Can I Issue My Own Certificate of Insurance? What You Need to Know

No, you cannot issue your own certificate of insurance. Attempting to do so constitutes insurance fraud, and the consequences range from contract termination to federal criminal charges that may carry a prison sentence.

That answer might feel harsh for a question that usually comes from a perfectly reasonable place, though. Contractors and small business owners who need a COI quickly are often just trying to keep a project moving. They don’t fully understand where a certificate of insurance actually comes from or how fast a legitimate one can be obtained. The confusion is common, and it’s worth cleaning up.

A COI has to be generated by a licensed insurance company or authorized broker. The process is faster than most people expect, and understanding how it works protects you on both sides of the transaction, whether you’re the one providing proof of coverage or the one verifying it.

This guide covers who can legally issue a certificate of insurance for your business, how to get one, what a legitimate COI looks like, and what happens when someone tries to fake one.

Why You Can’t Issue Your Own Certificate of Insurance

Only a licensed insurance company or authorized broker can issue a certificate of insurance. The document derives its entire value from the insurer’s ability to confirm that a policy exists and that it contains what the certificate says it contains. That authority belongs to the insurer alone.

The ACORD 25 form, which is the standard COI format used across the United States, gets issued by the insurer or broker on behalf of the policyholder. In practice, the insurance broker or agent most often generates and delivers the certificate directly on behalf of their client. The insured party receives the completed certificate and passes it along to whoever requested it.

This structure exists for a very straightforward reason. A self-insured COI would be worthless as a verification tool because it could say anything. Property and casualty insurance fraud costs the United States nearly $90 billion each year, accounting for roughly 12% of all property and casualty premiums collected. The requirement that COIs come from licensed providers is one of the structural safeguards that keeps misrepresentation of coverage in check.

The practical upside is that getting a legitimate COI is faster than most contractors expect. Brokers can generate and deliver a completed certificate on behalf of their clients the same day a request comes in, and many insurers now offer online portals where policyholders can download one directly.

What Happens if You Use a Fake Certificate of Insurance

Submitting a fraudulent certificate of insurance is insurance fraud, a criminal offense that carries consequences well beyond losing a contract. Insurance fraud costs the U.S. economy $308.6 billion per year, making it the second-largest category of white-collar crime in the country behind only tax evasion. Fabricating a COI puts a contractor squarely inside that category.

The criminal exposure is severe. Among all white-collar crimes prosecuted in federal courts from 1986 through 2024, insurance fraud carried the longest average prison sentence of 84 months. That’s more time served than arson for profit, investment fraud, and every other category of financial crime. State-level charges compound that exposure further, with most states treating insurance fraud as a felony.

The civil exposure is just as severe. A contractor who uses a fraudulent COI to gain access to a job site carries full uninsured liability for any incident that occurs while they’re on it. Construction recorded 1,075 fatal occupational injuries in 2023 alone. An uninsured contractor involved in one of those incidents faces personal financial ruin with no policy to respond to the claim.

Workers’ compensation fraud illustrates the scale of the premium fraud problem specifically. Workers’ comp fraud costs the U.S. more than $34 billion per year, with premium fraud including fraudulent certificates accounting for $25 billion of that total.

Beyond criminal and civil exposure, the business consequences are immediate. Contract termination, blacklisting by GCs and project owners, and loss of contractor licensing are standard outcomes. Recovery from any one of those is difficult. Recovery from all three simultaneously is almost impossible.

Hiring parties carry their own exposure here. GCs and project owners who fail to verify COI authenticity before allowing a contractor on site can face partial liability when an uninsured incident occurs. COI tracking software like CertFocus by Vertikal RMS helps flag suspicious certificates before they create that exposure, checking carrier legitimacy against the NAIC database and verifying that policy details are internally consistent.

