You bring up some real concerns regarding offshore vendors, not just for Asian countries but in general. It is important to note that Asia is a huge continent full of different countries with their own laws, business practices, and customs. Countries also differ in their definitions of what constitutes bribery and who a government official is. Singapore, for example, has very strict bribery and corruption laws and regulatory compliance infrastructure and has prosecuted individuals for bribes as low as $1.00. And as another example, Indonesia considers village elders as government officials. The point here is that you need to understand the business culture and practices of the specific country where your prospective vendor is located and their regulatory environment and prohibitions.
Best practices for offshore vendors include thoroughly investigating the country's laws and regulations and how well they are enforced. You also must investigate anti-money laundering policies and practices, perform an OFAC and PEP check, and investigate the company's ownership and management team. You must also be aware of the country and the company's position on human rights and look for modern slavery, human trafficking, or forced labor within the supply chain.
All regular TPRM due diligence applies as well. And you will still need to pay attention to cybersecurity, data privacy, financial stability, and reputation.
When it comes down to it, doing business with a vendor in another country can exponentially expand the risks you need to identify and manage. For organizations without the right subject matter experts to assess the risks of offshore vendors, it is highly recommended to secure the professional services of firms that specialize in this type of review. This approach will help avoid some of the not-so-obvious pitfalls of offshore engagements and possibly save your organization from making mistakes.
I hope that is helpful, but I would love to hear from other members with expertise on this topic.