A $6.8 million apartment renovation project in Seattle used a painting subcontractor who had worked with the GC for three years. The project coordinator knew the sub, trusted the relationship, and processed the COI quickly - checking that it was received and that the limits looked right. Six months later, VOC fumes from the sub's paint products caused a health complaint from residents in an adjacent occupied building, resulting in a $340,000 liability claim. When the sub's insurer reviewed the claim, they found that the policy contained a residential exclusion and an exclusion for claims related to products liability in mixed-use occupied structures. The coverage the coordinator "verified" didn't actually apply to the work being performed.
Familiarity is a liability in insurance verification. The process needs to be systematic, applied equally to every subcontractor regardless of relationship history.
Why Most Verification Processes Fail
There are three common failure modes in subcontractor insurance verification:
Failure mode 1 - Checking receipt, not compliance: The COI arrives, someone marks it received, and it goes in the file. No one compared it against the subcontract requirements.
Failure mode 2 - Checking against the wrong standard: The reviewer checks the COI against a standard internal template or a remembered minimum, not against the specific subcontract for this project and this sub.
Failure mode 3 - Stopping at the COI: The review process treats the COI as the final document. Endorsements are not requested or verified; the policy itself is never consulted.
A sound verification process addresses all three failure modes.
Step 1: Extract Requirements from the Subcontract
Before reviewing a COI, you need to know exactly what you're looking for. This sounds obvious, but many compliance processes skip this step - reviewers rely on institutional memory or a generic template rather than reading the actual subcontract.
The subcontract insurance exhibit specifies:
- Each coverage line required (GL, auto, WC, umbrella, specialty lines)
- Minimum limits for each line (per-occurrence, aggregate, and sublimits)
- Required endorsements (AI form numbers, WOS, P&NC, notice of cancellation)
- Additional insured entities and their exact legal names
- Any project-specific requirements (per-project aggregate, minimum carrier rating, etc.)
Build a verification checklist from this analysis before the COI arrives. The checklist is what you'll use during review - not your memory of what "standard" requirements look like.
For subcontractors with complex scopes or high subcontract values, also review:
- The prime contract (incorporated by reference - owner requirements flow down)
- Any project-specific insurance addenda or riders
- Division 01 specifications if the project uses CSI format
Step 2: Collect the COI and Initial Review
Request the ACORD 25 certificate from the subcontractor's insurance agent, not from the subcontractor directly. Requesting from the agent (named on the producer line) bypasses the possibility of a sub presenting an outdated or altered certificate.
For the initial review, verify:
| Item | What to Check |
|---|---|
| Named insured | Exact legal name matching the subcontract signing entity |
| Producer/insurer | Licensed carrier, admitted in the project state |
| Policy effective/expiration | Current; expiration beyond project duration |
| GL per-occurrence limit | Meets or exceeds subcontract requirement |
| GL aggregate limit | Meets or exceeds subcontract requirement; note if per-project aggregate is required |
| WC statutory limits | Appropriate for the project state |
| Employers' liability | Meets subcontract requirement |
| Auto liability CSL | Meets subcontract requirement; includes hired/non-owned |
| Umbrella/excess | Meets subcontract requirement; follows form over required lines |
| AI checkbox | Checked; with endorsement form numbers if listed |
| WOS checkbox | Checked on all required lines |
| Certificate holder | GC's correct legal entity name |
Flag any item that doesn't match the subcontract checklist as a deficiency requiring resolution.
Step 3: Request and Verify Endorsements
The COI is a summary document. Endorsements are what actually modify the policy to add coverage for the GC. The AI checkbox says that an endorsement was requested; the actual endorsement tells you what coverage was granted.
