Risk - in enrolling a legal entity in order to invoice a customer the supplier is prompted to enter tax identification number and bank routing/account numbers. Although not required, this sensitive information if stored extends potential liability in the event of a data breach to the portal host (Medius) and us the customer.

Ask - strongly recommend removing these fields from the legal entity setup form.