Ensuring Certificate Compliance

Ryan W. Shinkle


August 1, 2019

certificate of insurance compliance

Many industries rely on contractual risk transfer to function properly. Business executives, risk managers and contract administrators spend countless hours ensuring they are appropriately transferring risk of loss from their operations to their vendors, subcontractors and other parties. In these industries, signing or requesting the signature of contracts is often a daily occurrence. Given the complexity and variability of contractual language and insurance policies, not to mention endorsements to those policies, careful review is critically important. As if the attention to detail required was not arduous enough, add to it the sheer volume of certificates with respective coverage renewing on dates throughout the year, policies being cancelled with little warning and unpredictable changes to coverage, and compliance enforcement becomes a gargantuan task.

With so many moving parts, the likelihood of errors and the resulting damage from failing to enforce compliance with the contract can be high. Failures in certificate of insurance tracking can mean frequent and severe losses.

Consider the following scenario: A plumbing contractor enters into a contract that requires five years of products completed coverage and provides a certificate of insurance as required. The plumbing contractor completes the work on schedule and leaves the job. Months later, the building’s occupant brings a suit against the general contractor for defective plumbing. The general contractor requested additional insured status under the plumbing contractor’s general liability policy and the endorsement was appropriately issued. All goes according to plan in the risk transfer until it is discovered the plumbing contractor did not renew the insurance policy for which a certificate of insurance had been provided. The general contractor did not request a renewal certificate, did not know it was exposed to loss and, as a result, was responsible for a loss of more than $75,000. This scenario could have been easily avoided by ensuring the policy had been renewed per the contract.

In another scenario, an oilfield service contractor enters into a contract with an operator requiring $10 million of pollution coverage. The appropriate amount is evidenced at the time the contract is executed. While the services are being performed, the pollution and excess policies renew. The service contractor’s management elects to purchase reduced coverage of $5 million despite the contract’s requirements. The operator dutifully requests and receives a renewal certificate of insurance but fails to observe the reduction in excess pollution liability. A pollution event occurs, the coverage deficiency is discovered and the operator is found financially responsible for the more than $2 million in losses in excess of the limits provided by the service contractor. In addition, both the operator and service contractor are in breach of their contractual obligations.

It is by pure luck that incidents like these do not occur more often. Merely obtaining certificates of insurance showing satisfactory coverage is not sufficient. A certificate is simply a snapshot in time that proves that coverage was in force when the certificate was issued. Concerns about actual coverage terms can only be quelled by receiving certified copies of the insurance policies themselves. Proper risk management requires that certificates be complete, compliant and current, but many insureds struggle with the menial task of tracking certificates in some sort of paper filing system or spreadsheet.

To properly and efficiently track these certificates, insureds should first require written contracts with every subcontractor. The additional insured provision in their policy most likely requires a written contract to provide the additional insured coverage. Companies should also insist on receiving valid certificates of insurance before allowing contractors or vendors to begin work or enter premises and obtain copies of policies to verify validity of certificates, especially when working with a contractor or vendor for the first time. Finally, companies should consider using a fully automated system to reduce time spent on data entry, improve accuracy and reduce the risk of surprise lapses in coverage. These systems can send automatic email reminders to compliance staff as well as the contractor or vendor that has provided the certificate, providing greater efficiency and peace of mind.

Regardless of whether an organization uses an automated system or manually tracks certificates via spreadsheets, paper files or Post-it notes, it is of critical importance that certificates are reviewed regularly. Otherwise, they will not be worth the paper on which they are printed.
Ryan W. Shinkle, CIC, CRM, is an executive vice president at Insgroup, Inc.