The use of third parties in a company’s efforts to expand its business, whether internationally, domestically or locally, is not only inevitable but necessary. From manufacturing to supply chain through to distribution and product services and support – and including many other key functions of a business previously handled internally (e.g., human resources, information technology, finance and audit) – there is a fast-growing outsourced business model that relies on third parties. Often, using third parties is cheaper, faster and more effective, rendering it a competitive necessity. Third parties can take the form of a company’s agent, intermediary, supplier, consultant or joint venture partner and can provide the company with invaluable and critical services, ranging from product design or delivery to legal or tax advice to sales opportunities. For example, a third party could provide crucial transportation of goods without which a company could not bring its product to market.
The modern approach of disaggregating business functions necessarily means that doing business through a number of third parties is the norm and not the exception, resulting in a growing volume and diversity of third parties that brings inherent corruption risks. Companies must be cognisant of such risks and prepared to mitigate them to maximise the third parties’ utility.
Pursuant to the strictures of the Foreign Corrupt Practices Act (FCPA), companies are prohibited from either directly or indirectly bribing non-US government officials to obtain business. Indirect bribes expressly include payments made by third parties acting on behalf, at the direction, or with the knowledge of the company.[2] To be liable under the FCPA, a company need not explicitly authorise the payment. As long as the company had a reasonable belief that the conduct was likely to occur, it can be held liable for the third party’s conduct. Knowledge of improper payments – or even the offer of anything of value – can be inferred from circumstances demonstrating a reasonable probability of illicit conduct.[3] Thus, companies cannot avoid liability by consciously disregarding or ignoring red flags suggest-ing that a bribe has been or will be offered, promised or made. Walmart’s settlement with the Secu-rities and Exchange Commission (SEC) and the Department of Justice (DOJ) is a perfect example of the FCPA’s unforgiving nature towards alleged deliberate ignorance.[4] In 2019, the SEC charged Walmart with violating the FCPA by failing to implement and operate a compliance programme sufficiently tailored to mitigate its risks. The order alleged that Walmart ignored red flags and corruption allegations when it expanded its business internationally, allowing its subsidiaries in Brazil, Mexico, China and India to use third-party intermediaries to make pay-ments to foreign government officials. Walmart allegedly failed to investigate and mitigate the risks and paid more than US$282 million in penalties and fines.[5]
A company’s exposure to liability for third-party actions is not unique to the FCPA. Anti-corruption laws in most countries hold companies culpable for third-party conduct.[6] Latin American countries are no exception. For example, Mexico has enacted a number of anti-corruption laws as part of its National Anti-Corruption System.[7] Under these laws, a company can be held liable for the actions of individuals who engage in corrupt offences on behalf of the company.[8] Brazil’s Clean Company Act takes this a step further. Under the Act, companies are held strictly liable for the corrupt conduct of their employees and agents.[9] Take Glencore International A.G. (Glencore) as an example. From 2007 to 2018, Glencore allegedly paid more than US$100 million to third-party intermediaries, with a portion allegedly intended to be used to reward government officials in Nigeria, Cameroon, Ivory Coast, Equatorial Guinea, Brazil, Venezuela and the Democratic Republic of the Congo.[10] The DOJ in its press release noted the involvement of high-level employees and agents of the company as an important factor in reaching the terms of the agreement.[11] In May 2022, Glencore agreed to pay over US$700 million in criminal fines and disgorgement to US authorities related to the conduct of its third-party intermediaries and accepted a three-year compliance monitorship.
