The Silent Risk Transfer Gap That Undermines Your Coverage (and How to Close It)

You've done the work. Your contracts include indemnity clauses, additional insured endorsements, and requirements for certificates of insurance. But when a claim lands, the coverage you expected may not be there. That gap — the silent risk transfer gap — is one of the most common reasons risk transfer programs fail. It's not about missing paperwork; it's about mismatches between what contracts say and what policies actually cover.

In this guide, we walk through what creates that gap, how to spot it before a loss, and the steps to close it for good. We'll avoid the usual vague advice and give you concrete checks you can apply to your own program.

Who This Gap Hurts and What Goes Wrong Without It

The silent risk transfer gap hits hardest in industries where work is passed down a chain: general contractors hiring subcontractors, property owners leasing to tenants, healthcare systems engaging third-party providers, and manufacturers relying on suppliers. In each case, the upstream party expects the downstream party's insurance to respond first. But that expectation often breaks down.

Consider a common scenario: A general contractor hires a subcontractor to install roofing. The contract requires the sub to name the GC as an additional insured on their general liability policy. The sub provides a certificate of insurance showing the GC as additional insured. Everyone feels protected. Then a worker falls and sues both the sub and the GC. The sub's insurer denies coverage for the GC because the additional insured endorsement only applies if the sub's work caused the injury — and the policy language says coverage is triggered only when the sub is actively performing work at the time of the accident. The injury happened during a lunch break. Gap.

Without closing this gap, the GC's own insurance must respond, often with higher deductibles and potential premium increases. Worse, the GC may have to pay legal costs out of pocket if the defense is denied. This isn't a rare edge case. Industry surveys and claims data consistently show that a significant portion of additional insured claims are initially denied due to policy wording mismatches.

The gap also appears in less obvious places. A landlord requires tenants to carry liability insurance and name the landlord as additional insured. The tenant buys a policy, but the endorsement only covers the landlord for the tenant's negligence — not for the landlord's own negligence in maintaining common areas. When a visitor slips on a wet floor in the lobby, the tenant's policy excludes the landlord's liability because the cause was the landlord's maintenance failure. Gap.

What goes wrong without addressing this? First, you lose the financial protection you paid for in the contract. Second, your own insurance history takes a hit — claims paid under your policy affect your loss runs and future premiums. Third, relationships suffer: disputes over coverage can sour partnerships and lead to litigation between parties who were supposed to be aligned. Finally, regulators and clients may scrutinize your risk transfer program if you're in a regulated industry, leading to compliance issues.

This isn't about blaming insurance brokers or contract administrators. The gap is structural: standard forms and contract templates don't always align. Closing it requires a deliberate, systematic approach.

Prerequisites: What You Need to Have in Place First

Before you start auditing your risk transfer program, make sure you have a few foundational pieces in place. Without these, the fixes won't stick.

Clear Contract Language

Your contract must include specific insurance requirements, not just a vague clause saying the other party will maintain insurance. At minimum, you need: (1) types and limits of insurance required, (2) additional insured status with details on when it applies (e.g., ongoing operations vs. completed operations), (3) waiver of subrogation in your favor, (4) primary and non-contributory wording, and (5) notice of cancellation provisions (typically 30 days). These terms should be drafted by someone who understands both contract law and insurance policy language — ideally a risk manager or attorney specializing in insurance coverage.

Current Certificates of Insurance

You need a system to collect and review certificates of insurance (COIs) from every downstream party. But COIs are only a snapshot. They confirm that a policy existed on the date issued, but they don't guarantee coverage for a specific claim. Use them as a starting point, not as proof of compliance. Your process should require that COIs match the contract requirements exactly — not just show that some insurance is in place.

Access to Policy Endorsements

This is where most programs fall short. A COI cannot show you the wording of the additional insured endorsement. You need a copy of the actual endorsement page from the downstream party's policy. This is often listed as CG 20 10 (ongoing operations) or CG 20 37 (completed operations) in the ISO standard forms, but many carriers use manuscript or modified versions. Request these endorsements at the start of the relationship and whenever the policy renews.

Internal Knowledge of Your Own Exposures

You can't close a gap if you don't know what risks you're trying to transfer. Map out the activities that could lead to claims: on-site work, product liability, professional services, premises liability, etc. For each exposure, identify which party should bear the risk and what insurance coverage would respond. This exercise often reveals gaps that no contract review would catch — for example, a subcontractor's pollution exclusion that leaves you exposed for cleanup costs.

Buy-In from Procurement and Legal

Risk transfer isn't just a risk management task. Procurement teams negotiate contracts, and legal approves them. If they don't understand why additional insured wording matters, they may accept substandard terms to close a deal faster. Educate them on the consequences: a bad endorsement can cost more than a delayed contract. Get their commitment to enforce the requirements.

Once these pieces are in place, you're ready to move into the core workflow.

