Close X
Attorney Spotlight

What emerging trend in shareholder litigation does Britt Latham find most interesting in his practice today?    Find out more>


Close X


Search our Experience

Experience Spotlight

Envision to Sell to KKR for $9.9 Billion

We represented Envision Healthcare Corporation (NYSE: EVHC) in its definitive agreement to sell to KKR in an all-cash transaction for $9.9 billion, including debt. KKR will pay $46 per Envision share in cash to buy the company, marking a 32 percent premium to the company's volume-weighted average share price from November 1, when Envision announced it was considering its options. The transaction is expected to close the fourth quarter of 2018. Read more

Envision Healthcare

Close X

Thought Leadership

Enter your search terms in the relevant box(es) below to search for specific Thought Leadership.
To see a recent listing of Thought Leadership, click the blue Search button below.

Thought Leadership Spotlight

Six Things to Know Before Buying a Physician Practice spotlight

Dermatology, ophthalmology, radiology, urology…the list goes on. Yet, in any physician practice management transaction, there are six key considerations that apply and, if not carefully managed, can derail a transaction. Download the 6 Things to Know Before Buying a Physician Practice to keep your physician practice management transactions on track.

Click here to download the guide.

FCPA Resource Guide Action Items, Issue 3 – Relationships with Third Parties


December 5, 2012

As we discussed in Issue 1 of this series on November 16, the Department of Justice ("DOJ") and Securities and Exchange Commission ("SEC") jointly published a Resource Guide to the U.S. Foreign Corrupt Practices Act (available here). The Guide covers an extensive array of topics and is a convenient one-stop resource on DOJ and SEC's expectations regarding corporate compliance programs. In Issue 2 on November 27, we examined seven DOJ and SEC expectations for corporate anti-corruption compliance programs generally and provided specific actions that companies can take to help address each one.

This alert will highlight the risks detailed in the Guide that can arise from third-party relationships and outline steps a company can take to identify suspect third parties initially or red flags after the third-party relationship has been formed.

Why You Should be Aware of Third-Party Risks

Although third parties often play a fundamental role in a company's business in foreign jurisdictions (e.g., identifying local opportunities, developing local relationships and advising on local customs), they also can pose significant corruption risk. The Guide reemphasizes that individuals and companies can be subject to civil and criminal penalties under the FCPA for corrupt payments to foreign officials made on their behalf by third parties – such as agents, consultants and distributors. In addition, DOJ and SEC make it clear that they use a low threshold when assessing whether a person or company possesses the requisite knowledge to be liable for a third-party's conduct. For example, they stress that a "head-in-the-sand" approach to, or conscious disregard of, unlawful third-party payments and conduct will not insulate an individual or company from criminal liability for such actions.

Common Third-Party Red Flags

To assist companies in understanding third party risk, DOJ and SEC identify these common red flags in the Guide:

  • "excessive commissions to third-party agents or consultants;"
  • "unreasonably large discounts to third-party distributors;"
  • "vaguely described services" within third-party consulting agreements;
  • the third party's line of business differs from that for which it has been engaged;
  • "the third party is related to or closely associated with the foreign official;"
  • a foreign official initiated or requested the third party's involvement;
  • the third party is "a shell company incorporated in an offshore jurisdiction;" and 
  • the third party requests payment to offshore bank accounts."

To reduce the risk of these red flags arising, and to identify them when they do occur, the Guide includes recommendations that a company conduct risk-based due diligence before engaging a third party and routine oversight of third parties with whom it currently does business.

Due Diligence and Monitoring of Third Parties

In the Guide, DOJ and SEC emphasize that one of the hallmarks of an effective anti-corruption compliance program is risk-based due diligence of third parties. A due diligence program should be scaled according to the characteristics of the third-party engagement, including:

  • the historical relationship with the third party;
  • the size and nature of the transaction; and
  • the industry and country involved in the transaction.

While DOJ and SEC discourage a static, one-size-fits-all approach to addressing third-party risk, the Guide does include guiding principles that can assist in-house counsel and compliance officers in assessing whether their company's due diligence and oversight of third parties is sufficiently robust:


Learn the Third Party's Background. A critical part of any risk-based due diligence is the review of a third party's credentials and affiliations – particularly its business reputation and any relationships with foreign officials. This review should occur before using the third party and intensify as red flags appear.

Action Items: (1) Perform background and reference checks on the third party; (2) require the third party to complete a due diligence questionnaire (including questions on relationships with foreign officials); and (3) screen the third party against sanctions databases.


Understand the Business Purpose for the Third-Party Relationship. Understanding a third party's role – from a business perspective – in a given transaction is essential to assessing the third party's corruption risk. A company should be wary of involving a third party in a transaction if it does not have a lawful and legitimate business rationale for the third party's involvement.

Action Items: Some actions a company can take to ensure a third party is engaged for the right reasons include:

  1. ensure the third party's contract terms specifically describe the services to be performed;
  2. assess the difference, if any, between the third party's payment terms and the payment norms within the industry, country involved, and company;
  3. determine the circumstances surrounding the third party's entrance into the business; and
  4. audit the payments to the third party to ensure that its compensation is consistent with the services performed and that the services specifically described in the contract are actually being done.


Make the Third Party Aware of Your Commitment to Compliance. DOJ and SEC noted in the Guide that they "also assess whether the company has informed third parties of the company's compliance program and commitment to ethical and lawful business practices."

Action Items: (1) Ensure your company's retention agreement with the third party contains representations, warranties and covenants by the third party regarding compliance with the FCPA and the anti-corruption laws applicable to the third party and company, in addition to termination rights for your company; and (2) consider requiring the third party to complete anti-corruption training and/or requesting reciprocal compliance assurances from the third party (e.g., through certifications) based on risk.


Monitor Your Third-Party Relationships Routinely. Companies should periodically assess the effectiveness of their due diligence and third-party anti-corruption compliance training.

Action Items: Based on risk, (1) exercise contractual audit rights; (2) seek annual compliance certifications from the third party; and (3) assess the sufficiency of the company employees' oversight of the third party's work and conduct.


Third-party relationships will continue to be an area of significant corruption risk for companies conducting business internationally. A recent survey by Kroll Advisory Solutions of corporate compliance officers at U.S. multinational corporations found that third parties pose the largest overall risk for corporate compliance programs. To mitigate this risk, companies should be diligent in understanding and identifying third-party red flags and implementing risk-based due diligence throughout the lifetime of a third-party relationship, based in part on the guiding principles noted above. However, these efforts to prevent and detect third-party problems will be mostly futile if a company fails to address a problem with meaningful action, such as determining the scope of the problem through an internal investigation, cutting ties with culpable third parties and updating your compliance program to reduce the risk of recurrence.

Next in the Series:

We will examine the government's specific compliance expectations regarding gifts, hospitality and entertainment in our next alert. M&A and confidential reporting/internal investigations will be addressed in future installments of this client alert series.

If you have any questions about this alert, the Resource Guide, or other anti-corruption issues, contact one of the members of Bass, Berry & Sims PLC's Global Anti-Corruption team.

In Case You Missed It:

Related Services


Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.