A certificate of insurance answers one question: on the day it was issued, did a policy exist? That's all it certifies. It's a snapshot of a moment, prepared for convenience, of a document it doesn't contain.

Everything that determines whether a claim actually gets paid lives somewhere the certificate can't show you. Exclusions that carve out the very operations the vendor performs for you. Sublimits that quietly reduce a $2 million line to a fraction of it for the loss types you actually face. Endorsements that modify — or gut — the coverage the declarations page appears to promise. Conditions that void coverage if notice arrives late or a warranty goes unmet. None of this appears on a COI. All of it decides the outcome.

The industry knows this. Ask any claims professional where coverage disputes are won and lost and they will not point to the certificate — they'll point to the endorsement schedule and the exclusions section, the pages that arrive after the certificate has already been filed and forgotten.

Yet most vendor compliance programs stop at the certificate. Collect it, check the limits against the contract, file it. The process verifies that paperwork exists — not that protection does. The result is a compliance file full of vendors who are certified, and an unknown number of them who are actually covered.

The process verifies that paperwork exists — not that protection does.

The difference matters most at the worst possible time. A vendor's uninsured loss doesn't stay the vendor's problem; it climbs the contract chain to whoever hired them. The company that diligently collected certificates discovers, mid-claim, that diligence measured the wrong thing.

Reading the whole stack — declarations, endorsements, exclusions, schedules — is the only way to know what a vendor's insurance actually does. It's slower than filing a certificate. It's also the difference between knowing a policy exists and knowing who's actually protecting you.