Apologies in advance for the very long answer but to answer these questions, it is important to understand the purpose of a Certificate of Insurance (COI) and differentiate between a Policyholder, a Certificate holder, and an Additional Insured.
· COI - Certificate of Insurance specifies policy details such as coverage types, limits, provider, policy number, named insured(s), and effective periods. The COI is a document that summarizes the insurance policies and their limitations. (Note: COIs are formally called an ACORD 25 form.)
· Policyholders (or the Vendor) The party who has purchased insurance from a provider, commonly called the policyholder, is typically identified as the named insured on the policy.
· Certificate Holder -Most organizations typically ask for a Certificate of Insurance (COI) the insurance company provides to validate that the vendor has the right insurance coverage. By doing so, your organization will be recognized as a Certificate Holder. Remember that being a certificate holder does not give you any specific rights other than viewing formal details of the policy. The policy does not cover your organization, you can make no claims against the policy, and your organization will not be notified if the policy changes or is canceled.
· Additional Insured -Vendors can extend their liability coverage to other parties, like clients, lenders, and joint-venture partners, by adding an additional insured endorsement to their policy. These parties must be listed on the endorsement and COI to be covered.
Picture a scenario where your organization experiences a cyber breach and is not listed as an additional insured party. In this situation, an injured party, such as a customer, could sue your organization for damages even though the vendor you hired was responsible for the breach. Consequently, your organization could be liable for any losses related to the breach.
Being added as an additional insured is a reasonable risk mitigation strategy. It places the financial obligation for a claim on the party most likely to cause it so organizations can avoid filing claims under their own policies. Remember, though, that there are a few nuances with being named as an additional insured. You should consult with your insurance provider to understand the differences between blanket additional insured and specific additional insured and discuss the particular contract stipulations that can further reduce your liability.
Regarding reviewing the COI, it's best practice to review the contract and the COI to ensure they align. If possible, inspect the COI before executing the final contract.
Unfortunately, if you are not listed as an additional insured or if you have no insurance requirements in your contract, it is highly improbable that you will be able to file a claim against the vendor's insurance.
It is important to note that your vendor's insurance cannot serve as a replacement for your own organization's insurance.
I hope that this information is helpful and would welcome thoughts from other members as well.
Original Message:
Sent: 09-20-2023 11:42 AM
From: Anonymous Member
Subject: Insurance Certificate Requirements and Reviews
This message was posted by a user wishing to remain anonymous
Hi,
When collecting and reviewing Insurance certificates:
- How important is your institution being named as Additional Insured or Certificate Holder?
- Do you evaluate the contract in place when reviewing the COI to compare what was agreed upon versus what the COI includes?
- What if you don't have any Insurance requirements in the contract with the third party? If something happens and you actually need to file a claim, can you without it noted in the contract?
Thank you for your input! I have already reviewed Venminder's Blog post from 11/7/2022, but am looking for other insights as well.