A property management company managing eight commercial buildings had 47 active vendors across their portfolio. They collected COIs at the start of each service agreement and renewed them when they remembered. An OSHA audit following a subcontractor injury revealed that 19 of those 47 vendors had expired COIs. Eleven had certificates on file that never met the company's own vendor agreement requirements. The company faced $125,000 in fines, a lender-required compliance remediation plan, and the cost of retroactive insurance verification across four years of records.
Vendor compliance isn't paperwork. It's the mechanism that determines whether someone else's mistake becomes your problem.
Why Vendor Compliance Is a Top Commercial Real Estate Risk
Commercial properties host hundreds of vendor interactions per year. HVAC service calls, elevator maintenance, exterior painting, parking lot striping, roof inspections, electrical repairs, security upgrades-each one brings workers onto your property who can be injured, cause damage, or injure third parties.
When that happens, plaintiffs' attorneys look for the deepest pocket. In a commercial real estate context, that's typically the property owner. The first line of defense is proving that the vendor carried compliant insurance and that your additional insured status was properly documented before the work began.
70% of COIs contain at least one deficiency at first submission. In vendor relationships, where the certificate is often procured quickly to meet an urgent work order, that rate is higher.
The Four Pillars of Vendor Compliance
Pillar 1: Pre-Qualification Standards
Before a vendor is approved to work at any property in your portfolio, they must meet documented standards:
- Completed vendor application with license, entity, and contact information
- Current COI meeting your baseline requirements
- Evidence of satisfactory completion of comparable work (references or project history)
- Signed vendor agreement acknowledging your insurance and indemnification requirements
Maintain a pre-approved vendor list by trade category. A vendor who passes pre-qualification can be dispatched for work orders without re-verifying every time. A vendor who hasn't passed pre-qualification cannot begin work under any circumstances-including emergencies.
Pillar 2: Insurance Requirements by Trade
| Vendor Category | GL Per Occurrence | GL Aggregate | Umbrella | Workers' Comp |
|---|---|---|---|---|
| Janitorial / Cleaning | $1M | $2M | $1M | Statutory |
| Landscaping / Grounds | $1M | $2M | $1M | Statutory |
| HVAC / Mechanical | $1M | $2M | $2M | Statutory |
| Electrical | $1M | $2M | $2M | Statutory |
| Plumbing | $1M | $2M | $2M | Statutory |
| Roofing | $1M | $2M | $2M | Statutory |
| General Contracting | $2M | $4M | $5M | Statutory |
| Elevator Maintenance | $2M | $4M | $5M | Statutory |
| Environmental / Abatement | $2M | $4M | $5M + Pollution | Statutory |
| Security Services | $1M | $2M | $2M | Statutory |
All vendors must also carry: employers' liability ($500K minimum), commercial auto if vehicles are used on-site, and name the property owner and manager as additional insureds on a primary and non-contributory basis.
Pillar 3: COI Collection and Verification Protocol
Collection protocol:
- Request COI directly from the vendor's insurance broker (not the vendor)
- Require the COI to include all required endorsements as attachments
- Accept only original COIs-not photocopies of old certificates
Verification protocol:
- Compare every field on the COI against your vendor agreement requirements
- Verify named insured exactly matches your vendor agreement
- Confirm additional insured endorsement is attached and correctly identifies your entities
- Confirm waiver of subrogation endorsement is attached for CGL and workers' comp
- Record policy expiration dates in your tracking system
Pillar 4: Ongoing Monitoring and Renewal Management
Vendor compliance is not a one-time event. Policies expire, get canceled, get modified, and get replaced. A vendor who was compliant in January may not be compliant in October.
Monitoring cadence:
- Review all pre-approved vendor COIs 60 days before expiration
- Send renewal requests 45 days before expiration
- Suspend work authorization for any vendor who hasn't renewed within 10 days of expiration
- Re-verify compliance after any vendor incident, regardless of severity
Building the Compliance Audit Trail
If litigation follows a vendor incident, you need to demonstrate that you exercised reasonable care in vendor selection and compliance monitoring. The audit trail includes:
- Vendor pre-qualification records
- Every COI submitted, with version and submission date
- Every deficiency notice sent and the vendor's response
- Approval records confirming when compliance was verified
- Work orders showing which vendor was authorized for which work on which date
- Any incident reports and the COI status at the time of the incident
This documentation is your defense against negligence claims and your evidence in subrogation disputes with the vendor's insurer.
Managing the Subcontractor Chain
General contractors bring their own subs. Your vendor agreement with the GC must flow insurance requirements down to every subcontractor working on your property. Key provisions:
- GC must require all subs to carry equivalent insurance
- GC must collect and verify sub COIs before allowing sub to begin work
- GC remains liable for any sub's failure to maintain required coverage
- Property owner reserves the right to audit GC's sub COI files
Without these provisions, a sub with no insurance can do work on your property, and when something goes wrong, the GC's policy may not respond for the sub's actions.
Common Vendor Compliance Failures and How to Prevent Them
"The vendor has been with us for years-we trust them." Trust is not compliance. Long-tenured vendors are just as likely to have lapsed policies as new ones. Set calendar triggers regardless of relationship length.
"The COI looks fine to me." Looking fine is not verification. Confirm limits match your contract. Confirm the additional insured endorsement is actually attached. The ACORD form is a summary-what matters is what's in the policy.
"We'll get the COI after the emergency is handled." Emergency exceptions become standard practice. Maintain an emergency vendor list with pre-verified COIs for common urgent needs: plumbing, electrical, locksmith. For true one-time emergencies, get verbal confirmation and follow up within 24 hours-in writing.
Frequently Asked Questions
Q: How do we handle out-of-state vendors working on our properties? A: Workers' compensation, auto liability, and some endorsement requirements vary by state. Verify that the vendor's policy is written to apply in the state where work is performed-some policies have geographic limitations.
Q: Can we include vendor insurance requirements in a master service agreement and skip per-job COIs? A: The MSA sets the requirement. A COI proves fulfillment. You need both. An MSA without a current COI tells you what the vendor agreed to carry-not whether they're actually carrying it today.
Q: What's the right way to respond when a vendor says "my broker is working on the endorsement"? A: Stop work until the endorsement is confirmed. "Working on it" is not coverage. The endorsement must be in place before work begins, not promised afterward.
Q: Should property managers carry their own errors and omissions coverage for failing to enforce vendor compliance? A: Yes. Property manager E&O policies are designed to cover claims arising from management errors, including failure to enforce tenant or vendor insurance requirements. Consult your own broker to confirm your E&O policy covers this exposure.
Bramble automates the entire vendor compliance workflow-from COI collection and clause-level verification to expiration tracking and deficiency notices. Commercial property management teams cut their compliance labor by 80% within the first month.