There has been a quiet (or not so quiet, depending on your vantage point*) battle within the risk management and insurance field for decades. In any business relationship of consequence, there is a prudent risk management interest in requiring and verifying that proper insurance is in place. The purchaser of products or services has a valid risk management interest in verifying that the provider of said products/services has sufficient and proper insurance, and perhaps even add the purchaser as an additional insured on that insurance policy.
Here’s why: Suppose I am a retailer buying products from a manufacturer to sell in my store. If those products were to injure a customer or customer’s property, I want to be assured that the manufacturer has adequate insurance to address such claims, and that it will also protect me as the reseller of the manufacturer’s product. Likewise, if I hire a contractor to plow the snow out my retail store’s parking lot, I need to know that they are insured (and that the insurance will protect and defend me) if that snowplower accidently runs over a customer or damages a customer’s vehicle.
Enter the venerable certificate of liability insurance. Good ol’ ACORD Form 25 (let’s just call it the COI). Its job is to convey to an interested third-party (e.g., me and my retail store) that the firm I am doing business with has certain types and amounts of insurance. Insurance agents and brokers have traditionally issued these documents as a favor to their insured customers for decades. Agents and brokers don’t particularly like this non-revenue generating activity, but many realize that it is part of the customer service they provide. Some even view it as a valuable touch point to strengthen the relationship with their customers. But there is a darker side to the COI…
Sophisticated risk managers and corporate legal departments have become more and more aggressive about demanding that the COI contain certain phrases and text. For example, they want it to state that “ABC Corporation, its directors, officers, employees, and agents are additional insureds” – and that is a brief example of some required additional insured language which can drag on to paragraph length in some contracts. They also demand at least 30 days written notice of cancellation or material change of any of the insurance policies represented on the COI. These are both very prudent risk management demands intended to protect the assets of the buying firm in the relationship. There are more, but these two examples are common demands.
However, the COI is not a contract. It’s just a snapshot in time that reflects certain attributes of insurance at that moment in time. The limits on the certificate may be exhausted by other claims just a few days after the COI is issued. The disclaimers on the COI make very clear that nothing on the COI itself can amend or alter the contract terms of the actual insurance policies represented on the COI. And yet, there have been legal cases where information on the COI was relied upon by the third-party, and thus the insurers or their agents (through their E&O coverage) have been held to the information on the COI.
So now on to the latest front in this battle… several states (roughly half of the 50 states at this writing) have passed laws that make it illegal to issue a COI that does not accurately reflect the actual insurance policy terms, and in some states, make it illegal to request that a COI contain information that is counter to the actual policy. So now, what was previously an obvious ethical breach is now an illegal act. Progress? Only for the legal profession. The real objective of these laws is to give the agents/brokers and insurers a statute that they can point to when receiving demands for COIs from risk managers, and allow them to say, “See, what you’re asking me to do is break the law – and actually you’re breaking the law by even asking for all this garbage on the certificate in the first place.” I call BS on that.
Here’s the dirty little secret. Except for a few unscrupulous characters, no professional risk manager wants an agent/broker to issue a COI that does not reflect the actual policy terms. The implied (if not contractually stipulated) requirement behind a risk manager’s “unreasonable requests” for the COI (as one supporter of the Massachusetts COI law characterized them) is that the insurance policy will be amended or altered so that it meets the insurance requirements that the agent’s customer (e.g., the manufacturer or snowplower from my earlier example) agreed to in the contract for the business relationship. Then the agent can legally (and ethically) issue a COI that stipulates to the additional insured language because the policy has indeed been endorsed to add the additional insured as requested. Ditto for the cancellation requirements. In the case of the cancellation notice requirements, the industry is loath to agree to this because it creates significant logistical and operational burdens that frankly, the industry is fearful that it cannot live up to. So the industry lobbyists go to work and convince legislators that great atrocities are being committed by those pesky risk managers and their crazy COI demands.
Let’s take a deep breath. The insurance industry is in the business of financing risk, and risk managers are in the business of managing risk. The kerfuffle over COIs and new statutes intended to “curb their abuse” is misguided, in my humble opinion. The problem lies further upstream. The problem is that risk managers want as much protection as possible in any business relationship their firm happens to form. But there is risk in any business activity and sometimes, in the interest of accomplishing the larger mission (i.e., having products on the shelf of the retail store or the parking lot clear of snow) compromise must be made and some risk accepted. The problem is in the negotiations of these business relationships. If the insurance industry absolutely cannot abide by strict requirements to provide cancellation or “material change” notifications, then the industry (i.e., the agents) must educate their customers not to agree to such things in their contracts with customers. Once the contract has been signed, the train has left the station. The new statutes which purport to curb the abuse of COIs only serves to give the insurance industry an excuse for contributing to their customer’s breach of contract. In short, risk managers need to lighten up and curb their demands, and the insurance industry needs to stop running to the legislature to create laws that protect themselves from their own operational weaknesses.
And so the battle rages on…
[* Full disclosure: The author formerly owned a service company that provided business process outsourcing related to certificates of insurance. So the battle has been far from quiet in my ears.]
Ferris State Risk Management and Insurance Academics 