How to Get a Certificate of Insurance for Your Business

Getting a COI is easy once you have an active insurance policy. Your insurer or broker handles the generation and delivery. Your job is to give them what they need to produce an accurate certificate. Here’s how the process works:

1. Contact your insurance agent or broker and request a COI: Reach out directly to whoever manages your policy and let them know that you need a certificate. Most brokers handle COI requests routinely and treat them as a standard part of their service. Have your policy information ready in case they need to confirm coverage details before generating the document.
2. Provide the certificate holder’s name and address: The certificate holder is the party requesting proof of your insurance, typically a GC, project owner, or property manager. Their legal name and address need to appear on the certificate accurately. A mismatch between the certificate holder name and the contracted entity name can create complications if a claim is ever disputed.
3. Specify any endorsements your contract requires: This is the step most contractors miss. Your contract may require additional insured status, a waiver of subrogation, or primary and non-contributory language. Pass those requirements to your broker explicitly so they can attach the correct endorsements to your policy before the certificate is generated. A COI that doesn’t reflect the required endorsements will get rejected.
4. Confirm the description of operations language: Some contracts require project-specific wording in the description of operations field on the ACORD 25 form. If your contract specifies exact language, provide it to your broker word for word. Generic descriptions can create ambiguity about whether coverage applies to a specific project.
5. Receive your completed ACORD 25: Your broker will deliver the finished certificate, typically within a business day. Review it before passing it along to the certificate holder. Verify that the coverage types, limits, dates, and endorsements all match what your contract requires.

Many insurers now offer online portals where policyholders can generate and download COIs directly without contacting their broker at all. Turnaround through these portals is often immediate.

For subcontractors working with GCs who use CertFocus by Vertikal RMS, the process is even more direct. The platform includes a vendor self-service portal where subs upload completed certificates straight to the compliance system. Your broker generates the COI, you upload it through the portal, and the GC’s compliance team gets an automatic notification. The back-and-forth that typically slows down the process on both sides gets cut out entirely.

What a Legitimate Certificate of Insurance Looks Like

Every legitimate COI follows the ACORD 25 format, which is the standardized one-page document used by insurers and brokers all over the United States. Knowing what a properly completed ACORD 25 contains makes it significantly easier to spot a certificate that’s been altered, fabricated, or improperly issued.

A completed ACORD 25 includes the following fields:

• Named insured: The legal name of the contractor or subcontractor carrying the coverage. This must match exactly the name on your contract with that party.
• Certificate holder: The party requesting proof of insurance. Their legal name and address appear in the bottom left corner of the form.
• Insurer name and NAIC number: The insurance carrier providing each policy, along with their National Association of Insurance Commissioners (NAIC) identification number. The NAIC number is what lets you verify the carrier is licensed and financially solvent.
• Policy types and numbers: Each line of coverage listed separately with its own unique policy number.
• Effective and expiration dates: The active coverage window for each individual policy. Different policy types carry different expiration dates.
• Coverage limits: Per occurrence and aggregate limits for each policy type.
• Description of operations: The field where endorsements, additional insured status, waivers of subrogation, and any project-specific requirements get documented.

Several red flags suggest a certificate may be fraudulent or improperly issued, and it’s worth knowing what to look for.

A missing or invalid NAIC number is one of the clearest warning signs. Every legitimate carrier operating in the United States has an NAIC number, and you can verify it against the NAIC’s public database in seconds. A certificate that leaves that field blank or lists a number that doesn’t return a valid carrier should be treated as suspect until confirmed.

Coverage dates that don’t align internally are another flag. If a certificate shows a policy effective date that falls after the date the certificate was issued, or an expiration date that has already passed, the document warrants a direct call to the broker or insurer to verify.

Endorsement language in the description of operations that contradicts what the underlying policy contains is harder to catch without insurance expertise, but it’s one of the most common ways improperly issued certificates create exposure. A certificate can state that additional insured coverage is in place while the actual policy contains an exclusion that nullifies it.

Verifying that the endorsements listed on the certificate are really attached to the policy requires either a direct request for endorsement copies or a platform like CertFocus by Vertikal RMS. Our credentialed insurance professionals are trained to review exactly that discrepancy on every certificate that comes through.

