Guide

Vendor Management: How to Protect Your Company Before, During, and After the Contract

The relationship with suppliers is a constant source of legal risks: breaches, uncontrolled subcontracting, lack of SLAs, data transfers without contracts, joint labor liability. This resource provides a complete vendor legal management framework: prior due diligence, contract, monitoring, and exit.

Home/Resources/Vendor Management: How to Protect Your Company Before, During, and After the Contract
GuideContractsPublished: Updated:
ShareEmailWhatsAppLinkedIn

Why Your Vendors Are Your Risk

Most managers think: "We hire a vendor, give them money, they deliver, done."

But legal risk starts when negotiations begin and ends months after the contract terminates.

A vendor that doesn't pay labor contributions exposes your company to joint liability (you pay for their workers). A vendor that breaches can make you liable to your clients. A vendor that accesses your clients' personal data without a contract creates privacy exposure.

This document is a 4-phase framework for managing vendors in a way that protects your company.

Phase 1: Due Diligence — Before Contracting

Before signing any contract, verify three things:

1. Legal Existence and Representation

Verify:

  • Does the company exist? (Request a copy of corporate registration with a certificate of good standing)
  • Who is the legal representative? (Request a copy of the instrument containing the legal representative's powers, ideally with a certificate of good standing)
  • Has it started business activities? (Check the tax ID with the SII)
  • Does it have a known address?

Why: A vendor that doesn't legally exist, or whose representative is not authorized, can affect the validity or enforcement of the contract. If there's a conflict, you have no one to pursue.

2. Labor Compliance

If the vendor is a contractor or subcontractor (a company that performs works or services on a permanent basis, at its own expense and risk, with workers under its supervision, for a principal company), you have an obligation to verify they are current on labor contributions.

Why? Because you are jointly liable for compliance with their monetary labor and social security obligations, pursuant to Art. 183-B. If your contractor or subcontractor fails to meet them, the worker can come directly to you for payment of amounts owed.

How to verify:

  • Request the F30 certificate (labor background) and the F30-1 (labor and social security compliance) from the Labor Directorate.
  • Ask for it to be recent.

Importance: If the company adequately complies with its information and withholding obligations, its liability goes from joint to subsidiary, pursuant to Art. 183-C of the Labor Code. This means the worker must first sue the contractor and/or subcontractor, and only if they don't pay can they come after you.

3. Compliance Risk Assessment

Is it a low-risk vendor (office, basic services) or high-risk (data handling, system access, construction)?

For low risk: An existence verification is sufficient.

For high risk:

  • Request references (previous clients).
  • Verify that they haven't been recently sanctioned by a regulatory body (CMF, SISS, Seremi de Salud, etc.).
  • If they handle personal data, verify they have a privacy policy.
  • Check in the judicial system if they have completed or pending cases of interest.

4. Insurance and Coverage

If the vendor exposes your company (e.g., construction, transportation), verify they have insurance:

  • Civil liability (if they cause damage to third parties).
  • Workplace risk insurance (if they have workers).
  • Specific coverage (if transportation, they must have cargo insurance).

How: Request copies of current policies or, at minimum, coverage certificates.

How does an Outside General Counsel help you in this phase? At Cubillos Lama, we design the due diligence process tailored to your company: we define what to verify based on the vendor type, execute the legal and compliance checks, and deliver a clear risk report before you sign.

Phase 2: The Contract — Execution and Minimum Content

Once due diligence is complete, the contract must be signed by representatives with sufficient authority to bind their respective parties. Always verify the validity and scope of powers before signing.

The contract's content and its drafting, negotiation, and approval process should follow the company's contract policy.

If your company doesn't yet have a formalized contract policy, now is the time to create one.

How does an Outside General Counsel help you in this phase? At Cubillos Lama, we draft, review, and negotiate contracts tailored to each type of vendor. We also help you build your internal contract policy, so your team knows exactly what to require and approve in each procurement.

