Scroll · Space · ↓ to continue
CoupaPrincipal PM · Supplier Experience — Panel case

Verify once.
Trust everywhere.

A product proposal for Coupa's next chapter of Verified — turning the network's existing knowledge into something buyers can actually rely on before money moves.

A wedge into Coupa's next revenue line
Alejandro Arriola·Principal PM · Supplier Experience·Coupa Panel · July 14, 2026
02/The map
The map

From a hidden tax → to a moat only Coupa can build.

The problem is structural. The mechanism is one credential. The plan validates before it codes.

Chapter01
The Problem
The Trust Tax — and its three victims. Why only Coupa can fix it.
§03 — §04 · 3:00
Chapter02
The Product
The flywheel · four properties · Passport · live demo · value exchange.
§05 — §09 · 7:45
Chapter03
The Execution
Launch & metrics · business model · size · build vs partner · cost of nothing.
§10 — §16 · 9:15
+ Q&A appendix — cannibalization · liability · alternatives rejected
03/The Trust Tax · three victims
The hidden Trust Tax

One broken mechanism. Three victims.

Verification doesn't travel across buyers — so the supplier repeats, the buyer re-verifies, and Coupa watches the value leak to third parties. Same root cause. Three bills.

Pays for nothing
Supplier
$49/mo
for Verified — still gets asked for the same docs 4×

Our Coupa Verified badge cost us months of back-and-forth and it still doesn't travel — every new customer restarts the diligence.

Supplier ops lead · industrial services
Root cause
The badge is static reputation — not a reusable fact.
Pays $50K+/yr · absorbs the fraud
Buyer
63%
of BEC fraud is vendor impersonation · $2.9B lost in 2023

A vendor called to update banking info. Voice matched. Email matched. It was a $340K wire fraud.

Controller · US healthcare group
Root cause
Every verification dies in its silo. No continuous signal.
Owns the network · rents the trust
Coupa
$3M
SIM Premium ARR — stagnant · duplicates never monetized

The trust layer sits with Trulioo and D&B. Coupa sells the portal — not the confidence.

Observation · this proposal
Root cause
Gave the trust layer to third parties. Charges for the portal, not the signal.
One mechanism
Fix the mechanism — make verification portable and reusable — and all three bills stop compounding at once.
04/Only Coupa
Why only Coupa

Only Coupa sits in the middle of the network.

The same supplier is verified by four buyers, four times, in parallel — every week. No single buyer can fix that. No third-party verifier has the buyer pull. The platform they all share does.

All three victims sit here: the supplier already registered, the buyer already paying, the network already built. Fixing this from anywhere else means rebuilding what Coupa already has.

Today
4 identical verifications
WalmartNikeMicrosoftCoca-ColaSupplierVERIFIED · 4×
Every buyer runs the same KYB, bank check and document review — independently.
With Trust Passport
1 verification · reused N×
WalmartNikeMicrosoftCoca-ColaCOUPATRUST LAYERSupplierVERIFIED · 1×
Coupa verifies once, holds consent, and lets every connected buyer reuse the same signed facts.
3M+
Active suppliers
Already verified by someone on the network
2K+
Buying organizations
Each asking independently, from scratch
>25%
Suppliers connected to multiple buyers
Measurable duplication, today
05/The flywheel
Sitting in the middle isn't enough — the position has to compound

Every verification makes the next one cheaper, faster, and more required.

A portal is a feature. A flywheel is a moat. Before we get to what we build, this is the loop it has to create — and why the loop only closes where suppliers and buyers already share a network.

THE METERTrust ReuseRate1
Suppliers register facts
2
Buyers reuse day-one
3
Verification cost drops
4
Buyers require it upstream
5
Suppliers see doors open
6
More suppliers rush in
clockwise · one turn compounds the next
Why Trust Reuse Rate matters

% of verification requests answered from facts the network already holds — instead of triggering a fresh KYB, doc chase, or bank check.

Month 3
> 15%
Wedge working
Month 12
> 40%
Flywheel on
Year 3
> 70%
Reuse is infra
Why the loop only closes for Coupa
  • · A standalone verifier (Trulioo, D&B) has suppliers but no buyer pull — no loop.
  • · A single buyer (SAP, Ariba tenant) has policy but can't force reuse outside its walls.
  • · Coupa is the only place both sides already stand — 3M suppliers, 2K buyers, one graph.
06/Four properties
What would it take

What would it take to break the cycle?

Any real fix has to be all four at once. Miss one and it collapses back into a badge — the thing we already have.

01
Portable
1 verification → N buyers
Verified once, it moves with the supplier — from Walmart to Nike to Microsoft without redoing the work.
02
Consented
Supplier owns the switch
The supplier grants or revokes access per buyer. Trust travels with permission, never by scraping.
03
Evidence-backed
Source + timestamp per fact
An audit trail a compliance officer can accept. Not a score, not a badge — provenance a CFO can defend.
04
Current
Alerts in < 5 minutes
Trust expires. Bank, ownership, sanctions changes trigger real-time alerts to every subscribed buyer.

Notice what's not on that list: identity alone. Identity says who you are. Buyers need verified facts they can act on — can I pay you today, is this bank verified, did anything change since last month.

07/The Trust Passport
Introducing

The Trust Passport.

One portable source of verified business facts — owned by the supplier, reused with consent by every buyer on Coupa. Identity, bank, evidence, and continuous monitoring, in one signed record.

Governance principle · who owns what
Supplier
owns consent
Coupa
owns the rail
Buyer
owns the policy

Coupa doesn't replace buyer approval — it replaces manual evidence collection. The final call is always the buyer's. Data residency and GDPR scope live with the supplier's consent.

“ Suppliers don't wake up wanting a passport. They wake up wanting to get paid faster. ”

CoupaTrust Passport
v1 · Live
Legal entity
Acme Manufacturing, LLC
DUNS 04-311-8829 · EIN 87-2314556 · Delaware, US
100% verified
Legal entityvia Trulioo
Acme Manufacturing, LLC · DE, US · Active
Verified
Bank accountvia Plaid
Wells Fargo · ***4821 · Verified 3 hrs ago
Verified
Tax certificatevia IRS TIN Match
EIN 87-2314556 · matches legal entity
Verified
Sanctions & UBOvia Refinitiv
OFAC · EU · UK · UN · UBO chain traced
Verified
Insurancevia Marsh COI
GL $2M · Auto $1M · Expires 2026-11-14
Verified
Consent · Audit trail · ContinuousShareable · Immutable · v1
08/Advocacy — the product does the work
Advocacy without asking

You don't ask buyers to push suppliers.
The product makes verified the default.

Today · a project
  • Buyer emails: please get Verified
  • Supplier ignores or delays
  • Buyer does manual verification anyway
  • Nothing changes for the next buyer
Passport · a toggle
  • Buyer configures requirements once
  • Verified suppliers arrive 85% complete
  • Unverified fall to manual review
  • Every buyer benefits, from day one
Incentive · 01
Auto-approve bank changes ≤ threshold
Passport-verified suppliers skip manual re-vetting on low-risk bank updates. AP saves hours, fraud alert still fires.
Incentive · 02
Fast-track payment SLA
Verified suppliers get a 3-day first-payment SLA vs 10+. The supplier wants to be Verified because it accelerates cash.
Incentive · 03
Preferred-supplier surface
Verified badge is default-visible in buyer search + sourcing events — buyers filter on it, so suppliers self-select in.

Everything so far has been strategy. Let me show you what the supplier actually experiences →

08b/DEMO — Supplier view
Live prototype · You are the supplier

In about 4 minutes, your Passport is done — forever.

Pre-filled via Scoutbee · ~85% match on public records
2/5
CoupaTrust Passport
v1 · Live
Legal entity
Acme Manufacturing, LLC
DUNS 04-311-8829 · EIN 87-2314556 · Delaware, US
40% verified
Legal entityvia Trulioo
Acme Manufacturing, LLC · DE, US
Verified
Bank accountvia Plaid
Wells Fargo · ***4821
Verified
Tax certificate
EIN 87-2314556
Sanctions & UBO
OFAC · EU · UK · UN screens
Insurance
GL $2M · Auto $1M
Consent · Audit trail · ContinuousShareable · Immutable · v1
08c/DEMO — Buyer view
Live prototype · You are the buyer

Approve in seconds, not weeks.

Onboarding queue
Time to approve4.2 days90 seconds
Passport received · verified by Coupa
Acme Manufacturing, LLC
Passport reused from 3 other buyers · 100% match
Est. annual spend
$182,400 / yr
Legal entityVerifiedvia Trulioo
Acme Manufacturing, LLC · DE, US · Active
Bank accountVerifiedvia Plaid
Wells Fargo · ***4821 · verified 3 hrs ago
Tax certificateVerifiedvia IRS
EIN 87-2314556 · matches legal entity
Sanctions & UBOVerifiedvia Refinitiv
OFAC · EU · UK · UN · UBO chain traced
InsuranceVerifiedvia Marsh COI
GL $2M · Auto $1M · exp 2026-11-14
Final call: you · Coupa only removes the doc chase
Show audit trail
  • · 14:22:07 · Passport read · consent scope = onboarding
  • · 14:22:07 · Identity, bank, tax, sanctions, insurance — signed sources logged
08d/DEMO — Bank-change alert
Buyer view · this exact moment is where fraud happens today

The supplier changed banks with one buyer.The other 46 find out in the same minute.