How to Use the NAIC Database to Verify a Carrier

The NAIC’s public database is a free tool anyone can use to confirm that an insurance carrier is legitimate, licensed, and financially active. Here’s how to use it:

1. Go to the NAIC Consumer Insurance Search tool: It’s publicly accessible with no account or login required.
2. Search by company name or NAIC number: The NAIC number appears on the ACORD 25 form next to each carrier listed on the certificate. Searching by number is faster and eliminates any ambiguity around similarly named carriers.
3. Confirm the carrier is licensed in your state: A carrier can be legitimate at the federal level but unlicensed to write policies in your state. The search results show which states the carrier is authorized to operate in.
4. Check the carrier’s financial strength rating: The NAIC database links out to AM Best rating information for most carriers. An AM Best rating of A- or better is the standard threshold most commercial contracts require. Carriers rated below that threshold carry meaningful financial risk, and a policy backed by an insolvent carrier offers no real protection when a claim is filed.
5. Check for any regulatory actions: The NAIC database will show you regulatory complaints and actions filed against carriers. A carrier with a significant complaint history or active regulatory action is worth flagging before you accept their certificate.

The entire process takes under five minutes on a single carrier. For teams managing large subcontractor rosters, CertFocus by Vertikal RMS runs this verification automatically on every incoming certificate, so your team doesn’t have to do it manually.

What Is a Certificate of Self-Insurance?

A certificate of self-insurance is a document issued by a state government agency confirming that an entity has been approved to self-insure rather than purchase coverage through a traditional insurance carrier. Self-insurance means the entity assumes direct financial responsibility for claims rather than transferring the risk to an insurer.

Large corporations and government entities are the parties most likely to hold self-insurance certificates. Qualifying typically requires demonstrating substantial financial reserves and meeting state-specific approval criteria. A company with a $500 million balance sheet might qualify to self-insure its workers’ compensation obligations in states that permit it. A subcontractor working on their third year in business almost certainly does not.

When a counterparty presents a certificate of self-insurance in place of a standard ACORD 25, your review process changes. There’s no carrier to verify against the NAIC database and no AM Best rating to check. What you’re evaluating instead is the financial strength of the entity itself and whether the state approval backing the certificate is current and valid.

Most commercial construction contracts specify that coverage must be placed with a carrier meeting minimum AM Best rating requirements, which a self-insured entity can’t satisfy by definition. If your contract contains that language, a certificate of self-insurance doesn’t meet your requirements regardless of the financial standing of the party presenting it. Review your contract language before accepting one in place of a traditional COI.

Certificate of Insurance Requirements for Small Businesses

The COI requirements a small business or contractor needs to meet depend entirely on what their contracts require and vary significantly by industry. That said, certain coverage types appear consistently across commercial contracts regardless of industry, project size, or client type.

Most GCs and project owners require the following coverage types before a contractor sets foot on a job site:

• Commercial general liability (CGL): The baseline coverage for third-party bodily injury and property damage claims. Most contractors set minimums of $1 million per occurrence and $2 million in aggregate.
• Workers’ compensation: Legally required in almost every state for contractors with employees. Some clients require it even for sole proprietors, depending on the scope of work.
• Commercial auto: Required for any contractor operating vehicles as part of their work. Personal auto policies don’t cover business use.
• Umbrella or excess liability: Layers additional coverage over primary policies. Larger projects routinely require $2 million to $5 million in umbrella limits on top of primary CGL.

The problem is that a significant portion of small contractors enter commercial relationships without coverage that actually meets those requirements. Three-quarters of U.S. small businesses are underinsured, and over 70% don’t fully understand what their business insurance covers.

A separate study found that 29% of small business owners carry no business insurance at all. Submitting a COI that doesn’t meet contract minimums doesn’t just delay the job. It signals to the hiring party that the contractor hasn’t done the basic preparation the work requires.

Beyond coverage types and limits, nearly every commercial contract also requires an additional insured endorsement. The hiring party wants to be named on the contractor’s policy so the contractor’s insurer responds to claims arising from the contractor’s work. In construction specifically, a COI without that endorsement attached to the underlying policy will get rejected. Other industries vary on how strictly they enforce the separate endorsement requirement, but construction contracts leave very little room for ambiguity on this point.

Requirements scale considerably with project size. Only 13% of small business owners say they feel completely prepared to face potential business risks, and that gap becomes visible fast when a large GC’s compliance requirements land in their inbox. Large general contractors go well beyond basic insurance verification. They evaluate financial stability, safety performance through EMR ratings, and past project history before approving a subcontractor for their roster.