Core Workflow: How to Close the Gap Step by Step

Closing the silent risk transfer gap follows a sequence of checks and adjustments. We've broken it into five steps that you can apply to each contract or vendor relationship.

Step 1: Compare Contract Insurance Requirements to the Policy Endorsement

Take the contract's additional insured clause and read it side by side with the endorsement from the downstream party's policy. Look for mismatches in scope. Does the contract require coverage for ongoing and completed operations? Does the endorsement cover both? Does the endorsement use the phrase 'caused, in whole or in part, by' the downstream party's acts or omissions? That's the broadest form (ISO CG 20 10 04 13). Some endorsements use narrower language like 'solely caused by' or 'arising out of' — which can be interpreted more restrictively. If the contract says 'caused in whole or in part' but the endorsement says 'solely caused,' you have a gap.

Step 2: Check the Trigger of Coverage

Many additional insured endorsements only apply when the downstream party is actively performing work for you. If a claim arises from their completed work — say, a roof that leaks a year after installation — the endorsement may not respond unless you have a separate completed operations endorsement. Verify that the endorsement covers both ongoing and completed operations if your contract requires it.

Step 3: Verify Primary and Non-Contributory Wording

Your contract likely requires the downstream party's insurance to be primary and non-contributory — meaning their policy pays first and doesn't seek contribution from your policy. Check that the endorsement includes this language explicitly. If it's missing, your policy may end up sharing the loss, which defeats the purpose of risk transfer.

Step 4: Confirm Waiver of Subrogation

A waiver of subrogation prevents the downstream party's insurer from suing you to recover amounts they paid. This is especially important in construction and property management. The waiver should be mutual and included in both the contract and the policy endorsement. If the policy doesn't have a waiver of subrogation endorsement, ask for one (ISO form CG 24 04 is common).

Step 5: Set Up Ongoing Monitoring

Risk transfer isn't a one-time check. Policies renew, endorsements change, and downstream parties may switch carriers mid-project. Build a calendar to request updated endorsements at each renewal and at project milestones. Use a tracking tool — even a spreadsheet — to log receipt and review dates. When a gap is found, don't just flag it; require the downstream party to provide a corrected endorsement or face suspension of work.

Following these steps consistently will catch most gaps. But no workflow covers every situation. That's where tools and environment realities come in.

Tools, Setup, and Environment Realities

Closing the gap requires more than just good intentions. You need tools that make the process repeatable and scalable. Here's what we've seen work in practice.

Insurance Tracking Software

Dedicated platforms like myCOI, Riskonnect, or Hammerhead automate COI collection and validation. They can flag missing endorsements, expired policies, and mismatched limits. Some even integrate with contract management systems. The upfront cost is worth it if you manage more than a few dozen downstream relationships. For smaller operations, a spreadsheet with conditional formatting can work, but it demands discipline.

Standardized Contract Templates

Work with legal to create a set of insurance requirements that you use in every contract. Use the latest ISO additional insured forms as a reference — they're widely accepted and easier to verify. Avoid customizing requirements for each deal unless there's a specific exposure that demands it. Standardization reduces the chance of errors and makes training easier.

Endorsement Libraries

Build an internal library of common additional insured endorsements (CG 20 10, CG 20 37, CG 20 33, etc.) with plain-language summaries of what they cover. Train your team to recognize the key phrases. When a downstream party submits an endorsement, compare it to the library to quickly spot deviations.

Environment Realities: What Works and What Doesn't

In practice, the biggest obstacle is getting the downstream party to provide the actual endorsement. Many brokers push back, saying the COI is enough. You need to insist — make it a contractual requirement. If they refuse, consider whether the relationship is worth the risk. Another reality: some carriers issue manuscript endorsements that are narrower than ISO forms. Don't assume a manuscript form is equivalent; read it carefully. Finally, remember that insurance policies are contracts of adhesion — ambiguous language is interpreted against the insurer, but you don't want to rely on litigation to get coverage. Better to fix the wording upfront.

Variations for Different Constraints

Not every organization can follow the ideal workflow. Here are adjustments for common constraints.

Small Teams with Limited Resources

If you don't have a dedicated risk manager, focus on your highest-exposure relationships — the ones that could generate the largest claims. Use a simple checklist for each contract: (1) additional insured endorsement for ongoing operations, (2) completed operations if applicable, (3) primary and non-contributory, (4) waiver of subrogation. Verify these four items for your top 20% of vendors, and accept some risk on the rest. Consider using a broker who offers compliance review as part of their service.

High-Volume, Low-Value Contracts

For situations like hiring many small subcontractors for short projects, automation is key. Use insurance tracking software that automatically requests and validates endorsements. Set up rules: if the endorsement doesn't match your requirements, the system sends an alert and blocks payment until corrected. Accept that some gaps will slip through; the cost of perfect compliance may exceed the risk for very small contracts.

