The Source Document Gap: Why 70% of COIs Still Fail

There is a statistic that has circulated through commercial real estate and insurance compliance circles for years: roughly 70% of certificates of insurance contain errors. Not minor formatting issues. Actual coverage gaps: missing endorsements, incorrect limits, absent additional insured designations, lapsed waiver of subrogation clauses. The kind of gaps that, in the event of a claim, leave a property owner or general contractor exposed to liability they believed was covered.

The industry has spent the last decade building software to address this problem. COI tracking platforms now number in the dozens. They scan certificates, extract fields, flag expiring policies, and send automated outreach when a certificate lapses. Some use OCR. Some use templates. Some even claim to use AI. And yet the 70% error rate persists. The tools have improved dramatically, but the underlying problem has not moved.

The reason is straightforward, and it has nothing to do with the quality of the tracking software. The reason is that every tool in the market is tracking the wrong thing.

What the Industry Tracks vs. What Actually Matters

A certificate of insurance is a summary document. It is produced by an insurance broker to confirm that a policy exists and to list the key coverage parameters: policy number, effective dates, coverage types, limits, and endorsements. It is a downstream artifact. It is the output of a process that starts somewhere else entirely.

That somewhere else is the source document. The commercial lease that specifies what insurance a tenant must carry. The construction tender that defines the coverage a subcontractor must provide. The transportation contract that outlines the liability requirements for a carrier. The master service agreement that stipulates the professional liability minimums for a vendor. These are the documents where insurance requirements originate. They are the upstream input to the entire compliance chain.

COI tracking software operates entirely downstream. It reads the certificate. It extracts the fields. It compares what it found against a template or checklist. But here is the critical question that no tracker answers: where did the template come from?

In almost every case, the template was built by a person who read the lease or contract, extracted the requirements manually, and typed them into the tracking system. If they read carefully, the template is accurate. If they missed something, the template has a gap. If the lease was amended after the template was created, the template is now outdated. And if the person who built the template left the company, nobody knows whether it was ever accurate in the first place.

This is the source document gap: the space between what the lease requires and what the tracking system checks. Every COI tracker in the market sits on the wrong side of that gap.

Why Certificate Tracking Alone Cannot Solve This

Consider a property management company with 200 tenants across a portfolio of commercial buildings. Each tenant has a lease. Each lease has an insurance section, typically buried somewhere in the general conditions, that specifies the minimum coverage the tenant must carry. These requirements vary. Different leases require different coverage types, different minimum limits, different endorsements, and different named insured configurations.

Now, the property manager receives a certificate of insurance from a tenant. They upload it to their tracking platform. The platform scans the certificate, extracts the coverage lines, and reports: “Compliant.” Green checkmark. Case closed.

But compliant against what? The tracker compared the certificate against a template. The template says the tenant needs $2 million CGL coverage. The certificate shows $2 million CGL coverage. Match. But the lease actually requires $2 million CGL coverage with equipment breakdown included as a named peril. The template never captured that detail because whoever built it three years ago did not notice that clause on page 47 of the lease. The certificate is “compliant” according to the tracker. It is non-compliant according to the lease.

This is not a tracking problem. It is a reading problem. The tracker never read the lease. It cannot know what the lease requires. It only knows what someone told it to check.

Five Gaps That Trackers Never Catch

The source document gap manifests in predictable ways. These are not edge cases. They are the most common compliance failures in commercial real estate insurance, and they recur because no tracking tool is designed to detect them.

1. Equipment breakdown required but not listed. Many commercial leases require tenants to carry equipment breakdown coverage, particularly for restaurants, medical offices, and industrial tenants with specialized machinery. This is often specified as a separate requirement or as an endorsement to the property policy. COI trackers check for standard coverage lines: CGL, property, umbrella, auto. Equipment breakdown is a specialty line that rarely appears in default templates. The lease requires it. The tracker does not check for it. The certificate does not include it. Nobody notices until a boiler fails and the claim is denied.

2. Additional insured listed on the wrong policy. A lease requires the landlord to be named as additional insured on both the CGL policy and the umbrella or excess liability policy. The tenant's broker issues a certificate that names the landlord as additional insured on the CGL only. The tracker sees “additional insured: yes” and marks it compliant. But the lease specifically requires the additional insured endorsement on the umbrella as well. The tracker has no way to distinguish which policy the endorsement applies to unless the template was configured with that level of specificity, which it almost never is.

3. Waiver of subrogation absent from the certificate. Waiver of subrogation is one of the most commonly required endorsements in commercial leases. It prevents the tenant's insurer from recovering damages from the landlord after paying a claim. Many leases require it on both property and CGL policies. Certificates frequently omit it entirely, or list it on one policy but not the other. Trackers that check for waiver of subrogation at all typically check for its presence anywhere on the certificate, not on the specific policies the lease requires.

