Home > Resources > Wake-up Call: Why Third-Party Risk Transfer is a Sleeping Giant

Wake-up Call: Why Third-Party Risk Transfer is a Sleeping Giant

By Sharon Fox and Steven Wright

Companies can best protect themselves from claims incurred by third parties by regularly collecting and verifying certificates of insurance. Here are some insights into the severity of the issue and best practices for staying on top of COIs.

Way too often, verifying the insurance coverage of third-party business partners is reactive. 

In reality, unverified insurance is a sleeping giant, waiting in the wings to potentially demand thousands of dollars in claims that your company is not even responsible for.

Rather than irresponsibly running your business on a “hope and a prayer,” companies must proactively collect certificates of insurance (COIs) from all third-party providers/businesses in a responsible and timely manner, or face potentially significant claims themselves, without any responsibility from the subcontractor or vendor who may have been responsible for the loss.

Properly transferring risk, by insisting all business partners provide up-to-date COIs can also avoid unnecessary delays or disruptions in work. Insisting on gaining COIs before vendors begin work or are even allowed on premises protects your business first. 

How can managing this process help with your contractual risk transfer?

While up-to-date COIs are important for all businesses, they are particularly key in a number of industries.

•     Events. When renting a venue, owners must require COIs from all companies involved before granting access to the site. By properly transferring risk with this documentation on file, the venue owner will not be held accountable if an incident occurs outside their realm of responsibility.

•     Malls. In every lease, mall operators require proof of insurance from tenants. Consequently, if an accident occurs with that tenant’s equipment or products, the tenant bears full responsibility, not the mall owner. For example, if there’s an accident with a knife in a Williams Sonoma store, and Williams Sonoma doesn’t have the right insurance coverage, or it’s not current, the mall operator could be brought into a lawsuit. 

•     Construction. If a pollution event happens in a mine under the watch of a third-party provider, and the owner fails to check that the general contractor’s insurance is current, the mine itself will be held responsible. Worst-case scenario: regulators could come in and shut down the project. Consequently, it’s essential to verify the correct insurance based on the risk. 

•     Staffing companies. When bringing in a staffing company to beef up your workforce, an owner must ensure that the vendor is fully insured. For example, companies like Target and Walmart commonly partner with a third-party workforce during the holidays. In the event that one of those temporary employees logs onto the owner’s computer and causes a cyber event, responsibility belongs to the staffing company if the owner was careful to collect the COI. 

•     Technology companies. When a business stores their data on another provider’s cloud, and there is a data breach, for example, it’s important that the technology company’s COI was verified beforehand. If this wasn’t done, and the company was lax in this regard, they are likely to be held responsible for the loss.  

Bottom line: If you’re not checking that your partners have the right insurance, you are living with a sleeping giant.  

Best practices for risk transfer

To best avoid such liability catastrophes, follow these best practices.

1.     Obtain proof of coverage that matches the contract requirements. While general liability policies are standard, they come with various exclusions and exceptions. In some cases, if your business isn’t listed as an “additional insured” on your vendor’s policy, a claim that was their responsibility may not fully cover you.

2.     Continuously collect COIs. In the instance of a property owner, for example, just because a tenant had the right insurance when the agreement was signed, doesn’t mean they bothered to maintain it. Keep track of expiration dates, and most importantly, request COIs annually.

3.     Include your insurance broker in the contract process with vendors. As experts in the field, these folks can advise you on the types of insurance to ask of your third-party vendors and make sure the requirements are being met. These brokers can help fill the role of risk managers on your behalf. 

4.     Use a tech solution to help automate the process. Excel spreadsheets are static and replete with human error. With proper data, analytics and reporting of COIs, you’ll have more company-wide visibility into third-party compliance.

Improving your risk profile can help you make better business decisions overall. By proactively verifying your business partners’ insurance — more specifically their COIs — you can put that sleeping giant back into hibernation. 

About the authors

Sharon Fox, CIP, CRM is the Director of Business Development at TrustLayer and has over 12 years of combined experience in Insurance, Risk Management and Technology. Sharon is a Chartered Insurance Professional and Certified Risk Manager. She is passionate and committed to helping drive positive change within the insurance industry and the client experience. She previously had positions at a top tier brokerage and led the introduction of Indio Technologies to Canadian Brokers prior to being acquired by Applied Systems.

Steven Wright is a Manager of Implementation at TrustLayer and has over a decade of insurance experience. Prior to TrustLayer, he most recently worked in commercial property and casualty insurance at Lockton – one of the largest privately owned brokerages in the world. Steven is focused on harnessing his industry knowledge and expertise to help build out TrustLayer as a vehicle for change and transparency in the insurance industry.