Insurance Certificate vs Insurance Policy: What a COI Can and Cannot Prove

A certificate of insurance is the most widely used document in insurance compliance. It is requested millions of times per year, stored in compliance files across every industry, and treated as proof that a vendor, tenant, or contractor carries the required insurance. But the certificate of insurance is not what most people think it is. It is not a contract. It is not a guarantee of coverage. It is not even a reliable indicator of what the underlying policy actually says.

Understanding the gap between what a COI appears to prove and what it actually proves is foundational knowledge for anyone involved in insurance compliance. This guide explains exactly what a certificate of insurance is, what it proves, what it does not prove, and why relying solely on a certificate — without additional verification — creates risk.

---

What a Certificate of Insurance Is

A certificate of insurance (COI) is a standardized summary document issued by an insurance agent or broker on behalf of their insured client. The most common certificate form is the ACORD 25 — Certificate of Liability Insurance, published by ACORD (the Association for Cooperative Operations Research and Development), a standards organization for the insurance industry.

The certificate summarizes key information from the insured's policies:

• The named insured (the policyholder)
• The insurance carrier(s)
• The policy numbers
• The coverage types (GL, WC, Auto, Umbrella, etc.)
• The policy effective dates and expiration dates
• The coverage limits
• The certificate holder (the party requesting the certificate)
• A description of operations field for notes about the specific project, contract, or additional insured status

The certificate is typically a single page. It condenses dozens or hundreds of pages of policy language into a one-page summary.

---

The ACORD Disclaimer: Read It Carefully

Every ACORD 25 certificate contains a disclaimer. It appears in capital letters at the top of the form, and most people skip over it. It reads:

"THIS CERTIFICATE IS ISSUED AS A MATTER OF INFORMATION ONLY AND CONFERS NO RIGHTS UPON THE CERTIFICATE HOLDER. THIS CERTIFICATE DOES NOT AFFIRMATIVELY OR NEGATIVELY AMEND, EXTEND OR ALTER THE COVERAGE AFFORDED BY THE POLICIES BELOW. THIS CERTIFICATE OF INSURANCE DOES NOT CONSTITUTE A CONTRACT BETWEEN THE ISSUING INSURER(S), AUTHORIZED REPRESENTATIVE OR PRODUCER, AND THE CERTIFICATE HOLDER."

This disclaimer is not boilerplate legal language to be ignored. It is a precise statement of what the certificate is and is not:

"Issued as a matter of information only." The certificate is informational. It tells you what the broker believes the coverage looks like at the time of issuance. It is not a binding representation.

"Confers no rights upon the certificate holder." Receiving a certificate does not give you any rights under the insured's policy. You cannot file a claim based on the certificate. You cannot enforce policy provisions based on the certificate. Your rights, if any, come from the policy itself — specifically from additional insured endorsements attached to the policy.

"Does not amend, extend or alter the coverage." If the certificate says "Additional Insured" but the policy does not contain an additional insured endorsement, the certificate does not create additional insured status. The policy controls, not the certificate.

"Does not constitute a contract." The certificate is not a contract between you and the insurance carrier. The carrier has no obligation to you based solely on the certificate.

---

What a COI Proves

Despite its limitations, a certificate of insurance does provide useful information:

Coverage Existed at the Time of Issuance

A certificate issued on March 1, 2026, with a policy period of January 1, 2026, to January 1, 2027, confirms that on March 1, 2026, the named insured had a policy in force with the stated carrier, policy number, and limits. The broker would not issue the certificate if the policy did not exist at that moment.

This is the most reliable information on the certificate: a snapshot of coverage status as of the issuance date.

The Carrier and Policy Number

The certificate identifies the insurance carrier and policy number for each coverage line. This information can be independently verified — you can contact the carrier directly to confirm that the policy exists and is in force.

The Stated Limits

The limits shown on the certificate represent the per-occurrence, aggregate, and other limit structures of the underlying policies. These limits are drawn from the policy declarations and are generally accurate at the time of issuance.

The Policy Period

The effective and expiration dates on the certificate indicate the policy period. This tells you when the coverage began and when it is scheduled to end.

The Named Insured

The certificate identifies the named insured — the entity that purchased the policy. This is important for entity matching and verifying that the insured is the same entity you contracted with.

---

What a COI Does Not Prove

Current Coverage

A certificate proves that coverage existed at the time of issuance. It does not prove that coverage exists right now. A policy can be cancelled, non-renewed, or lapsed at any time after the certificate was issued. The certificate does not automatically update when the policy status changes.

This is the single most dangerous misconception about certificates. A certificate in your file with an expiration date six months in the future does not mean the vendor currently has coverage. The vendor may have missed a premium payment last week and the policy was cancelled for non-payment. The certificate in your file is now worthless — but it still looks valid.

