FCPA Guidelines for Third-Party Red Flags

“DOJ’s and SEC’s FCPA enforcement actions demonstrate that third parties, including agents, consultants, and distributors, are commonly used to conceal the payment of bribes to foreign officials in international business transactions. Risk-based due diligence is particularly important with third parties and will also be considered by DOJ and SEC in assessing the effectiveness of a company’s compliance program.”


Recent DOJ/SEC FCPA guidelines provide three principles that “always” apply to third-party compliance:

  • Principle #1: Companies should understand the qualifications and associations of its third-party partners, including its business reputation and relationship, if any, with foreign officials. The degree of scrutiny should increase as red flags surface.
  • Principle #2: Companies should have an understanding of the business rationale for including the third party in the transaction. This includes understanding the role of and need for the third party and ensuring that the contract terms specifically describe the services to be performed.
  • Principle #3: Companies should undertake some form of ongoing monitoring of third-party relationships. This may include updating due diligence periodically, exercising audit rights, providing periodic training, and requesting annual compliance certifications by the third party.

The DOJ/SEC Guide also provides a list of common red flags associated with third parties.

  • Excessive commissions to third-party agents or consultants.
  • Unreasonably large discounts to third-party distributors.
  • Third-party “consulting agreements” that include only vaguely described services.
  • The third-party consultant is in a different line of business than that for which it has been engaged.
  • The third party is related to or closely associated with the foreign official.
  • The third party became part of the transaction at the express request or insistence of the foreign official.
  • The third party is merely a shell company incorporated in an offshore jurisdiction.
  • The third party requests payment to offshore bank accounts.


Request More Information

To learn more about how we can help your organization build a risk-based, credible and defensible third-party compliance program contact a STEELE client director now.