Third party agents and consultants present some of the most dangerous pitfalls for companies looking to minimize their FCPA and anti-corruption risk. When companies conduct business through an agent, the companies relinquish a certain degree of control over their processes, and lose some measure of transparency in their anti-corruption compliance program. In spite of these process and program limitations, the FCPA and other anti-corruption laws may still hold a company liable for corrupt payments made on its behalf, even though the company has a diminished ability to police such corruption.

Whether or not there is an increased risk, there are many circumstances where working through a third party or other consultant makes sense from a business perspective. Third parties may have a particular expertise or knowledge that the company lacks, or they may have legitimate access to decision makers. In some parts of the world, working through an agent is the only means by which to do business. Companies must therefore do what they can to minimize the risk inherent with ceding some control over their potential liability to a third party.

Due diligence is critical for minimizing third party risk. The primary mechanism for combatting potential problems is not due diligence alone, but rather due diligence driven by a thorough risk assessment. Due diligence can be expensive, both in time and in money. A proper risk assessment should help to ensure the due diligence that is done is both targeted and effective. The risk assessment should tell a company which areas of its business are the most vulnerable to corruption issues, which will allow the company to focus its resources where they are most needed.

Just as some circumstances require more review in order to ensure corruption risks have been minimized, others can be just as effective with less intrusive oversight. An established agent operating in a low-risk environment, for example, requires less diligence than an unknown agent dealing with governments and industries in high-risk areas. A specific assessment tied to the potential agent will help the company make the business determination as to how best to focus the company's review. The best way to deploy limited resources in an effective manner is to match the need for due diligence to the potential for harm.

While the risk assessment should drive the scope and focus of the due diligence review, there are certain areas that companies should look at as part of any anti-corruption analysis. At a very basic level, it is not unusual to find consulting arrangements where no one within the company can articulate what specific tasks the agent will be performing on the company's behalf. If the company cannot identify the work that will be performed, or if the people responsible for hiring the agent cannot articulate a legitimate business purpose for the agent, the company needs to examine that potential relationship with a much more skeptical eye. Companies need to pay particularly close attention when the rationale for the engagement includes vague generalities, such as the consultant “understands the culture” or “has access” to the right people. Those facts may be true, but the company needs to know what specific tasks the agent will conduct in employing that knowledge or skill to ensure the purpose is legitimate. Beyond being able to articulate a business purpose for the engagement, companies must satisfy themselves that they understand the ownership structure or the other relationships between the third party entity and any government officials.

Other items that should be examined more closely if they arise as part of any due diligence review include:

  • Agents who ask for payments to be made through particular jurisdictions, or through parent or subsidiary companies with little obvious purpose
  • Compensation structures that are not matched to the tasks being performed by the agent, including arrangements such as success fees
  • Compensation amounts that are unusually high for the work being performed
  • Agents who are unwilling or unable to allow the company access to certain information, such as the identity of the individuals involved in their work, financial records or receipts related to the work performed
  • Agents who are unwilling or unable to provide representations and warranties regarding anti-corruption compliance, or to participate in the company's anti-corruption training

There are certain situations where companies must deal with foreign governments through third parties. Such engagements necessarily involve some degree of FCPA and anti-corruption risk, as the third parties working on behalf of the company are outside the company's immediate control. A thoughtful approach to due diligence will help a company to minimize its potential anti-corruption risks, and help to provide some assurance that the company's anti-corruption program is working as effectively as possible.