRef="PI_ClassifyMatch">
<cmmn:standardEvent>complete</cmmn:standardEvent>
</cmmn:planItemOnPart>
</cmmn:sentry>
<cmmn:humanTask id="Task_ReviewSanctionsAlert" name="Review Sanctions Alert Details"/>
<cmmn:humanTask id="Task_ClassifyMatchType" name="Classify: Direct / Indirect / False Positive"/>
<cmmn:humanTask id="Task_CheckFalsePositive" name="Verify False Positive against Source Lists"/>
</cmmn:stage>
<!-- Stage 2: Legal Investigation -->
<cmmn:stage id="Stage_LegalInvestigation" name="Legal Investigation">
<cmmn:planItem id="PI_RequestLegalOpinion" definitionRef="Task_RequestLegalOpinion"/>
<cmmn:planItem id="PI_ReviewUBO" definitionRef="Task_ReviewUBOStructure">
<cmmn:itemControl id="IC_UBO"><cmmn:manualActivationRule/></cmmn:itemControl>
</cmmn:planItem>
<cmmn:planItem id="PI_ContactAuthorities" definitionRef="Task_ContactRegulatoryAuthorities">
<cmmn:itemControl id="IC_Auth"><cmmn:manualActivationRule/></cmmn:itemControl>
</cmmn:planItem>
<cmmn:planItem id="PI_DocumentFindings" definitionRef="Task_DocumentLegalFindings"/>
<cmmn:humanTask id="Task_RequestLegalOpinion" name="Request Legal Opinion from Counsel"/>
<cmmn:humanTask id="Task_ReviewUBOStructure" name="Review Ultimate Beneficial Ownership Structure"/>
<cmmn:humanTask id="Task_ContactRegulatoryAuthorities" name="Contact Regulatory Authorities (if required)"/>
<cmmn:humanTask id="Task_DocumentLegalFindings" name="Document Legal Findings &amp; Recommendation"/>
</cmmn:stage>
<!-- Stage 3: Executive Escalation -->
<cmmn:stage id="Stage_ExecutiveEscalation" name="Executive Escalation">
<cmmn:planItem id="PI_PrepareExecBrief" definitionRef="Task_PrepareExecutiveBriefing"/>
<cmmn:planItem id="PI_ExecReview" definitionRef="Task_ExecutiveReview"/>
<cmmn:planItem id="PI_BoardNotification" definitionRef="Task_BoardNotification">
<cmmn:itemControl id="IC_Board"><cmmn:manualActivationRule/></cmmn:itemControl>
</cmmn:planItem>
<cmmn:humanTask id="Task_PrepareExecutiveBriefing" name="Prepare Executive Briefing Document"/>
<cmmn:humanTask id="Task_ExecutiveReview" name="CEO / CLO Decision Review"/>
<cmmn:humanTask id="Task_BoardNotification" name="Notify Board Audit &amp; Risk Committee"/>
</cmmn:stage>
<!-- Stage 4: Resolution -->
<cmmn:stage id="Stage_Resolution" name="Case Resolution">
<cmmn:planItem id="PI_RecordDecision" definitionRef="Task_RecordFinalDecision"/>
<cmmn:planItem id="PI_UpdateWatchlist" definitionRef="Task_UpdateInternalWatchlist"/>
<cmmn:planItem id="PI_NotifyProcurement" definitionRef="Task_NotifyProcurement"/>
<cmmn:humanTask id="Task_RecordFinalDecision" name="Record Final Decision in Audit Trail"/>
<cmmn:serviceTask id="Task_UpdateInternalWatchlist" name="Update Internal Vendor Watchlist"/>
<cmmn:humanTask id="Task_NotifyProcurement" name="Notify Procurement of Outcome"/>
</cmmn:stage>
<cmmn:milestone id="Milestone_CaseClosed" name="Sanctions Case Closed"/>
</cmmn:casePlanModel>
</cmmn:case>
<cmmndi:CMMNDI>
<cmmndi:CMMNDiagram id="CMMNDiagram_1">
<cmmndi:CMMNShape id="CS_CasePlan" cmmnElementRef="CasePlanModel_1"><dc:Bounds x="50" y="50" width="1100" height="600"/></cmmndi:CMMNShape>
<cmmndi:CMMNShape id="CS_S1" cmmnElementRef="PI_InitialAssessment"><dc:Bounds x="100" y="100" width="220" height="180"/></cmmndi:CMMNShape>
<cmmndi:CMMNShape id="CS_S2" cmmnElementRef="PI_LegalInvestigation"><dc:Bounds x="360" y="100" width="220" height="200"/></cmmndi:CMMNShape>
<cmmndi:CMMNShape id="CS_S3" cmmnElementRef="PI_ExecutiveEscalation"><dc:Bounds x="620" y="100" width="220" height="180"/></cmmndi:CMMNShape>
<cmmndi:CMMNShape id="CS_S4" cmmnElementRef="PI_Resolution"><dc:Bounds x="880" y="100" width="220" height="180"/></cmmndi:CMMNShape>
<cmmndi:CMMNShape id="CS_Milestone" cmmnElementRef="PI_CaseClosed"><dc:Bounds x="880" y="450" width="100" height="60"/></cmmndi:CMMNShape>
<cmmndi:CMMNShape id="CS_EC2" cmmnElementRef="EC_2"><dc:Bounds x="350" y="175" width="20" height="28"/></cmmndi:CMMNShape>
<cmmndi:CMMNShape id="CS_EC3" cmmnElementRef="EC_3"><dc:Bounds x="610" y="175" width="20" height="28"/></cmmndi:CMMNShape>
<cmmndi:CMMNShape id="CS_EC4" cmmnElementRef="EC_4"><dc:Bounds x="870" y="175" width="20" height="28"/></cmmndi:CMMNShape>
</cmmndi:CMMNDiagram>
</cmmndi:CMMNDI>
</cmmn:definitions>

35
uapf.yaml Normal file
View File

@@ -0,0 +1,35 @@
kind: uapf.package
id: uapf.heliosgroup.vendor-onboarding
name: Vendor Onboarding & Approval
description: >
End-to-end vendor onboarding process with AI-powered sanctions screening,
financial risk scoring, legal review, and IT provisioning.
Fully executable at Level 4 with MCP-accessible process data.