Phase 3: Monitoring — During the Relationship

During the contract, don't disappear. Monitor:

Periodic Control of Labor Obligations

If you have contractors or subcontractors, request an updated F30-1 certificate.

Why: You want your liability to be subsidiary, not joint. Also to maintain control over contractor debts that could generate liability for your company.

Performance Evaluation vs. SLA

Is the vendor delivering what was promised?

  • Is delivery on time?
  • Is quality satisfactory?
  • Is service availability as agreed?

Document everything. If there are breaches, analyze from a legal, operational, and commercial perspective what the best enforcement tools are.

Policy Renewals

If they have insurance, request an updated copy before it expires. Don't allow coverage to lapse.

How does an Outside General Counsel help you in this phase? At Cubillos Lama, we implement periodic controls for labor and contractual compliance, track policies and guarantees, and advise you on the best enforcement tools when breaches are detected.

Phase 4: Exit — When the Relationship Ends

When you decide not to renew or to terminate:

Transition Plan

  • Documentation: Deliver all information related to the service (manuals, passwords, databases, reports).
  • Overlapping: If critical, maintain both vendors for 1-2 weeks until the new one is stable.

Return and Deletion of Confidential Information and Personal Data

The vendor should be asked to return and certify the deletion of all confidential information they accessed in connection with the contract.

Settlement of Debts, Fines, and Penalties

Before closing the relationship, review whether there are pending obligations from either party:

  • Commercial debts: Unpaid invoices, pending credit notes, retentions to release.
  • Contractual fines: Verify whether during the contract's term, breaches occurred that trigger penalty clauses, late fees, or other agreed penalties.
  • Guarantees and bonds: If there are current guarantees (performance bonds, retentions, etc.), determine whether they should be returned or executed.
  • Pending labor obligations: If it's a contractor or subcontractor, request a final F30-1 to confirm there are no labor or social security debts that could generate liability for your company.

Document everything that is owed and resolve it before formalizing the closure.

Termination Agreement and Release

Ideally, the contractual relationship should be closed with a termination agreement and release signed by both parties, which records:

  • That both parties have fully complied with their obligations, or alternatively, the detail of pending obligations and how they will be resolved.
  • The final settlement of payments, fines, indemnities, or compensations.
  • Mutual waiver of future claims arising from the contract (except for obligations that by their nature survive termination, such as confidentiality or warranties).
  • The return of information, materials, and access.

This document protects both parties and prevents subsequent claims.

Closure of Access and Credentials

  • Did they have login to your systems? Change the password.
  • Did they have access to shared folders? Revoke access.
  • Did they have an office access card? Recover it.

Seems obvious but it's what gets forgotten.

How does an Outside General Counsel help you in this phase? At Cubillos Lama, we manage the complete exit: we coordinate the transition plan, settle pending debts and fines, prepare the termination agreement and release, and ensure that access, information, and credentials are properly closed.

Why This Matters for a Company

Growing companies hire more vendors every year. Each vendor is a legal relationship that can explode into litigation or regulatory sanctions.

At Cubillos Lama, as your Outside General Counsel, we can support you in each of the phases described in this guide:

  • Due diligence prior to contracting: We design and execute the legal, labor, and compliance verification process for your vendors before you sign.
  • Contract execution: We draft, review, and negotiate contracts tailored to each type of vendor, and help you build your internal contract policy.
  • Monitoring during the relationship: We implement periodic labor compliance controls, SLA evaluation, and tracking of policies and guarantees.
  • Orderly exit: We manage the transition plan, debt and fine settlement, preparation of the termination agreement and release, and secure closure of access and information.

Legal Notice: This content is informational. Each service contract requires specific analysis based on vendor type, industry, and risks. Consult before implementing.

Have questions about your legal situation?

Let's discuss how this applies to your business.

Contact us →

Related resources

Guide

How to Handle a Contractual Dispute Before Going to Court

Read →Guide

Contract Policy: How to Implement an Approval Process That Doesn't Slow Down Your Business

Read →Guide

How to Review a Contract Before Signing: A Guide for Non-Lawyers

Read →
← Back to Resources