PreQual by Vertikal RMS is the platform those GCs use to manage that prequalification process, and meeting their requirements starts with having the right coverage in place before the conversation begins.

How to Check if a Contractor is Insured

Requesting a certificate of insurance is the first move before any contractor can begin work on your project. A properly insured contractor should be able to produce a completed ACORD 25 quickly. Hesitation or delay on that request is a red flag in its own right.

Before you even review the certificate, confirm that the name on the document matches the legal entity you contracted with exactly. A contractor operating under DBA, a parent company, or a recently named business can produce a perfectly valid COI that doesn’t actually cover the entity doing work for you. Get the legal name right before anything else.

Once you have the certificate in hand, work through these steps:

1. Verify the carrier against the NAIC database: Visit the NAIC’s public database and look up the carrier name and NAIC number listed on the certificate. Confirm the carrier is licensed in your state and currently in good standing. If the carrier doesn’t appear in the database, stop there. CertFocus by Vertikal RMS checks every incoming certificate against AM Best financial strength ratings automatically, which goes a step further than licensing verification alone.
2. Check that coverage dates cover your full project timeline: Review the effective and expiration dates on every policy line individually. A contractor can be insured for general liability but carry an expired workers’ compensation policy. Each line needs to clear independently, and the coverage window needs to extend through the full duration of the work your contract covers.
3. Confirm coverage limits meet your contract requirements: A contractor can carry active, legitimate insurance that still falls below the minimums your contract specifies. Verify per occurrence and aggregate limits on every coverage type your agreement requires. Pay particular attention to umbrella limits on larger projects, where primary limits can be exhausted by a single serious incident.
4. Review the description of operations field carefully: This is the section where endorsements, additional insured status, and project-specific requirements get documented. Generic language like “additional insured as required by written contract” without a specific form number gives you limited protection if a claim goes to dispute. Look for specific ISO endorsement form numbers rather than blanket statements.
5. Request copies of required endorsements: Some organizations routinely request the actual endorsement forms to confirm that additional insured status, waiver of subrogation, or primary and non-contributory coverage is genuinely attached to the underlying policy. Others rely on the certificate language alone. The more your contract requirements, the stronger the case for requesting endorsement copies directly from the broker.

That process is thorough, and on a single contractor it’s manageable. The problem starts when you’re running it across dozens, hundreds, or thousands of subcontractors simultaneously.

What to Do When a COI Doesn’t Meet Your Requirements

When a COI fails your verification review, send it back with specific, detailed feedback before work begins. The contractor needs to know exactly what’s deficient and what you need from them to resolve it.

Go back to the person who submitted the certificate and be specific. Telling a sub their COI “doesn’t meet requirements” sends them back to their broker without enough information to fix the problem. Tell them exactly what’s missing, like:

• The CG 20 37 endorsement isn’t attached
• The aggregate limit is $1 million short of your contract requirement
• The certificate holder’s name doesn’t match the contracting entity

The more specific your rejection, the faster they can come back with a compliant certificate.

Give them a clear deadline. A reasonable turnaround for a corrected COI is two to three business days. Most brokers can make endorsement changes and generate an updated certificate within that window. If a sub can’t produce a compliant certificate within that timeframe, that’s useful information about how they manage their business obligations generally.

There are situations where a sub genuinely can’t meet your requirements without changes to their underlying policy, though. Adding a completed operations endorsement, for example, requires a policy modification that takes longer than a simple certificate reissue. In those cases, confirm a realistic timeline with the broker directly rather than waiting on the sub to relay information back and forth.

The one thing you shouldn’t do is let work begin before the deficiency is resolved. A verbal assurance that the endorsement is “in process” doesn’t transfer any coverage. Until the corrected certificate is in your hands and verified, the compliance gap is still open.

What Happens When a COI Expires

A COI expiration doesn’t automatically mean a contractor’s coverage has lapsed. It means the certificate documenting that coverage is no longer current proof of what’s in force. The contractor’s underlying policies may have renewed on the same schedule, but you have no documentation of that until they provide an updated certificate.

From a compliance standpoint, an expired COI is treated the same way as no COI at all. If an incident occurs and the most recent certificate on file has passed its expiration date, your ability to demonstrate that coverage was verified and current at the time of the incident is compromised.

