Anti-Money Laundering — Third-Party Risk
A New Business Partner in a High-Risk Jurisdiction Will “Facilitate” Our Deals — but Says It’s Standard Practice in Their Market Not to Appear on Any Paperwork. Multiple Red Flags. What Now?
A real AML and third-party risk scenario — with three decision options and the right answer.
Quick Answer
Is a third-party intermediary’s refusal to be identified in documentation a red flag under AML and anti-corruption frameworks?
Yes — it is one of the most significant red flags in both AML and FCPA due diligence. An intermediary who insists on anonymity in transactions they are being paid to facilitate cannot be subjected to required due diligence, cannot be screened against sanctions lists, and cannot be identified if the transaction is later investigated. “It’s standard practice here” is not a compliance defense — it is a rationalization that regulators and prosecutors specifically look for in enforcement cases.
The Situation
A business development manager at a financial services firm is pursuing a significant new market opportunity in a jurisdiction that FinCEN and FATF have identified as high-risk. A trusted contact introduces them to a local intermediary who claims to have relationships with the government officials and private entities the firm wants to reach. The intermediary’s fee would be 8% of the transaction value.
When the compliance team begins standard third-party due diligence, the intermediary’s representative says their principal “does not appear in documentation for legal reasons” and that this arrangement is “how business is done” in their market. The intermediary is willing to sign a contract — but wants payment routed through a shell company in a third jurisdiction with no apparent business activity.
What Should the Compliance Team Do?
Choice AProceed — the arrangement is introduced by a trusted contact and the intermediary’s confidentiality request may reflect legitimate concerns in a difficult operating environment. The opportunity is too significant to pass up over documentation preferences.
Choice BDecline to proceed and document the red flags. An intermediary who refuses identification, operates through an opaque shell company, and claims anonymity is “standard practice” in a FATF high-risk jurisdiction presents a combination of red flags that cannot be mitigated — and that expose the organization to AML, FCPA, and sanctions liability.
Choice CProceed with enhanced monitoring — route payment through normal channels and flag the account for closer review after the first transaction to see whether any problems emerge.
The Right Call
Choice B — Decline and document. This is not a close call.
The combination of red flags here — high-risk jurisdiction, anonymous beneficial owner, shell company payment routing, government official access, and an 8% fee — is the exact pattern described in DOJ FCPA enforcement actions and FinCEN SAR guidance as the signature of a bribery facilitation or money laundering conduit arrangement. Choice C is particularly dangerous: proceeding with “enhanced monitoring” still means the organization has paid an unidentified intermediary through an opaque structure in a high-risk jurisdiction — the monitoring doesn’t cure the underlying violation.
Why This Is Harder Than It Looks
A trusted referral source is not a due diligence substitute.
The fact that the intermediary was introduced by someone the business development manager trusts reduces the social friction of the arrangement — it does not reduce the legal risk. DOJ FCPA enforcement cases are full of arrangements that were introduced through trusted intermediaries. The due diligence obligation exists regardless of how the relationship was established.
“It’s standard practice here” is one of the most dangerous phrases in international compliance.
The FCPA, UK Bribery Act, and most national AML frameworks explicitly reject local custom as a defense. An arrangement that is “standard practice” in a high-risk jurisdiction may be standard precisely because it is designed to facilitate payments that would not survive scrutiny under Western compliance frameworks. The DOJ has prosecuted organizations specifically for using local custom as justification for bypassing due diligence.
This scenario combines AML and FCPA risk — both require independent analysis.
The payment routing through a shell company in a third jurisdiction raises AML red flags independent of whether the underlying business is legitimate. The intermediary’s access to government officials raises FCPA red flags independent of the payment structure. When both risk frameworks are triggered simultaneously, the compliance analysis requires both AML and legal counsel review — not a business development decision.
Frequently Asked Questions
What third-party due diligence is required under AML frameworks?
AML frameworks require identifying and verifying the identity of business partners, screening them against OFAC sanctions lists and PEP databases, understanding the source of funds and the nature of the business relationship, and assessing the risk level based on jurisdiction, industry, and transaction type. An intermediary who refuses identification cannot satisfy any of these requirements — making the relationship impossible to maintain under a compliant AML program.
What are the red flags that should trigger enhanced due diligence or rejection of a third-party relationship?
FinCEN and DOJ guidance identify a consistent set of red flags: refusal to identify beneficial owners, payment routing through shell companies or jurisdictions unrelated to the business, unusually high fees relative to services provided, access to government officials in high-risk jurisdictions, lack of a legitimate business presence, and requests for cash or untraceable payment methods. The presence of multiple red flags simultaneously — as in this scenario — is a strong indicator that the relationship should be declined and documented.
How to Use This Scenario in Training
Recommended for business development, sales, procurement, and compliance teams in organizations with international operations. This scenario bridges AML and FCPA training — appropriate for both programs. The key recognition skill is identifying the combination of red flags as a pattern that requires rejection regardless of the business opportunity, and understanding that “enhanced monitoring” is not a substitute for proper due diligence when multiple red flags appear simultaneously.
This scenario demonstrates the cultural relativism and relationship rationalization patterns from the Decision Readiness Engine™. Decision-ready employees recognize that a trusted introduction and a “this is standard practice here” explanation are the two rationalizations that most commonly precede the most serious AML and FCPA violations in the enforcement record.
More AML Scenarios
|
A new client wants to skip KYC verification. Sales is pushing to close. |
A beneficial owner is flagged as a PEP. The relationship manager says it’s a false positive. |
Browse all anti-money laundering scenarios. |
Want AML Scenarios in Your Compliance Program?
Xcelus builds scenario-based AML and FCPA training covering third-party risk, intermediary due diligence, and high-risk jurisdiction red flags.
© 2005–2026 Xcelus LLC. All rights reserved. Scenario content is
original work protected by copyright. You may link freely —
reproduction or adaptation without written permission is prohibited.