When a Vendor Is Non-Compliant: Escalation Steps

A vendor's insurance certificate expires and they do not send a renewal. You email them. No response. You email again. Still nothing. The vendor is actively working on your project, their certificate expired three weeks ago, and the project manager is telling you the vendor cannot be stopped because the work is critical to the schedule.

This is the central tension of COI compliance: the gap between what the compliance program requires and what operational reality allows. Every compliance team faces this tension, and the organizations that manage it effectively do so through a structured escalation process — a defined ladder of actions that increases in severity as non-compliance persists, with clear documentation at each step and a shared understanding among all stakeholders of what happens at each level.

---

The Escalation Ladder

The escalation ladder has six levels, each representing an increase in severity and organizational visibility. The goal is not to reach the top of the ladder — it is to resolve non-compliance at the lowest possible level. Most vendors comply after the first or second notification. The upper levels exist for the small percentage who do not.

Level 1: Automated Expiration Notice (Day 0)

On the day the certificate expires, an automated notice goes to the vendor informing them that their certificate has expired and requesting an updated certificate. This notice should:

• Identify the specific policies that have expired
• Reference the contract requirement for current insurance
• Provide the submission method (portal link, email address)
• Set a deadline (typically 10 business days)
• State that continued work requires a current certificate

This notice is informational, not adversarial. Most certificate expirations are administrative oversights — the vendor renewed their policy but forgot to send an updated certificate, or the broker issued the renewal certificate to the vendor but not to you.

Documentation: Record the notice date, delivery method, and recipient in the vendor's compliance file.

Level 2: First Reminder (Day 10)

If no certificate is received within 10 business days, send a first reminder. This communication:

• References the original expiration notice
• Notes that the vendor has been non-compliant for 10 days
• Reiterates the deadline (now set at 5 additional business days)
• Copies the vendor's broker if the broker contact is known
• Includes a statement that continued non-compliance will be escalated to the vendor's management and to your internal stakeholders

Documentation: Record the reminder date, recipients (including broker), and the escalation warning.

Level 3: Management Escalation (Day 15)

If no certificate is received after the first reminder, the issue escalates beyond the administrative contact. This communication:

• Goes directly to the vendor's principal, owner, or project manager — not the admin who handles insurance
• Copies the internal stakeholder who manages the vendor relationship (the project manager, property manager, or procurement manager on your side)
• States clearly that the vendor is non-compliant and has been unresponsive to two prior notices
• Sets a final deadline (5 business days)
• States the consequence: if not resolved by the deadline, work will be suspended

This is the critical escalation point. Until now, the issue has been between the compliance team and the vendor's administrative contact. At Level 3, the vendor's decision-makers and your internal stakeholders are both aware of the problem.

Documentation: Record the escalation date, all recipients (vendor management, internal stakeholders), the final deadline, and the stated consequence.

Level 4: Work Suspension Notice (Day 20)

If the final deadline passes without resolution, issue a formal work suspension notice. This communication:

• Notifies the vendor that work must stop immediately until insurance compliance is restored
• References the contract provision authorizing work suspension for non-compliance
• Copies all previous recipients plus any additional internal stakeholders (legal, risk management, senior management)
• Specifies the condition for resuming work: a current, compliant certificate verified by the compliance team
• States that the vendor is responsible for any costs or delays resulting from the suspension

Work suspension is the most powerful enforcement tool in the compliance program. It is also the most disruptive, which is why it requires prior escalation through Levels 1-3 to demonstrate that the vendor was given ample opportunity to comply.

Documentation: Record the suspension notice date, all recipients, the specific contract provision cited, and the conditions for reinstatement. This documentation is critical if the suspension leads to a contract dispute.

Level 5: Payment Hold (Concurrent with Level 4)

Concurrent with or following work suspension, implement a payment hold. Payments due to the vendor are withheld until insurance compliance is restored. The contract should authorize this — most well-drafted vendor agreements include a provision allowing the client to withhold payment during periods of non-compliance.

A payment hold gets the vendor's attention when nothing else does. A vendor who ignores compliance emails will respond when their accounts receivable team reports that a payment is being held.

Documentation: Notify accounts payable of the hold, reference the non-compliance, and record the date the hold was implemented and the conditions for release.

Level 6: Contract Termination (Day 30+)

If the vendor remains non-compliant after work suspension and payment hold, the final step is contract termination for cause. The contract should include a provision allowing termination for failure to maintain required insurance. Termination is a last resort — it carries costs (finding a replacement vendor, project delays, potential legal disputes) — but it is the necessary endpoint when a vendor refuses to comply.

Before terminating, consult with legal counsel to ensure the termination is supportable under the contract, the escalation documentation is complete, and the notice requirements in the termination provision are satisfied.

Documentation: Formal termination notice citing the specific contract provision, a summary of all prior escalation steps, and the effective termination date.

