Are you asking too much of your vendors? No, not the quality of their work, but the insurance limits they carry.

Setting insurance coverage requirements for vendors limits and transfers risk. Effective risk management hedges and reduces your risk exposure to financial losses, litigation and reputation damage, and possible regulatory action depending on your industry. But a business’ intention in setting limits doesn’t always match a vendor’s intention when purchasing insurance.

A business purchases an insurance policy first and foremost to hedge and cover its risk. Often, this can lead to misalignment between their coverage levels and the minimums established by your risk managers. Bringing the two closer increases compliance, contributing to the goal of risk minimization, and improves third-party relationships.

Right-sizing insurance requirements benefit all parties involved. To close the gap between your requirements and vendor’s policies, examine who sets the requirements, what happens when they’re too high, and how to best align with vendors. 

Who Sets Vendor Insurance Requirements?

Depending on the organization’s size, several departments could set insurance requirements for vendors and third parties. Third-party risk management and risk personnel could establish minimums, then work with general counsel or other executives to raise or lower them based upon the vendor’s perceived risk. 

Typically, risk managers look at the relationship’s size and importance to their business and try to match vendor requirements to risk exposure. They’ll enforce and verify that requirements are met through a COI-tracking program. It’s important to 
make sure that your compliance staff understands the ins and outs of the coverage, so they can properly evaluate COIs.

The purpose of setting minimum coverage levels is to adequately protect your business from risk. Third-party vendors who fail to carry adequate liability coverage might not be able to cover a claim, and your business’ insurance policy would have to make up the difference. But, often, these requirements can prove burdensome.

What Happens if Vendor Insurance Requirements are Too High?

In an ideal world, the transfer of risk through insurance should match the risk exposure. You wouldn’t ask your vending machine supplier to carry $5 million in liability insurance, in other words. But a vendor may have a different view of the risk they present to your business.

If you’re asking too much of your third parties, they may decide that doing business with you isn’t cost-effective. The difference in premiums between a $3 million liability insurance policy and a $6 million policy could outweigh the benefit of doing business with you. They could exit the relationship, leaving you to find a new vendor. 

The third-party does the same risk and cost-benefit assessment as your business performs. If you require that they carry a burdensome level of insurance coverage, or the compliance process is too difficult, they may decide it’s no longer worthwhile to continue your relationship.

Determining the Best Level of Insurance Coverage Requirement

Vendor insurance requirements should align with business objectives - both risk minimization and growth. Sometimes there are good reasons to do business with a third party who presents more risk to your business - whether it’s because they offer the ability to expand into a new market or offer a unique product. 

If it’s proving difficult to find third parties who meet your requirements, it’s a sign that your minimums and maximums don’t match industry standards. Vendors who also do business with competitors likely meet their requirements. If an unusually high number of third parties are choosing to not do business with you, or are unable to, re-examine your coverage levels. 
 
Another way to right-size insurance requirements is to identify your highest risk third parties and set different insurance coverage levels for different risk tiers Examine your criteria for risk management compliance versus historical data about claims and adverse events. Risk exposure shifts frequently, and what was adequate three years ago could be insufficient now. 

Vendor Insurance Compliance with COIs

The easier it is to be in compliance, the more vendors will respond to requests. Establishing coverage levels is only one side of the equation - the other is verifying compliance. Risk management includes tracking compliance and identifying gaps or weaknesses. 

Compliance also gives you more data to set coverage levels. If vendors in one sector have been consistently increasing coverage, they might have identified risks that you’ve missed. The more vendors comply with COI requests, the more data you have to inform the insurance coverage levels you choose.

If your risk management team struggles to get vendors to respond to insurance requests your COI-tracking process could use a revamp. Still, sending emails or requesting paper copies of COIs? It’s time to invest in a digital alternative, like TrustLayer, where vendors can receive automatic emails and upload their COI into a portal, and your team can verify whether their coverage meets your insurance requirements.