!
Passport event · 4 minutes ago
Nordic Components AB — bank account changed
Old: Handelsbanken · ***4488 → New: Handelsbanken · ***9902. Changed on Nike's Coupa instance. Approvals across all connected buyers are paused until re-verified.
✓ Supplier re-consent request sent✓ 47 buyers notified✓ Audit trail written
What used to happen

A fraudster emailed a buyer's AP team: “We changed banks, pay here.” The buyer wired the money before anyone noticed. Static verification missed this.

What happens now

Bank change is a Passport event. Every buyer subscribed to Nordic is alerted the moment it happens — and the supplier has to reconfirm before any buyer can approve a payment.

Supplier's Passport · buyer-side read
CoupaTrust Passport
v1 · Live
Legal entity
Nordic Components AB
DUNS 04-311-8829 · EIN 87-2314556 · Delaware, US
80% verified
!
Passport event · 4 min ago
Bank account changed — approvals paused until re-verified.
Legal entityvia Trulioo
Nordic Components AB · Sweden · Active
Verified
!
Bank accountvia Plaid · re-verifyingChanged · pending
Handelsbanken · ***9902 · new account — awaiting re-verification
Pending
Tax certificatevia SKV VAT
SE556677889901
Verified
Sanctions & UBOvia Refinitiv
Clean · reviewed 12 days ago
Verified
Insurancevia Broker COI
GL €5M · Cyber €2M
Verified
Consent · Audit trail · ContinuousShareable · Immutable · v1
What the 46 other buyers see, in the same minute.
09/Value exchange
Value exchange

Today the wrong side pays.

Suppliers pay $49 for a badge that changes no process — like the verified check on Instagram. The party in pain is the buyer. Time to move where the money is created.

Free
Supplier
  • Verify once, reuse everywhere
  • Faster time-to-revenue
  • Full consent control
~$20K/yr
Buyer
  • Onboarding in days, not weeks
  • $50K+ manual verification saved
  • Fewer fraud vectors — bank change alerts
$21M ARR path
Coupa
  • New buyer-side revenue module
  • Higher retention + switching costs
  • A compounding network asset
Strategy for change · we don't kill Verified, we split it
Verified today · $49/mo · supplier-paid
Discoverability badge
  • → "Supplier is who they say they are"
  • → Better search rank on the network
  • → Buyers rarely require it — no economic pull
Verified tomorrow · Trust Passport · buyer-paid
Portable trust credential
  • ✓ Identity + bank + compliance, evidence-backed, current
  • ✓ Reusable across every buyer with consent + audit trail
  • ✓ Bank-change alerts and continuous monitoring
  • ✓ Verified Pro ($49) survives as a supplier-marketing add-on

Same SKU family, same brand equity, same onboarding UI. What changes is who pays and what the credential means.

10/Launch & metrics
Launch · measure · kill fast

North Star · Inputs · Guardrails · a Counter-metric that kills vanity.

North Star · Trust Reuse Rate
Month 12 of 24
33%
of verification requests answered from an existing Passport, instead of a fresh KYB / doc chase / bank check.
M3 · >15% wedgeM12 · >40% flywheel onY3 · >70% infra
Kill criterion · we stop if
Reuse Rate doesn't cross 15% in 90 days
…with the 3 design partners. Network won't reuse → we stop and reframe. No more code, no more roadmap. This is the honesty tax.
1
Wave 1 · Design partners
3 enterprise buyers · ~15,000 Passports bulk-created · no cold start
2
Wave 2 · Verified-connected
Buyers already on Verified suppliers · highest reuse probability
3
Wave 3 · GA
New packaging · ROI calculator · sales enablement
The metric pyramid · how we know it's real (not vanity)
Inputs
weekly
what drives the North Star
  • · Passports created
  • · Reuse requests / week
  • · Buyer policies configured
  • · Time-to-onboard (days)
Guardrails
monthly
must not degrade
  • · Supplier NPS ≥ baseline
  • · False-positive alerts < 2%
  • · Verified Pro GRR ≥ 90%
  • · Data-residency incidents = 0
Counter-metric
weekly
the anti-vanity check
  • · Buyer approval override rate
  • · Target: < 10% by month 12
  • · If reuse ↑ but overrides ↑ = fake
  • · Kills vanity reuse
Business outcomes
quarterly
lagging
  • · Buyer Trust ARR
  • · Fraud loss $ prevented
  • · Manual-verify hours saved
  • · Verified Pro GRR
11/Business model
Monetize where value is created

Free for the supplier. Paid by the buyer. Pro re-anchored to efficiency.