---

Documentation Requirements at Each Step

The escalation process is only as strong as its documentation. If a work suspension or termination leads to a legal dispute, the documentation must demonstrate that:

1. The vendor was aware of the insurance requirements (the contract and requirements packet)
2. The vendor was given timely notice of the expiration (Level 1)
3. The vendor was given reasonable time to comply (10+ business days)
4. The vendor was reminded (Level 2) and the escalation was warned
5. The vendor's management and your internal stakeholders were informed (Level 3)
6. A final deadline was set with clear consequences (Level 3)
7. The consequence was implemented only after the deadline passed (Level 4)
8. The vendor was informed of the conditions for reinstatement (Level 4)

This documentation trail establishes that the escalation was reasonable, procedural, and contractually supported — not arbitrary or retaliatory.

---

Legal Considerations

Right to Suspend Work

The right to suspend work for non-compliance must be in the contract. Without a contractual basis, suspending work could constitute a breach of contract on your part — even if the vendor is in breach of the insurance provision. Review the contract before issuing a suspension notice.

Constructive Termination

If a work suspension extends indefinitely without resolution, the vendor may argue constructive termination — that the suspension effectively terminated the contract without following the contract's termination procedures. To avoid this, set a clear timeline: if the vendor does not restore compliance within 30 days of suspension, the contract will be terminated for cause.

Lien Rights

In construction, suspending work or withholding payment from a subcontractor does not eliminate their mechanic's lien rights. The sub may file a lien even during a suspension. Legal counsel should advise on lien exposure during a compliance suspension.

Good Faith and Fair Dealing

The escalation process must be applied consistently. Suspending one vendor for a 10-day lapse while ignoring another vendor's 60-day lapse creates an inconsistency that could be characterized as arbitrary enforcement. Apply the same process to every vendor at every level.

---

The Waiver Alternative

At any point during the escalation, you may choose to issue a waiver instead of continuing up the ladder. A waiver formally acknowledges the non-compliance and accepts the associated risk for a defined period.

When a Waiver Is Appropriate

• The vendor's coverage lapsed due to a carrier processing delay and the broker confirms renewal is imminent (1-5 business days)
• The vendor is unable to meet a specific requirement (such as an umbrella limit) but meets all other requirements and the residual risk is acceptable
• The vendor is performing critical work that cannot be interrupted without significant project impact, and the risk of continuing without full compliance is less than the risk of stopping work

Waiver Documentation

A waiver must include:

• The specific requirement being waived (which coverage, which limit, which endorsement)
• The reason for the waiver
• The risk assessment (what is the exposure during the waiver period)
• The duration (waivers should be time-limited, typically 30-60 days, with a defined review date)
• The approver (a risk manager, project executive, or other authorized decision-maker — not the compliance analyst)
• The conditions for lifting the waiver (what the vendor must do and by when)

What a Waiver Is Not

A waiver is not a permanent exemption. It is a temporary, documented acceptance of a specific risk. A vendor who receives a waiver should be managed toward compliance, not left in a perpetual waived state.

---

Protecting Your Organization During Non-Compliance

While escalation proceeds, the vendor may still be working (especially at Levels 1-3 before a suspension is issued). During this period, your organization is exposed to risk because the vendor's insurance is not verified as current.

Mitigation Steps During Non-Compliance

Confirm your own insurance. Verify that your own GL, umbrella, and property policies are current and that limits are adequate to absorb a potential claim during the non-compliance period.

Increase oversight. If the vendor is performing physical work, increase on-site supervision during the non-compliance period. The goal is to reduce the probability of an incident while the insurance gap exists.

Document the gap. If an incident occurs during the non-compliance period, documentation showing that you were actively escalating and managing toward compliance demonstrates that you did not knowingly ignore the gap — you were in the process of resolving it.

Notify your own carrier. For significant non-compliance gaps (a large construction subcontractor with no WC coverage for two weeks), consider notifying your own insurance carrier. They may provide guidance on risk mitigation or adjust your coverage during the gap period.

---

Building an Escalation Culture

The escalation process works only if the organization supports it. This means:

Leadership endorsement. Senior management must publicly support the compliance team's authority to escalate and, when necessary, suspend work. If project managers can override compliance decisions, the escalation process is theater.

Stakeholder education. Project managers, property managers, and procurement teams must understand the escalation process before they encounter it. A project manager who learns about the work suspension provision for the first time when their vendor is suspended will resist. A project manager who was briefed on the process during onboarding will understand.

Consistent application. The process must apply to every vendor — the critical subcontractor on a flagship project and the small landscaping company on a secondary property. Selective enforcement invites challenges and undermines the program.

Metrics and reporting. Track escalation metrics: how many vendors reach each level, average resolution time, percentage resolved before work suspension, number of waivers issued. Report these metrics to management quarterly. Visibility creates accountability.

The escalation ladder is not punitive. It is a structured, escalating response to an objective problem — a vendor is not meeting a contractual obligation. When executed consistently, documented thoroughly, and supported by leadership, it resolves the vast majority of non-compliance situations without reaching the upper levels.