For every subcontractor, request:
- The additional insured endorsement pages (CG 20 10, CG 20 37, or equivalent)
- The waiver of subrogation endorsement if required
- The primary and noncontributory endorsement if required
- Any other endorsements listed in the subcontract
When reviewing endorsements, verify:
- The endorsement form number matches what the subcontract requires
- The edition date of the form (older editions may provide different coverage than current ISO forms)
- The named insured on the endorsement matches the sub's legal entity
- The additional insured entity name matches the GC's correct legal entity
- No restrictive language limits coverage in ways the subcontract prohibits
This step is frequently skipped because it requires following up with the sub's broker and waiting for documents. On high-value or high-risk subcontracts, the step is not optional - it is the only way to verify that the coverage the COI describes actually exists in the required form.
Step 4: Address Non-Compliance
When the COI or endorsements don't meet the subcontract requirements, the non-compliance must be resolved before the sub begins work - not after. The enforcement mechanism is access: a sub without verified, compliant insurance does not access the project site.
This policy is straightforward in principle and uncomfortable in practice. Project timelines create pressure to let a sub start work with a pending deficiency. Resist this pressure. The liability exposure from an unverified sub is not hypothetical - it is the same exposure the insurance requirements were designed to transfer.
For each deficiency:
- Document the specific gap (specific contract requirement vs. what the COI shows)
- Send a formal deficiency notice to the sub specifying exactly what is required
- Give a reasonable deadline for remediation (typically 5-7 business days)
- Confirm work stoppage authority with the project manager
- Re-review the COI and endorsements when corrections are submitted
- Document the resolution
The deficiency notice and resolution documentation become part of the compliance file - evidence that the GC identified the gap and required remediation.
Step 5: Document and Monitor
Verification is not a one-time event. Policies renew, coverage terms change, and project durations can exceed policy periods. Documentation and ongoing monitoring are the final components of a complete verification process.
Documentation requirements:
- The executed subcontract or a summary of its insurance requirements
- The original COI (and all subsequent renewal COIs)
- Endorsement pages obtained during verification
- Any deficiency notices sent and evidence of resolution
- A signed compliance determination documenting the reviewer's findings
Ongoing monitoring:
- Track policy expiration dates for every active subcontractor
- Send renewal COI requests 45 days before expiration
- Re-run the full verification process on every renewal COI
- Note any coverage changes from year to year and re-evaluate compliance
When to Request the Actual Policy
Most compliance processes stop at the COI and endorsements. In specific situations, requesting and reviewing the actual policy is warranted:
- High-value subcontracts ($1M+): Policy-level review for major scopes justifies the additional effort
- Unusual exclusions: If a sub's COI description box notes unusual restrictions or exclusions, review the policy to understand their scope
- Coverage disputes in progress: If the sub has an active claim with their insurer, review the policy to understand potential aggregate erosion
- Specialty coverage: For pollution liability, professional liability, or other specialty coverages, policy review confirms coverage scope that a COI cannot capture
- Suspiciously low premiums: Low premiums on high-limit policies can indicate questionable coverage; verify the policy exists and is in force with the insurer directly
Verification Frequency for Ongoing Relationships
For subcontractors working across multiple projects over multiple years, the verification process still applies fully at each project engagement. Don't assume that a sub who was compliant on the last project is compliant on this one. Coverage terms change at renewal, and the new project may have different requirements.
Verification cadence:
- New project, existing sub: Full verification against new project subcontract requirements
- Annual policy renewal: Full re-verification against current subcontract requirements
- Mid-project change in scope: Re-verify if scope change affects required coverage types or limits
- Sub brings additional workers from a new entity: Verify the new entity's coverage
Using Software to Scale the Process
The five-step process above, applied manually to 50 subcontractors on a single project, requires an estimated 75-100 hours of compliance staff time over the project lifecycle. On 10 concurrent projects, that becomes a full-time function - or it gets compressed to the point where the process breaks down.
Bramble automates steps 1, 2, and portions of step 4: extracting requirements from the subcontract, parsing the COI, comparing the two, and generating a gap report. The human reviewer focuses on endorsement verification and non-compliance resolution - the judgment steps that benefit from human oversight.
For GCs managing large sub pools, this division of labor produces both labor cost savings and better compliance rates. The automation handles the volume; the reviewer handles the exceptions. See how Bramble supports subcontractor insurance verification.