The 2018 revision of the U.S. Department of Justice’s guidance on the Foreign Corrupt Practices Act (FCPA) marked a significant shift in how manufacturers and exporters were expected to monitor their third-party relationships. The new guidance emphasized the need for companies to take concrete, documented steps in verifying the integrity of overseas agents, distributors, and other intermediaries. For supply chains with operations or partners in regions deemed higher risk, this heightened due diligence standard became a critical compliance priority.
At the core of this updated requirement was the expectation that firms would go beyond superficial screenings. It was no longer sufficient to simply record that a supplier or agent had been vetted. Instead, the DOJ guidance called for evidence that companies had actively and systematically checked their intermediaries against credible external data sources. A primary reference point for this verification process became the open sanction lists maintained by the Office of Foreign Assets Control (OFAC), which are regularly updated with names of entities and individuals subject to U.S. sanctions.
To operationalize these checks, many manufacturers began by building internal workflows that integrated OFAC data into their onboarding and periodic review processes for agents and suppliers. This involved setting up automated queries of the OFAC sanctions database during supplier registration, as well as establishing routines for quarterly or semi-annual re-screenings. Where feasible, firms incorporated additional enforcement data sets, such as those available from Interpol, the World Bank’s debarment list, or regional anti-corruption bodies, to build a broader picture of intermediary risk.
Constructing a comprehensive “flagged intermediary” watchlist required a methodical approach. Organizations typically started by aggregating open global enforcement data into a centralized, searchable repository. This included not only sanction designations but also records of prior legal actions, enforcement fines, or documented compliance failures involving third parties. Cross-referencing this data against their own supplier master files allowed compliance teams to identify overlaps or potential red flags. Special attention was paid to entities operating in sectors or jurisdictions associated with higher corruption risk, where the likelihood of encountering questionable practices was statistically greater.
Building and maintaining this watchlist was not a one-time exercise. Teams needed to assign responsibility for its ongoing curation, ensuring that new enforcement actions or sanction updates were promptly reflected in their internal systems. In many cases, compliance functions developed protocols for escalating potential matches to legal or ethics committees, which would assess the relevance and materiality of the flagged information and determine the appropriate course of action.
To complement these technical measures, manufacturers introduced annual supplier-attestation questionnaires as part of their FCPA compliance programs. These questionnaires served as a formal mechanism for suppliers, agents, and intermediaries to affirm their adherence to anti-corruption policies, disclose any potential conflicts of interest, and confirm that they were not subject to any sanctions or debarment. Templates for these attestations typically included standard declarations regarding compliance with FCPA requirements, as well as tailored questions reflecting the company’s specific risk profile or operating geographies.
Drafting these attestation forms required balancing thoroughness with clarity. Overly complex forms risked alienating suppliers or generating incomplete responses, while forms that were too generic failed to elicit the necessary assurances. Many firms piloted their questionnaires with a subset of suppliers before rolling them out broadly, refining the language and format based on initial feedback. The annual cycle of distributing, collecting, and reviewing these attestations became an integral part of the broader compliance calendar, often aligned with supplier performance reviews or contract renewals.
The revised FCPA guidance made clear that documentation of these due diligence steps was as important as the actions themselves. Companies that could demonstrate a robust, data-driven approach to intermediary screening and monitoring positioned themselves more favorably in the event of an investigation or audit. Beyond mere compliance, these practices contributed to stronger supply-chain governance overall, reducing exposure to legal and reputational risks associated with unethical third-party conduct.
By embracing open enforcement data sources and formalizing their supplier due diligence protocols, manufacturers took important steps in aligning their operations with the DOJ’s evolving expectations. The process not only fulfilled regulatory obligations but also reinforced ethical standards across increasingly complex and globalized supply chains.