Why buyer-paid, not supplier-paid? The buyer captures the $50K+ savings and the fraud avoidance — they'll pay for outcomes. Suppliers already pay $49 for a badge that doesn't travel; charging them more breaks adoption right when the flywheel needs volume.

Supplier
Trust Passport
Freealways
  • · Verified identity + bank + docs
  • · Consent-scoped sharing
  • · Reused on every buyer
Buyer · NEW MODULE
Buyer Trust
~$20Kannual + ~$10/supplier
  • · Policy engine · one-time config
  • · Live Trust Reuse dashboard
  • · Bank-change alerts + audit trail
Supplier · repositioned
Verified Pro
$49monthly · efficiency
  • · Continuous monitoring
  • · Auto-renewals + analytics
  • · ERP + procurement sync
Buyer Trust ARR · live
Enterprise math: $20K base + ~6,000 suppliers × ~$10 reuse fee ≈ ~$80K. Every extra buyer reading the same Passport is near-zero marginal cost — that's where the margin lives.
Benchmark · Trulioo, D&B charge $8–$15 per business verification. We price at floor and capture the reuse margin.
ARR projection
$21.0M
Range $15M–$30M · target 3–5 yrs
Mid-market
450
= $9.0M
Enterprise
150
= $12.0M
Cannibalization · the honest number
$3M SIM Premium ARR is at risk.
Some suppliers today pay $49 for a badge that stops making sense once Passport is free. We call that out — we don't hide it.
Why it pays for itself in Wave 1
· Wave 1 target: 3 enterprise buyers × ~$80K = $240K new ARR in the first quarter.
· Break-even on cannibalization: ~38 buyers — well inside Wave 2.
· Verified Pro survives at $49 as a supplier-marketing add-on — different job-to-be-done, keeps ~40% of the base.
Net Year-3: replace $3M supplier revenue with ~$21M buyer-paid ARR — at higher margin.
Who signs the check · buyer-side ICP
Economic buyer · CFO
Signs on fraud loss + AP efficiency ROI
Sponsor · CPO / Head of Procurement
Owns supplier onboarding SLA — feels the pain daily
Champion · AP Ops + Supplier Enablement
Runs pilots, writes the internal business case
12/How big is this
How big is this

~$21M ARR path.
And that's the small number.

I sized this conservatively so it survives scrutiny. Deliberately outside this number: core retention, switching costs, and the foundation for payments, risk, compliance — plus agentic AI, which can only act on facts it can trust.

Range $15M – $30M
Defense · 30–40% adoption

30–40% sounds aggressive until you remember the buyer already pays Coupa. This isn't a new logo motion — it's a module attach against 2K live tenants with an ROI story their AP team writes themselves. Cut it in half (15–20%) and it's still a $10M+ line.

Why enterprise first, not mid-market? The flywheel needs supplier density day one — one Fortune 500 buyer brings ~5,000 suppliers, one mid-market buyer brings ~150. Mid-market enters Wave 2 with a self-serve motion, once the Passport pool is deep enough that reuse sells itself.

Why I'm confident on the small number
The buyer already writes the ROI. Every AP team can show the $50K they spend re-verifying known suppliers. We're not selling savings — we're giving them a line item to sign for.
2.5×
ROI, year one
<6mo
Payback per buyer
$10M+
Floor at half adoption
The math, rebuildable live
Buying orgs on Coupa
2,000
Adoption in 3–5 years
30–40%
Buyers reached
600–800
Mid-market · 450 × ~$20K
$9M
Enterprise · 150 × ~$80K
$12M
Total Buyer Trust ARR
≈ $21M
Unit economics · per buyer / yr
ACV (mid-market)
$20,000
Verification COGS · ~200 sup./yr × $10
−$2,000
Continuous monitoring + infra
−$1,500
Support + CS allocation
−$2,500
Gross margin
~70%
Buyer saves $50K+ manual work → pays $20K → nets $30K. We keep ~$14K gross. Both sides win the math.
Price to maximize network adoption — the compounding asset beats feature revenue.
13/How I'd build it
Team of 5 · learning velocity, not feature velocity

Validate before we code. Identity + bank is the wedge.

