Regulatory and compliance

How to minimize corruption and bribery risks when hiring a third party

Published on 22nd Sep 2021

There are different laws (FCPA, UK Bribery Act, the Spanish Criminal Code, to mention some) that set out the possibility of a company being considered liable for unlawful acts carried out by third parties, and with which the company has a relationship in the course of its business. Common agreements, such as consultancy or provision of services ones, may entail risks for the hiring company if it does not implement adequate internal measures to prevent and avoid any behaviour by a third party that is contrary to the principles of regulatory compliance, in particular, in matters of corruption and bribery.

In recent years, the rules and recommendations issued by legislators in different jurisdictions have been constant in relation to a company's need to analyse the efficacy of its compliance programmes, not only to avoid unlawful acts that its legal representatives or employees may commit, but also to avoid any misconduct from third parties, which are integrated into the perimeter of its corporate domain.

Although many companies have compliance policies in place for third parties, it has been proved that, occasionally, these programmes cannot detect and prevent unlawful acts from being committed by consultancy service providers, in particular in matters of corruption and bribery.

The key factors that companies should consider when contracting with third parties services providers could be summarized, mainly, in three points: (a) the nature of the agreement, (b) payment methods; and (c) a consultant's relationships with third parties when rendering services.

Regarding the first point, it is common that companies use and enter into consultancy agreements to regulate a broad number of services that, all too often, due to their variety, are not detailed or set out in the agreement or, even if specified, their description is usually vague and standard. This, added to the services not being orientated towards specific results (deliverable, reports, etc.) creates a margin of ambiguity that could entail corruption related risks.

Consultants' fees or commissions are another aspect that should be considered. These payments must be duly justified, be actual payments and their destination identified, to prevent, for instance, making payments in tax havens.

Regarding the relationships of these consultants with third parties, special attention is needed when, owing to the type of services, these are carried out with public officials. This factor must be considered as a red flag, because in some cases consultant use these relationships to facilitate commercial transactions.

Taking the above into account, it would be advisable to adopt different measures to minimize a potential corruption risk.

First, companies must set out clear internal policies to describe the protocols that must be adopted to contract with third parties. Additionally, there should be anticorruption and anti-bribery policies to which consultants should adhere. Likewise, companies must train and supervise employees to prevent and detect, respectively, any misconduct.

Secondly, carry out due diligence procedures to procure an adequate selection and supervision of any third parties that have a relationship with the company, ensuring that their conduct adjusts to its principles and values. That involves carrying out a process of which the following stages are worth specifying:

  1. A suitable selection of the third party with which the company will have a relationship, valuing any of the following: financial information, administrative record (probable penalties or fines), criminal record (probable sentences), scandals;
  2. An appropriate formalization of the relationship with the third party through the execution of an agreement with clauses related to compliance commitments (including, for instance, a consultant's obligation to issue annual certificates guaranteeing the fulfilment of the services), accuracy of the provided information, acceptance of the organization's values and policies, acceptance of the audit processes, as well as specific measures in the event of not complying with anticorruption and anti-bribery provisions;
  3. Finally, create and implement continuous verification compliance programmes that allow, firstly, the effective due diligence for hiring consultants and, secondly, the regular supervision of the relationships with them.

In addition to the above, it should be highlighted that companies need to duly record all the information generated and derived from the processes of the compliance programme.


* This article is current as of the date of its publication and does not necessarily reflect the present state of the law or relevant regulation.

Interested in hearing more from Osborne Clarke?

Upcoming Events