level: 4
version: 1.0.0
includes: []
cornerstones:
bpmn: true
dmn: true
cmmn: true
resources: true
paths:
bpmn: bpmn
dmn: dmn
cmmn: cmmn
resources: resources
metadata: metadata
owners:
- type: team
id: procurement-ops
contact: procurement@heliosgroup.com
- type: team
id: legal-compliance
contact: legal@heliosgroup.com
lifecycle: stable
tags:
- procurement
- vendor-management
- sanctions-screening
- ai-governance
- eu-ai-act

567
vendor-onboarding.bpmn.xml Normal file
View File

@@ -0,0 +1,567 @@
<?xml version="1.0" encoding="UTF-8"?>
<bpmn:definitions xmlns:bpmn="http://www.omg.org/spec/BPMN/20100524/MODEL"
xmlns:bpmndi="http://www.omg.org/spec/BPMN/20100524/DI"
xmlns:dc="http://www.omg.org/spec/DD/20100524/DC"
xmlns:di="http://www.omg.org/spec/DD/20100524/DI"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
id="Definitions_VendorOnboarding"
targetNamespace="https://processgit.org/heliosgroup/vendor-onboarding"
name="Vendor Onboarding &amp; Approval">
<!-- ═══════════════════════════════════════════════════════
MESSAGES
═══════════════════════════════════════════════════════ -->
<bpmn:message id="Msg_VendorSubmission" name="VendorSubmissionReceived"/>
<bpmn:message id="Msg_SanctionsResult" name="SanctionsScreeningResult"/>
<bpmn:message id="Msg_RiskScoreResult" name="RiskScoringComplete"/>
<bpmn:message id="Msg_LegalApproval" name="LegalApprovalDecision"/>
<bpmn:message id="Msg_ITProvisioned" name="ITProvisioningComplete"/>
<bpmn:message id="Msg_VendorNotification" name="VendorNotification"/>
<!-- ═══════════════════════════════════════════════════════
COLLABORATION
═══════════════════════════════════════════════════════ -->
<bpmn:collaboration id="Collab_VendorOnboarding">
<bpmn:participant id="Pool_Helios" name="HeliosGroup — Vendor Onboarding &amp; Approval" processRef="Process_VendorOnboarding"/>
<bpmn:participant id="Pool_Vendor" name="Vendor / Supplier"/>
<bpmn:messageFlow id="MF_1" sourceRef="Pool_Vendor" targetRef="Start_VendorRequest"/>
<bpmn:messageFlow id="MF_2" sourceRef="Task_NotifyVendorApproved" targetRef="Pool_Vendor"/>
<bpmn:messageFlow id="MF_3" sourceRef="Task_NotifyVendorRejected" targetRef="Pool_Vendor"/>
</bpmn:collaboration>
<!-- ═══════════════════════════════════════════════════════
MAIN PROCESS
═══════════════════════════════════════════════════════ -->
<bpmn:process id="Process_VendorOnboarding" name="Vendor Onboarding &amp; Approval" isExecutable="true">
<!-- ─── LANE DEFINITIONS ─── -->
<bpmn:laneSet id="LaneSet_1">
<bpmn:lane id="Lane_Procurement" name="Procurement Officer">
<bpmn:flowNodeRef>Start_VendorRequest</bpmn:flowNodeRef>
<bpmn:flowNodeRef>Task_ValidateSubmission</bpmn:flowNodeRef>
<bpmn:flowNodeRef>GW_SubmissionComplete</bpmn:flowNodeRef>
<bpmn:flowNodeRef>Task_RequestMissingDocs</bpmn:flowNodeRef>
<bpmn:flowNodeRef>Task_RegisterVendor</bpmn:flowNodeRef>
<bpmn:flowNodeRef>GW_ForkCompliance</bpmn:flowNodeRef>
<bpmn:flowNodeRef>GW_JoinCompliance</bpmn:flowNodeRef>
<bpmn:flowNodeRef>GW_OverallDecision</bpmn:flowNodeRef>
<bpmn:flowNodeRef>Task_FinalApproval</bpmn:flowNodeRef>
<bpmn:flowNodeRef>Task_NotifyVendorApproved</bpmn:flowNodeRef>
<bpmn:flowNodeRef>Task_NotifyVendorRejected</bpmn:flowNodeRef>
<bpmn:flowNodeRef>Task_ArchiveRejection</bpmn:flowNodeRef>
<bpmn:flowNodeRef>End_Approved</bpmn:flowNodeRef>
<bpmn:flowNodeRef>End_Rejected</bpmn:flowNodeRef>
</bpmn:lane>
<bpmn:lane id="Lane_AI" name="AI Compliance Agent">
<bpmn:flowNodeRef>Task_SanctionsScreening</bpmn:flowNodeRef>
<bpmn:flowNodeRef>Task_OwnershipCheck</bpmn:flowNodeRef>
<bpmn:flowNodeRef>GW_SanctionsHit</bpmn:flowNodeRef>
<bpmn:flowNodeRef>Task_AutoReject_Sanctions</bpmn:flowNodeRef>
<bpmn:flowNodeRef>Task_GenerateRiskProfile</bpmn:flowNodeRef>
<bpmn:flowNodeRef>Evt_SanctionsTimeout</bpmn:flowNodeRef>
</bpmn:lane>
<bpmn:lane id="Lane_Legal" name="Legal &amp; Contracts">
<bpmn:flowNodeRef>Task_LegalReview</bpmn:flowNodeRef>
<bpmn:flowNodeRef>Task_ContractDrafting</bpmn:flowNodeRef>
<bpmn:flowNodeRef>GW_LegalDecision</bpmn:flowNodeRef>
<bpmn:flowNodeRef>Task_SanctionsEscalation</bpmn:flowNodeRef>
<bpmn:flowNodeRef>GW_EscalationDecision</bpmn:flowNodeRef>
</bpmn:lane>
<bpmn:lane id="Lane_Finance" name="Finance &amp; Tax">
<bpmn:flowNodeRef>Task_RiskScoring</bpmn:flowNodeRef>
<bpmn:flowNodeRef>Task_FinancialDueDiligence</bpmn:flowNodeRef>
<bpmn:flowNodeRef>GW_RiskTier</bpmn:flowNodeRef>
<bpmn:flowNodeRef>Task_EnhancedDueDiligence</bpmn:flowNodeRef>
<bpmn:flowNodeRef>Task_TaxVerification</bpmn:flowNodeRef>
</bpmn:lane>
<bpmn:lane id="Lane_IT" name="IT &amp; Systems">
<bpmn:flowNodeRef>Task_CreateVendorProfile</bpmn:flowNodeRef>
<bpmn:flowNodeRef>Task_ProvisionPortalAccess</bpmn:flowNodeRef>
<bpmn:flowNodeRef>Task_SetupPaymentDetails</bpmn:flowNodeRef>
<bpmn:flowNodeRef>GW_ForkIT</bpmn:flowNodeRef>
<bpmn:flowNodeRef>GW_JoinIT</bpmn:flowNodeRef>
<bpmn:flowNodeRef>Task_IntegrateERP</bpmn:flowNodeRef>
</bpmn:lane>
</bpmn:laneSet>
<!-- ─── START ─── -->
<bpmn:startEvent id="Start_VendorRequest" name="Vendor Onboarding&#10;Request Received">
<bpmn:outgoing>Flow_1</bpmn:outgoing>
<bpmn:messageEventDefinition messageRef="Msg_VendorSubmission"/>
</bpmn:startEvent>
<!-- ─── PROCUREMENT LANE ─── -->
<bpmn:userTask id="Task_ValidateSubmission" name="Validate Submission&#10;Completeness">
<bpmn:incoming>Flow_1</bpmn:incoming>
<bpmn:outgoing>Flow_2</bpmn:outgoing>
</bpmn:userTask>
<bpmn:exclusiveGateway id="GW_SubmissionComplete" name="All Documents&#10;Submitted?">
<bpmn:incoming>Flow_2</bpmn:incoming>
<bpmn:outgoing>Flow_3_Yes</bpmn:outgoing>
<bpmn:outgoing>Flow_3_No</bpmn:outgoing>
</bpmn:exclusiveGateway>
<bpmn:userTask id="Task_RequestMissingDocs" name="Request Missing&#10;Documents">
<bpmn:incoming>Flow_3_No</bpmn:incoming>
<bpmn:outgoing>Flow_RetryValidation</bpmn:outgoing>
</bpmn:userTask>
<bpmn:serviceTask id="Task_RegisterVendor" name="Register Vendor&#10;in Master Data">
<bpmn:incoming>Flow_3_Yes</bpmn:incoming>
<bpmn:outgoing>Flow_4</bpmn:outgoing>
</bpmn:serviceTask>
<bpmn:parallelGateway id="GW_ForkCompliance" name="Start Parallel&#10;Compliance Checks">
<bpmn:incoming>Flow_4</bpmn:incoming>
<bpmn:outgoing>Flow_ToSanctions</bpmn:outgoing>
<bpmn:outgoing>Flow_ToRiskScoring</bpmn:outgoing>
<bpmn:outgoing>Flow_ToLegal</bpmn:outgoing>
</bpmn:parallelGateway>
<bpmn:parallelGateway id="GW_JoinCompliance" name="All Checks&#10;Complete">
<bpmn:incoming>Flow_SanctionsOK</bpmn:incoming>
<bpmn:incoming>Flow_RiskComplete</bpmn:incoming>
<bpmn:incoming>Flow_LegalComplete</bpmn:incoming>
<bpmn:outgoing>Flow_ToDecision</bpmn:outgoing>
</bpmn:parallelGateway>
<bpmn:exclusiveGateway id="GW_OverallDecision" name="Overall&#10;Approval?">
<bpmn:incoming>Flow_ToDecision</bpmn:incoming>
<bpmn:outgoing>Flow_Approved</bpmn:outgoing>
<bpmn:outgoing>Flow_Rejected</bpmn:outgoing>
</bpmn:exclusiveGateway>
<bpmn:userTask id="Task_FinalApproval" name="Final Procurement&#10;Sign-Off">
