Enforcing vendor compliance requirements is one of the most uncomfortable parts of running a compliance program. The vendor you need to hold for an expired COI may be your best supplier. The subcontractor who let their license lapse may be mid-project on a critical job.
The goal is not to win compliance standoffs — it is to get vendors back to compliant status quickly, with minimal disruption to the business relationship and maximum protection for your organization.
Distinguish Between Types of Non-Compliance
Not all non-compliance is the same. How you respond should depend on what happened.
Document expiration. The vendor's COI, license, or other document expired. This is the most common situation and the most benign. The vendor may not even know their document lapsed. The appropriate response is a direct notification with clear renewal instructions.
Document deficiency. The document exists but does not meet requirements — coverage limits are too low, the wrong entity is insured, or required endorsements are missing. More serious than expiration, because it means past validation was incorrect or requirements were not communicated clearly.
Non-submission. The vendor has not provided a required document at all. This may reflect a new requirement they are unaware of, an oversight on their part, or genuine inability to meet the requirement.
Intentional non-compliance. The vendor knows what you need, acknowledges the requirement, and refuses to comply. This is rare but does happen. It is the situation that requires the most assertive response.
The Communication Framework
The most effective approach to vendor compliance communication is graduated — starting with collaborative and escalating toward enforcement only when necessary.
First Notice: Informational (30–60 days before expiration)
Tone: Helpful, proactive, not urgent.
"Hi [Name], I wanted to give you advance notice that your Certificate of Insurance on file with us will expire on [date]. To avoid any interruption to our work together, please have your broker provide an updated certificate to [contact] before [date]. If you have any questions about our coverage requirements, I'm happy to help."
This notice does most of the work. Vendors who receive advance notice overwhelmingly renew on time.
Second Notice: Action Required (7–14 days before expiration)
Tone: Direct, clear about timeline and consequence.
"Hi [Name], following up on our earlier notice — your Certificate of Insurance expires in [X] days. We do need this on file to continue our engagement without interruption. Please ask your broker to send an updated certificate directly to [contact]. If there are any issues with the renewal, please let me know so we can work through them."
Third Notice: Document Lapsed / Hold Applied
Tone: Factual, not angry. Describes what you are doing and what they need to do.
"Hi [Name], I wanted to let you know that your Certificate of Insurance expired on [date] and we have not yet received a renewal. Per our vendor compliance requirements, we have placed a temporary hold on [new work/payments] until we receive a current certificate. Please contact your broker to issue an updated certificate and send it to [contact]. Once we receive and verify the certificate, we will lift the hold immediately."
Escalation: Multiple Contacts, No Response
After 2–3 communication attempts without response, escalate to the relationship owner — the person in your company who owns the vendor relationship. They can often reach the right person faster than the compliance team can through generic contacts.
When to Apply a Work Hold vs. a Payment Hold
Work hold (stop new assignments or active work):
- Apply when the compliance gap creates genuine liability exposure during active work — expired COI for on-site vendor, lapsed professional license for licensed work
- Most appropriate for construction, facilities, on-site services, and professional services
Payment hold (defer payment of invoices):
- Apply when the compliance gap is around tax documentation — missing W-9, expired tax exemption certificate
- Can be applied as a consequence for persistent non-response after a work hold has failed to produce renewal
Both simultaneously should be reserved for significant, persistent non-compliance — not a routine expired document.
Documenting Enforcement Actions
Document every hold decision:
- The specific compliance gap that triggered the hold
- The date of the hold
- The communications that preceded it
- The person who made the decision
This documentation protects you if the vendor disputes the hold or if the situation leads to a contract dispute. It also provides the audit trail your compliance program needs to demonstrate that enforcement was systematic and consistent.
Releasing the Hold
When a renewed, valid document is received:
- Verify it meets requirements before lifting the hold
- Lift the hold within 24 hours of receiving a valid document — delays here are unfair to the vendor
- Notify the relevant stakeholders that the hold is lifted
- Process any deferred invoices promptly
The hold should feel temporary and resolvable. If vendors experience holds as bureaucratic delays that persist even after compliance is restored, they will start to view your compliance program as adversarial rather than mutual.
When the Relationship Should End
If a vendor repeatedly fails to maintain required compliance, misrepresents their coverage, or is persistently unresponsive to compliance requests, that is relevant information about them as a business partner — not just a compliance problem.
A vendor who cannot maintain basic compliance documents may have financial difficulties, operational problems, or simply a culture of non-compliance that will express itself in other ways. The compliance issue is often a leading indicator.