A property management company had been working with the same HVAC contractor for four years without incident. One afternoon, a technician slipped on a wet rooftop and suffered a serious injury. The property manager filed the claim under the contractor’s general liability policy—only to learn that the certificate of insurance on file had expired eight months earlier. The contractor’s insurer denied coverage for the incident. The property management company, left holding the liability, faced a six-figure settlement and a sharp increase in its own insurance premiums.
That outcome was not the result of negligence or bad intent. It was the result of a gap in COI tracking—a certificate that was valid when it was collected, then simply aged out of compliance without anyone noticing.
If your organization works with vendors, subcontractors, tenants, or service providers, expired certificates of insurance represent a real and often underestimated financial risk. This post explains exactly what that risk looks like, why manual tracking consistently fails, and what a reliable COI management system actually requires.
A certificate of insurance (COI) is a document issued by an insurance company or broker that summarizes the coverage held by a policy holder—typically a vendor, subcontractor, or service provider. It verifies that the named insured carries the types and limits of coverage your contract requires: general liability, commercial auto, workers’ compensation, professional liability, and so on.
COIs are not the insurance policy itself—they are a snapshot of coverage at the time of issuance. Most commercial insurance policies renew annually, which means a COI issued today reflects coverage that may expire within months. Once the underlying policy lapses or is canceled, the COI is worthless as evidence of protection—even if it’s still sitting in your files looking official.
According to Oregon Department of Administrative Services Risk Management, the party requesting a certificate should always verify that coverage is in force for the duration of the work being performed—not just that a certificate was issued at some point in the past.
An expired COI is not an administrative inconvenience. It is a gap in your financial protection. Here’s where the damage actually shows up.
When a vendor or subcontractor causes property damage, personal injury, or other harm while working on your behalf, you expect their insurance to respond. If their policy has lapsed, it won’t. Your organization may be named as a defendant in litigation, and without a valid additional insured endorsement backed by active coverage, you have no recourse to the vendor’s insurer.
A single uninsured claim in a construction or property environment can reach six figures with ease. In complex liability cases, the financial and reputational damage can reach seven figures, according to BCS Risk Management.
When your organization absorbs a liability claim that should have been covered by a vendor’s insurance, it goes against your own claims history. A pattern of uninsured vendor incidents raises your risk profile in the eyes of your insurer and can result in premium increases at renewal—adding ongoing cost even after the original incident is resolved.
Many commercial leases and vendor contracts require tenants or service providers to maintain specific insurance coverage throughout the agreement term. An expired COI may put the other party in technical breach of the agreement, but it also creates practical enforcement problems. According to RE BackOffice, the absence of a valid COI weakens your ability to enforce indemnification provisions in a dispute, even when those provisions clearly favor you.
In construction and facilities management, discovering an expired COI during a project inspection or compliance review can stop work immediately. General contractors who find that a subcontractor’s insurance has lapsed may be required to remove them from the site until coverage is reinstated. The cost of even a one-day delay on a commercial construction project can be substantial, and the reputational damage with a general contractor or client compounds the financial impact.
Organizations that manage commercial real estate or are subject to lender covenants often face insurance compliance requirements as a condition of financing. Lenders and investors increasingly scrutinize insurance documentation during audits and due diligence, and gaps in COI management can raise red flags that impact financing arrangements or asset valuations, according to BCS Risk Management.
When a dispute or claim goes to litigation, documentation is everything. An expired COI means you cannot demonstrate that your vendor or subcontractor had active, compliant coverage at the time of the incident. Courts look at the state of documentation at the time of loss, not at what coverage may have been in force months or years earlier. This documentation gap can shift liability in directions that were never intended.
Most organizations recognize that COI management is important. The problem is that the systems they use to manage it are not adequate for the task.
A spreadsheet can store COI expiration dates, but it cannot send you an alert when a date is approaching. It cannot flag certificates that are noncompliant at collection. It cannot escalate to a manager if a renewal request goes unanswered. The moment the spreadsheet is not actively reviewed—which, in a busy operations team, happens constantly—deadlines slip.
According to Jones Insurance, 7 out of 10 collected COIs are noncompliant in some way, and it takes an average of three follow-ups to make a certificate fully compliant. Multiply that effort across 40, 80, or 200 active vendors or subcontractors and you have a compliance workload that quickly overwhelms any manual process.
In active construction environments, a single project may involve dozens of subcontractors, each with multiple policy types that renew at different times. Tracking compliance manually at that scale is not just inefficient—it’s structurally incapable of keeping up.
In procurement, property management, and construction, team turnover is common. When the person who managed the COI spreadsheet leaves, their replacement often inherits a partially maintained file with no clear system for follow-up. Knowledge of who to contact at each vendor’s insurance broker, which policies have been flagged, and which certificates are about to expire does not survive a personnel change in a manual system.