<bpmn:incoming>Flow_Approved</bpmn:incoming>
<bpmn:outgoing>Flow_ToIT</bpmn:outgoing>
</bpmn:userTask>
<bpmn:sendTask id="Task_NotifyVendorApproved" name="Notify Vendor:&#10;Approved">
<bpmn:incoming>Flow_FromIT</bpmn:incoming>
<bpmn:outgoing>Flow_ToEnd_Approved</bpmn:outgoing>
</bpmn:sendTask>
<bpmn:sendTask id="Task_NotifyVendorRejected" name="Notify Vendor:&#10;Rejected">
<bpmn:incoming>Flow_Rejected</bpmn:incoming>
<bpmn:incoming>Flow_AutoRejected</bpmn:incoming>
<bpmn:outgoing>Flow_ToArchive</bpmn:outgoing>
</bpmn:sendTask>
<bpmn:serviceTask id="Task_ArchiveRejection" name="Archive Rejection&#10;with Audit Log">
<bpmn:incoming>Flow_ToArchive</bpmn:incoming>
<bpmn:outgoing>Flow_ToEnd_Rejected</bpmn:outgoing>
</bpmn:serviceTask>
<bpmn:endEvent id="End_Approved" name="Vendor Approved&#10;&amp; Active">
<bpmn:incoming>Flow_ToEnd_Approved</bpmn:incoming>
</bpmn:endEvent>
<bpmn:endEvent id="End_Rejected" name="Vendor Rejected&#10;&amp; Archived">
<bpmn:incoming>Flow_ToEnd_Rejected</bpmn:incoming>
</bpmn:endEvent>
<!-- ─── AI COMPLIANCE LANE ─── -->
<bpmn:serviceTask id="Task_SanctionsScreening" name="AI: Sanctions &amp;&#10;Watchlist Screening&#10;(OFAC / EU / UN)">
<bpmn:incoming>Flow_ToSanctions</bpmn:incoming>
<bpmn:outgoing>Flow_CheckSanctionsResult</bpmn:outgoing>
</bpmn:serviceTask>
<bpmn:boundaryEvent id="Evt_SanctionsTimeout" name="48h Timeout" attachedToRef="Task_SanctionsScreening" cancelActivity="true">
<bpmn:outgoing>Flow_SanctionsTimedOut</bpmn:outgoing>
<bpmn:timerEventDefinition>
<bpmn:timeDuration>PT48H</bpmn:timeDuration>
</bpmn:timerEventDefinition>
</bpmn:boundaryEvent>
<bpmn:exclusiveGateway id="GW_SanctionsHit" name="Sanctions&#10;Match Found?">
<bpmn:incoming>Flow_CheckSanctionsResult</bpmn:incoming>
<bpmn:incoming>Flow_SanctionsTimedOut</bpmn:incoming>
<bpmn:outgoing>Flow_SanctionsHit_Yes</bpmn:outgoing>
<bpmn:outgoing>Flow_SanctionsHit_No</bpmn:outgoing>
</bpmn:exclusiveGateway>
<bpmn:serviceTask id="Task_OwnershipCheck" name="AI: Beneficial&#10;Ownership &amp; UBO&#10;Analysis">
<bpmn:incoming>Flow_SanctionsHit_No</bpmn:incoming>
<bpmn:outgoing>Flow_SanctionsOK</bpmn:outgoing>
</bpmn:serviceTask>
<bpmn:serviceTask id="Task_AutoReject_Sanctions" name="AI: Auto-Flag&#10;Sanctions Match&#10;→ Escalate">
<bpmn:incoming>Flow_SanctionsHit_Yes</bpmn:incoming>
<bpmn:outgoing>Flow_ToSanctionsEscalation</bpmn:outgoing>
</bpmn:serviceTask>
<bpmn:serviceTask id="Task_GenerateRiskProfile" name="AI: Generate&#10;Vendor Risk Profile&#10;Report">
<bpmn:incoming>Flow_EscalationApproved</bpmn:incoming>
<bpmn:outgoing>Flow_SanctionsOK_Escalated</bpmn:outgoing>
</bpmn:serviceTask>
<!-- ─── LEGAL LANE ─── -->
<bpmn:userTask id="Task_LegalReview" name="Legal: Review&#10;Vendor Documents&#10;&amp; Certificates">
<bpmn:incoming>Flow_ToLegal</bpmn:incoming>
<bpmn:outgoing>Flow_LegalReviewDone</bpmn:outgoing>
</bpmn:userTask>
<bpmn:exclusiveGateway id="GW_LegalDecision" name="Legal&#10;Clearance?">
<bpmn:incoming>Flow_LegalReviewDone</bpmn:incoming>
<bpmn:outgoing>Flow_LegalOK</bpmn:outgoing>
<bpmn:outgoing>Flow_LegalFail</bpmn:outgoing>
</bpmn:exclusiveGateway>
<bpmn:userTask id="Task_ContractDrafting" name="Legal: Draft&#10;Vendor Agreement&#10;&amp; NDA">
<bpmn:incoming>Flow_LegalOK</bpmn:incoming>
<bpmn:outgoing>Flow_LegalComplete</bpmn:outgoing>
</bpmn:userTask>
<bpmn:userTask id="Task_SanctionsEscalation" name="Legal: Sanctions&#10;Escalation Review&#10;(Manual Override?)">
<bpmn:incoming>Flow_ToSanctionsEscalation</bpmn:incoming>
<bpmn:outgoing>Flow_EscalationDecision</bpmn:outgoing>
</bpmn:userTask>
<bpmn:exclusiveGateway id="GW_EscalationDecision" name="Override&#10;Granted?">
<bpmn:incoming>Flow_EscalationDecision</bpmn:incoming>
<bpmn:outgoing>Flow_EscalationApproved</bpmn:outgoing>
<bpmn:outgoing>Flow_EscalationDenied</bpmn:outgoing>
</bpmn:exclusiveGateway>
<!-- ─── FINANCE LANE ─── -->
<bpmn:businessRuleTask id="Task_RiskScoring" name="DMN: Vendor Risk&#10;Tier Calculation&#10;(Country + Financial)">
<bpmn:incoming>Flow_ToRiskScoring</bpmn:incoming>
<bpmn:outgoing>Flow_RiskTierResult</bpmn:outgoing>
</bpmn:businessRuleTask>
<bpmn:exclusiveGateway id="GW_RiskTier" name="Risk Tier?">
<bpmn:incoming>Flow_RiskTierResult</bpmn:incoming>
<bpmn:outgoing>Flow_HighRisk</bpmn:outgoing>
<bpmn:outgoing>Flow_MediumLowRisk</bpmn:outgoing>
</bpmn:exclusiveGateway>
<bpmn:userTask id="Task_EnhancedDueDiligence" name="Finance: Enhanced&#10;Due Diligence&#10;(Tier 1 Vendors)">
<bpmn:incoming>Flow_HighRisk</bpmn:incoming>
<bpmn:outgoing>Flow_EDD_Done</bpmn:outgoing>
</bpmn:userTask>
<bpmn:userTask id="Task_FinancialDueDiligence" name="Finance: Standard&#10;Financial Due&#10;Diligence">
<bpmn:incoming>Flow_MediumLowRisk</bpmn:incoming>
<bpmn:outgoing>Flow_FDD_Done</bpmn:outgoing>
</bpmn:userTask>
<bpmn:serviceTask id="Task_TaxVerification" name="Finance: VAT &amp;&#10;Tax ID Verification&#10;(VIES / local)">
<bpmn:incoming>Flow_EDD_Done</bpmn:incoming>
<bpmn:incoming>Flow_FDD_Done</bpmn:incoming>
<bpmn:outgoing>Flow_RiskComplete</bpmn:outgoing>
</bpmn:serviceTask>
<!-- ─── IT LANE ─── -->
<bpmn:parallelGateway id="GW_ForkIT" name="Provision in&#10;Parallel">
<bpmn:incoming>Flow_ToIT</bpmn:incoming>
<bpmn:outgoing>Flow_IT_Profile</bpmn:outgoing>
<bpmn:outgoing>Flow_IT_Portal</bpmn:outgoing>
<bpmn:outgoing>Flow_IT_Payment</bpmn:outgoing>
</bpmn:parallelGateway>
<bpmn:serviceTask id="Task_CreateVendorProfile" name="IT: Create Vendor&#10;Profile in ERP">
<bpmn:incoming>Flow_IT_Profile</bpmn:incoming>
<bpmn:outgoing>Flow_IT_Profile_Done</bpmn:outgoing>
</bpmn:serviceTask>
<bpmn:serviceTask id="Task_ProvisionPortalAccess" name="IT: Provision&#10;Vendor Portal&#10;Access">
<bpmn:incoming>Flow_IT_Portal</bpmn:incoming>
<bpmn:outgoing>Flow_IT_Portal_Done</bpmn:outgoing>
</bpmn:serviceTask>
<bpmn:serviceTask id="Task_SetupPaymentDetails" name="IT: Setup Payment&#10;Method &amp; Banking&#10;Details">
<bpmn:incoming>Flow_IT_Payment</bpmn:incoming>
<bpmn:outgoing>Flow_IT_Payment_Done</bpmn:outgoing>
</bpmn:serviceTask>
<bpmn:parallelGateway id="GW_JoinIT" name="IT Setup&#10;Complete">
<bpmn:incoming>Flow_IT_Profile_Done</bpmn:incoming>
<bpmn:incoming>Flow_IT_Portal_Done</bpmn:incoming>
<bpmn:incoming>Flow_IT_Payment_Done</bpmn:incoming>
<bpmn:outgoing>Flow_IT_Integrate</bpmn:outgoing>
</bpmn:parallelGateway>
<bpmn:serviceTask id="Task_IntegrateERP" name="IT: Integrate with&#10;SAP / ERP Systems&#10;&amp; Activate Vendor">
<bpmn:incoming>Flow_IT_Integrate</bpmn:incoming>
<bpmn:outgoing>Flow_FromIT</bpmn:outgoing>
</bpmn:serviceTask>
<!-- ─── SEQUENCE FLOWS ─── -->
<bpmn:sequenceFlow id="Flow_1" sourceRef="Start_VendorRequest" targetRef="Task_ValidateSubmission"/>
<bpmn:sequenceFlow id="Flow_2" sourceRef="Task_ValidateSubmission" targetRef="GW_SubmissionComplete"/>
<bpmn:sequenceFlow id="Flow_3_Yes" name="Yes" sourceRef="GW_SubmissionComplete" targetRef="Task_RegisterVendor"/>
