The process and performance of verifying and improving insurance coverage for third parties differ greatly. In fact, 75% of the third parties fail to meet insurance requirements. Moreover, analysis from McKinsey found the following trends within the insurance industry;

• Third-party risk management has a few common standards in the industry.
• There is no overarching framework for managing third-party risks in many companies. These organizations use a variety of systems, policies, and approaches to evaluate cases on a case-by-case basis.
• Coverage varies enormously, with some firms assessing only ten third parties while others consider several thousand – and much of this variation is not explained by size differences between the firms in question. 
• Selection and onboarding are the main focuses of frameworks. When third-party relationships have been established, ongoing risk management is much less important.

So, how can we change all of the above? By focusing on user-centric communication, which according to the Cambridge Dictionary, is a design approach that considers the way people will use products and systems, and how they will use them: 

• Software design should be user-centered rather than system-centered.
• User-centered design should be based on an understanding of current attitudes and skills.

In this case, this involves establishing a user-centric verification framework that specifies clearly what is expected, as well as what is required. Third-party vendors need to understand these steps in order to reach the approval stage as quickly as possible.

While this may seem like a massive undertaking, it’s essential if you want to improve insurance verification. And, using the following tips can help you get started without feeling overwhelmed.

1. Formulate an explicit third-party risk management framework.

“A failure to design and implement an explicit third-party risk management framework may obscure potential gaps and overlaps between existing policies and procedures,” write Alexandra Mabey and Daniel Kaposztas for McKinsey & Company. “Conversely, a clear framework ensures a balance between risk and commercial factors, increasing the effectiveness of risk management.” 
 
They advise that organizations should focus on three key areas:

• Establish clear mechanisms for business lines and key stakeholders to identify and manage risks by integrating third-party risk management into overall risk appetite and limits. Quantitative measures (e.g. minimum credit rating) may be used in some areas, while qualitative evidence may be required for others (e.g. compliance level).
• Assist business lines, operational risk, compliance, finance, procurement, and IT teams with transparent governance and escalation processes. By breaking down silos, we can make balanced and coordinated decisions. Establish a committee to oversee third-party risk, and define end-to-end processes for it.
• Standardize third-party risk management processes across the organization, including how due diligence and onboarding teams should be populated and what their responsibilities are. 

2. Make sure that third-party insurance standards aren’t too rigid.

After developing your third-party risk management framework you should make sure that your insurance requirements for onboarding third-party vendors should be the right size. 

The right balance needs to be struck between adequate coverage and the ability to demonstrate compliance when crafting third-party insurance requirements that encompass not only legal and insurance requirements but also business operations. Many risk managers or GRC program operators strive to achieve 100% compliance with third-party insurance requirements. However, if actual results fall closer to 25%, then there should be a resizing of requirements to right-size them.

In order to identify their highest-risk partners and coverages, companies should first assess their portfolio of partners and coverages, then review any rules or coverage amounts that typically result in an exception request, as these are good indicators of where partner insurance verification gets “stuck”.

3. Confirm that the Third Party has been given and understands requirements.

Communication of both process and expectations is critical to ensure that third-party vendors receive and understand a company's insurance verification requests. But, it is often quite challenging to do so effectively. It’s also difficult to maintain lists of individuals and to update their contact details.

When companies have achievable insurance requirements but still don't see an increase in compliance rates, it's usually because of ineffective and/or inconsistent communication for the requests for COIs. In addition to being important for compliance reasons, it assures vendors that the company uses the COI verification program - they won't use the COI verification program as a one-time request and then stop contacting if they don't hear back.

4. Assist Insureds in working with their brokers so your requirements are met.

Verifying insurance requires the involvement of an insurance broker. The insurance department interprets a business' needs, then reacquaints itself with the policies placed for vendors, and creates a Certificate of Insurance demonstrating that the vendor's policies meet those needs.

It is usually straightforward to verify coverage types like general liability and property damage, but it can be challenging to verify more obscure coverage types like product liability and employee dishonesty. Coverage can be modified by endorsements or exclusions.

In the case of complicated language, an insurance professional, risk manager, and/or lawyer are often needed to interpret the text. Third-party vendors may encounter challenges in creating a COI that sufficiently demonstrates their compliance with these considerations.

If you treat brokers and agents like partners, you will be able to easily onboard them and get them verified much faster. Among the successful tactics for this can be: direct communication with brokers, time-saving programs, like TrustLayer, for combining efforts across multiple insurers, and continuous integration to keep brokers (and agents) informed and involved.

5. Invest in the right tools.

Automation tools can help firms organize data more effectively, identify failures and breaks, analyze trends and patterns, and help them implement consistent and efficient work routines, state Mabey and Kaposztas. Examples include: 

• An information management system that allows monitoring of relationships and the aggregation of risks, and enables deep dives into individual relationships with third parties. 
• A tool that achieves end-to-end workflows to minimize breaks and duplication between teams while leveraging digitalization to improve process efficiencies. 
• A robust analytics capability that includes data visualization tools to help monitor behaviors and enable more proactive approaches. 
• A tool that automates insurance verification. TrustLayer, for example,  manages  

COIs and other vendor requirements such as contracts and W9s using AI and RPA technologies. 

Third-party risk management must be improved by the industry as a whole, as well as by individual firms. Ideally, industry standards and best practices should be agreed upon. An agreement with a third party benefits both sides when there are clearly defined requirements and limitations, such as access to data, reporting measures, and contract terms, the authors add. 

Also, firms should examine their data management and cybersecurity processes, which are rightly attracting significant attention after numerous cyberattacks. The standards should be met by (re)insurers and investment firms in order to protect customers, themselves as well as regulators.