Building a COI Compliance Policy for Your PM Firm

The Problem with Ad Hoc Compliance

Most property management firms track COIs. Few have a written policy for how they do it.

The result is predictable: each property manager handles compliance differently. One is diligent about following up on expirations. Another lets certificates lapse for months before noticing. One requires a waiver of subrogation on every vendor policy. Another has never heard of it. Requirements vary from property to property, follow-up timelines are inconsistent, and nobody is sure who is actually responsible for what.

This is not a training problem — it is a policy problem. Without a documented compliance policy, you are relying on individual initiative rather than organizational process. And individual initiative does not scale. Our COI compliance guide for property managers covers the foundational concepts; this guide focuses on building the organizational policy around them.

A written COI compliance policy gives your entire firm a consistent framework for how insurance compliance is managed, who is responsible, and what happens when gaps are found.

What a COI Compliance Policy Should Include

1. Purpose and Scope

Start with a clear statement of why the policy exists and who it applies to.

Purpose: To ensure that all vendors, contractors, and tenants maintain insurance coverage that meets the organization's requirements, protecting the firm, its clients, and its properties from uninsured liability exposure.

Scope: This policy applies to all properties managed by [Firm Name] and covers all vendors, contractors, and tenants that perform work on or occupy space in managed properties.

Keep this section short. Its purpose is to establish that the policy is real, formal, and applies to everyone.

2. Required Coverage Types and Minimum Limits

This is the core of your policy. Define the standard insurance requirements by category. A table format works well:

Vendor Requirements by Category:

| Category | GL | Workers' Comp | Auto | Umbrella | |----------|-----|--------------|------|----------| | General Contractor | $2M/$4M | Statutory | $1M | $5M | | Mechanical/Electrical | $1M/$2M | Statutory | $1M | $2M | | Janitorial/Landscaping | $1M/$2M | Statutory | $1M | — | | Professional Services | $1M/$2M | Statutory | — | — | | Security | $1M/$2M | Statutory | $1M | $2M |

Tenant Requirements by Category:

| Category | GL | Workers' Comp | Umbrella | |----------|-----|--------------|----------| | Office | $1M/$2M | Statutory | — | | Retail | $1M/$2M | Statutory | $1M | | Restaurant/Food Service | $2M/$4M | Statutory | $2M | | Medical/Health | $1M/$2M | Statutory | $2M | | Fitness/Recreation | $2M/$4M | Statutory | $2M |

These are examples — your actual numbers should reflect your portfolio's risk profile, your insurance carrier's requirements, and your lender covenants. The important thing is that they are written down and standardized.

3. Required Endorsements

Specify which endorsements are required on every certificate:

• Additional Insured: The property owner entity (using exact legal name) must be listed as additional insured on all general liability policies
• Certificate Holder: The management company must be listed as certificate holder
• Waiver of Subrogation: Required on general liability, workers' compensation, and commercial auto policies
• Primary and Non-Contributory: Required on general liability policies for all vendors performing physical work on the property

Document the exact entity names to be used. If you manage properties for multiple ownership entities, maintain a reference list of entity names so property managers can provide the correct name to each vendor.

4. Collection Timelines

Define when certificates must be collected:

• New vendors: A compliant COI must be on file before the vendor is authorized to begin work. No exceptions.
• New tenants: A compliant COI must be on file before lease commencement or occupancy, whichever comes first.
• Renewals: Updated COIs must be received at least 14 days before the current certificate expires.
• Non-response: If a renewal COI is not received by the expiration date, the vendor or tenant is flagged as non-compliant and the escalation procedure begins.

5. Escalation Procedures

This is the section most firms skip, and it is arguably the most important. Without defined escalation steps, non-compliance lingers indefinitely.

