Companies that depend on third-party arrangements expose themselves to legal and reputational risk. Most of these companies limit this risk by adopting a code of conduct to govern the arrangement. They also practice due diligence, address third-party risk in their corporate risk assessments, and extend such ethics components as whistle-blowing procedures. Less frequently, they offer ethics and compliance training programs to third-party employees. But these measures may, in turn, expose companies to new kinds of risks: the appearance of more control than the company is actually capable of exerting and an extension of potential company liability.