Skip to Content

Purchase Compliance

by
Odoo

287.09

v 19.0 Third Party
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Purchase (purchase)
Invoicing (account)
Lines of code 4777
Technical Name grev_od_purchase_compliance
LicenseOPL-1
Websitehttps://www.grevlin.com
You bought this module and need support? Click here!
Availability
Odoo Online
Odoo.sh
On Premise
Odoo Apps Dependencies Discuss (mail)
Purchase (purchase)
Invoicing (account)
Lines of code 4777
Technical Name grev_od_purchase_compliance
LicenseOPL-1
Websitehttps://www.grevlin.com

Enterprise Edition

Purchase Compliance

The complete enterprise procurement compliance platform —
KYC, sanctions screening, ESG, risk scoring, and immutable audit trails.

Odoo 19.0 OPL-1 License v2.1.0

Purchase Compliance turns your Odoo procurement workflow into a fully auditable, regulation-ready platform. From fuzzy-matched sanctions screening across OFAC / EU / UN lists to immutable SHA-256 hash-chained audit logs, every compliance event is captured, scored, and traceable — without touching a single purchase order.

⚙ Core Features

👤

KYC & UBO Register

Supplier due-diligence with document tracking, expiry alerts, and Ultimate Beneficial Owner registry with sanctions cross-check.

🔍

Fuzzy Sanctions Screening

Levenshtein-distance matching across OFAC, EU, UN, and internal blocklists. Auto-creates investigation cases on match.

📊

Multi-Dimensional Risk Scoring

Inherent and residual risk scoring with country-risk tiers, automated escalation matrix, and SLA enforcement.

🌿

ESG Compliance Profiles

EcoVadis, Sedex/SMETA, ISO 14001/45001, CSRD, LkSG, and modern-slavery attestation in one supplier profile.

Corrective Action Plans

CAP lifecycle with milestone tracking, verification steps, overdue detection, and closure sign-off workflow.

🔒

Immutable Audit Log

SHA-256 hash-chained event log. ORM-level write-block — no record can be altered after creation, by anyone.

📅

Regulatory Calendar

Jurisdiction-aware event calendar with impact assessment, automated reminders, and overdue escalation.

💻

OWL Command Center

Real-time OWL dashboard: KPI tiles, risk distribution, active cases, upcoming events, and recent alerts.

🚀 Advanced Capabilities

ABC Questionnaire Engine

PEP registry with e-attestation and periodic re-validation
Gifts & Hospitality Register

Policy-limit enforcement with approval workflow above threshold
Conflict of Interest Registry

COI declaration with automatic recusal workflow
Contract Clause Library

Standard clause templates + price deviation alerts with approval
Dual-Authorization

Four-eyes principle enforced at ORM level — cannot be bypassed
SLA Breach Detection

Hourly cron detects open/investigating cases past SLA deadline
Weekly Batch Sanctions Screen

Scheduled cron screens all active suppliers automatically
Multi-Company Isolation

Full record-rule security — each company sees only its own data

🎯 Who Is This For?