Phase 0
Weeks 1–6
1
Validate — zero code
15 buyer interviews · shadow 3 live onboardings · Van Westendorp pricing with 20 suppliers · 3 design-partner LOIs. Kill criterion: <70% buyers say they'd reuse a Passport-verified bank fact.
Bar · ≥70% reuse intent · 3 LOIs signed
Phase 1
Weeks 7–20
2
Identity + bank · beat the cold start
Passport MVP · consent · audit trail · bank-change alerts. Bulk-onboard the 3 design partners' top ~5,000 suppliers each — day-one Passport pool of ~15K so buyer #4 already sees reuse.
Bar · Trust Reuse > 15%
Phase 2
Months 6–12
3
Expand reuse · flywheel on
Compliance + insurance + sanctions. Continuous monitoring. Buyer policy engine — "No Passport, no PO" becomes configurable.
Bar · Trust Reuse > 40%
Phase 3
Year 2
4
Trust platform · Passport as infra
Third-party apps read the Passport via API. Payments, risk, compliance build on top. Agentic AI acts on Passport facts.
Bar · Passport required infra
Team of 5 · composition
  • 1 PMOwns the reuse loop and buyer policy scope
  • 3 Engineers1 platform · 1 integrations · 1 full-stack
  • 1 DesignerConsent flows, Passport UX, buyer dashboard
What we deliberately don't build
  • Reputation scores
  • AI fraud engines
  • Custom buyer workflows
  • In-house verification

Every “no” is what makes four engineers enough.

Risks I lose sleep over · and how we mitigate
Cold-start of reuse
First buyers see low reuse until network fills. Mitigate: bulk-Passport the 3 design partners' 5,000 suppliers each → day-one reuse.
False positive on bank alert
Wrongful hold breaks supplier trust. Mitigate: alert notifies, never blocks — buyer still approves. Confidence score, not a verdict.
Consent & data-residency (GDPR)
Supplier data crossing borders. Mitigate: supplier-owned consent scope per buyer + regional data zones from Phase 1.
14/Build vs partner
Build vs partner

We orchestrate trust. We don't build another verification company.

Partner · buy
Verification providers
Trulioo
KYB · business registry
Plaid
Bank-account validation
Refinitiv
Sanctions · UBO · watchlist
Dun & Bradstreet
Corporate hierarchy · D-U-N-S
Multiple providers · no lock-in · abstracted behind one layer
Scoutbee — Coupa's own AI discovery asset (acquired Oct 2025) — pre-populates up to ~80% of the Passport the moment a supplier arrives. The acquisition confirms the thesis: supplier data enrichment belongs inside the network.
Build · differentiate
Coupa builds the moat
  • Passport data model
  • Consent management
  • Audit trail & provenance
  • Verification orchestration
  • The reuse engine
  • Buyer policy engine
Integration problem · not research problem · 4 engineers suffice
"What if SAP Ariba ships this tomorrow?" · the moat
SAP Ariba · Basware · Tipalti
Can build the tech — but each is a walled garden. A Passport is only valuable if many buyers read it. Coupa's 3M-supplier / 2K-buyer overlap is the compounding asset, not the code.
Data providers (D&B, Trulioo)
Sell facts, not reuse. They have no consent layer, no buyer workflow, no policy engine. Perfect suppliers to us — bad competitors.
The real moat
Installed network + supplier consent + audit trail. Every new buyer makes the next Passport more valuable — a defensibility curve nobody can shortcut by shipping features.
15/Cost of doing nothing
If we don't spin this wheel

Someone else will own the trust layer of B2B.

Trulioo, D&B and vertical KYB players are already selling verification-as-a-service to our buyers. Every year we wait, the Trust Tax compounds — and the moat gets built on top of Coupa, not by Coupa.

$50K+
Per buyer, per year
Re-verifying suppliers already known to Coupa
>25%
Duplicated work
Suppliers verified by ≥2 buyers on our network
~14 days
Onboarding time
Every buyer redoes the same checks from zero
0%
Network reuse today
Nothing learned once travels to the next buyer
16/Close
Close

The supplier didn't have to prove itself again.
The network did it for them.

Today every buyer asks: can I trust this supplier?
My proposal changes the question: has the network already established that trust?

That's why the future of Verified isn't verification. It's reusable trust.

Three topics I kept in the appendix — pick one, or wherever you'd like