Skip to content.

The more things change, the more things stay the same. As compliance matures as an industry, we sometimes forget the foundational best-practices that our programs are built upon. Every so often, we revisit some of our most educational posts from the past. We think you’ll find they are just as relevant today.

Originally published June 2018

From a corruption risk perspective, companies should be looking at their third parties that act in a representative capacity. Look no further than the 2018 FCPA enforcement actions to date for examples, all of which have involved third-party intermediaries. In fact, more than 90 percent of all FCPA enforcement actions over the last forty years have been linked to the misconduct of third parties. Although it may seem like a straightforward task at first glance, determining which parties expose you to potential liability under anti-corruption laws may not be as simple as it seems. 

Turn Integrated Risk Management into Instant Risk Management

Introducing NAVEX IRM Out of the Box, our latest IRM solution that gets you up and running in weeks instead of months. Request your demo today to learn more

There are two general circumstances under which companies have been held liable for third-party misconduct under the FCPA:

  1. The subject company authorizes a third party to make improper payments to foreign officials
  2. The subject company makes a payment to a third party, knowing that all or a portion of the money will eventually be improperly paid to foreign officials

White Paper: A Prescriptive Guide to Third Party Risk Management

Of course, this brings us to ask when a company “knows” that a third party will make an improper payment. Under the FCPA, a person has the requisite knowledge to be liable when he or she is aware of the potential wrongdoing, cognizant of a high probability of the existence of such wrongdoing, or intentionally ignorant of the potential wrongdoing. In other words, Congress did not want to allow people to “sneak around” the FCPA by using a third party.

As Congress made clear, it meant to impose liability not only on those with actual knowledge of wrongdoing, but also on those who purposefully avoid actual knowledge:

[T]he so-called “head-in-the-sand” problem – variously described in the pertinent authorities as “conscious disregard,” “willful blindness” or “deliberate ignorance” – should be covered so that management officials could not take refuge from the Act’s prohibitions by their unwarranted obliviousness to any action (or inaction), language or other “signaling device” that should reasonably alert them of the “high probability” of an FCPA violation.

With this standard in mind, think through the anti-corruption risks that could arise when using agents, vendors, consultants, distributors and resellers, partners, and subcontractors.


An agent is the most obvious classification for a third party acting in a representative capacity. By definition, an agent is an entity authorized to represent the company. This might include sales and marketing representatives, business development agents, subcontractors, or trading companies, and – depending on how your company defines its risk – could encompass all of the categories below.  Agents are truly “standing in the shoes” of your company with authority to act on its behalf and pose substantial corruption risks.

Vendors & Suppliers

It is a common misconception that distancing a company, whether through an arms-length relationship or even a second-tier distributor or reseller, shields a company from FCPA liability.

Vendors and suppliers sell products and services to a company and are therefore a part of the company’s supply chain or procurement function. “After all,” some of your employees will think, “if we are simply receiving the product or service, how could we be held responsible for their conduct?” But if a global vendor or supplier acts on a company’s behalf with a foreign official or state-owned entity, that entity could still expose your company to liability. For example, if Company A buys specialized steel from China, and the steel vendor bribes Chinese regulators or customs officials to deliver that custom-ordered steel to Company A, depending of course on Company A’s awareness, Company A may very well expose itself to liability.

White Paper: 10 Steps to Success – Manual to Automated Third-Party Due Diligence


Consultants typically provide specialized services for companies in certain areas of competency.  Companies may retain internal consultants (those that only work within the company) or external consultants (those that act on behalf of the company interacting with parties outside of the company). This might include consulting services performed by professionals, such as lawyers, accountants, or lobbyists.  Do not be fooled by the fancy titles!  Consultants often act in a representative capacity in government interactions and should be classified according to the risks that they pose.

Distributors & Resellers

Although distributor arrangements may vary, a distributor is typically a wholesaler that buys goods in large quantities from a manufacturer, often at a discount, and independently resells the goods at a higher price to other dealers, resellers, or customers. Under these circumstances, the distributor may store products for resale. It is a common misconception that distancing a company, whether through an arms-length relationship or even a second-tier distributor or reseller, shields a company from FCPA liability. However, the lack of control or direct contractual privity does not preclude FCPA liability; rather, if a distributor receives a substantial discount and the company “knows” with a high probability that an improper payment to a government official may take place or has taken place, a company would be exposed to liability. Such potential liability extends to situations where a manufacturer may provide a commission, rebate or marketing fund allowance to a distributor knowing with a high probability that the distributor will make or has made an improper payment to a government official.  


Always remember to think about what value-add the third party is bringing to your company and that – no matter what – you cannot ignore your anti-corruption risk created by your third party’s conduct.

A partner often provides services within a defined scope in conjunction with a company, whether through joint venture agreement or otherwise. Similarly, to distributors, this is an area of risk that you may be tempted to disregard. Don’t! A company is not shielded from liability simply because the partner engaged in the misconduct. If a company chooses to associate itself with the partner, it is likely permitting the partner to act in a representative capacity. In turn, the company could be held liable for bribes perpetrated by the partner.   

Although it is easy to get wrapped up in certain third-party classifications (and their assumed levels of risk or lack thereof) without really thinking about how third parties will be performing their services, it is critical to analyze whether they are acting on your company’s behalf. While each of the third-party classifications mentioned above bears some level of risk, those risks can be properly mitigated by recognizing and performing the appropriate level of due diligence on a third party. Always remember to think about what value-add the third party is bringing to your company and that – no matter what – you cannot ignore your anti-corruption risk created by your third party’s conduct.

Benchmark Report: Third-Party Risk Management Benchmark Report