What this risk is, and why it matters
Third-party intermediaries (agents, distributors, consultants, sub-contractors, joint-venture partners) are the single largest source of corruption and sanctions-violation enforcement. Regulators treat the principal as strictly liable for the conduct of its third parties under most regimes. Due-diligence quality is the dominant defence; firms that document their due diligence consistently fare materially better than those that rely on relationship knowledge.
Legal and regulatory framework
FCPA Resource Guide, UK Bribery Act guidance and Sapin II implementation rules catalogue the due-diligence expectations regulators have made explicit. EU sanctions and OFAC secondary-sanctions reach apply equivalently to third parties. Recent enforcement has produced consent decrees imposing third-party-monitoring programmes for multi-year periods. The cost of inadequate due diligence is now visible at programme-design phase, not just at enforcement phase.
Typical scenarios and impact
Documented scenarios include sales-agent bribery schemes producing FCPA settlements in the nine-figure range; distributor-driven sanctions violations producing OFAC penalties; joint-venture partner misconduct triggering principal-firm reputational and disclosure exposure; sub-contractor labour and modern-slavery violations under emerging supply-chain disclosure regimes. Recent third-party-driven enforcement has averaged eight-figure outcomes per case.
Mitigation framework and when to engage an expert
Build a third-party risk-management programme with risk-rating, due-diligence procedures, contractual provisions, training delivery, ongoing monitoring and termination triggers. Document each step with evidence retainable at audit. Engage anti-bribery counsel at programme design; engage forensic due-diligence firms for high-risk third parties; engage sanctions counsel for any third party with adverse-media or beneficial-ownership concerns.