Strengthening Third‑Party Risk Management: Tackling Bribery and Corruption Under US Law

In a time of shifting enforcement priorities and evolving global expectations, companies operating in the US and abroad must ensure their third-party risk management (TPRM) frameworks are resilient, integrated, and strategically aligned with anti-bribery mandates like the Foreign Corrupt Practices Act (FCPA), Foreign Extortion Prevention Act (FEPA), and upcoming business transformations. 

 

1. Regulatory Landscape and Enforcement Dynamics

• Temporary FCPA enforcement pause: On February 10, 2025, an executive order directed the DOJ to pause FCPA enforcement for 180 days as it reviews existing guidelines; the dedicated FCPA enforcement team shrank from 32 to around 15 prosecutors (starcompliance.com, deloitte.wsj.com, reuters.com). 

• Enforcement may rebound: Experts caution that this pause does not repeal the FCPA, noting that past policy reviews in the Trump administration did not deter enforcement; civil actions under SEC jurisdiction continue as usual . 

• New tools in the anti-bribery toolkit: FEPA, enacted December 2023, empowers the DOJ to prosecute foreign officials who demand bribes—complementing the FCPA’s focus on supply-side conduct (en.wikipedia.org). 

Implication: Companies must maintain vigilance; regulatory environments may shift rapidly, but legal obligations and risks persist—especially as new laws add layers of accountability. 

 

2. Widening TPRM Risk Scope

• Broader risk landscape: Companies are now facing expanded vulnerabilities—AI-driven third-party tools, deep supply chain integration, and geopolitical shocks increase exposure to corruption and operational risks (auditboard.com). 

• Continuous due diligence essential: Firms must shift from one-off checks to ongoing, risk-tiered assessments—especially when operating in high-risk jurisdictions or emerging markets (americanconference.com). 

• Tech-driven resilience: AI and analytics platforms enable real-time screening, dynamic risk scoring, and prompt alerts—while blockchain pilots are emerging for creating tamper-proof audit trails . 

 

3. Best Practices: A Strategic Imperative

A layered and technology-enabled approach is the gold standard for preventing bribery within third-party ecosystems: 

1. Risk-based segmentation 

 Assign risk tiers to every third party based on country, role, intelligence indicators, and bribery exposure. Use FEPA and FCPA extensions to evaluate both ends of the bribery spectrum—supply and demand. 

1. Tailored and continuous due diligence 

 For high-risk third parties, establish ongoing evaluations combining questionnaires, financial and ownership checks, adverse media screening, and system alerts (en.wikipedia.org). 

1. Integrated governance and culture 

 Sponsorship from C-suite, procurement, legal, and compliance teams is critical. Transparency in third-party anti-bribery expectations—such as contractual clauses, training, and wellness checks—is vital to embed integrity across the ecosystem (en.wikipedia.org). 

1. Advanced monitoring capabilities 

 Leverage RegTech solutions to monitor sanctions, adverse media, litigation, and geo-political shifts. Automated dashboards and analytics help detect evolving risk landscapes (auditboard.com, deloitte.wsj.com). 

1. Ready for enforcement engagement 

 Despite enforcement shifts, quick self-disclosure, robust cooperation, and proactive remediation can significantly reduce penalties under FCPA and FEPA guidelines (starcompliance.com). 

 

4. Looking Ahead: Strategic Action Plan

Priority	Action	Impact
1. Maintain Compliance Momentum	Don’t pause bribery risk controls during enforcement moratorium—prepare to adapt based on updated DOJ guidance	Ensures readiness regardless of political shifts
2. Leverage Technology	Deploy AI/analytics for screening, continuous monitoring, and risk scoring; explore blockchain for audit resilience	Strengthens proactive detection and traceability
3. Governance & Accountability	Embed TPRM into enterprise compliance frameworks with shared KPIs for procurement and legal	Drives organization-wide ethical oversight
4. Prepare for Self‑Disclosure	Develop response playbooks for FCPA/FEPA scenarios, emphasizing transparency and remediation	Mitigates penalties, upholds corporate reputation

 

Final Takeaways 

While US enforcement of corruption laws may fluctuate with political tides, the legal obligations remain unrelenting. Proactively integrating dynamic, tech-driven risk management, continuous due diligence, and a values-led governance structure is no longer optional—it’s essential. 

By embracing an agile and strategic TPRM framework, organizations not only mitigate legal and reputational exposure but also set a foundation for sustainable, ethical global operations. 

We want to hear from you: How is your organization redesigning its TPRM approach in light of FEPA’s rise, the FCPA moratorium, and AI-driven third-party risk? Join the dialogue below.