Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Compliance best practices across your supply chain

Companies increasingly understand the importance of strong vendor-compliance programs, but costly enforcement actions stemming from supply-chain mismanagement remain.

Two experts have a few training, monitoring and evaluating tips to share with us.

Before we get to the experts, consider that Japan has a supplier code of conduct for certain companies.

The Japan Electronics and Information Technology Industries Association’s (JEITA) supply-chain guidebook describes how companies should agressively audit their prospective and existing agents and suppliers to find those with the same values.

Hitachi has asked its key suppliers to undertake self-checks using the check sheet in the JEITA guide, and companies like Nokia include specific language about their supply-chain vetting on their websites.

The risk that vendors pose can vary considerably, depending on a number of factors, and so can your company’s risk tolerance. 

“But there are several steps all firms can take before retaining a supplier or agent,” said Jeremy Zucker, partner and co-chair of Dechert’s International Trade and Government Regulation practice.

“Your company should have agents certify that they have read and understand the firm’s anti-corruption policies and the applicable laws.

“You should ‘take their temperature’ for how well they understand the rules and how important risk controls are to them. Do reference checks and engage in training, documenting your efforts to do so,” Zucker said.

If possible, companies should use real-time monitoring to evaluate their supply chains, says Gary Giampetruzzi, partner at Paul Hastings LLP and former assistant general counsel and head of government investigations at Pfizer.

“In-house is best, but not always practical, so companies can use a myriad of outside providers to perform this monitoring.”

Zucker and Giampetruzzi both mention that audit rights are being placed into vendor agreements and the practice is becoming expected by regulators, and that it’s almost the norm for companies to exercise those rights now.

Audit rights give a company the right to access and analyze the books and accounts of the other party to an agreement.

“The audit right in your supplier agreement can be worded in such a way that it’s a periodic review — maybe each quarter or twice a year — or that it’s only exercised when you see a red flag,” said Zucker. “The important point is that if you have one, use it.”

These audits help compliance professionals in companies get a picture of who they are transacting with, how their money is being spent and where their products are going. And they contain questions asking the suppliers if they, in turn, are doing due diligence on their own sub-contractors.

All of this makes sense, but what do you do if you are trying to use agents or suppliers in a high-risk region, where the payment of bribes to government officials is common practice? Do you just avoid working there and damage your market share in the region?

Gaimpetruzzi did not think it typically comes down to having no viable choices when trying to stay in compliance with the Foreign Corrupt Practices Act and other anti-bribery laws.

“Simply telling the chosen vendor not to pay bribes is not going to pass any compliance program standard muster, but you can nonetheless proceed smartly with what you ask this vendor to do, and what you don’t let the vendor do. Whatever the remit, it will then be about putting real controls around it,” Giampetruzzi said.

“If you’re going to work in a higher-risk region of the world, enforcement officials will say you went in knowing you needed to elevate your due diligence oversight efforts,” Zucker said.

“Some firms make the choice not to work in certain regions because of the overly high risks they present,” he said.

It’s no easy feat, but here can be no weak links in a supply chain. The damage to a company’s bottom line and reputation require that great effort be put into risk controls in this area.


Julie DiMauro is the executive editor of FCPA Blog and can be reached here.  

Share this post


Comments are closed for this article!