Compliance Gap

Overview

A Compliance Gap is any difference between what a contract requires in terms of insurance coverage and what a vendor actually has in place. Gaps can range from minor administrative issues (a misspelled certificate holder name) to critical coverage deficiencies (missing liability coverage entirely). Identifying, documenting, and resolving compliance gaps is the core function of COI compliance operations.

How It Works

Compliance gaps arise when a vendor's insurance program does not fully satisfy the contractual requirements. The gap identification process typically follows these steps:

1. Requirement extraction: The compliance team identifies insurance requirements from the contract, lease, or master service agreement.
2. Certificate review: The vendor's ACORD 25 (and any accompanying endorsements) is reviewed against those requirements.
3. Gap identification: Any discrepancy between the requirement and the certificate is flagged as a compliance gap.
4. Gap classification: Gaps are categorized by severity to prioritize remediation.
5. Notification: The vendor (and often their insurance producer) is notified of the gap.
6. Resolution: The vendor provides updated coverage, endorsements, or documentation to close the gap.

Common types of compliance gaps include:

• Limit deficiencies: Coverage limits below contractual minimums (e.g., $500,000 per occurrence when $1,000,000 is required).
• Missing coverages: Required coverage lines not present (e.g., no Umbrella/Excess Liability policy).
• Endorsement gaps: Required endorsements not reflected (e.g., Additional Insured, Waiver of Subrogation, Primary and Non-Contributory language missing).
• Expired coverage: Policy dates have lapsed without renewal certificates received.
• Entity mismatches: Certificate holder name or Additional Insured name does not match the contracting entity.
• Carrier rating deficiencies: Insurance carrier does not meet minimum AM Best rating requirements.

Compliance Relevance

Compliance gaps represent actual risk exposure for the party requiring insurance:

• Liability transfer failure: The purpose of insurance requirements is to transfer risk from the property owner or GC to the vendor's insurer. A compliance gap means that risk transfer is incomplete.
• Legal exposure: If an incident occurs and a compliance gap exists, the requiring party may bear losses that should have been covered by the vendor's insurance.
• Tracking and metrics: Modern compliance platforms track gap rates, resolution times, and gap types to identify systemic issues — such as a requirement that most vendors cannot satisfy, suggesting the requirement may need adjustment.
• Automated detection: AI-powered compliance tools can extract certificate data and automatically compare it against stored requirements, identifying gaps in seconds rather than hours.
• Status workflow: Gaps drive the compliance status lifecycle — from "Not Compliant" through remediation to "Compliant."

Example

A property owner requires vendors to carry $1,000,000 CGL with Additional Insured and Waiver of Subrogation endorsements, plus $5,000,000 Umbrella. A vendor submits a COI showing $1,000,000 CGL with Additional Insured but no Waiver of Subrogation, and a $2,000,000 Umbrella. Two compliance gaps are identified: (1) missing Waiver of Subrogation endorsement and (2) Umbrella limit $3,000,000 below the requirement. The compliance platform flags both gaps, assigns a "Not Compliant" status, and triggers a deficiency notice to the vendor.