Challenges Government Contractors Face Maintaining a Compliant Supply Chain – Part Three

May 2017

By Julia Bailey

Under the close eye of regulators, contractors are working against strong compliance headwinds as they expand their supply chains across international borders. Effectively monitoring the supply chain from end to end and managing the risks associated with a complex network of suppliers and subcontractors is growing more onerous and time-consuming. To shed some light on where to focus your compliance efforts, we’ve developed a three-part series to examine some of the key challenges contractors encounter when securing their supply chains.
If you haven’t already, check out:
  • Part one here, for a look at the Contractor Purchasing System Review, recently released counterfeit parts rules and country of origin restrictions, and
  • Part two here, for a thorough exploration of ethical considerations for government contractors, including the Federal Acquisition Register (FAR) “Contractor Code of Business Ethics and Conduct” clause, and discuss risk management for prime and subcontractor relations, the Combatting Trafficking in Persons (CTIP) FAR clause and the False Claims Act (FCA).
In this installment, we’re taking a close look at recent changes to the regulatory risk and compliance landscape for government contractors, including efforts to crack down on corruption, increased resources devoted to investigations related to the Foreign Corrupt Practices Act (FCPA) and the International Standards Organization anti-bribery management system.

How can contractors manage the risk of FCPA investigations, and what standards and enforcement exist aimed at cracking down on bribery and corruption?

Contractors with a global supply chain face substantial risks under the FCPA (15 U.S.C §§ 78dd-1 et seq.), a violation of which could result in civil and criminal penalties, including fines and/or prison. The FCPA prohibits giving anything of value to “foreign officials” in order to obtain or retain business or secure any business advantage. The term “foreign official” includes foreign government officials, employees of government-owned or managerially controlled entities, foreign political party officials, officials of public international organizations and candidates for foreign political office.

While a contractor’s own employees may never interact with a “foreign official” directly, the FCPA also rests liability on any U.S. person that makes, authorizes, offers or promises a “payment,” indirectly, to any person, such as subcontractors, with knowledge—a reason to believe—that the payment will be passed through to a foreign official. “Knowledge” has been interpreted to mean reckless disregard for the law, and implies U.S. persons should conduct due diligence on significant third parties, such as subcontractors, to ensure they are legitimate, reputable individuals or companies with no obvious conflicts of interest with foreign officials.

FAR clause 52.203-13, “Contractor Code of Business Conduct and Ethics,” has added an increased layer of risk to government contractors dealing with potential FCPA issues. The clause is required in most government contracts over $5 million, and suggests that, to the extent a government contractor is aware of an FCPA violation, regardless of materiality, it would arguably be required to disclose the infraction to the government and/or contracting agency.

As more contractors perform activities under contract in foreign locations, they’re facing increased FCPA compliance risk. That risk increases if solicitation and payment of bribes are commonplace in the locations where they’re performing activities, they’re taking on transactions on a cash basis, or they must rely on local sales agents, distributors or subcontractors who may fail to abide by the rules. For contractors, the most significant risks are fines, suspension and/or debarment, or even prison time for certain individuals. Violations can also result in the loss of government grants and subsidies.

In October 2016, after four years of negotiations, the International Standards Organization (ISO) published the finalized ISO 37001, an anti-bribery management system and the first international standard of its kind aimed at preventing, detecting and responding to bribery. The ISO compliance program, which can be considered a gold standard for government contractors to incorporate into their existing processes and controls, incorporates various international anti-bribery best practices, including the FCPA, the U.K. Bribery Act and the OECD Anti-Bribery Convention. It provides specific minimum requirements and supporting guidance intended to be universally applicable, regardless of an organization’s size, nature of business and level of bribery risk.

The ISO 37001 framework will likely require few changes or actions from large, multinational contractors with robust anti-bribery programs already in place. However, for middle-market contractors without the necessary compliance resources or expertise to craft a comprehensive anti-bribery program on their own, ISO 37001 is a cost-effective and flexible compliance tool. For more background on the ISO compliance program and steps necessary for compliance for organizations seeking to become certified by a third party, read this alert from BDO Consulting’s Global Risk & Investigations practice.

When possible, a prime contractor should obtain information about a subcontractor’s compliance program and negotiate clauses that require certifications, notification and ongoing access to information, such a right to audit relevant books and records. New suppliers, subcontractors and other third parties should be thoroughly screened prior to engagement. Too often, companies learn the hard way that third parties involved in corruption or fraudulent activity previously exhibited signs of misconduct—behavior that could and should have been identified prior to entering into a relationship with them. Not all vendor and other third-party due diligence is alike. And compliance can play a vital role in customizing the due diligence process based on the compliance risks associated with each relationship. During performance, prime contractors should consistently review and monitor a subcontractor’s business ethics and conduct through audits or periodic reporting. A prime contractor should also ensure its employees are trained to identify FCPA violations and that it has strong internal controls surrounding payments to subcontractors to prevent misconduct and detect red flags.

It can be easy to get overwhelmed by the breadth and number of compliance requirements contractors face in achieving end-to-end supply chain security—and the scope is only growing as the supplier landscape becomes increasingly global. With a careful consideration of the risks unique to their subcontracts and suppliers and the nature of their contract activity, contractors can be on their way to feeling confidence in their efforts to secure their supply chains. Stay tuned for the fourth and final chapter of this series, where we’ll discuss export controls and anti-boycott measures.

Julia Bailey is a managing director and may be reached at

Read next article, "Asked & Answered: 3 Questions Surrounding the Department of Defense's New Risk-Based EVMS Surveillance"

Return to BDO Knows Government Contracting Newsletter - Spring 2017