AOSAOS
Request access Book a demo
SHEET B-018  ·  BLOG POST PROJECT AOS / OPERATING SYSTEM REV 01 STATUS PUBLISHED
← All posts
8 min read InsuranceComplianceSubcontractorsGeneral Contractors

Construction COI compliance: how subs maintain coverage and how GCs actually verify it.

Certificate of Insurance compliance is one of the most labor-intensive recurring administrative tasks in commercial construction. Subs maintain four to six active policies, file COIs to every GC client on every active project, and chase renewals continuously. GCs verify dozens of COIs across hundreds of active sub-project relationships and have to track expirations against every project they're on. The cost of getting this wrong — whether you're the sub whose policy lapses mid-project or the GC who paid an uninsured sub — ranges from "annoying" to "company-ending." This is a working guide for both sides on how COI compliance actually works, the recurring mistakes, and how AOS handles the lifecycle.

Certificate of Insurance compliance is one of the most labor-intensive recurring administrative tasks in commercial construction. Subs maintain four to six active policies, file COIs to every GC client on every active project, and chase renewals continuously. GCs verify dozens of COIs across hundreds of active sub-project relationships and have to track expirations against every project they're on. The cost of getting this wrong — whether you're the sub whose policy lapses mid-project or the GC who paid an uninsured sub — ranges from "annoying" to "company-ending." This is a working guide for both sides on how COI compliance actually works, the recurring mistakes, and how AOS handles the lifecycle.

If you're the sub bookkeeper who emails the same COI packet to 30 GC clients every January, or the GC project engineer who chases COIs from subs whose policies expired six weeks ago, you know the shape of this problem. The COI workflow runs through every commercial construction firm but lives in the cracks between accounting, project management, and risk management — which is why most firms handle it badly.

The four (or five) certificates every commercial sub maintains

Every commercial subcontractor typically maintains coverage in four to five categories, with certificates of insurance evidencing each:

1. Commercial General Liability (CGL). Covers third-party bodily injury and property damage. The required limits vary by GC and project size; typical for mid-market commercial work is $1M per occurrence / $2M aggregate, with $5M-$10M umbrella over it. Larger projects often require $2M/$4M base and $25M+ umbrella.

2. Workers' Compensation and Employer's Liability. Statutory WC coverage per state where the work is performed, plus Employer's Liability (typically $1M each accident, $1M each employee, $1M policy limit). Multi-state subs need to confirm coverage extends to every state of operations.

3. Commercial Automobile Liability. Covers owned, hired, and non-owned vehicles. Standard requirement is $1M combined single limit; larger projects often require $2M. Particularly important for subs whose foremen drive between sites.

4. Excess Liability / Umbrella. Sits over the CGL, auto, and Employer's Liability policies. Limits vary widely — $5M is typical for small commercial work, $10M-$25M for mid-market, $50M+ for large institutional projects.

5. (Sometimes) Professional Liability / Pollution / Builder's Risk. Design-build subs need Professional Liability. Subs handling environmental scopes (asbestos, lead, certain MEP work with refrigerants) need Pollution coverage. Some contract structures require subs to participate in Builder's Risk or carry Course of Construction.

That's typically four to six certificates per sub per project, sometimes more for specialty trade work.

The endorsements that turn a generic COI into a project-specific one

The base certificate isn't enough. Most commercial GC contracts require specific endorsements added to the sub's policies for each project:

Additional Insured (AI). The GC, the owner, and sometimes the architect and the lender are named as Additional Insured on the sub's CGL policy. This means they're protected by the sub's CGL coverage for claims arising from the sub's work. The endorsement is typically CG 20 10 (ongoing operations) and CG 20 37 (completed operations), or one of several broader forms depending on the carrier. The contract usually specifies which endorsement form is acceptable.

Waiver of Subrogation. The sub's insurer waives the right to recover from the GC, the owner, and other named parties for any covered loss. Required on CGL, Auto, and Workers' Comp. The endorsement varies by carrier and policy type.

Primary and Non-Contributory. The sub's CGL coverage applies primary to and not in contribution with the GC's own coverage when a claim arises from the sub's work. Required by most commercial GC contracts.

30-Day Notice of Cancellation. The carrier agrees to provide 30 days advance notice (10 days for non-payment) to the Additional Insureds before cancelling or non-renewing. This used to be standard; carriers have made it harder to obtain over the last decade, but contracts still typically require it.

The certificate itself (ACORD 25 form) is just the evidence document. The actual coverage and endorsements live in the underlying policies, and the endorsements have to be issued by the carrier — a COI that says "Additional Insured: GC name" on its face without the underlying endorsement is worthless if a claim arises.

What good COI compliance looks like on the sub side

The sub-side workflow:

  • Maintain current master copies of all active policies with the broker, with clear records of effective dates, limits, additional-insured endorsements, and the carriers
  • Track which projects require which endorsements — some GC contracts require very specific endorsement language; using the wrong form means the COI gets rejected
  • Generate project-specific COIs on demand via the broker (or the sub's own COI tool) with the right Additional Insureds and endorsements
  • Track every GC client that has a copy of your current COI, so when policies renew you know who needs new ones
  • Renew policies well before expiration (typically 30-60 days out) so there's no coverage gap
  • Issue renewal COIs proactively to every active GC client, ideally before they ask

For a sub working with 30 active GCs, this is real ongoing work — usually a part-time COI coordinator role at minimum, often distributed across the office manager and the AR clerk.

What good COI verification looks like on the GC side

The GC-side workflow is the mirror image:

  • Each project's insurance requirements are documented at project setup: required limits, required endorsements, AI requirements, waiver requirements
  • Every sub on every project has a current COI on file, with the right endorsements for that project
  • COI expirations are tracked centrally with alerts at 60, 30, and 7 days out
  • Renewal collection happens proactively — the GC's PM or contract admin chases the sub before the policy expires, not after
  • Coverage gaps are blocked — if a sub's COI lapses, the sub doesn't get paid until it's reinstated
  • Audit trail is maintained per project per sub — in five years if a claim arises, you can produce the COI that was in effect on the date of the alleged loss

For a GC running 25 active projects with 10-15 subs each, this is 250-400 active COI relationships at any given moment. Most mid-market GCs handle this with a SharePoint folder of PDFs and a spreadsheet tracking expirations. The pain shows up when a claim arises and the relevant COI can't be found, or when an audit reveals gaps where a sub was working uninsured for months.

The seven mistakes that cost firms real money

1. Wrong endorsement form. The contract requires CG 20 10 11 85 (older, broader); the sub provides CG 20 10 04 13 (newer, narrower). The GC's contract admin doesn't catch the version difference; a claim arises six months later; the coverage doesn't apply as expected. Both sides lose.

2. Generic AI rather than named AI. The sub's policy has "blanket additional insured" language that covers any party where the sub has agreed in writing to add them. Some GCs accept this; many require specific named AIs. A blanket AI endorsement where a named AI was required gets the COI rejected.

3. Insufficient limits. The sub carries $1M/$2M CGL when the project requires $2M/$4M. The COI gets rejected; the sub has to either bind a special-project policy (expensive, slow) or upgrade their base policy.

4. Policy lapsed mid-project. The sub's policy expired and renewal wasn't issued. The sub didn't notice (or noticed and didn't tell the GC). The GC didn't notice because their COI tracking wasn't current. Work continued. A claim arose. Coverage is in dispute.

5. Waiver of subrogation missing on WC. The contract requires waiver on Workers' Compensation; the carrier didn't issue it. If a sub's worker is injured and the WC carrier pays out, the carrier subrogates back against the GC. The GC ends up paying twice — once through the contract relationship, once through subrogation.

6. Cancellation notice removed by the carrier. The contract requires 30-day notice of cancellation; the carrier's standard COI no longer includes that endorsement (most don't). The GC accepts the COI anyway. The sub's policy gets cancelled for non-payment; the GC has no warning; the work proceeds uninsured.

