If your business requires a vendor to provide a Certificate of Insurance (“COI”), make sure you see the actual insurance endorsement adding you as an additional insured. The actual COI, without an endorsement, may not be worth the paper it is written on.

Customers regularly request vendors to provide Certificates of Insurance (“COIs”) as condition of an ongoing business relationship. While obtaining a COI is an important risk management step, if the COI process is not managed appropriately, the risk management effort can be meaningless.

First, what is a Certificate of Insurance? A Certificates of Insurance is not a policy of insurance. It does not amend, modify, endorse, constitute a rider, or provide insurance coverage. Rather it is informational, like a receipt. A COI simply states who is the “additional insured” (more on that below) and the dollar amount of coverage at that point and time.

Why do businesses request a COI? In, short, to transfer risk. Generally a customer will include in its agreements an insurance clause requiring a vendor to carry a certain amount of insurance, to indemnify the customer for the vendor’s negligence, and to add the customer as an “additional insured” on the vendor’s insurance policy. This is particularly important in industries using unskilled labor or with otherwise greater exposure to risk. By adding a customer as an “additional insured,” that vendor is protecting the customer against ramifications caused by the vendor’s negligence. Said another way, it means the “additional insured” (here, the customer) has controlled the risk of the vendor’s negligence such that the customer only has to worry about its own negligence (which is much easier to control).

The problem: Even if you obtain a COI, you may not be eliminating any risk. The reason is that when there is a conflict or discrepancy between a COI and the actual insurance policy, the latter controls. Remember, the policy can be changed without any consent from the COI holder. The COI is simply evidence of the insurance coverage the policyholder has at the very moment the COI is issued. Insurance companies almost universally do not issue these certificates, and many times do not know they have been issued. If the insurance is cancelled the next day, the certificate is meaningless. Even more dangerous are companies that rely upon these documents as proof that they have been added as an Additional Insured to another's insurance policy. If the vendor’s policy has not been endorsed, then the COI has no effect. The standard ACORD form on which COIs are issued plainly states that the COI alone cannot extend or alter the coverage.

You obtain a COI to protect you from a vendor’s negligence. If the vendor is negligent, then the vendor’s insurance should protect you. If the vendor’s insurance policy has been changed materially or cancelled altogether, and the COI is worthless, you are not protected by the vendor’s insurance. Rather, you are left to sue the vendor for breach of its contract under the indemnity provisions. However, vendor may be out of business, or at least out of money, by this point. Your exposure could be great.

What to do:

1. Draft the contract with the vendor to stipulate the amount of insurance required, the indemnity provisions, and require that the vendor, in addition to a COI, provide you with an “additional insured” endorsement.

2. Review the endorsement with your insurance agent and understand what your “additional insured” coverage status covers and look at your own liability policy. There may be gaps in coverage that can be easily corrected.

3. Monitor the COI process: Require that vendors provide updated COIs and endorsements on a periodic basis. If necessary, outsource the function.