🛡

Compliance Officers

Monitor risk, manage cases, and enforce policy across all suppliers
💼

Procurement Managers

Ensure sourcing activities satisfy regulatory and internal policy
📈

Risk & Audit Teams

Access immutable audit logs and risk reports for internal audits

Legal & Regulatory

Maintain the regulatory calendar and contract clause library

5,000+

Suppliers Supported

4

Sanctions List Providers

SHA-256

Audit Chain Integrity

3-tier

RBAC Security Model

📰 Changelog

Version 2.1.0 Compliance Command Center & Dual-Auth
  • OWL Compliance Command Center dashboard with real-time KPI tiles and risk distribution
  • Dual-authorization (four-eyes) enforcement at ORM level — cannot be bypassed
  • UBO (Ultimate Beneficial Owner) register with sanctions cross-check
  • Gifts & Hospitality register with configurable policy-limit approval workflow
  • Conflict of Interest registry with automatic recusal enforcement
  • Contract clause library with price deviation alerts
  • Weekly batch sanctions screening cron for all active suppliers
  • CAP overdue detection cron with automatic status escalation
Version 2.0.0 Enterprise Platform Expansion
  • Fuzzy sanctions screening with Levenshtein-distance matching (OFAC/EU/UN/internal)
  • Multi-dimensional risk scoring: inherent, residual, and country-risk tiers
  • ESG profiles: EcoVadis, Sedex/SMETA, ISO 14001/45001, CSRD, LkSG, modern slavery
  • ABC questionnaire engine with PEP registry and e-attestation
  • Corrective Action Plans (CAP) with milestone tracking and verification
  • Immutable audit log with SHA-256 hash chaining (ORM write-blocked)
  • Regulatory calendar with jurisdiction profiles and impact assessment
  • SLA enforcement with automated hourly breach detection
Version 1.0.0 Initial Release
  • Supplier compliance profiles with KYC document tracking and expiry alerts
  • Configurable compliance rules by jurisdiction and category
  • Event compliance checks on RFQ, Negotiation, Purchase Order, and Shipment
  • Basic compliance scoring and status tracking
  • Role-based security: Compliance User, Officer, Manager

📞 Support & Contact

📧 Email

odoo@grevlin.com

🌐 Website

www.grevlin.com

💬 X / Twitter

@GrevlinGlobal
✅ 30 Days Free Support Included

Grevlin Global Corp.

Professional Odoo Solutions for Enterprise Procurement

Purchase Compliance

Enterprise procurement compliance platform — KYC, sanctions screening, ESG, risk scoring, corrective action plans, and an immutable SHA-256 audit trail.

Overview

Purchase Compliance enforces regulatory, internal-policy, and contractual obligations across the full procurement lifecycle without mutating source documents. All compliance data lives in its own models; purchase orders and RFQs are never altered by this module.

Key capabilities

  1. KYC & UBO — supplier due-diligence with document tracking, expiry alerts, and an Ultimate Beneficial Owner register with sanctions cross-check.
  2. Fuzzy Sanctions Screening — Levenshtein-distance matching against OFAC, EU, UN, and internal blocklists; creates investigation cases on match.
  3. Multi-Dimensional Risk Scoring — inherent and residual scores, country risk tiers, escalation matrix, and SLA enforcement.
  4. ESG Profiles — EcoVadis, Sedex/SMETA, ISO 14001/45001, CSRD, LkSG, and modern-slavery attestation.
  5. ABC / PEP Questionnaire — questionnaire engine with PEP registry and e-attestation; periodic re-validation reminders.
  6. Corrective Action Plans (CAP) — milestone tracking, verification steps, overdue detection cron, and manager sign-off closure.
  7. Immutable Audit Log — SHA-256 hash-chained event log; write() raises ValidationError unconditionally — no record can be altered.
  8. Regulatory Calendar — jurisdiction profiles, impact assessment, daily reminder cron, and overdue escalation.
  9. Gifts & Hospitality Register — configurable policy limits; approval workflow triggered above threshold.
  10. Conflict of Interest Registry — COI declaration form with automatic recusal enforcement.
  11. Contract Clause Library — standard clause templates with price deviation alerts and approval workflow.
  12. Dual-Authorization — four-eyes enforcement for exception resolution; bypassing is blocked at ORM level in action_resolve().
  13. OWL Compliance Command Center — real-time dashboard: KPI tiles, risk distribution, active cases, upcoming regulatory events, and recent alerts.
  14. Three-tier RBAC — Compliance User (read-only) / Compliance Officer (create & edit) / Compliance Manager (full CRUD, exception approval).
  15. Multi-company isolation — record rules on all primary models using ['|', ('company_id', '=', False), ('company_id', 'in', company_ids)].