7. COI not found when a claim arises. A claim from work performed two years ago surfaces today. The GC tries to find the COI in effect at the time. The SharePoint folder is missing the file; the email archive doesn't have it; the sub's records are also missing. The claim becomes an exposure on the GC's own policy.

What most mid-market firms run today

The typical sub-side COI workflow:

  • The sub's broker holds the master policies
  • The bookkeeper or office manager emails the broker for project-specific COIs as needed
  • The broker emails back PDF COIs
  • The bookkeeper emails the PDF to the GC's contract admin
  • The GC files it somewhere (SharePoint, email archive, sometimes Procore Compliance module)
  • At renewal time (often January 1), the bookkeeper resends COIs to all active GC clients, often in a panic week

The typical GC-side workflow:

  • The contract admin or project engineer collects COIs at sub onboarding
  • The PDFs land in a project folder or a Compliance module
  • Expiration tracking is in a spreadsheet maintained by the contract admin
  • 30/60/90-day-out reminders go out by email to the sub
  • When a sub doesn't renew on time, follow-up happens by phone
  • If the lapse persists, the GC sometimes blocks pay-app processing as leverage

This works most of the time. It fails badly when a claim arises and the relevant COI can't be produced, or when a sub's policy lapses without the GC noticing.

How AOS handles COI lifecycle

In AOS, COI is a first-class object with state and expiration tracking, integrated across the sub-onboarding workflow, the project record, and the pay-app cycle. Specifically:

  • Project insurance requirements are captured at project setup — required policy types, limits, endorsements, AI requirements. These propagate to the sub-onboarding record automatically.
  • Sub COIs are uploaded once and tracked per policy, with effective dates, expiration dates, carriers, limits, and endorsement registry.
  • Expiration tracking is live, with multi-tier alerts — 60 days out (sub-only notification), 30 days out (sub + GC notification), 7 days out (sub + GC + escalation to PM), and on the expiration date itself (block on pay-app processing until renewed).
  • Endorsement verification is structured — not just "AI endorsement attached" but "CG 20 10 11 85 attached for parties X, Y, Z effective from MM/DD/YYYY". The GC's compliance team can verify per-endorsement at intake.
  • Cross-tenant when both sides are on AOS — sub uploads renewal to their own record; every GC client they're active with sees the renewal immediately without a separate transmission.
  • Audit trail is permanent — a COI that was in effect five years ago is still retrievable with the timestamps, the project association, and the endorsement record. The "find the COI for the claim" exercise takes seconds, not days.
  • Renewal collection is automated on the sub side — the platform queues renewal COI issuance to every active GC client when a policy renews, instead of relying on the bookkeeper to remember.

The sub accounting role page covers the sub-side workflow; the GC accounting role page covers the verification side. For the broader strategic story on what happens cross-tenant, see the both-sides-on-one-record post. For the related lien-waiver compliance backbone, see the state-by-state lien waiver guide.

The COI readiness checklist

For sub firms:

  • Can you produce, in under 5 minutes, the current COI for any active project with the right Additional Insureds and endorsements?
  • Do you know which active GC clients have your most recent renewal certificates on file?
  • When a policy renews, does the renewal COI go out to every active GC automatically, or is it a manual chase?

For GC firms:

  • Can you produce, for any active project, the current COI status of every sub on that project?
  • What's your alert threshold for expiring COIs — 7 days, 30 days, none?
  • If a claim arose tomorrow on work performed two years ago, could you produce the COI in effect at the time?
  • Do you actually verify the endorsements on the COI match the contract requirements, or just accept that "AI" is checked on the cert?

If most answers are "with significant effort" or "we hope so" — that's the gap AOS closes.

If you'd like to see it

We're in private-beta design-partner mode for commercial subs and GCs. If you want to walk through how AOS handles COI lifecycle on a real portfolio — particularly for firms with multi-state operations and varied endorsement requirements — apply to the beta.