Churches face all kinds of risks. These risks include threats to its reputation, finances and members. Such risks can come directly from its operations and staff. Increasingly, risks can also be caused by third parties. Church officials should understand the risks they are subject to from outside organizations.
Third parties are the other organizations and vendors with whom churches do business. These can include companies for services, partner organizations and contractors. The conduct of a third party can subject a church to significant hazards.
Churches should ensure that third parties operate in a way that minimizes risk to the church. This assurance can be improved by paying attention to a few critical areas.
First, if the church’s third party receives confidential information, look for vulnerabilities in the vendor’s processes. The vendor should use prudent safeguards to prevent a loss of data or exposure to unauthorized persons. The third party should provide evidence to the church to demonstrate that its practices are safe and sound.
Secondly, a third-party organization can present a risk to the church if it has not fully vetted its employees. Vendor employees who have a right of entry to sensitive systems and property should be trustworthy. Vendor employees who gain admittance to where minors are present should undergo background checks. Failure to see that third parties exercise proper due diligence can increase liability.
Thirdly, some outside parties can be considered critical vendors to a church. In these instances, a vendor is critical if it would be especially harmful to the church if the vendor suddenly went out of business. Critical vendors should be monitored more closely than vendors who pose little risk to the church.
Churches may wish to follow up with their critical third parties on a regular basis. Church officials may ask to see the vendor’s financial statements periodically to ensure its reliability. The financial condition of a vendor may give the church notice of impending problems. If the church has suspicions that a critical vendor is at risk of going out of business, contingent preparations can be made.
Finally, some third-party relationships may fall in the category of a partnership or joint venture. Churches should be wary of relationships that expose it to the liability of the partner’s conduct.
Third-party risks may be inevitable for most churches. Church officials can lessen the risks by identifying each source and taking proactive steps.