COI Expiration Monitoring: The Automated Tracking That Prevents the $2M Coverage Gap You Didn't See Coming
Every construction company knows subcontractors need current certificates of insurance. Most companies have a policy requiring COIs on file. Relatively few manage the policy effectively — meaning that on any given day, a meaningful percentage of active subs have expired coverage that nobody has chased, and a gap exists that would turn into a claim disaster if an incident happened.
The issue is operational, not policy. Managing COI expirations across 40 active subs on 15 projects, each with GL, auto, workers comp, umbrella, and professional policies (expiring on different dates), produces hundreds of expiration dates per year to track. A manual spreadsheet approach guarantees misses. Automated monitoring with specific workflow integrations is what actually works.
Common failure modes in manual COI management:
Manual COI tracking failure modes
- Spreadsheet not updated when new COIs arrive — old expiration dates persist
- Expiration alerts depend on someone remembering to check — they miss busy periods
- Policy-level tracking not done — only the most recent cert is tracked, even though multiple policies exist
- Renewal requests not automated — require manual email to broker each time
- Payment gates not enforced — invoices get paid even with expired COI on file
- Project site-level tracking doesn't reconcile to corporate — different people track different things
- When someone leaves the role, institutional knowledge of "how we track" disappears
Each of these is a fixable operational issue, but companies that have been doing it the manual way for years tend to have accumulated many of them simultaneously. The effective response is systematic — not working harder on the spreadsheet but moving to a different approach.
Effective COI tracking is at the policy level, not the certificate level. Each subcontractor typically has multiple coverage types that expire independently:
Typical subcontractor policies to track
- Commercial General Liability (CGL) — per occurrence and aggregate limits, product/completed operations coverage
- Auto Liability — limits, any vs owned/hired/non-owned
- Workers Compensation and Employer's Liability — state coverage, EL limits
- Excess/Umbrella — limits, underlying policy structure
- Professional Liability — for design work or specialized services
- Pollution liability — for environmental work
- Additional insured endorsements — CG 20 10, CG 20 33, CG 20 37 specifically
- Waiver of subrogation endorsements
- Primary/non-contributory language
Each has its own effective and expiration dates, often with the workers comp expiring on a different cycle than the GL. Tracking only "the COI" at certificate level misses policy-specific expiration that may leave coverage gaps.
The core automation is expiration alerting with appropriate lead time:
Expiration alert cadence
- 90 days before expiration — initial notice to both sub's broker and sub's AP contact
- 60 days before — second notice if renewal COI hasn't been received
- 30 days before — escalation notice; payment gate warning activates
- 15 days before — final notice; payment gate about to activate
- Expiration day — payment gate activates; no new invoices processed until renewed
- Post-expiration — escalating internal notifications to project management
The lead times give subs and brokers time to get renewals done before the gap. A 30-day notice gives meaningful runway; a 5-day notice is basically a crisis.
Renewal requests sent automatically to the sub's insurance broker are more reliable than asking the sub directly. Key elements:
Auto-request to broker workflow
- Broker contact information collected at subcontractor onboarding
- Request email to broker with cc to sub's AP contact — broker handles the work
- Specific requirements listed in the request — exact endorsements needed
- Renewal COI auto-imported when received — OCR extraction of key data
- Broker confirmation that request was actioned — not just sent
Brokers are professional at handling COI requests; sub AP clerks are often overloaded and slow. Going directly to the broker bypasses the weakest link in the chain.
The enforcement mechanism is gating payment on current coverage. When a sub's coverage expires, their invoices don't pay until renewal is received. Specific gate mechanics:
COI payment gate mechanics
- System automatically marks sub as "COI expired" when policy date passes
- New invoice approvals halted for that sub
- Existing approved invoices not yet paid — held pending renewal
- Sub notified that payment is on hold pending COI update
- Gate released when renewal COI is received and processed
Payment gates work because they align the sub's financial interest with compliance. A sub with unpaid invoices will chase their broker for a renewal cert far more aggressively than a sub getting paid normally while nobody notices expired coverage.
Payment gates on COI expiration are the most effective single control for insurance compliance. Without them, "required" COI is advisory. With them, renewal compliance runs 90%+ without operational effort — the financial incentive does the work.
Get AP insights in your inbox
A short monthly roundup of construction AP + accounting posts. No spam, ever.
No spam. Unsubscribe anytime.
When COIs arrive, automated extraction speeds processing. Modern COI OCR handles:
Data extracted automatically from COIs
- Named insured verification (matches sub on file)
- Certificate holder and certificate holder address
- Policy numbers and effective/expiration dates by policy type
- Per occurrence and aggregate limits by policy type
- Additional insured endorsements — form numbers identified
- Waiver of subrogation indications
- Primary/non-contributory language
- Producer (broker) contact information
Extraction accuracy isn't perfect — ACORD 25 forms have free-text fields and variations — but modern OCR gets 90%+ of data automatically, with human review for low-confidence extractions or unusual certificates.
Beyond tracking dates, a compliance rules engine verifies that the COI actually meets contractual requirements. Common rules:
COI compliance rule checks
- GL per occurrence limit meets or exceeds contractual minimum (commonly $1M or $2M)
- Aggregate limit meets or exceeds contractual minimum
- Additional insured endorsement present — CG 20 10 and/or CG 20 33 for GL
- Waiver of subrogation present where contract requires
- Primary and non-contributory language present where contract requires
- Workers comp active in all states where sub has employees working
- Umbrella/excess limits adequate for project
- Certificate holder correctly identifies the GC/owner per contract
Rules evaluate automatically as COIs are processed. A COI that meets expiration tracking but fails a rules check is flagged for handling — often a call back to the broker to add a missing endorsement rather than starting the renewal process over.
COI monitoring needs to connect to the AP system to enable payment gates and invoice workflow:
COI / AP system integration
- Sub vendor record flagged with current COI status
- Invoice approval workflow checks COI status
- Invoice posting blocked if COI expired (unless override with approval)
- Payment file generation excludes payees with expired COI
- Dashboard showing vendors currently gated vs active
Integration is what makes the workflow operational. A COI tracking system that's separate from AP produces information; integration with AP produces action.
The business case for automated COI monitoring is straightforward: one uncaught coverage gap that coincides with an incident can cost more than years of system investment. Typical exposure scenarios:
Exposure from uncaught COI gaps
- Sub employee injured on project while sub's workers comp was expired — GC potentially liable as statutory employer
- Sub caused property damage to third party while GL was expired — GC may be sued directly with no indemnification resource
- Sub's auto policy expired — accident on project puts claims against GC's auto with no sub recovery
- Professional liability gap on design-assist work — errors in shop drawings expose GC without recovery
In any of these scenarios, a single incident can cost millions. The systematic cost of monitoring is negligible by comparison. Manual tracking persists in many companies despite this asymmetry because the cost hasn't materialized yet; it's a latent risk that tends to hit eventually.
COI expiration monitoring is one of those operational processes where manual approaches consistently produce gaps that lead to catastrophic exposure. Automated tracking at the policy level, expiration alerts with lead time, auto-requests to brokers, OCR-driven data extraction, compliance rules engine, and payment gates integrated with AP produce the kind of systematic discipline that actually prevents gaps. The investment is modest compared to the cost of a single uncaught incident. Companies that run COI monitoring well describe it as one of the lowest-effort / highest-impact AP automation improvements they've made — the workflow essentially runs itself after initial setup, and the downstream risk reduction is substantial.
Written by
Sarah Blake
Head of Product
Former AP Manager at a $200M construction firm, now leads product at Covinly. Writes about what AP teams actually need from automation — beyond the marketing promises.
View all posts