What Is Anti Bribery Due Diligence and Why It Matters?

Under the FCPA, a corporation can be held responsible for the corrupt conduct of employees and agents even if senior management did not authorize or know about the misconduct. The U.S. Department of Justice and the Securities and Exchange Commission have brought enforcement actions against major multinational firms, resulting in billion-dollar settlements and criminal convictions. Courts have interpreted the statute broadly, treating payments to foreign officials as violations even when the official's agency or status was ambiguous or when the payment was characterized as a commission or facilitation fee. From a practitioner's perspective, this expansive liability framework means that corporations cannot rely on disclaimers or contractual indemnities to shield themselves from regulatory exposure.

The FCPA itself does not prescribe a specific due diligence methodology, but the Department of Justice and SEC have issued guidance emphasizing that corporations should conduct reasonable due diligence tailored to the risk profile of the transaction and the jurisdiction. The Financial Action Task Force and other international bodies have published best practices that include third-party questionnaires, sanctions list screening, and verification of beneficial ownership. Regulators assess whether a corporation's due diligence program was reasonable and proportionate to the risk; a perfunctory or token investigation may not satisfy the standard, particularly in high-risk regions or when dealing with intermediaries whose role is unclear.

A typical due diligence review includes sanctions screening to verify that the third party does not appear on government watchlists, beneficial ownership verification to identify who controls the entity and whether those individuals have corruption histories, and background research into the third party's past business dealings and regulatory compliance record. Many corporations also conduct site visits or interviews with key personnel to assess the third party's compliance culture and understanding of anti-bribery obligations. The depth of investigation should scale with the risk; a routine vendor in a low-corruption jurisdiction may require minimal review, while a high-value distributor in a jurisdiction with elevated corruption risk may warrant extensive investigation and ongoing monitoring.

Corporations should document the due diligence process contemporaneously, including the methods used, the findings, and the rationale for proceeding or declining the relationship. This documentation becomes critical if regulators later investigate the transaction; a well-maintained record can demonstrate that the corporation exercised reasonable care. Legal due diligence processes should be integrated into the broader compliance program and reviewed periodically as business relationships evolve. Ongoing monitoring helps identify changes in a third party's status, such as a change in beneficial ownership or entry into a new jurisdiction where corruption risk is higher.

When a corporation discovers potential misconduct through internal controls or a whistleblower report, the investigation process often parallels and builds upon due diligence frameworks. Anti-corruption investigations may examine whether due diligence was conducted, what it revealed, and whether the corporation took appropriate action based on the findings. A robust due diligence process can demonstrate that the corporation acted in good faith and took corruption risks seriously, which may mitigate penalties if violations later emerge. Conversely, a weak or absent due diligence program can signal negligence or indifference to regulators and courts.

Regulators assess whether a corporation's due diligence and compliance program was reasonably designed and actually implemented. In New York and other jurisdictions, enforcement agencies may scrutinize whether due diligence reviews were conducted before high-risk transactions were approved, whether the corporation acted on red flags that emerged during investigation, and whether compliance personnel had sufficient authority and resources to block transactions that posed unacceptable corruption risk. A corporation that conducted due diligence but proceeded despite significant warning signs may face more severe penalties than one that had no program at all, because the conduct suggests deliberate indifference. Documentation of due diligence decisions, particularly decisions to proceed despite identified risks, becomes evidence in regulatory proceedings.