The practical implication is that tracking expiration dates across your entire subcontractor roster is as important as the initial verification. A sub you approved six months ago with a fully compliant certificate can quietly fall out of compliance when their workers’ comp renews at a lower limit or their additional insured endorsement doesn’t carry over to the new policy term.

Reaching out to subs before their certificates expire gives them enough lead time to work with their broker on renewal and deliver an updated certificate before the old one lapses. Thirty days is the standard notice window. It’s enough time for a broker to process a renewal and generate new documentation without creating a gap in your compliance records.

For teams managing large subcontractor rosters, manual expiration tracking is where compliance programs tend to break down first. CertFocus by Vertikal RMS monitors expiration dates across your entire roster and sends automated alerts before policies lapse, so your team is working ahead of expirations rather than catching up to them.

Why COI Verification Breaks Down at Scale

Done properly, the verification process above takes meaningful time on a single certificate. Now multiply it across a roster of 200 active subcontractors, each carrying four or five separate policies with staggered expiration dates, and the math stops working.

Vertikal RMS’s own data shows that 7 out of 10 COIs received from vendors are out of compliance in at least one area. At volume, that deficiency rate means compliance gaps are accumulating faster than any manual process can realistically catch them. A project manager who is also responsible for scheduling, budget tracking, and field coordination can’t pull endorsement copies and cross-reference policy documentation on every incoming certificate.

The endorsement verification step is where manual processes fail most visibly. Confirming that a CG 20 37 is actually attached to a policy, or that a waiver of subrogation covers the right parties, requires genuine insurance expertise. A compliance coordinator working a spreadsheet doesn’t have that expertise, and a spreadsheet doesn’t send alerts when a workers’ comp policy lapses at midnight before a Monday morning crew shows up.

CertFocus by Vertikal RMS manages every step of the verification process across your entire subcontractor roster. Hawk-I AI processes incoming certificates in seconds and flags deficiencies before they become exposures. Credentialed insurance professionals holding CIC, CPCU, CISR, and CRIS designations review the complex requirements that automated systems miss.

What Do Insurance Verification Companies Do

Insurance verification companies manage the process of collecting, reviewing, and monitoring certificates of insurance on behalf of businesses that require proof of coverage from their vendors, subcontractors, or tenants. They take the compliance burden off internal teams and replace manual tracking processes with dedicated expertise and purpose-built technology.

The core services an insurance verification company handles typically include:

• Certificate collection: Requesting COIs from third parties, following up on missing or expired certificates, and maintaining a centralized repository of all documentation.
• Compliance review: Verifying that each certificate meets the specific requirements set by the client’s contracts, including coverage types, limits, and endorsements.
• Endorsement verification: Confirming that endorsements listed on a certificate are actually attached to the underlying policy, not just referenced in the description of operations field.
• Expiration monitoring: Tracking policy expiration dates across an entire vendor or subcontractor roster and alerting clients before lapses occur.
• Carrier verification: Confirming that the carrier backing each policy is licensed, financially solvent, and meets any AM Best rating requirements specified in the client’s contracts.

What separates insurance verification companies from generic document management platforms is insurance expertise. Catching a missing CG 20 37, identifying a scheduled waiver of subrogation that doesn’t name the right party, or flagging a carrier whose AM Best rating has dropped below contract requirements requires people who understand insurance.

CertFocus by Vertikal RMS combines both. Hawk-I AI handles document processing and initial compliance checks at scale. Credentialed insurance professionals holding CIC, CPCU, CISR, and CRIS designations review the requirements that automated systems miss. The result is compliance rates above 90% across a client base.

Getting COIs Right From the Start

A certificate of insurance has to come from a licensed insurer or broker. There’s no shortcut, and attempting to create one outside that process creates legal and financial exposure that far outweighs whatever problem the shortcut was meant to solve.

For contractors, the process of getting a legitimate COI is faster and simpler than most expect. For the businesses on the receiving end, the harder job is verifying that incoming certificates are accurate, complete, and backed by policies that actually contain what they claim to contain.

That’s the problem CertFocus by Vertikal RMS is built to solve. If your team is managing COI compliance across a large vendor or subcontractor roster, it’s worth seeing how the platform handles it.