<bpmn:sequenceFlow id="Flow_3_No" name="No" sourceRef="GW_SubmissionComplete" targetRef="Task_RequestMissingDocs"/>
<bpmn:sequenceFlow id="Flow_RetryValidation" sourceRef="Task_RequestMissingDocs" targetRef="Task_ValidateSubmission"/>
<bpmn:sequenceFlow id="Flow_4" sourceRef="Task_RegisterVendor" targetRef="GW_ForkCompliance"/>
<bpmn:sequenceFlow id="Flow_ToSanctions" sourceRef="GW_ForkCompliance" targetRef="Task_SanctionsScreening"/>
<bpmn:sequenceFlow id="Flow_ToRiskScoring" sourceRef="GW_ForkCompliance" targetRef="Task_RiskScoring"/>
<bpmn:sequenceFlow id="Flow_ToLegal" sourceRef="GW_ForkCompliance" targetRef="Task_LegalReview"/>
<bpmn:sequenceFlow id="Flow_CheckSanctionsResult" sourceRef="Task_SanctionsScreening" targetRef="GW_SanctionsHit"/>
<bpmn:sequenceFlow id="Flow_SanctionsTimedOut" name="Timeout" sourceRef="Evt_SanctionsTimeout" targetRef="GW_SanctionsHit"/>
<bpmn:sequenceFlow id="Flow_SanctionsHit_Yes" name="Match" sourceRef="GW_SanctionsHit" targetRef="Task_AutoReject_Sanctions"/>
<bpmn:sequenceFlow id="Flow_SanctionsHit_No" name="Clear" sourceRef="GW_SanctionsHit" targetRef="Task_OwnershipCheck"/>
<bpmn:sequenceFlow id="Flow_SanctionsOK" sourceRef="Task_OwnershipCheck" targetRef="GW_JoinCompliance"/>
<bpmn:sequenceFlow id="Flow_ToSanctionsEscalation" sourceRef="Task_AutoReject_Sanctions" targetRef="Task_SanctionsEscalation"/>
<bpmn:sequenceFlow id="Flow_EscalationDecision" sourceRef="Task_SanctionsEscalation" targetRef="GW_EscalationDecision"/>
<bpmn:sequenceFlow id="Flow_EscalationApproved" name="Override Granted" sourceRef="GW_EscalationDecision" targetRef="Task_GenerateRiskProfile"/>
<bpmn:sequenceFlow id="Flow_EscalationDenied" name="Denied" sourceRef="GW_EscalationDecision" targetRef="Task_NotifyVendorRejected"/>
<bpmn:sequenceFlow id="Flow_SanctionsOK_Escalated" sourceRef="Task_GenerateRiskProfile" targetRef="GW_JoinCompliance"/>
<bpmn:sequenceFlow id="Flow_RiskTierResult" sourceRef="Task_RiskScoring" targetRef="GW_RiskTier"/>
<bpmn:sequenceFlow id="Flow_HighRisk" name="Tier 1 High Risk" sourceRef="GW_RiskTier" targetRef="Task_EnhancedDueDiligence"/>
<bpmn:sequenceFlow id="Flow_MediumLowRisk" name="Tier 2/3" sourceRef="GW_RiskTier" targetRef="Task_FinancialDueDiligence"/>
<bpmn:sequenceFlow id="Flow_EDD_Done" sourceRef="Task_EnhancedDueDiligence" targetRef="Task_TaxVerification"/>
<bpmn:sequenceFlow id="Flow_FDD_Done" sourceRef="Task_FinancialDueDiligence" targetRef="Task_TaxVerification"/>
<bpmn:sequenceFlow id="Flow_RiskComplete" sourceRef="Task_TaxVerification" targetRef="GW_JoinCompliance"/>
<bpmn:sequenceFlow id="Flow_LegalReviewDone" sourceRef="Task_LegalReview" targetRef="GW_LegalDecision"/>
<bpmn:sequenceFlow id="Flow_LegalOK" name="Cleared" sourceRef="GW_LegalDecision" targetRef="Task_ContractDrafting"/>
<bpmn:sequenceFlow id="Flow_LegalFail" name="Issues Found" sourceRef="GW_LegalDecision" targetRef="Task_NotifyVendorRejected"/>
<bpmn:sequenceFlow id="Flow_LegalComplete" sourceRef="Task_ContractDrafting" targetRef="GW_JoinCompliance"/>
<bpmn:sequenceFlow id="Flow_ToDecision" sourceRef="GW_JoinCompliance" targetRef="GW_OverallDecision"/>
<bpmn:sequenceFlow id="Flow_Approved" name="All Clear" sourceRef="GW_OverallDecision" targetRef="Task_FinalApproval"/>
<bpmn:sequenceFlow id="Flow_Rejected" name="Rejected" sourceRef="GW_OverallDecision" targetRef="Task_NotifyVendorRejected"/>
<bpmn:sequenceFlow id="Flow_AutoRejected" sourceRef="Task_AutoReject_Sanctions" targetRef="Task_NotifyVendorRejected"/>
<bpmn:sequenceFlow id="Flow_ToIT" sourceRef="Task_FinalApproval" targetRef="GW_ForkIT"/>
<bpmn:sequenceFlow id="Flow_IT_Profile" sourceRef="GW_ForkIT" targetRef="Task_CreateVendorProfile"/>
<bpmn:sequenceFlow id="Flow_IT_Portal" sourceRef="GW_ForkIT" targetRef="Task_ProvisionPortalAccess"/>
<bpmn:sequenceFlow id="Flow_IT_Payment" sourceRef="GW_ForkIT" targetRef="Task_SetupPaymentDetails"/>
<bpmn:sequenceFlow id="Flow_IT_Profile_Done" sourceRef="Task_CreateVendorProfile" targetRef="GW_JoinIT"/>
<bpmn:sequenceFlow id="Flow_IT_Portal_Done" sourceRef="Task_ProvisionPortalAccess" targetRef="GW_JoinIT"/>
<bpmn:sequenceFlow id="Flow_IT_Payment_Done" sourceRef="Task_SetupPaymentDetails" targetRef="GW_JoinIT"/>
<bpmn:sequenceFlow id="Flow_IT_Integrate" sourceRef="GW_JoinIT" targetRef="Task_IntegrateERP"/>
<bpmn:sequenceFlow id="Flow_FromIT" sourceRef="Task_IntegrateERP" targetRef="Task_NotifyVendorApproved"/>
<bpmn:sequenceFlow id="Flow_ToEnd_Approved" sourceRef="Task_NotifyVendorApproved" targetRef="End_Approved"/>
<bpmn:sequenceFlow id="Flow_ToArchive" sourceRef="Task_NotifyVendorRejected" targetRef="Task_ArchiveRejection"/>
<bpmn:sequenceFlow id="Flow_ToEnd_Rejected" sourceRef="Task_ArchiveRejection" targetRef="End_Rejected"/>
</bpmn:process>
<!-- ═══════════════════════════════════════════════════════
DIAGRAM
═══════════════════════════════════════════════════════ -->
<bpmndi:BPMNDiagram id="BPMNDiagram_1">
<bpmndi:BPMNPlane id="BPMNPlane_1" bpmnElement="Collab_VendorOnboarding">
<!-- VENDOR POOL -->
<bpmndi:BPMNShape id="Pool_Vendor_di" bpmnElement="Pool_Vendor" isHorizontal="true">
<dc:Bounds x="120" y="940" width="1780" height="80"/>
</bpmndi:BPMNShape>
<!-- HELIOS POOL -->
<bpmndi:BPMNShape id="Pool_Helios_di" bpmnElement="Pool_Helios" isHorizontal="true">
<dc:Bounds x="120" y="60" width="1780" height="860"/>
</bpmndi:BPMNShape>
<!-- LANES -->
<bpmndi:BPMNShape id="Lane_Procurement_di" bpmnElement="Lane_Procurement" isHorizontal="true">
<dc:Bounds x="150" y="60" width="1750" height="170"/>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="Lane_AI_di" bpmnElement="Lane_AI" isHorizontal="true">
<dc:Bounds x="150" y="230" width="1750" height="160"/>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="Lane_Legal_di" bpmnElement="Lane_Legal" isHorizontal="true">
<dc:Bounds x="150" y="390" width="1750" height="160"/>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="Lane_Finance_di" bpmnElement="Lane_Finance" isHorizontal="true">
<dc:Bounds x="150" y="550" width="1750" height="160"/>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="Lane_IT_di" bpmnElement="Lane_IT" isHorizontal="true">
<dc:Bounds x="150" y="710" width="1750" height="210"/>
</bpmndi:BPMNShape>
<!-- START EVENT -->
<bpmndi:BPMNShape id="Start_VendorRequest_di" bpmnElement="Start_VendorRequest">
<dc:Bounds x="212" y="127" width="36" height="36"/>
<bpmndi:BPMNLabel><dc:Bounds x="192" y="170" width="77" height="27"/></bpmndi:BPMNLabel>
</bpmndi:BPMNShape>
<!-- PROCUREMENT LANE SHAPES -->
<bpmndi:BPMNShape id="Task_ValidateSubmission_di" bpmnElement="Task_ValidateSubmission">
<dc:Bounds x="300" y="105" width="120" height="80"/>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="GW_SubmissionComplete_di" bpmnElement="GW_SubmissionComplete" isMarkerVisible="true">
<dc:Bounds x="475" y="120" width="50" height="50"/>
<bpmndi:BPMNLabel><dc:Bounds x="460" y="96" width="80" height="27"/></bpmndi:BPMNLabel>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="Task_RequestMissingDocs_di" bpmnElement="Task_RequestMissingDocs">
