Compliance Glossary

Third Party Intermediary

What is a Third Party Intermediary?

A third-party intermediary (TPI)  is an entity who helps connect two or more trading partners by acting as a conduit for goods or services between a supplier and consumer. A TPI may be an individual or an organization. Middle-market companies frequently support the business activities of larger organizations by acting as third-party intermediaries.

For the purposes of analyzing third-party risk, organizations should identify all of the third-party organizations with which they have partnered to provide goods and services to the customer. Every entity that participates in the supply chain, besides the end customer and the organization itself, should be considered a third-party intermediary.

TPIs can play many different roles in the international supply chain, including (but not necessarily limited to):

  • Vendors and Suppliers – Vendors and suppliers purchase and procure goods on behalf of the organization. Organizations can be exposed to criminal liability if they are knowledgeable that their vendors or suppliers engage in corrupt practices or antitrust violations.
  • Sales Agents – Sales agents act on the organization’s behalf to drive revenue and increase market share in a given territory. 
  • Customs Agents – Customs agents are TPIs who understand the regulations surrounding import/export and work between importers and government officials to coordinate and expedite the movements of goods across a border.
  • Distributors – Distributors are TPIs who purchase products from a manufacturer and distribute them to retailers or value-added resellers who sell directly to the consumer.
  • Brokers – Brokers are TPIs who arrange transactions between a buyer and seller. Organizations may work with brokers for a variety of purposes in the course of their normal business operations.

What is Third Party Risk?

While third party intermediaries can help organizations boost their sales, operate more efficiently, and achieve strategic targets, they can also be a source of risk to the business.

Third party risk is a source of potential business risk that emerges when an organization relies on external entities (either organizations or individuals) to perform business activities or deliver services on its behalf.

Doing business with third-party organizations can introduce risks that include:

  • Service Continuity Risks – If a relationship with a TPI is interrupted, or if the TPI is unable to perform their duties, the result may be a service interruption that negatively impacts the customer experience and results in lost revenue.
  • Data Security & Privacy Risks – Some organizations may share data with third-party intermediaries in the course of normal business operations. Organizations should implement data access controls to protect the security and privacy of data that must be accessed by TPIs.
  • Compliance Risks – If a TPI affiliated with your organization is implicated in a corruption, fraud, or non-compliance scandal, your organization may be exposed to liability depending on the extent of your knowledge about the illegal activity,
  • Reputational Risks – If a TPI affiliated with your organization is accused of wrongdoing, the reputation of your organization could be damaged as a result.

What is Risk-Based Due Diligence?

Risk-based due diligence is a process by which an organization assesses the degree of risk posed by a third party intermediary and conducts the appropriate level of due diligence investigation before engaging in a business partnership or relationship.

Due diligence activities with respect to third-party intermediaries can include measures like:

  • Reviewing summary financial statements and other documents
  • Conducting online research
  • Reading publicly available ratings and reviews
  • Performing a criminal background check
  • Interviewing members of senior management
  • Reviewing public records
  • Interviewing employees and board members
Blog CTA - Demo 3 (See the GAN Platform in action)