What is a Third Party?

A third party is a company or individual outside your organization that provides goods and services or performs activities vital to your success. A 3rd party may engage directly with your customers or not.

For instance, a back-end technology third party might provide a platform for your customers, but not communicate with them. On the other hand, some third parties will have direct contact with your customers. Payment processors such as Stripe, PayPal, or Venmo interact with consumers when they make online purchases.

Whether or not they deal directly with customers, 3rd parties are separate entities that play a specific role in the operational and strategic advancement of your organization’s goals.

What Does the Term Third Party Mean?

Some organizations call a third party a service provider. Others may refer to them as “third-party service providers” or simply “SPs.”

The most common way to refer to a third party is as a third-party vendor.

But whatever you choose to call them, vendors or service providers can be broken up into three major categories:

Goods Vendors: A goods vendor specializes in selling and distributing physical products. A goods vendor delivers products to your organization ranging from specialized equipment like ATMs to basic office supplies.

Service Vendors: Unlike goods vendors, service vendors offer expertise to support an organization's strategic business goals. These vendors are critical in addressing an organization’s challenges when they lack specific in-house talent. IT consulting firms, marketing agencies, and legal consultants are among the services an organization may outsource.

Software Vendors: A software vendor provides their products to organizations in various ways, including on-premise installations, Software as a Service (SaaS) over the cloud, and platform-based apps. The relationship between an organization and its third-party software vendor is typically governed by a contract that spells out the duration of the agreement and service-level expectations of performance.

What organizations mean when discussing a third party can be a matter of its function. For example, goods vendors might be called “suppliers” because they supply goods to a company, while a marketing team may be referred to as a “service provider” given that they perform a service.

The Benefits of Working with a Third Party

When you outsource an activity to a third party, this relationship can provide numerous benefits to your organization. These benefits include:

• Cost Savings. Outsourcing activities to a 3rd party can be more cost-effective than maintaining them in-house, especially when the activity is specialized.
• Enhanced Expertise. Third parties can deliver higher-quality services because of their specialized knowledge and expertise.
• Scalability. Organizations can quickly scale by working with third parties.
• Increased Focus on Core Competencies. Organizations can devote more time and energy to focusing on their strengths by outsourcing non-core functions.
• Access to Advanced Technologies. Vendors in IT and tech often have access to the latest technologies and platforms.
• Faster Time to Market. With the assistance of specialized third parties, an organization’s products and services can enjoy a quicker time to launch.
• Expanded Business Reach. 3rd parties can help you grow your business into new geographic regions and markets.
• Improved Operational Efficiency. Working with a third party can lead to more streamlined and efficient operations.

Selecting the Right Third Party for Your Organization

When considering entering a relationship with a third party, you should examine many aspects. First, you must examine your organization’s business case to outsource and document why it makes sense. From there, you can consider potential third-party vendors.

At the top of your list, you should assess the 3rd party’s reputation. How long have they been in operation, and who is their list of clients? Asking for referrals from trusted partners is a great way to select the best third party for your organization.

Possessing a proven history of reliability is essential in third-party selection. You should also consider their ability to meet the demands of your project or activity. If the activity you’re asking of your third party is especially demanding or complex, you need to ensure that your third party can fulfill your organization’s objectives.

Making the right choice with a third party means considering the provider's history and how this aligns with what you need.

To guide your decision, here is a list of some considerations:

• What is the range of services your third party offers? 
• Have they worked with organizations similar to yours in the past?
• How is their customer support and responsiveness to any issues that may arise?
• How much do their services cost?
• Do they clearly outline their pricing? Are any of their terms and conditions vague or hard to interpret?
• Can you find any undisclosed charges or surprise fees in the contract?
• Do you have or can you access any feedback from other clients regarding their experience with your potential third party?
• Can you find any consistent criticism or negative feedback about them?
• How do they address and resolve problems with their clients?
• Do they have any endorsements or industry-specific credentials that bolster their reputation?

This early vetting process is no substitution for thorough due diligence, a topic we’ll address later.

What Are the Disadvantages of Collaborating with a Third Party?

Using a third party for certain activities can pose several disadvantages. You can climb these hurdles, but you need to be aware of them before entering a third-party relationship.

First, your direct oversight into the quality of your third party’s service or product may not be what you want it to be. When you decide not to do an activity in-house and instead contract with a third party, you need to evaluate the quality of their services and products regularly.

Then, there’s the matter of cost. Sometimes, organizations find bringing an activity in-house is more cost-effective. You and your customers may also not receive the standard of support you’ve come to expect.

