A prevention-first guide for advisors
to protect clients from contractual coverage gaps
Without contractual obligations that clearly define coverage,
endorsements, and duration,
a COI is meaningless.
By Randy Boss, CRM, CIC, SPHR
In my work with contractors, manufacturers, and service companies, I see one costly misconception again and again: the belief that a Certificate of Insurance (COI) guarantees coverage.
It doesn’t.
A COI is a snapshot of coverage at a single point in time—a document of record for that moment only. It is not a contract, not an endorsement, and not a guarantee that the coverage will still exist when a claim occurs.
I’ve been brought into situations where a COI gave my client a false sense of security. The subcontractor or vendor’s certificate looked perfect when issued—all the right boxes checked—but months later, the policy had been canceled, the limits reduced, or the correct endorsements never issued. When the claim came in, my client discovered the truth: They were on their own.
Why this gap persists
The problem isn’t with the COI itself—it’s with how it’s used. Too many businesses collect COIs from subcontractors, vendors, or suppliers without ensuring that those certificates are backed by enforceable insurance requirements in the contract.
Without contractual obligations that clearly define coverage, endorsements, and duration, a COI is meaningless. A subcontractor can change carriers, let coverage lapse, or omit critical endorsements, and your client has no leverage to require compliance.
Underwriters have taken notice. Many carriers now flag weak contract language as a risk exposure, and some even offer premium credits for insureds who tighten their agreements.
Example contract updates to consider
Please note that the following are examples of contractual provisions for consideration only. They are not legal or coverage advice and should always be reviewed with the client’s attorney and risk management team before implementation.
- Require Additional Insured endorsements in the contract. Too often, contracts include vague language such as: “Subcontractor shall maintain commercial general liability insurance and name the Contractor as Additional Insured.”
That’s a start, but it leaves too much open to interpretation. Stronger language spells out:
- Coverage for both Ongoing and Completed Operations
- The minimum duration for Completed Operations coverage (e.g., three years after substantial completion or final payment)
- The exact ISO endorsement form numbers and edition dates
- Common references include:
- CG 20 10 (04/13 or later) – Ongoing Operations
- CG 20 37 (04/13 or later) – Completed Operations
These forms are industry standards and referencing them avoids ambiguity in both audits and claims.
- Establish ongoing compliance procedures. Even the best contract language fails if coverage lapses mid-project and no one notices. Recommendations:
- Require updated COIs annually or at key project milestones
- Track expiration dates in a COI log or compliance system
- For critical agreements, require the subcontractor’s carrier to provide direct notice of cancellation
.

Sample attorney-review language may read:
“The Subcontractor shall provide Additional Insured coverage for the Contractor and Owner for both Ongoing and Completed Operations. Such coverage shall be evidenced by ISO Form CG 20 10 (04/13 or later) and CG 20 37 (04/13 or later), or equivalent, and verified by a Certificate of Insurance. Certificates shall be renewed annually and provided prior to expiration. Thirty (30) days’ written notice of cancellation shall be provided to the Contractor.”
Case in point: When the COI wasn’t enough
Consider this common scenario: A commercial builder hires a subcontractor for a major project. The subcontractor’s COI shows $2 million in liability coverage and Additional Insured status for the general contractor (GC). Six months later, the subcontractor’s policy is canceled for non-payment, and weeks later a serious injury occurs. Without ongoing coverage, the GC faces hundreds of thousands in costs—with no recourse to the subcontractor’s insurer.
The root cause? No contractual obligation for ongoing coverage, no requirement for cancellation notice, and no process for updated COIs.
Prevention-first perspective
As an insurance advisor, you’re not drafting contracts—but you are in a unique position to spot red flags and connect clients to the right expertise.
Here’s how you can make a difference:
- Ask for both the COI and the underlying contract
- Identify vague or missing requirements
- Encourage attorney-reviewed improvements
- Help set up compliance systems
- Educate on the COI’s limitations
This is what prevention-first looks like in practice. By tightening contract language and verifying compliance, you keep risk where it belongs—with the party best able to control it.
You also help your clients avoid costly disputes, protect their balance sheet, and position them for possible premium credits.
That’s more than selling a policy; that’s delivering risk management in its purest form.
The bottom line: Certificates of Insurance are useful tools, but without enforceable contract terms and an ongoing verification process, they can give a false sense of security. The smartest insurance advisors treat COIs as just one piece of a broader prevention strategy—one that starts with strong contracts, continues with disciplined compliance, and ends with fewer uncovered losses.
The author
Randall Boss is a Certified Risk Manager at HIGHSTREET Ottawa Kent, and co-founder of Emerge Apps, the creators of software tools to help agents grow. With over 40 years of experience, Randy helps agents shift from quoting to consulting by arming them with tools and strategies to become true risk advisors.