General

Understand the difference between joint and several liability and subsidiary liability, and see how GAP's platform centralizes documents and mitigates risks in third-party management.
By:
Guilherme Herker
Outsourcing is strategic for operational efficiency, but it carries a "hidden liability" that represents a critical challenge for the governance of large organizations: legal liability over the contracted team.
Believing that signing the contract shields your company is a common misconception. Based on GAP's market experience, this moment formalizes the relationship, but it is only the initial milestone of risk exposure, requiring continuous monitoring throughout the duration of the service.
With Law 13,429/2017, inspection stopped being a bureaucratic process to become an imperative of compliance and preservation of the contracting party's assets. Below, we explain how technology can protect your operation from labor and social security risks, centralizing the control we apply in our platform.
What is Third-Party Management?
Third-party management transcends simple paper filing. It is a system of processes aimed at monitoring the legal, technical, and tax compliance of contracted companies and their employees.
The strategic objective is to ensure that the service provider strictly complies with its obligations (payment of salaries, collection of taxes, and safety standards), mitigating the financial and legal co-responsibility of the service contracting party through auditable and organized data.
The Legal Landscape (Law 13,429/2017 and Reform)
Current legislation allows outsourcing, including of the company's core activity. However, this flexibility came accompanied by a much more rigorous duty of care on the part of the contractor.
Subsidiary vs. Joint Liability
It is crucial to understand the legal distinction that directly impacts the company's liabilities:
Subsidiary Liability (The Rule): If the outsourced company defaults on workers' rights, the burden falls on the contracting party. According to Precedent 331 of the TST, the contractor is liable for liabilities in the event of default by the third party.
Joint Liability (The Aggravating Factor): Occurs in scenarios of bankruptcy of the service provider, proven fraud, or serious negligence in occupational safety. In this case, both companies can be sued simultaneously.
The prevailing legal understanding is that the failure to supervise (culpa in vigilando) attracts liability to the contracting party. Therefore, the monthly management of documents is not optional; it is the main technical evidence for legal defense.
Main Risks in Outsourcing
The lack of a centralized system exposes the organization to severe operational and legal risks:
Labor Liabilities: Absorption of costs with severance pay, overtime, and uncollected FGTS (Severance Indemnity Fund) by the contractor.
Occupational Safety (SST): Civil and criminal liability for accidents involving third parties in the contracting party's facilities. (See our article on [Hot Work and NR-34] for critical maintenance risks).
Disguised Employment Relationship: The lack of proper formalization can characterize direct subordination, nullifying the commercial contract.
Reputational Risks (ESG): Brand association with suppliers operating with serious labor irregularities or lacking environmental licenses.
The 4 Steps of an Efficient Management Flow
To mitigate these risks, management must operate in a cyclical and organized flow, which gains scale through digitalization:
1. Approval and Qualification (Due Diligence)
Before contract formalization, it is essential to analyze the financial and legal health of the service provider. Validating whether the company has up-to-date CNDs (Negative Certificates of Debt) is the first filter to avoid partners with a high risk of default.
2. Mobilization of Third Parties
This stage refers to physical access control. The release of the third party into the facilities must be conditioned on document compliance in the system: employment record registration, valid ASO (Occupational Health Certificate), and specific NR trainings.
3. Monthly Document Management
This is the pillar of prevention. On a monthly basis, the release of invoice payments must be strictly linked to the verification of:
Collection guides (FGTS, INSS/GPS);
Proofs of salary and benefits payments;
Signed timesheets.
4. Safe Demobilization
At the end of the contract, the system must guarantee the registration of the end of the service provision, allowing the blocking of access and serving as a repository for proofs of severance pay (TRCT), essential for future labor defenses.
Why abandon spreadsheets? (Risks of Manual Management)
Although Excel is a versatile tool, it was not designed for the complexity of third-party management and the volume of data required by current tax obligations.
Manual management in spreadsheets presents critical vulnerabilities:
Lack of Alerts: Spreadsheets do not warn when an ASO or training has expired, exposing the company to fines in inspections.
Decentralization: Documents saved in network folders or emails make quick localization difficult in the event of an audit or labor lawsuit.
Information Security: Manual handling increases the risk of data loss, typing errors, and lack of change history (who approved what).
GAP's platform centralizes all documentation in a secure and auditable environment. This ensures your team has fast access to compliance information, eliminating the operational chaos of scattered spreadsheets and folders.
Frequently Asked Questions (FAQ)
Is the contracting party responsible for the employees of the outsourced company?
Yes, subsidiarily. In the event of default by the outsourced company, the contracting party assumes the obligation (Precedent 331 TST).
Which documents should be demanded monthly?
At least: GFIP/SEFIP, proofs of INSS and FGTS collection, payroll, and proofs of benefits.
Can I hire third parties for core activities?
Yes. After Law 13.429/2017 and the decision of the STF (Supreme Federal Court), outsourcing any activity is legal, provided that the legal requirements of non-subordination are respected.
Is your company still tracking third parties in spreadsheets? Minimize your exposure to legal risk with organization and technology. Discover GAP's Third-Party Management platform and have complete control over your providers' compliance.