Most importantly, you must ensure you’re aggressively monitoring risks associated with your third parties. Vendor risk management is essential to maintaining the integrity of all your third-party relationships. From data breaches to compliance violations to consumer harm, there are many ways a 3rd party vendor relationship can harm your organization.

Protecting Yourself from Third-Party Risk

While there are many advantages to outsourcing some of your activities to a third party, it also comes with increased risk.

Vendor risk management is a systematic approach to address the uncertainties of collaborating with suppliers. This approach begins with an initial evaluation of the vendor (due diligence), extends through contract negotiations, and includes ongoing monitoring throughout your organization’s partnership with a third party.

Managing vendor risk has five distinct stages:

1. Planning – Make a business case for outsourcing and how it aligns with your organization’s overall strategy. Thoroughly assess the risks posed by third-party vendor relationships.  
2. Due Diligence – Confirming an appropriate fit is critical when choosing a third-party vendor. Remember that past vendor collaborations do not exempt you from ongoing due diligence or conducting due diligence for each new venture.  
3. Contract Negotiation – Relationships with third parties require contracts outlining the scope of activities and performance. Even though most vendors offer a standard contract, these are designed to benefit the vendor. Your organization might alter, supplement, and extend these agreements to protect against risk.  
4. Monitoring – Regularly monitoring third-party vendors enables your organization to evaluate their internal controls and confirm they adhere to their contractual obligations.  
5. Termination – Ensure your organization can terminate your relationship with a particular vendor for failing to comply with the terms of a contract.

What Third-Party Relationships Produce More Risk?

Not every third-party relationship produces the same level of risk.

The size of your organization’s third parties matters less than the specifics of your relationship and how critical their activities are. The more access your third party has to your organization’s confidential and sensitive information, the greater the risk.

And the greater the risk, the more due diligence you must conduct in onboarding and monitoring third parties.

Critical activities are defined as those that:

• Would cause an organization to face significant risk if a third party failed to deliver on the terms of its contract 
• Pose a significant impact on your customers 
• Has a major impact on your organization’s financial condition or operations

Organizations will take a different approach to managing the risks associated with third-party relationships – some will focus on individual vendors, while others may classify risk by activity.

Whether your organization assesses risk by vendor or activity, you must have a sound methodology and a complete and comprehensive vendor management program in place.

What is Fourth-Party Risk?

Your organization outsources its activities to third parties, and so do your vendors. Your vendor’s vendors are called fourth-party vendors. Fourth-party vendors can go by many names – providers, strategic partners, etc. – and offer payment processing, mobile apps, and many other services.  

Your organization isn’t simply responsible for what your vendors do, but also what your vendor’s vendors do. In short, the more vendors your vendors use, the greater the risk to your institution.  

What about fifth-party risk? Or sixth-party risk? There is seemingly no end to the risks posed by third-party vendors and their vendors – or their vendor’s vendor’s vendors.  

Whether you handle an activity internally or outsource it, you’re responsible for managing and mitigating all the risks associated with your vendors and their third parties. 

What is the Best Way to Manage Third-Party Relationships?

Too many organizations neglect to manage their third-party relationships actively, and this can cause big trouble.  

Just ask the folks at ACI worldwide. 

Recently, the Consumer Financial Protection Bureau (CFPB) took enforcement action against ACI Worldwide, which provides real-time payment processing. ACI initiated roughly $2.3 billion in unlawful payments for half a million homeowners of the mortgage service provider Mr. Cooper.  

In processing fraudulent and unauthorized payments, homeowners with mortgages serviced by Mr. Cooper were hit with overdraft fees from their banks, and the CFPB handed ACI a $25 million civil penalty.  

Additionally, Mr. Cooper suffered significant reputational damage because of ACI’s failure. 

Successfully managing third-party risk requires your organization to have a complete view of all vendors. Their financial status, continuity plans, and information security systems can directly impact your business. 

With Ncontracts’ powerful Nvendor solution, your financial institution can uncover risks and reduce costs. 

Nvendor gives you the ability to: 

Collaborate with team members to reduce costs: Keep your compliance teams on track with better communication. When you centralize your vendor management system, the heads of departments at your financial institution can easily create plans, assign tasks, schedule employee training, and automate updates and reminders across your institution. 

Ensure third-party compliance: With Nvendor, your financial institution will always be exam-ready. Create plans and procedures to organize critical documents and receive alerts and reports that can be pulled up in seconds to meet examiner request. 

Manage the lifecycle of your vendors: Our easy-to-use software dashboard empowers your organization to store, track, and manage each aspect of vendor management – from initial vendor selection and due diligence to ongoing monitoring to contract termination.

Deploying Nvendor gives your financial institution everything it needs to manage your third-party vendors with easy implementation.