How can you protect your business from financial loss, reputational damage and regulatory scrutiny related to your third-party vendors? One step is to require that your vendors carry the proper insurance coverage.
Most contracts require a vendor to provide proof of their insurance coverage. Yet problems arise when companies fail to monitor if those vendors have the proper coverage.
What Kinds of Insurance are Required?
Vendors in the United States must have Worker’s Compensation and liability insurance. Worker’s Compensation is accident insurance paid by employers while liability insurance protects your organization from the risks of liabilities from lawsuits.
Jay Fitzhugh, EVP and Chief Regulatory Officer for CMPG Risk Solutions, warns that insurance requirements may vary by industry. He suggests financial institutions and other organizations require vendors to have:
- Professional Liability Insurance/Errors and Omissions (E&O) that protects against claims of inadequate work or negligent actions
- Crime Insurance that protects vendors from losses due to petty theft, burglary, extortion, fraud and robbery
- Cyber insurance as an internal rider within other policies to cover the cost for computer and data loss restoration, notification costs and credit monitoring due to mismanagement of customer information
Protect yourself by verifying that your vendors have suitable insurance coverage. This offers a layer of protection that goes beyond Worker’s Comp and general liability insurance.
Pay Attention to the Limits and Aggregates
“Most third-party organizations appear to have appropriate coverage,” says Fitzhugh. “The problem is most clients don’t understand the extent of their vendors’ insurance coverage.”
Some companies have a generic expectation that a vendor should just have insurance. Having coverage, however, is not necessarily enough to ensure that many potential exposures are avoided. Pay attention to the limitations and aggregates of coverage.
For instance, is your cyber insurance rider enough to handle a data breach? A limited scope may be enough for a small vendor who only has 50 customers. If a vendor has millions of customers, however, a low limit can be a problem. “It can cost over $100 per customer for an account that’s been compromised,” explains Fitzhugh. “Are you able to cover $0.5 on the dollar? $0.75?”
“There needs to be deeper analysis at the company level of your vendors’ insurance coverage,” says Fitzhugh. Don’t just determine that your vendors are covered — make sure they’re covered enough.
VendorInsight®’s VendorEval™ reports include certificates of Insurance (COIs) as part of the Onboarding Review Package. The certificates are uploaded into the VendorInsight® system to determine if they satisfy policy requirements for insurance coverages.
Request a demo today to learn how VendorInsight® can help you gather, review and maintain your vendors’ proof of insurance.