Simplifying third-party insurance compliance: 6 steps to protect companies
Following these best practices can help business clients protect themselves from mistakes caused by suppliers.
Since the pandemic hit in 2020, it’s been a trial by fire for all businesses; even major companies had to tighten their belts, yet companies continue to spend millions of dollars a year to settle lawsuits because they’ve failed to verify their third parties adequately.
While health and safety concerns increase, instances of data breaches and compromised digital infrastructure are also on the rise. The truth is, you don’t have to be a major company to be the target of a record-setting liability suit. Most suits go after the “deep pockets” of any company associated with a claim of injury, disruption, or breach, so how can executive management make sure their business is protected/?
Here are six steps to simplify the process and protect your company:
1. Make sure you have the right requirements.
Liability coverage is ultimately about the legal implications of adverse events, meaning insurance requirements often originate with attorneys. This order of affairs often results in a “first, CYA” approach of overly prescriptive or disproportionate requirements.
Instead, requirements should first be proposed by a company’s operations or vendor relations teams. Starting with the end goal in mind — for example, to assure intact delivery of goods to customers or protect end-users from harmful ingredients — the focus should be on the realities and scale of potential exposures. Research shows that 75% of vendors fail to meet requirements; it’s clear that neither risk nor business goals are met.
Instead, companies should drive compromise that balances risk with business needs. Attorneys can then draft the requirements to be more practical and actionable. This strategic approach to developing proper insurance requirements can smooth the path to compliance.
2. Make it easy for the insured’s broker to comply.
Too often, the insured’s brokers have to interpret what coverage is required and translate that into the specifics of the policy. Like the old game of “telephone,” requirements can get lost or obscured. And brokers report that no matter how hard they work to meet requirements, they almost always have to make one or two revisions before they are successful. This process is inefficient, costly, and frustrating. To make matters worse, those requirements can arrive embedded in the vendor contract.
One solution is to provide sample COI (Certificate of Insurance) language that the broker can quickly adapt to their policy terms. In combination with an automated verification process, this language can speed and simplify verification later by enabling straightforward side-by-side comparison of the COI to the requirements.
3. Leverage electronic communications for maximum efficiency and accuracy.
To maximize efficiency, requirements information should be shared electronically, which minimizes potential mistakes and delays in reformatting documents or repurposing content. Again, if you’re employing an automated verification process, the information can be accessed via a link to the system to eliminate the administrative hassle and potential confusion.
Likewise, the insured should be able (or even required) to submit their COI online. The best practice is to utilize standard forms like the Accord 25, which will align all the parties. This can then be quickly processed and evaluated. Avoid handling physical mail, which can get lost or delayed and is susceptible to corruption when converted to an electronic file. Also, avoid dealing with entire policies. The response from the insured (or their broker) should be focused strictly on the COI.
4. Clearly communicate verification status to everyone involved.
If the verification is successful, proactively communicating that to everyone involved will keep your business moving. If the verification fails, the insured should be informed in precise terms exactly which part of the coverage is not in compliance and exactly what compliance looks like. (This is where a sample COI can be very helpful.)
In the event of a second failure, the affected internal departments also need to be aware, on the assumption that they are counting on that partner to get their work done. They can then make alternate plans and serve as a second lever to direct their vendor or supplier into compliance.
If you are employing an automated verification system, all these communications can be handled with a link to the status page on the platform. Having this “single source of truth” available and easily accessible promotes clarity and efficiency.
5. Have a policy and process for handling exceptions.
Having categories of vendor relationships aligned with coverage requirements will minimize the need for negotiating exceptions, but exceptions can (and likely will) arise. By having clear policies and procedures in place for addressing them, you can avoid the expense of bringing in the attorneys or consuming administrative cycles. Most importantly, you can still make sure the company is appropriately protected.
Determine if the exception is a one-off. If so, can it also be time-limited, i.e., with an expiration date? If the same request for exception keeps appearing, you may want to revisit the requirements. In any case, exceptions should be addressed by risk managers in collaboration with the affected operations. This will allow the exception to be drawn as narrowly as possible and as clearly as necessary.
6. Provide as much visibility as possible into insurance verification.
Insurance verification takes an extraordinary amount of time and effort — but it is vital to a business’s long-term health. It is too often treated as a purely administrative task and is rarely seen as mission-critical.
The more visible and accessible the process is to all parties, the easier it is to execute their portion. An automated verification platform is handy for this. With a shared view of the process and a bit of proactive notification, the time required to achieve verification can be minimized while the success rate can improve dramatically.
Related: