Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Zen and the Art of Third Party Compliance

In the 1974 novel Zen and the Art of Motorcycle Maintenance, author Robert M. Pirsig describes two approaches to life: the “romantic” and the “classical.”

The romantic approach is symbolized by a character who buys a new motorcycle, but does not know how to maintain it. Rather, he hopes for the best, and when problems occur he gets frustrated and needs to hire someone to fix it.

The classical approach is symbolized by the main character who has an old motorcycle that he is able to diagnose and repair himself through the use of rational, problem solving skills. He explains that there is a Zen-like peace that comes from being forced to pay continual attention and intercept problems before they get out of control.

Third party compliance is a lot like motorcycle maintenance. And, according to the results of our recent 2012 FCPA Benchmarking Study, there are still many romantics out there who are hoping for the best despite the steady increase in FCPA and UK Bribery Act enforcements over the last several years. Let’s take a quick look at some of the numbers.  When we surveyed 139 senior corporate compliance executives from US companies ranging in size from $100 million to more than $10 billion in revenues per year, we found the following:

  • 70 percent of respondents characterized their anti-bribery compliance level as very well prepared, while 23 percent said they were somewhat well prepared, 4 percent said they were extremely well prepared and 3 percent said they were not very prepared.
  • While 99 percent of respondents said they had anti-bribery provisions for employees in their companies’ codes of conduct, only 73 percent have the same in place for third parties. 71 percent require third parties to complete a disclosure listing affiliations with foreign officials, 65 percent verify that third parties adhere to the company’s code of ethics and 73 percent confirm that each third party is free from sanctions pertaining to compliance with anti-bribery regulation.

There is a major discrepancy between these two sets of numbers. The majority of corporate compliance officers believe they have their bases covered when it comes to compliance with the FCPA and UK Bribery Act. Yet, when it comes to third parties, their vetting procedures are less rigorous than those they implement for employees.

This is a problem when you consider that third parties are often the weakest link in the compliance chain.  Virtually every major FCPA case prosecuted over the last five years has focused on a bribe facilitated by an agent or third party to the parent company.

How can we reconcile this?  As we’ve discussed this issue with hundreds of multinational compliance officers over the last several months, it’s become clear that problem is the perceived unwieldiness of the third party ecosystem in most companies. The concern is legitimate.

In our survey, 77 percent of respondents said they work with third parties to do business abroad and 37 percent said they do business with between 100 and 1,000 different third parties. Twenty seven percent said they work with between 1,000 and 10,000 different third parties and 17 percent said they work with between 10,000 and 100,000 different third parties.

Like a motorcycle engine, multinational third party relationships are complex machines with lots of moving parts. But there is also a peace of mind that can only come from constant monitoring and maintenance on this machine. They key for compliance officers in today’s multinationals is to get the C-suite to start to recognize that maintenance is always more effective than a repair. In many ways the role of the compliance officer in the age of heightened FCPA scrutiny is that of hyper-vigilant monitor, who has the correct diagnostic systems in place to intercept problems before they result in a systemic failure. Until their third party diagnostics are in line with the rest of their compliance programs, however, most are just hoping for the best.


Michael Varnum, pictured above, is a managing director at Kroll Risk and Compliance, a sponsor of the FCPA Blog. He focuses on the development of anti-corruption and AML due diligence, as well as fraud and financial crimes investigations. He can be contacted here.

Share this post


Comments are closed for this article!