Certificates of insurance can sometimes be used as a means to commit fraud. Take the case of Adan Deniz, a plumbing contractor in Santa Clarita, California, who currently under indictment for 21 felony counts of forgery, theft by false pretense and workers compensation insurance fraud. The contractor is accused of falsifying 10 certificates of insurance and avoiding $52,269 in insurance premiums. Between July 2016 and July 2019, Deniz was found to have underreported his company’s payroll by $426,750. It is alleged that he submitted fake certificates to his clients and even government agencies in order to procure work.
This type of crime can be difficult to prevent. Every state requires that certificates provide certain basic information and that the information be presented in an approved format. While other formats exist, the ACORD organization’s formatted forms are approved in all 50 states. The basic formatting of the ACORD 24, 25 and other common forms have remained largely unchanged for decades. If all the information outlined on the form has been reviewed and verified, and meets their specific requirements, the certificate holder can usually be confident that they are protected by the insured’s coverages. Nevertheless, the potential for fraud remains. The problem is that the temptation for Insureds or even agents to falsify certificates can be too great.
By accepting a certificate of insurance from the insured, as opposed to directly from an agent, a certificate holder is essentially allowing that insured to verify their own insurance. In no other area of finance would a counterparty trust that a document of such import had not been tampered with when delivered by a party with a vested interest. Real estate transactions use an escrow to protect the parties involved and ensure that an objective party has verified the documents and payments. Banking transactions use SWIFT, the third-party messaging system, to authenticate that all major wire payments are verified by the rightful parties. Meanwhile, insurance certificate holder routinely rely on email and fax messages to verify millions of dollars of coverage. Verifying the source of such messages is difficult and virtually never confirmed in practice. Even if the source is confirmed, the message, when delivered as a PDF or fax, can be easily manipulated using widely available technology such as Photoshop.
However, certificate holders can take the following three steps to protect themselves from fraudulent certificates of insurance:
1. Demand that the agent provide the certificate directly.
The first step in protecting your interest as a certificate holder is to remove the temptation for fraud by requiring that insured not act as intermediary for the certificate, but that the verification come directly from the source, be it broker, agent or carrier.
2. Verify the source of the message and the status of the agent.
If the certificate is coming directly from an insurance provider, it should come via a trusted delivery channel. While many companies do not have the means to create a secure channel for electronic delivery, it is a simple matter to verify that the email domain or fax number transmitting the certificate is associated with the verified agent or broker. It is important to note that even though an email may display a trusted email domain, a criminal can still spoof the email domain or even the fax number transmitting the message. There will also be situations like the unlicensed California insurance agent that defrauded victims of more than $1.4 million dollars in 2021 by issuing fraudulent certificates. However, most certificate holders rarely bother to even verify the source of the electronic delivery.
3. Confirm the certificates meet, and continue to meet, your specific requirements.
Once it is confirmed that the certificate of insurance meets your limit requirements and that the necessary endorsements are included, it is vital to check the expiration date and continue to track that date. Be sure that your insured’s policy explicitly requires a cancellation notice. Most policies require that the insurance provider give advance notice of nonrenewal with the notice requirement ranging from 10 to 75 days depending on jurisdiction and circumstances surrounding the nonrenewal. Most commonly, the required cancellation notice period is 30 days, although state amendatory endorsements frequently extend this period to 60 days.
While we cannot hope to eliminate fraud entirely as it relates to certificates of insurance, certificate holders can do their part by reducing the temptation to commit fraud. If parties understand that certificate holders will be expecting that insurance policies are confirmed directly by their insurance provider, they will be much more likely to avoid falsifying their certificates.