The Corruption Conundrum: Minimizing Risks Presented by Third Parties

Stay current on changes and developments in corporate law with a wide variety of resources and tools.

By Michael Bologna

Michael Boag is a managing director in the London office of Stroz Friedberg, an investigations, intelligence and risk management firm, where he manages an active caseload of due diligence assignments, asset traces and investigations as co-lead of the Intelligence & Due Diligence practice. His particular expertise is in regulatory compliance investigations in which he has extensive experience in leading multifaceted global investigations involving fraud and corruption issues. He has led a large number of in-depth due diligence assignments for a wide range of clients, including large financial institutions, private equity firms, multinationals and law firms.

Corruption committed in the course of conducting business is spreading in every country, in the private and public sectors alike. It is no less prevalent in the U.S. than anywhere else. The cause of this phenomenon is intensified competition, especially in, but hardly limited to, emerging or frontier markets. The repercussions are tangible. More than one in four business people worldwide report losing out on business because a competitor paid a bribe, according to Transparency International's 2013 “Global Corruption Barometer.”1

At the same time, law enforcement agencies around the globe are clamping down. Investigations and prosecutions involving corporate and governmental corruption are unmistakably on the rise. Chief among the infractions are bribery and other improper payments.

Even so, a key detail about these realities remains at risk of going overlooked: most companies set out to win and retain contracts and clients without the slightest intention of acting unscrupulously or without adequately suspecting they could get caught up in anything unscrupulous. Many of the companies that commit unethical business practices do so inadvertently. And the reason is often simple. They fall prey to relationships with the wrong third parties.

These third parties—generally local agents, suppliers, distributors, licensees, consultants and joint venture partners—are recruited to perform legitimate services through government officials in overseas transactions. And even though such third parties are non-employees, companies can be held liable for the actions they take. That fact is underscored by enforcement actions such as investigations and fines taken under the Foreign Corrupt Practices Act by the Department of Justice and the Securities and Exchange Commission.

It is critical to gain a clear understanding of the reputations and track records of third parties in order to mitigate such risks.

For example, Ralph Lauren Corp. admitted in 2013 that its Argentina subsidiary paid bribes to government and customs officials, and agreed to pay $1.6 million in penalties in a DOJ and SEC settlement.2 IBM agreed to a $10 million settlement on allegations of bribing Chinese and South Korean officials to win government contracts worth at least $54 million.3 The Stryker Corp. acknowledged bribing doctors and administrators at government-controlled hospitals in Argentina, Greece, Mexico, Poland and Romania, and paid the SEC $13.2 million for FCPA violations.4

Indeed, in 2013 the cost to a corporation of resolving an FCPA enforcement action spiked. The average “market rate,” covering fines, penalties, interest and ancillary expenses, grew to more than $80 million, almost four times higher than in 2012.5 By March 2014, the SEC had already undertaken more FCPA enforcement actions than it had in all of 2013.

So if a multinational business enterprise needs to learn a single lesson to prevent itself from doing anything corrupt, it's this: watch the company you keep.

After all, failure to screen and otherwise monitor these third-party relationships—partnerships that could be fraught with risk—could have serious consequences for an organization. At worst, it could be running afoul of such regulatory mandates as the FCPA. It could face lawsuits that lead to fines and penalties amounting to millions of dollars. It could be barred from doing business with public works and government procurement opportunities. The corporation's reputation could suffer inestimable and irrevocable damage, resulting in loss of revenues. Simply put, corruption increases the cost of doing business all around.

The question is, how do companies best maintain a high alert in their dealings with third parties, identify the telltale signs of potential problems and, in the process, mitigate the attendant risks?

Be Proactive

To begin, as we've learned from our own experience on the front lines with clients concerned about this very issue, operating reactively or ad hoc, otherwise improvising as you go along or following a once-over-lightly protocol will ultimately prove insufficient. Corporations can no longer afford the luxury of such a leisurely approach. Cutting corners in an effort to save time and money is a false economy, merely postponing problems sure to surface later.

Rather, to combat such risks, organizations should put in place an enterprise-wide anti-corruption framework, complete with all the right procedures. Deploying an effective top-down compliance program and anti-bribery strategy is recommended. They should permeate every aspect of the company's day-to-day operations.

That means the company should have a comprehensive, risk-based anti-corruption due diligence program. It should be geared to evaluating any and all third parties, placing the highest level of scrutiny on the riskiest relationship. Insist on unwavering accountability and transparency from these potential partners. So go recommendations from the DOJ's Criminal Division and the SEC's Enforcement Division in A Resource Guide to the U.S. Foreign Corrupt Practices Act.6 Particularly, the guide states: “Risk-based due diligence is particularly important with third parties and will also be considered by DOJ and SEC in assessing the effectiveness of a company's compliance program.”7

Above all, organizations should choose a reputable partner. Third parties are often critical to venturing overseas. But the challenges of doing so with a third party in a faraway market, given language and cultural differences, are obvious.

Due Diligence

Conducting due diligence should first entail an assessment of the risks involved. An overview along these lines should explore the level of corruption in a given country, the value of the business relationship at play, the structure of the contract or transactions, and the extent of government involvement and the industry sector in question. Context is key to gaining an accurate perspective. Navigating through this checklist of factors will enable an organization to robustly size up the potential risks and navigate accordingly.

Next should come an investigation proportionate to the suspected risk. A third-party relationship that qualifies as low risk, for example, would call for basic searches of sanctions issued as well as watch lists, and media and political exposure databases. In countries where corruption is more widespread, on the other hand, organizations should connect the dots among all participating parties. It may be relevant, for example, that a potential partner is a government official or simply an associate. A shareholding structure that appears unduly complicated and difficult to understand could rate as a red flag.

Public records can also yield intelligence that lends insight into a potential partner's experience, integrity and reputation. To wit, bankruptcy filings may reveal a partner with financial difficulties. Court records may show current or previous disputes with other international partners. Local media may have covered a corruption scandal implicating a prospective partner. A local regulator may have issued sanctions for failure to play by the rules. Perhaps the individual or organization was barred from a government tender for collusion.

Keep in mind that such information on whether a potential partner is in good standing may be retrieved in some countries only on the ground, through various registers and agencies, rather than online. Even then it may be limited, contradictory or biased politically or commercially. In other countries, records may be hard to come by at all, with media censorship of business activities coming into play. Whatever the case, take special care, given disparities in privacy and disclosure laws from country to country, to ensure that the company is accessing public records legally and ethically.

Lastly, a company must have explicit third-party due diligence policies that are clear and accessible to all employees. Staff must understand—i.e., live and breathe—these policies and know how they should be applied. That factor is fundamental.


When a company does due diligence right, the rewards are tangible: it lowers the risk of corruption in general and bribery in particular. The company gets the opportunity to expand its presence overseas without unduly dreading the repercussions.

1 Transparency Int'l, Global Corruption Barometer 2013 (July 19, 2013), available at

2 08 WCR 334 (5/17/13).

308 WCR 564 (8/9/13). The company reached a similar settlement in 2011.

408 WCR 762 (11/1/13).

5 Gibson Dunn & Crutcher LLP, 2013 Year-End FCPA Update (Jan. 6, 2014), available at

607 WCR 871 (11/16/12). U.S. Dep't of Justice and U.S. Sec. & Exch. Comm'n, A Resource Guide to the U.S. Foreign Corrupt Practices Act (November 2012), available at

7 Id

Request Corporate on Bloomberg Law