A national commercial GC was running 40 simultaneous projects across eight states. Every project had between 20 and 60 active subcontractors. Total vendor relationships with active COI requirements: approximately 800. Their compliance "program" consisted of a project manager on each job who knew to ask for COIs, a shared drive where certificates were filed, and a spreadsheet tracking expiration dates.
A post-project audit commissioned by their risk manager found that 43% of the COIs on file across all projects had at least one material gap relative to the subcontract requirements. On several projects, the completed operations additional insured endorsement - arguably the most important protection for post-completion defect claims - was never confirmed to be in force.
Vendor insurance compliance at GC scale is not a filing problem. It is a comparison problem. And it requires a program, not just a process.
The Scope of GC Vendor Compliance
A GC's vendor compliance program must cover more than just first-tier subcontractors:
First-tier subcontractors: Direct subcontracts with the GC. The GC bears direct contractual responsibility for verifying these subs' compliance.
Second-tier sub-subcontractors: Subs hired by subs. The first-tier sub is responsible for sub-sub compliance, but the GC has an interest in whether flow-down requirements are actually being met.
Material suppliers: Some suppliers - particularly those delivering and installing owner-furnished equipment - require coverage verification. Others (commodity suppliers with no on-site presence) may not.
Design professionals (design-build): Engineers and architects retained by the GC for design-build projects must carry professional liability. Standard GL does not cover design errors.
Consultants and testing firms: Third-party special inspectors, commissioning agents, and testing laboratories may require E&O coverage in addition to standard GL.
Structuring Requirements by Vendor Category
A one-size-fits-all requirement schedule creates two problems: under-requiring high-risk vendors (leaving exposure) and over-requiring low-risk vendors (creating friction with no benefit). An effective program uses tiered requirements:
| Vendor Category | Required Coverages | Notes |
|---|---|---|
| High-risk trade subs (structural, mechanical, electrical) | GL, auto, WC, umbrella $2M-$5M | CG 20 37 for completed ops; per-project aggregate |
| Standard trade subs (plumbing, drywall, painting) | GL, auto, WC, umbrella $1M-$2M | AI endorsements required |
| Specialty/hazardous (demo, excavation, explosives) | GL, auto, WC, umbrella $5M+, pollution | XCU removal; pollution coverage required |
| Design professionals | GL, auto, WC, professional liability $1M-$5M | Occurrence or claims-made with retroactive date |
| Suppliers (on-site installation) | GL, auto | Reduced; assess per contract value |
| Low-risk vendors (cleaning, food service) | GL, auto, WC | Minimum requirements |
The Project-Level vs. Vendor-Level Compliance Problem
A subcontractor working on multiple projects simultaneously may be subject to different requirements on each:
- Project A (standard commercial): GC standard subcontract, $1M GL/$2M aggregate
- Project B (hospital/healthcare): Owner-imposed $2M GL/$4M aggregate
- Project C (high-rise): Owner-imposed $5M umbrella; per-project aggregate required
Managing compliance at the vendor level - one COI, one set of requirements - fails for subs on multiple projects with different owner-imposed requirements. The compliance program must be project-specific, not just vendor-specific.
OCIP/CCIP Enrollment Complexity
Wrap-up programs (OCIP and CCIP) are common on large construction projects and create significant compliance management complexity:
What the wrap-up provides: Typically GL and WC for all enrolled subs for on-site operations at the enrolled project. Sometimes builders risk is included.
What the wrap-up does not provide: Coverage for off-site operations, auto liability, and any coverages explicitly excluded from the program. Subs enrolled in a wrap-up must still carry their own policies for non-wrap-up coverages.
The tracking problem: Compliance software that doesn't understand OCIP/CCIP enrollment will flag enrolled subs as non-compliant (because they correctly don't provide GL/WC for the enrolled project) or will miss gaps in the coverages subs must still maintain.
An effective compliance program tracks enrollment status separately and applies the correct requirement profile - wrap-up enrolled or non-enrolled - to each sub on each project.
COI Review Responsibility: Who Owns the Check?
In most GC organizations, COI review responsibility falls in one of three places:
Project manager (decentralized): Each PM is responsible for collecting and reviewing sub COIs on their projects. This is the most common approach - and the one with the highest error rate. PMs are selected for project management skills, not insurance knowledge. They apply inconsistent standards and rarely perform the deeper verification (endorsement confirmation, completed operations tracking) that the compliance problem requires.
Centralized compliance team: One team owns COI management across all projects. This produces more consistent results but creates bottlenecks and communication gaps between the field and the compliance office.
Hybrid (centralized review, PM initiation): PMs initiate the COI request and confirm receipt; a centralized team performs the comparison and endorsement verification. This approach balances quality with operational speed.
Regardless of structure, the compliance function should be connected to site access control: a sub whose COI doesn't meet requirements should not be allowed on site until the gap is remediated.
The Annual Renewal Challenge in Multi-Project Programs
A GC with 200 active subcontractors across 20 projects has approximately 200 policy renewals occurring at various points throughout the year. Without systematic tracking:
- Policies expire mid-project without anyone noticing
- Renewed policies come in with different limits or missing endorsements
- The compliance team discovers lapsed coverage only when a claim occurs
An effective renewal management process:
- Tracks every active COI's expiration date
- Sends renewal requests to subs and their agents 60 days before expiration
- Automatically compares renewed COIs against subcontract requirements when received
- Flags any renewal that reduces coverage below the prior period's levels
Frequently Asked Questions
Who is responsible for sub-subcontractor compliance? Contractually, the first-tier sub is responsible for their sub-subs. But GCs who face a claim arising from sub-sub work often bear practical exposure even if the contract holds the first-tier sub responsible. GCs who want real protection should require first-tier subs to flow down insurance requirements and certify sub-sub compliance. Some GCs also require sub-subs to be added to the pre-qualification list.
How do GCs handle subcontractors who work across multiple projects with different owners? The cleanest approach is to maintain the governing document (subcontract + project-specific insurance requirements) for each project and verify each sub's COI against the applicable project's requirements. This requires project-level compliance tracking, not just vendor-level.
Should a GC's risk manager review every subcontractor COI? Not necessarily every one - but the risk manager should define the compliance standards, audit the review process periodically, and personally review high-risk or high-value subcontracts. The risk manager sets the standard; the compliance team executes against it.
What happens when an owner audits the GC's subcontractor insurance compliance? Owners on larger projects increasingly require GCs to certify subcontractor compliance and make COIs available on request. GCs who can't produce compliant COIs for active subs face breach of contract exposure and potential owner-imposed financial consequences. A documented, systematic compliance program is the best defense - and the best evidence in an owner audit.
GC vendor insurance compliance at scale requires a program with defined requirements by vendor category, project-specific compliance tracking, and systematic verification against actual subcontract language.
See how Bramble handles Construction vendor compliance or learn how contract vs. COI comparison works.
Build a compliance program that scales with your project volume. Book a demo at getbramble.com.