An expired certificate of insurance tells you two things: that a vendor had insurance at some point in the past, and that you have no current proof they still do. That's it. An expired COI is not a document with reduced value - it's a document with no current compliance value.
The risks attached to working with vendors on the basis of an expired COI are immediate and concrete.
The Three Core Risks of an Expired COI
Three Core Risks of an Expired COI
Risk 1: No proof of current coverage
A certificate of insurance is a snapshot of coverage at the time of issuance. Once it expires, the snapshot is stale. The underlying policy may still be active, or it may have lapsed. The expired COI tells you nothing about current status.
If an incident occurs while a vendor is working with only an expired COI on file, your ability to demonstrate that the vendor was insured at the time of the incident is compromised. Even if the vendor's policy was technically active, proving it becomes a documentation problem.
Risk 2: Actual policy lapse
In many cases, COI expiration correlates with policy expiration. Policies typically run on annual cycles; COIs issued at policy inception expire with the policy. If the vendor didn't renew, the policy - not just the certificate - has lapsed.
Working with an uninsured vendor exposes your organization directly. Any incident during that period may fall to your general liability coverage, affecting your claims history and premiums, or to you personally through legal liability if your GL coverage has exclusions.
Risk 3: Contract breach on your end
Many organizations' contracts with their own clients, lenders, or property owners require them to ensure that their vendors and subcontractors maintain current insurance. Working with a vendor whose COI has expired may put you in breach of your own contract - even if your vendor's insurance is technically still active.
What an Expired COI Does NOT Tell You
An expired COI does not mean:
- The underlying policy has lapsed (it may still be active)
- The vendor is uninsured (they may have renewed without sending you a new certificate)
- You are automatically liable for incidents (depends on contract language and jurisdiction)
But critically, it also does not mean you're protected. The burden is on you to obtain current documentation.
Quick Reference: Expired COI Response Steps
When You Discover an Expired COI:
- Do not assume the underlying policy is still active
- Contact the vendor immediately - request a current certificate from their broker
- Check your contract: is there a cure period, or is continued work without a current COI a breach?
- Consider suspending work until a current COI is received if the vendor's work creates significant risk exposure
- Verify the new COI shows a policy effective date with no gap from the prior policy
- Update your compliance file with the date the lapse was identified and when it was remediated
Why COIs Expire Without Replacement Certificates Being Filed
The most common reason organizations have expired COIs on file is not that vendors are uninsured - it's that nobody asked for the renewal certificate. Vendors renew their policies routinely. They don't automatically send updated certificates to every certificate holder.
This is a systemic failure in manual COI programs. Without automated expiration tracking and proactive renewal requests, certificates age out silently.
The operational fix is automated expiration monitoring: tracking the expiration date of every COI on file and sending renewal requests to vendors 60, 30, and 14 days before expiration. This converts a reactive discovery problem into a proactive management process.
The Compliance Standard: What "Current" Means
A COI is current when:
- The certificate date (usually the issuance date) is not expired
- The underlying policy has an active period covering the current date
- All policy types listed on the COI are still in force
Note that condition 3 matters: a vendor may renew their GL policy but let their workers' compensation or umbrella lapse. A "current" COI might reflect a partial renewal.
This is why certificate-level expiration tracking is necessary but not sufficient. Contract-level verification - checking that all required coverages are current and meet contractual requirements - requires reading both the COI and the contract.
Related Resources
- What Happens If a Vendor's Insurance Lapses
- What to Do If Vendor Insurance Expires
- How Do I Know If a COI Is Valid
- How Often Should You Collect COIs
Bramble tracks expiration dates across your entire vendor portfolio and sends automated renewal reminders - so you find expired COIs before incidents do. Book a demo at getbramble.com.