International or Cross-Border Work

When downstream parties are based in other countries, local insurance laws and standard forms differ. Consult a broker with international expertise. Often, you'll need a local admitted policy plus a difference-in-conditions (DIC) policy to fill gaps. The additional insured endorsement may not exist in the same form; you may need to rely on contractual indemnity backed by the party's own assets. This is a complex area — consider hiring a specialist.

Long-Term Projects with Changing Risks

On multi-year projects, exposures can shift. For example, a construction project moves from excavation to finishing, and the risk of property damage decreases while the risk of defective work increases. Revisit your insurance requirements at each phase. Update endorsements to cover completed operations as the project nears completion. Build phase-based checkpoints into your project plan.

Each variation requires trade-offs. The key is to make intentional decisions about where you accept risk rather than assuming it's transferred.

Pitfalls, Debugging, and What to Check When It Fails

Even with a solid process, things go wrong. Here are the most common pitfalls and how to diagnose them.

Pitfall 1: Relying on Certificates of Insurance Alone

A COI is not a contract. It doesn't guarantee coverage for any specific claim. Yet many organizations treat it as proof of compliance. When a claim is denied, the COI is useless. Debugging: if you haven't seen the actual endorsement, assume the gap exists. Request the endorsement before work begins.

Pitfall 2: Accepting an Endorsement That's Too Narrow

Some endorsements limit coverage to liability 'arising out of' the downstream party's work. Courts have interpreted 'arising out of' broadly, but it's still narrower than 'caused, in whole or in part, by.' If your contract uses the broader language, reject the narrower endorsement. Debugging: compare the trigger language in the endorsement to your contract. If they don't match, ask for a corrected version.

Pitfall 3: Missing Completed Operations Coverage

Many additional insured endorsements cover only ongoing operations. If a defect appears after the work is finished, you're on your own. This is especially common in construction and product liability. Debugging: check whether the endorsement includes CG 20 37 or similar language for completed operations. If not, request it separately.

Pitfall 4: Ignoring Policy Exclusions That Undermine Coverage

Even with a perfect additional insured endorsement, the downstream party's policy may have exclusions that swallow the coverage — for example, an exclusion for residential construction defects or a pollution exclusion that applies to your operations. Debugging: ask for a copy of the full policy or at least the exclusions page. If you can't get it, consider requiring that the policy be written on a standard form with limited endorsements.

Pitfall 5: Not Verifying the Insurer's Financial Strength

An endorsement from a carrier that goes insolvent is worthless. Check the insurer's A.M. Best rating or equivalent. If the rating is below A-, consider requiring a higher-rated carrier or a bond. Debugging: set a minimum rating in your contract and verify it annually.

When a claim is denied, don't just accept it. Work with your broker to review the denial letter and compare it to the contract and endorsement. Sometimes the denial is based on a misinterpretation, and a well-written appeal can reverse it. But prevention is far cheaper than litigation.

Frequently Asked Questions and a Practical Checklist

We've gathered the questions that come up most often when teams start closing their risk transfer gaps. Use this section as a quick reference.

FAQ

Q: Can I rely on a certificate of insurance that shows 'additional insured' checked?
A: No. That checkbox only indicates that the broker added the name to the certificate. It does not confirm that the policy actually includes an additional insured endorsement. You must see the endorsement itself.

Q: What if the downstream party's broker refuses to provide the endorsement?
A: Escalate to your contract's requirement. If they still refuse, consider whether the relationship is worth the risk. In many cases, the broker is just being cautious about sharing policy details; you can offer to sign a confidentiality agreement.

Q: How often should I review endorsements?
A: At least annually, and whenever the downstream party's policy renews. For long-term projects, review at each phase or milestone.

Q: Does a waiver of subrogation protect me from being sued by the other party's insurer?
A: Yes, but only if it's included in both the contract and the insurance policy. The waiver prevents the insurer from stepping into the other party's shoes to sue you for amounts they paid on a claim.

Q: What's the difference between 'primary and non-contributory' and just 'primary'?
A: 'Primary' means the downstream party's policy pays first. 'Non-contributory' means their policy won't seek contribution from your policy. Both are needed to fully protect your own insurance from being tapped.

Checklist for Closing the Gap

• Obtain a copy of the downstream party's additional insured endorsement before work begins.
• Compare the endorsement's trigger language to your contract's requirements.
• Verify that ongoing and completed operations are both covered if needed.
• Confirm the policy includes primary and non-contributory wording.
• Check for a waiver of subrogation in both contract and policy.
• Review the policy's exclusions for any that could negate coverage for your exposures.
• Set a calendar to re-verify at each renewal and project milestone.
• Maintain a log of all endorsements received and reviewed.
• Train your procurement and legal teams on what to look for.
• When a gap is found, require correction before work proceeds.

This checklist isn't exhaustive, but it covers the most common gaps we see. Adapt it to your specific exposures and contract language. And remember: risk transfer is not a set-it-and-forget-it activity. It requires ongoing attention. But the effort pays off when a claim comes in and the coverage you expected is actually there.