Hi,
Sounds like your company is acting as a contract manufacturer (CM) in this instance, and at the same time it is also an independent legal manufacturer of medical devices.
I think you have 2 options wrt the CM device(s):
1. Exclude risk management altogether (unless spelled-out under the contract's scope), and, in Soma's words, "be a participative partner" in the clients RM process. Med dev CM are typically bound by regulation only via contract, flowing from their clients legal obligations. That would be the easiest route, but carries the risk of having 2 different quality levels in the organization - one for your own products and another for the CM'd ones.
2. Implement your RM procedures, to the last letter, on all your products, regardless of ownership. More work, but it'll streamline the operations and avoid the double standard and confusion / potential mistakes associated with it. Should you take such a path, the design owner's files could come very handy in your own process (the same way your manufacturing-related inputs would come handy for them).
Cheers,
Ronen.