4. Lease amendment changes requirements after template creation. A tenant renews their lease. The renewal includes an amendment that increases the CGL limit from $2 million to $5 million and adds a requirement for cyber liability coverage. The property manager files the amendment. The tracker template is never updated because the person handling lease renewals and the person managing insurance compliance are in different departments. The old certificate, showing $2 million CGL and no cyber coverage, continues to show as compliant for the remainder of the policy period.

5. Coverage type mismatch between lease language and certificate. The lease requires “comprehensive general liability” coverage. The certificate lists “commercial general liability.” These are functionally the same thing. “Comprehensive” is older terminology, but some trackers flag this as non-compliant because the wording does not match, while others miss the distinction because they only check for the presence of a CGL line. Neither outcome is correct. What matters is whether the coverage described on the certificate satisfies the requirement described in the lease, and making that determination requires understanding both documents in context.

The Root Cause: Nobody Reads the Lease

Every one of these failures traces back to the same root cause. Nobody reads the source document. Or more precisely, someone read it once, years ago, and extracted a simplified version of the requirements into a template. That template has been the basis for all compliance checking ever since, regardless of whether the underlying document has changed, whether the extraction was accurate, or whether the template captures the full nuance of the original requirements.

This is not a criticism of the people doing the work. Reading a 100-page commercial lease and extracting every insurance requirement is tedious, time-consuming, and requires both legal literacy and insurance expertise. (For a step-by-step guide on where requirements hide and what to extract, see our post on how to read lease insurance requirements.) It is the kind of task that gets done carefully the first time and then never revisited. It is exactly the kind of task that falls through the cracks when staff turns over, portfolios change hands, or lease amendments stack up over years.

And it is exactly the kind of task that COI tracking software was supposed to eliminate, but did not, because the tracking software never addressed it. The tracker automates the downstream comparison. It does not automate the upstream extraction. The hard part was never matching a certificate against a checklist. The hard part was always building the checklist in the first place.

Closing the Gap: Start with the Source Document

Bramble takes a fundamentally different approach. Instead of starting with the certificate and comparing it against a manually-built template, Bramble starts with the source document: the lease, tender, contract, or agreement that defines the insurance requirements in the first place.

Bramble reads the entire document. It identifies every insurance-related clause, regardless of where it appears in the document: the insurance section, the indemnification section, the general conditions, the exhibits, the amendments. It extracts each requirement into a structured profile: coverage type, minimum limit, required endorsements, named insured configuration, waiver requirements, notice provisions, and every other parameter the document specifies.

This is not a template. It is not a checklist that someone configured. It is a structured extraction from the actual document, and it updates every time the document changes. When a lease amendment is uploaded, Bramble reads the amendment and updates the requirements profile. When a new contract is signed, Bramble reads it from scratch and builds a new profile. There is no manual configuration step. There is no template to maintain. The requirements are always current because they are always derived from the document itself.

Then, when a certificate arrives, Bramble compares it against the structured requirements profile line by line. Not against a template. Against the actual requirements extracted from the actual source document. The comparison is specific: “The lease at Section 12.3(a) requires equipment breakdown coverage with a minimum limit of $500,000. The certificate does not list equipment breakdown coverage on any policy.” Or: “The lease requires the landlord to be named as additional insured on the umbrella policy. The certificate lists the landlord as additional insured on the CGL policy only.”

This level of specificity is only possible because Bramble has read both documents. It knows what the lease requires because it read the lease. It knows what the certificate provides because it read the certificate. The comparison is not template-to-certificate. It is source-document-to-certificate. That is the difference between tracking compliance and verifying it.

Why This Matters Now

The 70% error rate is not an academic problem. Every uncaught gap represents a real exposure. A property owner who believes their tenant carries equipment breakdown coverage, because the tracker says “compliant”, discovers after a loss that the coverage was never in place. A general contractor who thinks their subcontractor has an umbrella policy naming them as additional insured finds out during litigation that the endorsement only applied to the CGL. A fleet operator who assumed waiver of subrogation was in place faces a subrogation claim from a carrier's insurer after an accident.

These are not hypothetical scenarios. They happen every day, across every industry that relies on contractual insurance requirements. And they persist because the tools designed to prevent them were built to track certificates, not to read the documents that define what those certificates should contain.

The source document gap is the last structural failure in insurance compliance. Closing it requires a tool that starts where the requirement starts: in the lease, the tender, the contract. Not in the certificate.