That Endorsements Actually Exist

The certificate may indicate "Additional Insured" in the description of operations field. It may even reference a specific endorsement form (CG 20 10, CG 20 26). But the certificate does not prove that the endorsement is actually attached to the policy. The only way to confirm an endorsement exists is to obtain a copy of the endorsement itself from the insurer or broker.

In practice, most compliance programs accept the certificate's indication of additional insured status without requesting the actual endorsement. This works most of the time because brokers generally do not indicate endorsements they have not added. But "most of the time" is not "all of the time," and the cases where it fails are the cases that matter — during claims.

Exclusion Details

Certificates do not list policy exclusions. A CGL policy may exclude assault and battery, pollution, professional services, EIFS (synthetic stucco), residential construction, or dozens of other specific risks. The certificate will show "$1,000,000 per occurrence CGL" without indicating that half of your exposure scenarios are excluded.

Sub-Limits and Deductibles

Many policies contain sub-limits that restrict coverage for specific types of claims below the stated policy limit. A GL policy with a $1,000,000 per occurrence limit may contain a $25,000 sub-limit for damage to rented premises or a $50,000 sub-limit for personal and advertising injury. The certificate shows the headline limit, not the sub-limits.

Similarly, deductibles and self-insured retentions (SIRs) may not appear on the certificate. A vendor with a $1,000,000 GL policy and a $100,000 SIR effectively has $100,000 less coverage than the certificate suggests, because the vendor must pay the first $100,000 of any claim before the policy responds.

Aggregate Erosion

The aggregate limit on a GL policy is a cap on total payouts during the policy period. If a vendor has a $2,000,000 general aggregate and has already paid $1,500,000 in claims this year, only $500,000 of aggregate remains. The certificate still shows "$2,000,000 general aggregate" because the certificate reflects the policy limit, not the remaining available coverage.

Policy Conditions and Coverage Triggers

Insurance policies contain conditions that must be met for coverage to apply — timely notice of claims, cooperation with the carrier's investigation, compliance with policy conditions, payment of premiums. The certificate does not reveal whether these conditions are being met.

---

Why You Cannot Rely Solely on a Certificate

The cumulative effect of these limitations is significant. A certificate tells you:

• A policy existed at some point in the past (the issuance date)
• The policy had certain limits on paper
• The broker indicated certain endorsements may be present

A certificate does not tell you:

• Whether the policy is currently in force
• Whether the endorsements actually exist on the policy
• Whether the policy contains exclusions that gut the coverage for your specific risk
• Whether the aggregate has been eroded by prior claims
• Whether sub-limits or SIRs reduce the effective coverage
• Whether the insured is meeting all policy conditions

This gap between what the certificate shows and what the policy actually provides is the "certificate gap" — and it is the reason that sophisticated compliance programs go beyond certificate collection.

---

Beyond the Certificate: Additional Verification Steps

Request Copies of Key Endorsements

For critical vendors, request copies of the additional insured endorsement, waiver of subrogation endorsement, and primary and non-contributory endorsement. These are the endorsements that directly affect your rights under the vendor's policy. Reviewing the actual endorsement language confirms that your entity is named, that the endorsement form provides the breadth of coverage you expect, and that the endorsement has not been modified or restricted.

Verify Carrier Financial Strength

The certificate names the carrier, but it does not indicate the carrier's financial strength. Look up the carrier on AM Best (ambest.com) and confirm a minimum rating of A- (Excellent) with a Financial Size Category of VII or higher. A certificate from a financially weak carrier provides theoretical coverage that may not be collectible in practice.

Confirm Coverage Directly with the Carrier

For the highest-risk vendor relationships, contact the carrier directly to confirm that the policy is currently in force and that the named endorsements are attached. Carriers will confirm or deny coverage when asked by a party with a legitimate interest (such as a certificate holder or additional insured).

Review the Policy Itself

For the most critical vendor relationships — large construction contracts, technology vendors processing sensitive data, vendors with high-severity exposure — request a copy of the full policy or at least the declarations page and the endorsement schedule. This provides the most complete picture of what the policy covers and does not cover.

Monitor Continuously

A certificate verified today may be invalid tomorrow. Continuous monitoring — through automated tracking platforms that check certificate status, flag expirations, and alert on cancellations — addresses the "point in time" limitation of the certificate. Monitoring does not replace verification, but it ensures that changes in coverage status are detected promptly.

---

The Practical Reality

Most compliance programs rely primarily on certificates because the alternative — reviewing full policies for every vendor — is impractical at scale. A company with 200 vendors cannot realistically review 200 complete insurance policies annually.

The practical approach is tiered verification:

This tiered approach concentrates verification resources where they matter most — on the vendors whose insurance gaps would create the greatest exposure — while maintaining baseline certificate verification for the entire vendor population.

The certificate of insurance is a useful tool. It is the starting point of verification, not the conclusion. Understanding its limitations — and building a compliance program that accounts for them — is what separates adequate compliance from effective compliance.