Configuration

Installation

  1. Install the module from :menuselection:`Apps` (search for Purchase Compliance).
  2. Ensure the following standard modules are installed:
    • base, purchase, product, mail, uom
  3. Assign users to the appropriate security group (see Security groups).
  4. Optionally import your sanctions-list entries under :menuselection:`Compliance --> Configuration --> Sanctions Lists`.
  5. Configure country risk tiers under :menuselection:`Compliance --> Configuration --> Country Risk`.

Security groups

Group Permissions
Compliance User Read-only access to all compliance models
Compliance Officer Create and edit: profiles, documents, cases, CAPs, regulatory events
Compliance Manager Full CRUD; approve exceptions; manage rules, clause library, and config

Groups use implied_ids inheritance: Officer implies User; Manager implies Officer.

Usage

Supplier compliance profile

  1. Navigate to :menuselection:`Compliance --> Suppliers --> Compliance Profiles`.
  2. Click :guilabel:`New`.
  3. Select the supplier in the :guilabel:`Partner` field.
  4. Complete the profile tabs:
    • KYC — attach KYC documents; set expiry dates; mark :guilabel:`KYC Completed` and :guilabel:`Sanctions Check`.
    • UBO — add Ultimate Beneficial Owner entries; the system cross-checks UBO names against active sanctions lists.
    • ESG — select applicable frameworks (EcoVadis, Sedex, ISO 14001/45001, CSRD, LkSG, modern slavery); attach evidence documents.
    • Risk — inherent and residual risk scores are computed automatically from questionnaire results and country-risk tier.
  5. Click :guilabel:`Save`.

Note

The compliance status badge (Compliant / Pending / Non-Compliant / Expired) is recomputed every time a document expiry date is reached or a compliance event changes the supplier's score.

Running a sanctions screen

To screen a supplier on demand:

  1. Open the supplier's compliance profile.
  2. Click :guilabel:`Screen Sanctions` in the action bar.
  3. The service grev.purchase.compliance.service.run_sanctions_screening runs a Levenshtein fuzzy match against all active list entries.
  4. If a match is found above the configured threshold, an investigation case is created automatically and the officer is notified by Odoo activity.

The weekly batch cron runs the same logic across all active supplier names automatically every Monday at 02:00.

Managing cases

  1. Navigate to :menuselection:`Compliance --> Case Management --> Cases`.
  2. Cases are created automatically by compliance event checks or sanctions screening. They can also be raised manually.
  3. Progress a case through the stages: Open → Investigating → Resolved / Closed.
  4. Resolving a case flagged for dual-authorization requires a second approver different from the user who opened or last edited the case.

Important

action_resolve() enforces dual-authorization at the ORM level. The current user cannot be the same as the case owner. This check cannot be bypassed via the API or shell.

Corrective Action Plans

  1. From an open case, click :guilabel:`Create CAP`.
  2. Add milestone lines with target dates.
  3. As milestones are completed, mark them :guilabel:`Done`.
  4. The daily cron marks CAPs as Overdue when the due date passes with open milestones.
  5. The Compliance Manager closes the CAP after verifying all milestones.

Regulatory calendar

  1. Navigate to :menuselection:`Compliance --> Regulatory --> Calendar`.
  2. Create a regulatory event, selecting the jurisdiction profile and assigning an impact level.
  3. The daily reminder cron creates Odoo activities for events due within 30 days.
  4. Overdue events are escalated to the Compliance Manager automatically.

ABC questionnaire

  1. Navigate to :menuselection:`Compliance --> ABC --> Questionnaires`.
  2. Assign a questionnaire to a supplier; the supplier completes it via the portal (if the supplier portal module is installed) or internally.
  3. PEP status is declared and stored in the PEP registry.
  4. E-attestation timestamp and signatory are captured on submission.

