A certificate of insurance is "valid" in two different senses - legally authentic (not fraudulent or forged), and contractually sufficient (meeting your specific requirements). Both matter, and they require different verification steps.
This guide covers both. You can complete a thorough COI review in under 10 minutes per certificate if you know what to look for.
Step 1: Confirm the Basic Document Integrity
Most standard certificates in the US are ACORD 25 forms. Check the following before reviewing coverage:
Issuing agent information: The upper left section lists the insurance agent or broker. Verify this is a recognizable broker for the vendor's industry and geography. If you're unfamiliar with the broker, a quick search to confirm they're a legitimate agency is appropriate.
Insurer names: The form lists the insurance carriers for each policy type. Verify that the carriers are:
- Licensed in the relevant state (check your state's department of insurance website)
- Have an AM Best rating of A- or better for the primary coverages (some contracts specify this)
Policy numbers: Each listed policy should have a unique policy number. Identical policy numbers across different coverage types, or obviously fake-looking numbers, are red flags.
Issue date vs effective dates: The certificate issue date should be reasonably recent (within the past 12 months for an active relationship). The policy effective dates should cover the current date.
Step 2: Verify Policy Dates
This is the most basic check and still fails more often than it should.
For each coverage type listed:
- Policy effective date: Should be on or before today
- Policy expiration date: Should be after today, and ideally more than 30 days away
A COI with an expired policy date is not valid for current coverage purposes - regardless of when the certificate was issued. The certificate may have been issued mid-term, but if the policy has since expired, coverage has lapsed.
Step 3: Verify Coverage Types and Limits Against Your Contract
This is where the actual compliance check happens.
Your contract (lease, service agreement, subcontract) specifies the required coverage types and minimum limits. For each required coverage type:
| Check | What to Look For |
|---|---|
| Commercial General Liability | Per occurrence and aggregate limits meet contract minimums |
| Workers' Compensation | "Statutory" or state-specific limits as required |
| Commercial Auto | Combined single limit meets contract minimum |
| Umbrella / Excess | Follows form; limits meet contract requirement |
| Professional Liability (if required) | Per occurrence and aggregate limits |
Don't just check that a line item exists. A CGL line with $0 limits, or limits far below your requirement, is not compliance. Read the numbers.
Step 4: Check Additional Insured Designation
Look at the "Description of Operations / Locations / Vehicles / Additional Insureds" box (Section D on ACORD 25). This is where additional insured designations are typically listed.
Verify:
- Your legal entity name appears (not just your trade name)
- The designation specifies the correct basis (e.g., "Additional Insured, Primary and Non-Contributory" if your contract requires it)
- If multiple entities need to be named (e.g., property management company and lender), all are present
Do not confuse the "Certificate Holder" box at the bottom with additional insured designation. These are different. The certificate holder receives a copy; they do not have coverage rights.
Step 5: Verify Waiver of Subrogation
If your contract requires a waiver of subrogation, look for it explicitly in the certificate. It may appear in the description box or as a checked box in the policy details section.
A waiver of subrogation must be reflected in the actual policy endorsement - a certificate statement alone may not be binding. If it's critical to your contract, request confirmation from the vendor's broker that the endorsement is in place.
Step 6: Confirm Cancellation Notice Terms
Many contracts require that the certificate holder receive 30 days' written notice of cancellation (vs the standard 10 days). If your contract requires 30-day notice, verify the certificate reflects this, typically in the description box or as a checked endorsement.
Quick COI Validation Checklist:
- Issuing broker is identifiable and legitimate
- Carrier names are recognized licensed insurers
- Policy dates cover today's date for all coverage types
- Coverage limits meet or exceed your contract requirements for each type
- Your legal entity is named as additional insured (not just certificate holder)
- Additional insured basis matches contract requirement (primary/non-contributory)
- Waiver of subrogation is reflected where required
- Cancellation notice terms meet your contract requirement
What to Do If You Suspect Fraud
COI fraud - vendors submitting falsified or altered certificates - does occur. Red flags include:
- Unusual fonts or formatting inconsistent with standard ACORD forms
- Coverage limits that seem too high for the premium being paid
- Insurer names that don't appear in state licensing databases
- Brokers who are not findable through standard searches
If you suspect fraud, contact the listed insurer directly using contact information from the insurer's website (not from the certificate) to verify policy existence and status.
Related Resources
- Risks of Expired Certificate of Insurance
- How Do I Verify a Contractor's Insurance
- Difference Between Insured and Additional Insured
- What Is a COI Request
Bramble automates this entire verification process - comparing every COI against your contract requirements so your team doesn't have to do it manually for every vendor. Book a demo at getbramble.com.