Many organizations collect a COI at the start of a vendor relationship and never request an updated one. The certificate that was valid at onboarding may have expired 11 months later, but if there’s no system prompting for renewal, the expired document just sits in the file. The risk has accumulated silently.
Reliable COI compliance is not about working harder on your spreadsheet. It requires a system with the right capabilities built in.
All COIs—current and historical—should be stored in one system that is accessible to everyone who needs it. This eliminates the situation where a site manager has one set of certificates, the main office has another, and the insurance broker has a third version that may or may not match either.
The system should automatically identify certificates approaching expiration and send alerts to the relevant team members with enough lead time to request renewals. A standard lead time of 30–60 days before expiration gives you time to follow up with vendors, receive updated certificates, and verify compliance before the policy lapses.
Different vendors carry different risk profiles. A general contractor performing structural work needs higher coverage limits and more policy types than a landscaping company doing perimeter maintenance. Your tracking system should record the specific insurance requirements for each vendor relationship so that incoming certificates can be compared against the right standard—not a one-size-fits-all threshold.
When a renewal request goes out, the system should track whether a response has been received. If a vendor has not provided an updated certificate within a defined window, the system should escalate the alert to a supervisor. The three-follow-up average documented in industry research is not inevitable—it reflects the absence of a structured follow-up process.
When your organization undergoes an insurance audit, a lender review, or a project compliance inspection, you need to be able to demonstrate the status of your COI portfolio quickly. An audit-ready report showing which vendors have current, compliant certificates—and which do not—is far more credible than a spreadsheet and a stack of PDFs.
Expiration Reminder is designed for exactly this use case. You can store every vendor and subcontractor’s COI with all relevant policy details, configure automated reminders for each certificate’s expiration date, assign ownership to specific team members, and generate compliance reports on demand.
When a certificate is approaching expiration, the system automatically notifies the responsible team member—and escalates if no action is taken. When an updated certificate arrives, it can be uploaded directly to the vendor record, maintaining a complete audit trail. You get a real-time view of your entire COI portfolio: which vendors are compliant, which certificates expire this month, and which follow-ups are outstanding.
For construction, property management, and any organization that manages multiple vendor relationships, this kind of centralized, automated tracking is the difference between proactive compliance and reactive damage control. See how automated COI tracking works for your team.
Book a demo and we’ll show you how Expiration Reminder can replace your COI spreadsheet in an afternoon.
You should request an updated certificate whenever the current one expires—which, for annual policies, means approximately every 12 months. For high-risk vendors or subcontractors performing active work, consider requesting a certificate at the start of each project phase in addition to the annual renewal. Your tracking system should alert you before expiration so the request goes out proactively, not after the fact.
If a vendor cannot provide a current, compliant certificate, work should be paused until coverage is confirmed. Allowing an uninsured vendor to continue working exposes your organization to the full liability of any incident they cause. Most vendor contracts include provisions allowing you to require insurance documentation as a condition of continued work—use those provisions. If a vendor persistently fails to maintain required coverage, it may be grounds to terminate the relationship.
No. A COI collected at onboarding only confirms coverage on the day it was issued. Annual policy renewals mean that without ongoing tracking and renewal requests, your COI file will be filled with expired documents within 12 months. Effective COI management requires systematic renewal tracking throughout the vendor relationship, not just a one-time collection at the start.
Key elements to verify include: the policy types required by your contract are listed, coverage limits meet your minimum thresholds, your organization is listed as an additional insured (where required), the certificate holder information is correct, and the policy effective and expiration dates cover the period of work. Common issues include certificates that show lower limits than required, missing additional insured designations, and expiration dates that fall before the project completion date.
Not by itself. The COI is evidence that the additional insured endorsement was requested at the time of issuance. Whether that endorsement is actually attached to the underlying policy—and whether it remains valid—requires verification against the policy itself. For significant vendor relationships and high-value projects, requesting a copy of the actual additional insured endorsement from the vendor’s insurer provides stronger documentation than the COI alone.
That depends heavily on the tools available. With a manual spreadsheet process, even a dedicated compliance administrator may struggle to keep up with more than 50–75 active certificates, given the collection, verification, and follow-up work involved. With an automated tracking platform, the same person can manage several hundred active certificates because the system handles reminders, escalations, and reporting automatically—freeing their time for exception management rather than routine tracking.
Don’t wait for an incident to discover your COI file is out of date. Start a free trial of Expiration Reminder and get automated alerts for every certificate before it expires.
P.S. The cost of a lapsed COI shows up in claims, premiums, project delays, and legal fees—often years after the certificate quietly expired. Automated tracking costs a fraction of a single uninsured incident, and it makes the whole problem go away.