<dc:Bounds x="455" y="60" width="120" height="60"/>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="Task_RegisterVendor_di" bpmnElement="Task_RegisterVendor">
<dc:Bounds x="580" y="105" width="120" height="80"/>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="GW_ForkCompliance_di" bpmnElement="GW_ForkCompliance">
<dc:Bounds x="755" y="120" width="50" height="50"/>
<bpmndi:BPMNLabel><dc:Bounds x="740" y="96" width="80" height="27"/></bpmndi:BPMNLabel>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="GW_JoinCompliance_di" bpmnElement="GW_JoinCompliance">
<dc:Bounds x="1155" y="120" width="50" height="50"/>
<bpmndi:BPMNLabel><dc:Bounds x="1140" y="96" width="80" height="27"/></bpmndi:BPMNLabel>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="GW_OverallDecision_di" bpmnElement="GW_OverallDecision" isMarkerVisible="true">
<dc:Bounds x="1265" y="120" width="50" height="50"/>
<bpmndi:BPMNLabel><dc:Bounds x="1253" y="96" width="74" height="27"/></bpmndi:BPMNLabel>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="Task_FinalApproval_di" bpmnElement="Task_FinalApproval">
<dc:Bounds x="1370" y="105" width="120" height="80"/>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="Task_NotifyVendorApproved_di" bpmnElement="Task_NotifyVendorApproved">
<dc:Bounds x="1730" y="105" width="100" height="80"/>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="Task_NotifyVendorRejected_di" bpmnElement="Task_NotifyVendorRejected">
<dc:Bounds x="1370" y="185" width="100" height="60"/>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="Task_ArchiveRejection_di" bpmnElement="Task_ArchiveRejection">
<dc:Bounds x="1510" y="185" width="100" height="60"/>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="End_Approved_di" bpmnElement="End_Approved">
<dc:Bounds x="1862" y="127" width="36" height="36"/>
<bpmndi:BPMNLabel><dc:Bounds x="1846" y="170" width="68" height="27"/></bpmndi:BPMNLabel>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="End_Rejected_di" bpmnElement="End_Rejected">
<dc:Bounds x="1650" y="200" width="36" height="36"/>
<bpmndi:BPMNLabel><dc:Bounds x="1635" y="243" width="66" height="27"/></bpmndi:BPMNLabel>
</bpmndi:BPMNShape>
<!-- AI LANE SHAPES -->
<bpmndi:BPMNShape id="Task_SanctionsScreening_di" bpmnElement="Task_SanctionsScreening">
<dc:Bounds x="800" y="270" width="130" height="80"/>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="Evt_SanctionsTimeout_di" bpmnElement="Evt_SanctionsTimeout">
<dc:Bounds x="847" y="332" width="36" height="36"/>
<bpmndi:BPMNLabel><dc:Bounds x="840" y="375" width="50" height="14"/></bpmndi:BPMNLabel>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="GW_SanctionsHit_di" bpmnElement="GW_SanctionsHit" isMarkerVisible="true">
<dc:Bounds x="985" y="285" width="50" height="50"/>
<bpmndi:BPMNLabel><dc:Bounds x="970" y="261" width="80" height="27"/></bpmndi:BPMNLabel>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="Task_OwnershipCheck_di" bpmnElement="Task_OwnershipCheck">
<dc:Bounds x="1085" y="270" width="120" height="80"/>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="Task_AutoReject_Sanctions_di" bpmnElement="Task_AutoReject_Sanctions">
<dc:Bounds x="985" y="370" width="120" height="80"/>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="Task_GenerateRiskProfile_di" bpmnElement="Task_GenerateRiskProfile">
<dc:Bounds x="1085" y="250" width="110" height="70"/>
</bpmndi:BPMNShape>
<!-- LEGAL LANE SHAPES -->
<bpmndi:BPMNShape id="Task_LegalReview_di" bpmnElement="Task_LegalReview">
<dc:Bounds x="800" y="425" width="120" height="80"/>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="GW_LegalDecision_di" bpmnElement="GW_LegalDecision" isMarkerVisible="true">
<dc:Bounds x="975" y="440" width="50" height="50"/>
<bpmndi:BPMNLabel><dc:Bounds x="963" y="416" width="74" height="27"/></bpmndi:BPMNLabel>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="Task_ContractDrafting_di" bpmnElement="Task_ContractDrafting">
<dc:Bounds x="1075" y="425" width="120" height="80"/>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="Task_SanctionsEscalation_di" bpmnElement="Task_SanctionsEscalation">
<dc:Bounds x="1150" y="425" width="120" height="80"/>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="GW_EscalationDecision_di" bpmnElement="GW_EscalationDecision" isMarkerVisible="true">
<dc:Bounds x="1315" y="440" width="50" height="50"/>
<bpmndi:BPMNLabel><dc:Bounds x="1302" y="416" width="76" height="27"/></bpmndi:BPMNLabel>
</bpmndi:BPMNShape>
<!-- FINANCE LANE SHAPES -->
<bpmndi:BPMNShape id="Task_RiskScoring_di" bpmnElement="Task_RiskScoring">
<dc:Bounds x="800" y="590" width="130" height="80"/>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="GW_RiskTier_di" bpmnElement="GW_RiskTier" isMarkerVisible="true">
<dc:Bounds x="985" y="605" width="50" height="50"/>
<bpmndi:BPMNLabel><dc:Bounds x="988" y="581" width="44" height="27"/></bpmndi:BPMNLabel>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="Task_EnhancedDueDiligence_di" bpmnElement="Task_EnhancedDueDiligence">
<dc:Bounds x="1075" y="575" width="120" height="80"/>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="Task_FinancialDueDiligence_di" bpmnElement="Task_FinancialDueDiligence">
<dc:Bounds x="1075" y="660" width="120" height="60"/>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="Task_TaxVerification_di" bpmnElement="Task_TaxVerification">
<dc:Bounds x="1245" y="590" width="120" height="80"/>
</bpmndi:BPMNShape>
<!-- IT LANE SHAPES -->
<bpmndi:BPMNShape id="GW_ForkIT_di" bpmnElement="GW_ForkIT">
<dc:Bounds x="1455" y="755" width="50" height="50"/>
<bpmndi:BPMNLabel><dc:Bounds x="1440" y="731" width="80" height="27"/></bpmndi:BPMNLabel>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="Task_CreateVendorProfile_di" bpmnElement="Task_CreateVendorProfile">
<dc:Bounds x="1555" y="720" width="120" height="80"/>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="Task_ProvisionPortalAccess_di" bpmnElement="Task_ProvisionPortalAccess">
<dc:Bounds x="1555" y="815" width="120" height="70"/>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="Task_SetupPaymentDetails_di" bpmnElement="Task_SetupPaymentDetails">
<dc:Bounds x="1555" y="890" width="120" height="70"/>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="GW_JoinIT_di" bpmnElement="GW_JoinIT">
<dc:Bounds x="1720" y="755" width="50" height="50"/>
<bpmndi:BPMNLabel><dc:Bounds x="1705" y="731" width="80" height="27"/></bpmndi:BPMNLabel>
</bpmndi:BPMNShape>
<bpmndi:BPMNShape id="Task_IntegrateERP_di" bpmnElement="Task_IntegrateERP">
<dc:Bounds x="1820" y="740" width="110" height="80"/>
</bpmndi:BPMNShape>
<!-- SEQUENCE FLOW EDGES -->
