Third-Party Risk in Transition

Navigating Compliance, Sanctions, and Global Supply Chain Scrutiny in an Age of Uncertainty

by JAMES SWENSON and VIRNA DI PALMA

_{SPRING 2025 |}_FEATURE

Third-Party Risk in Transition

by JAMES SWENSON and VIRNA DI PALMA

Navigating Compliance, Sanctions, and Global Supply Chain Scrutiny in an Age of Uncertainty

T he 2025 announcement by the Trump administration of a temporary pause in FCPA enforcement, alongside shifting policy signals from the U.S. Department of Justice (DOJ) under Attorney General Pamela Bondi, has introduced new uncertainty for companies committed to anti-bribery and corruption. These developments have complicated efforts to interpret U.S. compliance expectations—particularly for organizations with global third-party networks.

JAMES SWENSON
Managing Director
Ethixbase 360

VIRNA DI PALMA
Head of Strategic Initiatives
Ethixbase 360

For years, many businesses have maintained robust third-party risk management frameworks, shaped by long-standing FCPA enforcement priorities. These programs typically include comprehensive due diligence, regular reassessments of business partners, beneficial ownership screening, and contractual safeguards such as anti-bribery clauses. Risk-tiering systems, reinforced by audits and automation, help ensure scrutiny is aligned with risk exposure. With U.S. enforcement dynamics shifting, companies must rethink—but not abandon—their approach.

It’s critical that businesses avoid overcorrecting. Bribery and corruption remain illegal under U.S. and international law, and well-designed third-party risk programs deliver more than compliance. Transparent, ethical supply chains expose hidden risks, build supplier trust, protect reputation, and meet rising expectations from investors, consumers, and civil society. In today’s risk landscape, proactive due diligence is not a checkbox—it’s a competitive advantage.

At the 16th Annual Global Ethics Summit in Atlanta in April, it was clear that companies have no intention of scaling back their compliance and due diligence programs in response to recent policy changes. On the contrary, some are actually increasing due diligence activities to address emerging risks.

The imposition of increased tariffs on Chinese imports is prompting a strategic shift among U.S. companies, many of which are accelerating efforts to diversify their supply chains beyond China. This trend is not just about cost mitigation—it’s about building resilience and reducing geopolitical exposure. As businesses look to reposition their sourcing strategies, countries like Vietnam, Malaysia, and Thailand are becoming increasingly attractive due to their lower labor costs and ongoing improvements in infrastructure.

However, this transition brings new complexities from a third-party risk management perspective. Companies moving into these less familiar markets must adapt their due diligence processes to address gaps in regulatory transparency, data availability, and business governance. In many cases, conducting enhanced due diligence becomes essential to assess the integrity and compliance of new suppliers—particularly in environments where corruption, labor violations, or environmental infractions are more prevalent.

U.S. Focus: Cartel-Linked Supply Chains

The government's recent pivot reflects a shift from broad anti-corruption enforcement to targeted actions against criminal cartels and trafficking networks. The DOJ has clarified that future bribery enforcement will prioritize supply chains exposed to cartel activity—a tactical redirection, not a full retreat.

This renewed focus is particularly relevant for industries like pharmaceuticals, chemicals, logistics, agriculture, and mining—sectors frequently exposed to precursor chemicals, cross-border vulnerabilities, and illicit finance. These companies should reexamine their compliance posture with attention to high-risk geographies, customs interactions, and supply chain links that may intersect with organized criminal networks.

Sanctions Compliance and UBO Identification: A Rising Priority

In today’s volatile geopolitical climate, sanctions screening and ultimate beneficial ownership (UBO) identification are more essential than ever. At our peer-to-peer session during the Global Ethics Summit, participants discussed the need to adjust ownership thresholds based on jurisdiction-specific risk. This is especially urgent amid ongoing discussions around expanding sanctions on Russia for its actions in Ukraine, and on China for human rights and economic coercion concerns. A comprehensive sanctions compliance strategy—built on robust UBO verification and continuous monitoring—can help businesses navigate an increasingly complex global risk environment.

Navigating Global Regulatory Pressures

While the U.S. may be easing enforcement in some areas, other jurisdictions—particularly the European Union—are increasingly embracing third-party risk management and due diligence as critical tools for promoting ethical business conduct and corporate accountability.

The recently finalized Omnibus Agreement on the Corporate Sustainability Due Diligence Directive (CSDDD) introduces a more flexible timeline while reinforcing the directive’s core intent: enforcing responsible supply chain practices.

Key updates include:

Applicability to companies with over 1,000 employees and €450 million in turnover, narrowing the scope to large multinationals
A one-year delay in enforcement to give companies time to prepare
Relaxation of some obligations—such as mandatory disengagement—while preserving requirements to identify, assess, and mitigate human rights and environmental risks

Despite these changes, the regulatory direction is clear: supply chain due diligence is fast becoming a baseline global standard. U.S. companies operating in the EU or sourcing from the region must build adaptable third-party risk programs that reflect this trajectory. Businesses should proactively assess their supply chains, focusing on direct suppliers, and establish mechanisms to monitor and address potential human rights and environmental impacts. Engaging with stakeholders and understanding the varying national enforcement mechanisms will be crucial for compliance.

Uyghur Forced Labor Prevention Act (UFLPA): Enhanced Due Diligence Requirements

Despite softening in other enforcement areas, forced labor remains a top priority for U.S. trade enforcement. The UFLPA presumes that any goods linked to China’s Xinjiang region are made with forced labor and bans their import unless companies can provide clear and convincing evidence to the contrary.

To mitigate these risks, businesses should:

Conduct comprehensive supply chain mapping and due diligence to identify potential Xinjiang exposure
Deploy end-to-end traceability systems to validate product origins and labor conditions
Closely monitor U.S. Customs and Border Protection (CBP) enforcement trends, including increased inspections and detentions

With bipartisan support and the potential for expanded coverage, the UFLPA signals a durable shift toward more aggressive enforcement. Forced-labor risk must be a core element of third-party risk management moving forward.

The Reputational Risk Factor

Compliance is no longer solely about avoiding penalties—it’s about maintaining public trust. Stakeholders today expect transparency, integrity, and accountability across the value chain. A single third-party misstep can result in reputational damage that far exceeds any legal fine. To preserve credibility, companies must embed ethics into supplier relationships and show their commitment through action. In the absence of accountability, stakeholders may assume complicity.

Future-Proofing with Continuous Risk Monitoring

Compliance is constantly under pressure to evolve. The current environment offers an opening to streamline processes, focus on the highest-risk areas, and drive innovation in third-party risk management. To keep pace with the global risk landscape, businesses should adopt agile, technology-driven systems that enable:

Real-time monitoring of third-party profiles
Ongoing due diligence to identify emerging risks and changes in third-party relationships
Automated risk alerts and scoring
Periodic reassessments and re-tiering
Integrated remediation workflows

In an age of uncertainty, companies that treat third-party risk management as a strategic advantage—not just a compliance requirement—will be best equipped to protect their operations, reputation, and long-term success. ■

JAMES SWENSON is Managing Director, Ethixbase360, where he is responsible for Ethixbase360’s enhanced due diligence (EDD) business. With over 20 years of experience, he specializes in assisting clients in establishing and maintaining due diligence and screening programs.

VIRNA DI PALMA is Head of Strategic Initiatives, Ethixbase360, where she leads content strategy, brand development, and marketing for the Americas. She previously held a leadership role at a globally recognized non-profit anti-bribery business association, advancing compliance best practices among multinational companies worldwide.