Third-Party Management

What is Third-Party Management: Risks, Law, and How to Protect Your Company

What is Third-Party Management: Risks, Law, and How to Protect Your Company

Understand what third-party management is, how it works in practice, and how to avoid labor liability with subsidiary and joint liability explained.

By:

Guilherme Herker

Outsourcing is strategic for operational efficiency, but it carries a "hidden liability" that represents a critical challenge for the governance of large organizations: legal liability over the hired team.

Believing that signing the contract shields your company is a common misconception. Based on GAP's market experience, this moment formalizes the relationship, but it is only the starting point of risk exposure, requiring continuous monitoring throughout the entire duration of the service.

With Law 13.429/2017, supervision went from being a bureaucratic process to becoming an imperative for compliance and the preservation of the contractor's assets. Below, we explain how technology can protect your operation from labor and social security risks, centralizing the control we apply in our platform.

What is Third-Party Management?

Third-party management goes beyond simple paper filing. It is a system of processes aimed at monitoring the legal, technical, and tax compliance of contracted companies and their employees.

The strategic objective is to ensure that the service provider strictly complies with its obligations (payment of salaries, collection of taxes, and safety standards), mitigating the financial and legal co-responsibility of the service taker through auditable and organized data.

The Legal Scenario (Law 13.429/2017 and Reform)

Current legislation allows the outsourcing of even the core activity of the company. However, this flexibility was accompanied by a much more rigorous duty of care on the part of the contractor.

Subsidiary vs. Joint Liability: The Risk Matrix

It is crucial to understand the legal distinction that directly impacts the company's liabilities:

  1. Subsidiary Liability (The Rule): If the outsourced company defaults on workers' rights, the burden falls on the service taker. According to Precedent 331 of the TST, the contractor is liable for the debit in the event of third-party failure.

  2. Joint Liability (The Aggravating Factor): This occurs in scenarios of bankruptcy of the provider, proven fraud, or serious negligence in occupational safety. In this case, both companies can be sued simultaneously.

Point of Attention: The predominant legal understanding is that the failure to supervise (fault in vigilando) attracts liability to the service taker. Therefore, monthly document management is not optional; it is the main technical evidence for legal defense.

Main Risks in Hiring Third Parties

The absence of a centralized system exposes the organization to severe operational and legal risks:

  • Labor Liabilities: Absorption of costs with severance pay, overtime, and FGTS not collected by the contractor.

  • Occupational Safety (SST): Civil and criminal liability for accidents involving third parties at the service taker's facilities. (See our article on [Hot Work and NR-34] for critical maintenance risks).

  • Masked Employment Relationship: The lack of proper formalization can characterize direct subordination, nullifying the commercial contract.

  • Reputational Risks (ESG): Association of the brand with suppliers operating with serious labor irregularities or lack of environmental licenses.

How Third-Party Management Works: The 4 Steps of the Flow

1. Approval and Qualification (Due Diligence)

Before formalizing the contract, it is essential to analyze the financial and legal health of the provider. Validating whether the company has up-to-date CNDs (Negative Debt Certificates) is the first filter to avoid partners with a high risk of default.

2. Onboarding of Third Parties

This step refers to physical access control. The release of the third party into the facilities must be conditioned on document compliance in the system: employment registration, valid ASO (Occupational Health Certificate), and specific regulatory standard (NR) training.

3. Monthly Document Management

This is the pillar of prevention. Every month, releasing the payment of the invoice must be strictly linked to checking:

  • Payment slips (FGTS, INSS/GPS);

  • Proofs of salary and benefits payments;

  • Signed timesheets.

4. Safe Offboarding

At the end of the contract, the system must ensure the registry of the end of the service provision, allowing the blocking of accesses and serving as a repository of proof of severance pay (TRCT), essential for future labor defenses.

Why abandon spreadsheets? (Riscos of Manual Management)

Even though Excel is a versatile tool, it was not designed for the complexity of third-party management and the volume of data required by current tax obligations.

Manual management in spreadsheets presents critical vulnerabilities:

  1. Lack of Alerts: Spreadsheets do not warn you when an ASO or training has expired, exposing the company to fines in inspections.

  2. Decentralization: Documents saved in network folders or emails make quick localization difficult in the event of an audit or labor lawsuit.

  3. Information Security: Manual handling increases the risk of data loss, typing errors, and lack of change history (who approved what).

GAP's platform centralizes all documentation in a secure and auditable environment. This ensures your team has fast access to compliance information, eliminating the operational chaos of spreadsheets and scattered folders.

Frequently Asked Questions (FAQ)

  1. Is the contractor responsible for the outsourced employees?

Yes, subsidiarily. In case of default by the outsourced company, the contractor assumes the obligation (Precedent 331 TST).

  1. Which documents to demand monthly?

At least: GFIP/SEFIP, proof of payment of INSS and FGTS, payroll, and proof of benefits.

  1. Can I outsource core activities?

Yes. Following Law 13.429/2017 and the STF decision, outsourcing any activity is legal, provided that the legal requirements of non-subordination are respected.

Is your company still tracking third parties in spreadsheets? Minimize your exposure to legal risk with organization and technology. Discover GAP's Third-Party Management platform and have total control over your providers' compliance. 

Read also

Stop managing OSH on paper. Start now.

Stop managing OSH on paper. Start now.

Simplify your Risk Management, reducing liabilities and ensuring safe, standardized, and auditable operations with fast implementation and advisory support.

Simplify your Risk Management, reducing liabilities and ensuring safe, standardized, and auditable operations with fast implementation and advisory support.

(11) 93768 - 3600

(11) 93768 - 3600

Nicomendes Alves dos Santos Ave, 3600 - Room 326 - Morada da Colina, Uberlândia, MG

Nicomendes Alves dos Santos Ave, 3600 - Room 326 - Morada da Colina, Uberlândia, MG

contact@sistemasgap.com.br

contact@sistemasgap.com.br

Subscribe to our Newsletter

and stay up to date with all the latest news in EHS