<bpmndi:BPMNEdge id="Flow_1_di" bpmnElement="Flow_1"><di:waypoint x="248" y="145"/><di:waypoint x="300" y="145"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_2_di" bpmnElement="Flow_2"><di:waypoint x="420" y="145"/><di:waypoint x="475" y="145"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_3_Yes_di" bpmnElement="Flow_3_Yes"><di:waypoint x="525" y="145"/><di:waypoint x="580" y="145"/><bpmndi:BPMNLabel><dc:Bounds x="543" y="127" width="18" height="14"/></bpmndi:BPMNLabel></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_3_No_di" bpmnElement="Flow_3_No"><di:waypoint x="500" y="120"/><di:waypoint x="500" y="90"/><di:waypoint x="455" y="90"/><bpmndi:BPMNLabel><dc:Bounds x="504" y="100" width="15" height="14"/></bpmndi:BPMNLabel></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_RetryValidation_di" bpmnElement="Flow_RetryValidation"><di:waypoint x="455" y="90"/><di:waypoint x="360" y="90"/><di:waypoint x="360" y="105"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_4_di" bpmnElement="Flow_4"><di:waypoint x="700" y="145"/><di:waypoint x="755" y="145"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_ToSanctions_di" bpmnElement="Flow_ToSanctions"><di:waypoint x="780" y="170"/><di:waypoint x="780" y="310"/><di:waypoint x="800" y="310"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_ToRiskScoring_di" bpmnElement="Flow_ToRiskScoring"><di:waypoint x="780" y="170"/><di:waypoint x="780" y="630"/><di:waypoint x="800" y="630"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_ToLegal_di" bpmnElement="Flow_ToLegal"><di:waypoint x="780" y="170"/><di:waypoint x="780" y="465"/><di:waypoint x="800" y="465"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_CheckSanctionsResult_di" bpmnElement="Flow_CheckSanctionsResult"><di:waypoint x="930" y="310"/><di:waypoint x="985" y="310"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_SanctionsTimedOut_di" bpmnElement="Flow_SanctionsTimedOut"><di:waypoint x="865" y="368"/><di:waypoint x="865" y="395"/><di:waypoint x="1010" y="395"/><di:waypoint x="1010" y="335"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_SanctionsHit_No_di" bpmnElement="Flow_SanctionsHit_No"><di:waypoint x="1035" y="310"/><di:waypoint x="1085" y="310"/><bpmndi:BPMNLabel><dc:Bounds x="1043" y="292" width="30" height="14"/></bpmndi:BPMNLabel></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_SanctionsHit_Yes_di" bpmnElement="Flow_SanctionsHit_Yes"><di:waypoint x="1010" y="335"/><di:waypoint x="1010" y="370"/><bpmndi:BPMNLabel><dc:Bounds x="1015" y="348" width="34" height="14"/></bpmndi:BPMNLabel></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_SanctionsOK_di" bpmnElement="Flow_SanctionsOK"><di:waypoint x="1205" y="310"/><di:waypoint x="1180" y="310"/><di:waypoint x="1180" y="145"/><di:waypoint x="1155" y="145"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_ToSanctionsEscalation_di" bpmnElement="Flow_ToSanctionsEscalation"><di:waypoint x="1045" y="410"/><di:waypoint x="1150" y="410"/><di:waypoint x="1150" y="465"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_AutoRejected_di" bpmnElement="Flow_AutoRejected"><di:waypoint x="985" y="410"/><di:waypoint x="960" y="410"/><di:waypoint x="960" y="215"/><di:waypoint x="1370" y="215"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_EscalationDecision_di" bpmnElement="Flow_EscalationDecision"><di:waypoint x="1270" y="465"/><di:waypoint x="1315" y="465"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_EscalationApproved_di" bpmnElement="Flow_EscalationApproved"><di:waypoint x="1340" y="440"/><di:waypoint x="1340" y="310"/><di:waypoint x="1195" y="310"/><bpmndi:BPMNLabel><dc:Bounds x="1248" y="372" width="84" height="27"/></bpmndi:BPMNLabel></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_EscalationDenied_di" bpmnElement="Flow_EscalationDenied"><di:waypoint x="1365" y="465"/><di:waypoint x="1420" y="465"/><di:waypoint x="1420" y="215"/><bpmndi:BPMNLabel><dc:Bounds x="1378" y="448" width="39" height="14"/></bpmndi:BPMNLabel></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_SanctionsOK_Escalated_di" bpmnElement="Flow_SanctionsOK_Escalated"><di:waypoint x="1195" y="285"/><di:waypoint x="1195" y="145"/><di:waypoint x="1155" y="145"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_LegalReviewDone_di" bpmnElement="Flow_LegalReviewDone"><di:waypoint x="920" y="465"/><di:waypoint x="975" y="465"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_LegalOK_di" bpmnElement="Flow_LegalOK"><di:waypoint x="1025" y="465"/><di:waypoint x="1075" y="465"/><bpmndi:BPMNLabel><dc:Bounds x="1033" y="447" width="40" height="14"/></bpmndi:BPMNLabel></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_LegalFail_di" bpmnElement="Flow_LegalFail"><di:waypoint x="1000" y="440"/><di:waypoint x="1000" y="215"/><di:waypoint x="1370" y="215"/><bpmndi:BPMNLabel><dc:Bounds x="1006" y="325" width="65" height="27"/></bpmndi:BPMNLabel></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_LegalComplete_di" bpmnElement="Flow_LegalComplete"><di:waypoint x="1195" y="465"/><di:waypoint x="1195" y="170"/><di:waypoint x="1155" y="170"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_RiskTierResult_di" bpmnElement="Flow_RiskTierResult"><di:waypoint x="930" y="630"/><di:waypoint x="985" y="630"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_HighRisk_di" bpmnElement="Flow_HighRisk"><di:waypoint x="1010" y="605"/><di:waypoint x="1010" y="615"/><di:waypoint x="1075" y="615"/><bpmndi:BPMNLabel><dc:Bounds x="1016" y="585" width="75" height="27"/></bpmndi:BPMNLabel></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_MediumLowRisk_di" bpmnElement="Flow_MediumLowRisk"><di:waypoint x="1010" y="655"/><di:waypoint x="1010" y="690"/><di:waypoint x="1075" y="690"/><bpmndi:BPMNLabel><dc:Bounds x="1016" y="660" width="40" height="27"/></bpmndi:BPMNLabel></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_EDD_Done_di" bpmnElement="Flow_EDD_Done"><di:waypoint x="1195" y="615"/><di:waypoint x="1245" y="630"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_FDD_Done_di" bpmnElement="Flow_FDD_Done"><di:waypoint x="1195" y="690"/><di:waypoint x="1220" y="690"/><di:waypoint x="1220" y="650"/><di:waypoint x="1245" y="650"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_RiskComplete_di" bpmnElement="Flow_RiskComplete"><di:waypoint x="1365" y="630"/><di:waypoint x="1400" y="630"/><di:waypoint x="1400" y="145"/><di:waypoint x="1205" y="145"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_ToDecision_di" bpmnElement="Flow_ToDecision"><di:waypoint x="1205" y="145"/><di:waypoint x="1265" y="145"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_Approved_di" bpmnElement="Flow_Approved"><di:waypoint x="1315" y="145"/><di:waypoint x="1370" y="145"/><bpmndi:BPMNLabel><dc:Bounds x="1323" y="127" width="44" height="14"/></bpmndi:BPMNLabel></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_Rejected_di" bpmnElement="Flow_Rejected"><di:waypoint x="1290" y="170"/><di:waypoint x="1290" y="215"/><di:waypoint