This question was posted to our Ask an Expert Service, a members' only benefit of the Big "I" national which is staffed by more than 50 volunteer industry experts:

What do the following terms have in common:

• Statement of insurance,
• Digital insurance confirmation, and
• Certificate of insurance (COI)?

Nothing. The first two are attempts by third parties to circumvent insurance laws and regulations to improperly entice an agency into giving them policy information. The last, the COI, is the method by which insurance agents are authorized to provide evidence of insurance to a third party at the direction of the insured. Providing insurance information outside of statutorily approved means is dangerous on many levels.

Several states recently have contacted IIABA with concerns over a new requirement from CBRE, a large property management firm. CBRE is attempting to change the rules of the insurance verification game, bypassing the statutorily approved COI by “requiring" the use of a new insurance verification platform developed by Certifical.

CBRE wants agents to directly upload policy information to them from the agency's management system rather than supply the information via a filed and approved (in many states) certificate of insurance. Agents are receiving notices that read:

==============

DIGITAL INSURANCE VERIFICATION (DIV) REQUEST

Dear [Agent],

Please be advised that your insured, [Named Insured] is required to complete a supplier risk assessment for its client CBRE - GWSA which is performed by GRMS. 

As part of that risk assessment, GRMS must validate that [Named Insured] maintains insurance coverages and limits that meet or exceed those required by CBRE - GWSA.

In the past, agents would provide a point in time Certificate of Insurance (COI) to evidence this insurance.  Effective immediately, CBRE - GWSA no longer accepts COIs for verification.  All insurance verifications must be completed digitally.

Our new digital insurance verification process powered by Certificial is fast, easy and free to insurance agents….

==================

Insurance agents are bound by and required to comply with the laws and regulations of the states in which they are licensed. The legally approved method by which agents can provide proof of insurance to third parties is through the use of certificates of insurance.

ACORD 25 contains the information agents can legally provide to a third party. About two-thirds of the states regulate the use of COIs, including what a licensed agent can and cannot include on the form. Many if not most of the states that have enacted COI laws apply those laws to parties beyond just the agents; third parties requesting a COI are also subject to the penalties prescribed in these COI statutes. 

As the insurance buyer's agent, there are no legal obligations or duties to provide information to third parties who are not a party to an insurance policy/contract. In fact, providing information to a third party by means other than an COI could subject the agency to significant legal exposure from civil suits and regulatory violations, up to and including possible breach of privacy. By providing confidential information to a third party via the agency management system, the agency could be in violation of federal and state data privacy laws.

In addition, opening the agency management system to third parties invites invasion by an outside party. Giving a third party access to the agency's systems creates a significant risk of cyber liability exposure.

What does the agency need to consider when faced with a request such as CBRE's?

• Is agreeing to participate in these types of systems really in the customers' best interest?
• Has the agency discussed this potentially non-statutory request with the customer?
• Does the agency have permission from the customer to allow a third party to have virtually unfettered access to their personal and commercial business private information?
• Has the agency discussed the personal, professional and legal liability exposure with an attorney?
• Has the agency considered the errors and omissions exposures created by agreeing to give a third party access to the agency management systems?

While the third party may tout this system as making it easier for the agency to provide the requested information, they are not necessarily entitled to the information.

Participating in any attempt to circumvent the insurance verification statutes creates exposures from both an errors and omissions and regulatory standpoint. While participating may appear to make the agency's job easier, it may create an unreasonable risk.