Escalation timeline:

| Day | Action | |-----|--------| | 30 days before expiration | Automated reminder sent to vendor/tenant | | 14 days before expiration | Second reminder with urgency notice | | Expiration date | Vendor/tenant flagged as non-compliant, notification sent to property manager | | 7 days past expiration | Property manager contacts vendor/tenant directly | | 14 days past expiration | Formal non-compliance notice sent, work authorization or lease enforcement review initiated | | 30 days past expiration | Escalate to senior management for action — potential suspension of vendor or lease default notice |

Adjust the timeline to fit your firm's operations, but commit to specific deadlines and actions. A policy that says "follow up on expired certificates" without defining when and how is not a policy — it is a suggestion.

6. Roles and Responsibilities

Clearly assign who does what:

• Property Manager: Primary responsibility for ensuring all vendors and tenants at their assigned properties are compliant. Reviews compliance reports weekly. Handles direct outreach for non-compliance escalations.
• Compliance Coordinator (if applicable): Manages the COI tracking system, monitors expiration dates, sends initial reminders and follow-ups, escalates unresolved gaps to property managers.
• Senior Management: Reviews compliance metrics monthly, authorizes enforcement actions (vendor suspension, lease default notices), ensures the policy is maintained and updated annually.

If your firm is smaller and one person wears multiple hats, that is fine — but still document who is responsible for each function.

7. Exceptions Process

Not every vendor and tenant will fit neatly into your templates. A vendor might carry a different policy structure, or a small tenant might push back on umbrella requirements.

Define how exceptions are handled:

• Who has authority to approve an exception (typically senior management, not the individual property manager)
• Exceptions must be documented in writing with a justification
• Exceptions are reviewed annually and do not automatically renew
• No exceptions for general liability or workers' compensation requirements

An exceptions process prevents ad hoc decisions from undermining the entire policy. If a property manager can simply decide that a vendor does not need a waiver of subrogation, the policy has no teeth.

Communicating the Policy

A policy that lives in a shared drive and nobody reads is not a policy. Roll it out deliberately:

Internal communication:

• Present the policy to all property managers and relevant staff
• Conduct a brief training session covering the key requirements and escalation procedures
• Make the policy easily accessible (company intranet, shared drive, pinned in your project management tool)

External communication:

• Include insurance requirements in every vendor agreement and lease as an exhibit
• Send a summary to existing vendors and tenants, giving them a reasonable deadline (60-90 days) to come into compliance
• Provide clear instructions on how and where to submit certificates

Enforcing It Consistently

The hardest part of any compliance policy is not writing it — it is enforcing it consistently across properties, property managers, and over time.

This is where technology makes a meaningful difference. A COI tracking platform that automates the collection, verification, and follow-up cycle transforms your policy from a document into an active system.

When a vendor uploads a COI, AI extraction immediately checks it against your requirement templates. Non-compliant certificates are flagged automatically. Expiration reminders go out on schedule without anyone remembering to send them. Escalation notices follow the timeline you defined. Property managers see a compliance dashboard showing exactly which vendors and tenants are compliant and which need attention.

SmartCOI was built specifically for this workflow. Define your requirement templates, assign them to vendors and tenants, and the system enforces your policy automatically — consistent compliance across every property in your portfolio.

Review and Update Annually

Your compliance policy is not a one-time exercise. Review it annually and update:

• Minimum limit requirements (inflation and market conditions change what constitutes adequate coverage)
• Coverage types (new risks may emerge — cyber liability, pollution liability, etc.)
• Escalation timelines (are they working? too aggressive? not aggressive enough?)
• Template categories (do you need additional templates for vendor or tenant types that have become more common?)

A COI compliance policy is a living document. Treat it like one.

Getting Started

If you do not have a written policy today, do not try to build a perfect one on the first attempt. Start with the essentials:

1. Define requirement templates for your top 3-5 vendor and tenant categories (see how to set insurance requirements)
2. Document your escalation timeline
3. Assign roles
4. Communicate the policy internally and to your vendors and tenants
5. Use a tracking system that enforces the policy automatically

You can refine the details over time. What matters now is having a consistent, documented process that your entire firm follows.

Ready to enforce your compliance policy automatically? Start your free SmartCOI trial and turn your policy into a system that runs itself.