x="1370" y="215"/><bpmndi:BPMNLabel><dc:Bounds x="1296" y="188" width="45" height="14"/></bpmndi:BPMNLabel></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_ToIT_di" bpmnElement="Flow_ToIT"><di:waypoint x="1430" y="145"/><di:waypoint x="1480" y="145"/><di:waypoint x="1480" y="755"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_IT_Profile_di" bpmnElement="Flow_IT_Profile"><di:waypoint x="1505" y="780"/><di:waypoint x="1555" y="760"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_IT_Portal_di" bpmnElement="Flow_IT_Portal"><di:waypoint x="1505" y="780"/><di:waypoint x="1555" y="850"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_IT_Payment_di" bpmnElement="Flow_IT_Payment"><di:waypoint x="1480" y="805"/><di:waypoint x="1480" y="925"/><di:waypoint x="1555" y="925"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_IT_Profile_Done_di" bpmnElement="Flow_IT_Profile_Done"><di:waypoint x="1675" y="760"/><di:waypoint x="1720" y="780"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_IT_Portal_Done_di" bpmnElement="Flow_IT_Portal_Done"><di:waypoint x="1675" y="850"/><di:waypoint x="1745" y="850"/><di:waypoint x="1745" y="805"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_IT_Payment_Done_di" bpmnElement="Flow_IT_Payment_Done"><di:waypoint x="1675" y="925"/><di:waypoint x="1745" y="925"/><di:waypoint x="1745" y="805"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_IT_Integrate_di" bpmnElement="Flow_IT_Integrate"><di:waypoint x="1770" y="780"/><di:waypoint x="1820" y="780"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_FromIT_di" bpmnElement="Flow_FromIT"><di:waypoint x="1875" y="740"/><di:waypoint x="1875" y="145"/><di:waypoint x="1830" y="145"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_ToEnd_Approved_di" bpmnElement="Flow_ToEnd_Approved"><di:waypoint x="1830" y="145"/><di:waypoint x="1862" y="145"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_ToArchive_di" bpmnElement="Flow_ToArchive"><di:waypoint x="1470" y="215"/><di:waypoint x="1510" y="215"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="Flow_ToEnd_Rejected_di" bpmnElement="Flow_ToEnd_Rejected"><di:waypoint x="1610" y="215"/><di:waypoint x="1650" y="215"/></bpmndi:BPMNEdge>
<!-- MESSAGE FLOWS -->
<bpmndi:BPMNEdge id="MF_1_di" bpmnElement="MF_1"><di:waypoint x="230" y="940"/><di:waypoint x="230" y="163"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="MF_2_di" bpmnElement="MF_2"><di:waypoint x="1780" y="185"/><di:waypoint x="1780" y="940"/></bpmndi:BPMNEdge>
<bpmndi:BPMNEdge id="MF_3_di" bpmnElement="MF_3"><di:waypoint x="1420" y="245"/><di:waypoint x="1420" y="940"/></bpmndi:BPMNEdge>
</bpmndi:BPMNPlane>
</bpmndi:BPMNDiagram>
</bpmn:definitions>

226
vendor-risk-scoring.dmn.xml Normal file
View File

@@ -0,0 +1,226 @@
<?xml version="1.0" encoding="UTF-8"?>
<definitions xmlns="https://www.omg.org/spec/DMN/20191111/MODEL/"
xmlns:dmndi="https://www.omg.org/spec/DMN/20191111/DMNDI/"
xmlns:dc="http://www.omg.org/spec/DD/20100524/DC"
id="VendorRiskScoring"
name="Vendor Risk Scoring"
namespace="https://processgit.org/heliosgroup/vendor-risk-scoring">
<!-- ── VENDOR RISK TIER (composite decision) ── -->
<decision id="Decision_VendorRiskTier" name="Vendor Risk Tier">
<informationRequirement id="IR_Country"><requiredDecision href="#Decision_CountryRisk"/></informationRequirement>
<informationRequirement id="IR_Financial"><requiredDecision href="#Decision_FinancialRisk"/></informationRequirement>
<informationRequirement id="IR_Ownership"><requiredInput href="#Input_OwnershipStructure"/></informationRequirement>
<decisionTable id="DT_VendorRiskTier" hitPolicy="FIRST">
<input id="In_CountryRisk" label="Country Risk Score">
<inputExpression typeRef="string"><text>countryRiskLevel</text></inputExpression>
<inputValues><text>"HIGH","MEDIUM","LOW"</text></inputValues>
</input>
<input id="In_FinancialRisk" label="Financial Risk Score">
<inputExpression typeRef="string"><text>financialRiskLevel</text></inputExpression>
<inputValues><text>"HIGH","MEDIUM","LOW"</text></inputValues>
</input>
<input id="In_Ownership" label="Ownership Structure">
<inputExpression typeRef="string"><text>ownershipStructure</text></inputExpression>
<inputValues><text>"COMPLEX","SIMPLE","PUBLIC"</text></inputValues>
</input>
<output id="Out_Tier" name="riskTier" typeRef="string" label="Risk Tier"/>
<output id="Out_DDLevel" name="dueDiligenceLevel" typeRef="string" label="Due Diligence Level"/>
<output id="Out_ApprovalAuthority" name="approvalAuthority" typeRef="string" label="Approval Authority"/>
<output id="Out_ReviewDays" name="reviewDays" typeRef="number" label="Max Review Days"/>
<!-- Tier 1: Any HIGH + Complex -->
<rule id="R1">
<inputEntry><text>"HIGH"</text></inputEntry>
<inputEntry><text>-</text></inputEntry>
<inputEntry><text>-</text></inputEntry>
<outputEntry><text>"TIER_1_HIGH_RISK"</text></outputEntry>
<outputEntry><text>"ENHANCED"</text></outputEntry>
<outputEntry><text>"Chief Procurement Officer + Legal Counsel"</text></outputEntry>
<outputEntry><text>30</text></outputEntry>
</rule>
<!-- Tier 1: Complex ownership + Medium financial -->
<rule id="R2">
<inputEntry><text>-</text></inputEntry>
<inputEntry><text>"HIGH"</text></inputEntry>
<inputEntry><text>-</text></inputEntry>
<outputEntry><text>"TIER_1_HIGH_RISK"</text></outputEntry>
<outputEntry><text>"ENHANCED"</text></outputEntry>
<outputEntry><text>"Chief Procurement Officer + CFO"</text></outputEntry>
<outputEntry><text>30</text></outputEntry>
</rule>
<!-- Tier 1: Complex ownership regardless -->
<rule id="R3">
<inputEntry><text>-</text></inputEntry>
<inputEntry><text>-</text></inputEntry>
<inputEntry><text>"COMPLEX"</text></inputEntry>
<outputEntry><text>"TIER_1_HIGH_RISK"</text></outputEntry>
<outputEntry><text>"ENHANCED"</text></outputEntry>
<outputEntry><text>"Chief Procurement Officer + Legal Counsel"</text></outputEntry>
<outputEntry><text>30</text></outputEntry>
</rule>
<!-- Tier 2: Medium country + Medium financial -->
<rule id="R4">
<inputEntry><text>"MEDIUM"</text></inputEntry>
<inputEntry><text>"MEDIUM"</text></inputEntry>
<inputEntry><text>-</text></inputEntry>
<outputEntry><text>"TIER_2_MEDIUM_RISK"</text></outputEntry>
<outputEntry><text>"STANDARD"</text></outputEntry>
<outputEntry><text>"Procurement Director"</text></outputEntry>
<outputEntry><text>14</text></outputEntry>
</rule>
<!-- Tier 2: Medium country + Low financial -->
<rule id="R5">
<inputEntry><text>"MEDIUM"</text></inputEntry>
<inputEntry><text>"LOW"</text></inputEntry>
<inputEntry><text>-</text></inputEntry>
<outputEntry><text>"TIER_2_MEDIUM_RISK"</text></outputEntry>
<outputEntry><text>"STANDARD"</text></outputEntry>
<outputEntry><text>"Procurement Manager"</text></outputEntry>
<outputEntry><text>10</text></outputEntry>
</rule>
<!-- Tier 3: All LOW, Public company -->
<rule id="R6">
<inputEntry><text>"LOW"</text></inputEntry>
<inputEntry><text>"LOW"</text></inputEntry>