Technical Details

Models

Model Description
grev.purchase.compliance.supplier Supplier compliance profile: KYC, UBO, ESG, risk, status
grev.purchase.compliance.document Compliance documents with expiry tracking and validity flag
grev.purchase.compliance.event.check Event-level compliance validation records (RFQ, PO, negotiation…)
grev.purchase.compliance.rule Configurable rules by jurisdiction, category, and event type
grev.purchase.compliance.case Investigation / incident case management with SLA tracking
grev.purchase.compliance.cap Corrective Action Plan header linked to a case
grev.purchase.compliance.cap.milestone Individual CAP milestone with target date and completion status
grev.purchase.compliance.risk Risk scoring record: inherent, residual, country tier
grev.purchase.compliance.sanctions.list Sanctions list entries (OFAC / EU / UN / internal)
grev.purchase.compliance.ubo Ultimate Beneficial Owner record linked to a supplier
grev.purchase.compliance.esg ESG framework attestation per supplier
grev.purchase.compliance.abc ABC questionnaire response and PEP declaration
grev.purchase.compliance.gifts Gifts & Hospitality register entry with policy-limit check
grev.purchase.compliance.coi Conflict of Interest declaration with recusal flag
grev.purchase.compliance.regulatory.event Regulatory calendar event with jurisdiction and impact level
grev.purchase.compliance.contract.clause Contract clause template with price-deviation alert config
grev.purchase.compliance.audit.log Immutable SHA-256 hash-chained audit event record

Important

grev.purchase.compliance.audit.log overrides write() at the ORM level to raise ValidationError unconditionally. No record in this model can be modified after creation — by any user or via the shell.

Key service methods

grev.purchase.compliance.service

Method Purpose
run_compliance_checks(record, event_type) Evaluates active rules; writes results to event.check
run_sanctions_screening(partner_id) Fuzzy-matches partner name; creates case on match
get_dashboard_data() Aggregates KPIs for the OWL Command Center

Scheduled actions (crons)

Cron Schedule Purpose
Compliance Document Expiry Daily Activities for documents expiring within 30 days
Compliance SLA Breach Check Hourly Detects open/investigating cases past SLA deadline
Compliance Sanctions Screening Weekly Batch fuzzy-screens all active supplier names
Regulatory Event Reminders Daily Reminders for upcoming regulatory deadlines
CAP Overdue Check Daily Marks CAPs as overdue past their due date

Performance

  • Sanctions screening: Levenshtein computed in Python on cached list entries
  • Supports 5,000+ supplier profiles
  • 20,000+ compliance documents
  • Stored computed fields on compliance_status and compliance_score
  • Indexed on partner_id, compliance_status, and company_id

Troubleshooting

Documents not showing as expired

Verify expiry dates are set. Run the Compliance Document Expiry cron manually from :menuselection:`Settings --> Technical --> Scheduled Actions`.

Sanctions screen not triggering automatically

Ensure the Compliance Sanctions Screening cron is active and the supplier has an active compliance profile (state = 'active').

Dual-authorization error on case resolution

The resolving user must differ from the case owner. Log in as a second Compliance Manager to approve.

Audit log records appear editable in developer mode

They are not. The ORM override raises ValidationError on any write() call — the form may appear editable visually, but saving will fail.

Odoo Proprietary License v1.0

This software and associated files (the "Software") may only be used (executed,
modified, executed after modifications) if you have purchased a valid license
from the authors, typically via Odoo Apps, or if you have received a written
agreement from the authors of the Software (see the COPYRIGHT file).

You may develop Odoo modules that use the Software as a library (typically
by depending on it, importing it and using its resources), but without copying
any source code or material from the Software. You may distribute those
modules under the license of your choice, provided that this license is
compatible with the terms of the Odoo Proprietary License (For example:
LGPL, MIT, or proprietary licenses similar to this one).

It is forbidden to publish, distribute, sublicense, or sell copies of the Software
or modified copies of the Software.

The above copyright notice and this permission notice must be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.

Please log in to comment on this module

  • The author can leave a single reply to each comment.
  • This section is meant to ask simple questions or leave a rating. Every report of a problem experienced while using the module should be addressed to the author directly (refer to the following point).
  • If you want to start a discussion with the author or have a question related to your purchase, please use the support page.