<inputEntry><text>"PUBLIC"</text></inputEntry>
<outputEntry><text>"TIER_3_LOW_RISK"</text></outputEntry>
<outputEntry><text>"SIMPLIFIED"</text></outputEntry>
<outputEntry><text>"Procurement Officer"</text></outputEntry>
<outputEntry><text>5</text></outputEntry>
</rule>
<!-- Tier 3: Default LOW -->
<rule id="R7">
<inputEntry><text>"LOW"</text></inputEntry>
<inputEntry><text>"LOW"</text></inputEntry>
<inputEntry><text>-</text></inputEntry>
<outputEntry><text>"TIER_3_LOW_RISK"</text></outputEntry>
<outputEntry><text>"SIMPLIFIED"</text></outputEntry>
<outputEntry><text>"Procurement Officer"</text></outputEntry>
<outputEntry><text>7</text></outputEntry>
</rule>
</decisionTable>
</decision>
<!-- ── COUNTRY RISK CLASSIFICATION ── -->
<decision id="Decision_CountryRisk" name="Country Risk Level">
<informationRequirement id="IR_Country2"><requiredInput href="#Input_CountryCode"/></informationRequirement>
<decisionTable id="DT_CountryRisk" hitPolicy="FIRST">
<input id="In_CountryCode" label="Country Code (ISO 3166)">
<inputExpression typeRef="string"><text>countryCode</text></inputExpression>
</input>
<input id="In_FATFList" label="FATF Grey/Black List">
<inputExpression typeRef="boolean"><text>onFATFList</text></inputExpression>
</input>
<output id="Out_CountryRisk" name="countryRiskLevel" typeRef="string" label="Country Risk Level"/>
<output id="Out_CountryReason" name="countryRiskReason" typeRef="string" label="Reason"/>
<!-- FATF blacklist -->
<rule id="CR1">
<inputEntry><text>-</text></inputEntry>
<inputEntry><text>true</text></inputEntry>
<outputEntry><text>"HIGH"</text></outputEntry>
<outputEntry><text>"Country on FATF grey or black list"</text></outputEntry>
</rule>
<!-- Sanctioned jurisdictions -->
<rule id="CR2">
<inputEntry><text>"RU","BY","IR","KP","CU","SY","VE"</text></inputEntry>
<inputEntry><text>-</text></inputEntry>
<outputEntry><text>"HIGH"</text></outputEntry>
<outputEntry><text>"Sanctioned jurisdiction — EU/OFAC restrictions apply"</text></outputEntry>
</rule>
<!-- Medium risk — emerging markets with AML concerns -->
<rule id="CR3">
<inputEntry><text>"CN","AE","TR","PK","NG","KZ"</text></inputEntry>
<inputEntry><text>false</text></inputEntry>
<outputEntry><text>"MEDIUM"</text></outputEntry>
<outputEntry><text>"Elevated AML/corruption risk jurisdiction"</text></outputEntry>
</rule>
<!-- EU + trusted jurisdictions -->
<rule id="CR4">
<inputEntry><text>"DE","FR","US","GB","JP","AU","CA","NL","SE","DK","NO","FI","CH"</text></inputEntry>
<inputEntry><text>false</text></inputEntry>
<outputEntry><text>"LOW"</text></outputEntry>
<outputEntry><text>"Low-risk jurisdiction with strong AML framework"</text></outputEntry>
</rule>
<!-- Default -->
<rule id="CR5">
<inputEntry><text>-</text></inputEntry>
<inputEntry><text>false</text></inputEntry>
<outputEntry><text>"MEDIUM"</text></outputEntry>
<outputEntry><text>"Standard risk — insufficient data for low classification"</text></outputEntry>
</rule>
</decisionTable>
</decision>
<!-- ── FINANCIAL RISK CLASSIFICATION ── -->
<decision id="Decision_FinancialRisk" name="Financial Risk Level">
<informationRequirement id="IR_Financial2"><requiredInput href="#Input_CreditScore"/></informationRequirement>
<decisionTable id="DT_FinancialRisk" hitPolicy="FIRST">
<input id="In_CreditScore" label="Credit Score (0–100)">
<inputExpression typeRef="number"><text>creditScore</text></inputExpression>
</input>
<input id="In_YearsTrading" label="Years in Business">
<inputExpression typeRef="number"><text>yearsTrading</text></inputExpression>
</input>
<input id="In_ContractValue" label="Annual Contract Value (EUR)">
<inputExpression typeRef="number"><text>annualContractValue</text></inputExpression>
</input>
<output id="Out_FinancialRisk" name="financialRiskLevel" typeRef="string" label="Financial Risk Level"/>
<!-- High: Low credit + Large contract -->
<rule id="FR1">
<inputEntry><text>&lt; 40</text></inputEntry>
<inputEntry><text>-</text></inputEntry>
<inputEntry><text>-</text></inputEntry>
<outputEntry><text>"HIGH"</text></outputEntry>
</rule>
<!-- High: New company + Large contract -->
<rule id="FR2">
<inputEntry><text>-</text></inputEntry>
<inputEntry><text>&lt; 2</text></inputEntry>
<inputEntry><text>&gt;= 500000</text></inputEntry>
<outputEntry><text>"HIGH"</text></outputEntry>
</rule>
<!-- Medium: Moderate credit -->
<rule id="FR3">
<inputEntry><text>[40..70)</text></inputEntry>
<inputEntry><text>-</text></inputEntry>
<inputEntry><text>-</text></inputEntry>
<outputEntry><text>"MEDIUM"</text></outputEntry>
</rule>
<!-- Medium: Large contract regardless of credit -->
<rule id="FR4">
<inputEntry><text>-</text></inputEntry>
<inputEntry><text>-</text></inputEntry>
<inputEntry><text>&gt;= 1000000</text></inputEntry>
<outputEntry><text>"MEDIUM"</text></outputEntry>
</rule>
<!-- Low: Strong credit, established company -->
<rule id="FR5">
<inputEntry><text>&gt;= 70</text></inputEntry>
<inputEntry><text>&gt;= 3</text></inputEntry>
<inputEntry><text>&lt; 1000000</text></inputEntry>
<outputEntry><text>"LOW"</text></outputEntry>
</rule>
</decisionTable>
</decision>
<!-- INPUT DATA DEFINITIONS -->
<inputData id="Input_CountryCode" name="Country Code"/>
<inputData id="Input_OwnershipStructure" name="Ownership Structure"/>
<inputData id="Input_CreditScore" name="Credit Score"/>
<dmndi:DMNDI>
<dmndi:DMNDiagram id="DMNDiagram_1">
<dmndi:DMNShape id="S_VendorRiskTier" dmnElementRef="Decision_VendorRiskTier"><dc:Bounds x="350" y="80" width="200" height="80"/></dmndi:DMNShape>
<dmndi:DMNShape id="S_CountryRisk" dmnElementRef="Decision_CountryRisk"><dc:Bounds x="150" y="240" width="180" height="80"/></dmndi:DMNShape>
<dmndi:DMNShape id="S_FinancialRisk" dmnElementRef="Decision_FinancialRisk"><dc:Bounds x="380" y="240" width="180" height="80"/></dmndi:DMNShape>
<dmndi:DMNShape id="S_CountryCode" dmnElementRef="Input_CountryCode"><dc:Bounds x="150" y="390" width="125" height="45"/></dmndi:DMNShape>
<dmndi:DMNShape id="S_Ownership" dmnElementRef="Input_OwnershipStructure"><dc:Bounds x="610" y="150" width="125" height="45"/></dmndi:DMNShape>
<dmndi:DMNShape id="S_CreditScore" dmnElementRef="Input_CreditScore"><dc:Bounds x="380" y="390" width="125" height="45"/></dmndi:DMNShape>
<dmndi:DMNEdge id="E_CR" dmnElementRef="IR_Country"><di:waypoint x="240" y="240"/><di:waypoint x="400" y="160"/></dmndi:DMNEdge>
<dmndi:DMNEdge id="E_FR" dmnElementRef="IR_Financial"><di:waypoint x="470" y="240"/><di:waypoint x="450" y="160"/></dmndi:DMNEdge>
<dmndi:DMNEdge id="E_OW" dmnElementRef="IR_Ownership"><di:waypoint x="610" y="172"/><di:waypoint x="550" y="120"/></dmndi:DMNEdge>
<dmndi:DMNEdge id="E_CC" dmnElementRef="IR_Country2"><di:waypoint x="212" y="390"/><di:waypoint x="240" y="320"/></dmndi:DMNEdge>
<dmndi:DMNEdge id="E_CS" dmnElementRef="IR_Financial2"><di:waypoint x="442" y="390"/><di:waypoint x="470" y="320"/></dmndi:DMNEdge>
</dmndi:DMNDiagram>
</dmndi:DMNDI>
</definitions>