Skip to main content

illumend CEO: Most Companies Don't Have a COI Process—They Have an Accidental Risk Manager

illumend CEO Kristen Nunery argues that COI compliance fails because of unclear ownership, not complexity and warns that manual workflows create invisible risk that only surfaces after a denied claim or contract dispute.

illumend CEO Kristen Nunery: Most Companies Don't Have a COI Process—They Have an Accidental Risk Manager

In her new article, illumend CEO Kristen Nunery introduces the "Accidental Risk Manager"—a hidden role most prevalent in SMBs—and explains how broken Certificate of Insurance (COI) workflows are creating unrecognized legal and financial exposure for companies.

Read the full article:   "The Accidental Risk Manager" on LinkedIn

Most Companies Don't Have a COI Process. They Have an Accidental Risk Manager.

Most companies don't have a COI process. According to illumend CEO Kristen Nunery, they have an Accidental Risk Manager.

In construction, commercial real estate, retail, energy, and utilities, critical Certificate of Insurance (COI) decisions are routinely made by employees with no formal training, no clear standards, and no supporting systems. Administrative staff, HR coordinators, and operations teams are quietly deciding whether the company is protected or exposed — often without realizing the stakes.

The consequences, Nunery says, aren't theoretical. They show up when a claim is denied, a contract falls apart, or a loss hits the balance sheet.

Why Third-Party Insurance Compliance Fails — and It's Not Complexity

Third-party insurance compliance has become more complex. But complexity isn't the real issue, according to Nunery. The real issue is ownership.

As vendor networks expand and insurance requirements grow more nuanced, companies are pushing critical risk decisions into parts of the business never designed to handle them. Industry data makes the stakes clear:

  • 90% of small business owners are not confident they are adequately insured
  • 51% report being less than "very prepared" to handle risk
  • 96% fail basic insurance knowledge assessments

Now layer that reality onto third-party compliance. The result, Nunery says, is decisions that look administrative on the surface but carry real financial consequences underneath.

How Accidental Risk Managers Are Created — Without Anyone Noticing

The "Accidental Risk Manager" is not a formal role. It's a pattern that shows up across organizations.

Insurance compliance is routinely handed off to operations, HR, finance, or administrative staff. These individuals are expected to interpret dense policy language, validate coverage, and enforce contractual requirements — without training, standards, or support.

They're not just processing documents. They're deciding:

  • Whether a vendor is allowed on-site
  • Whether a claim will be covered
  • Whether the company is exposed

"You're not reviewing paperwork. You're making risk decisions," said Nunery. "And most people in this role were never set up to do that."

Why Manual COI Workflows Create Invisible Risk

The tools most companies rely on — spreadsheets, email, and shared drives — weren't designed for risk evaluation. They've become the default, and they fail in predictable ways:

  • No consistent standards for coverage interpretation
  • No real-time visibility into expiration or gaps
  • No reliable validation against contractual requirements

"Manual interpretation of complex insurance documents doesn't scale," Nunery said. "It creates invisible risk that only becomes visible when it's too late."

This isn't a training problem, she says. It's a structural one.

Collecting COIs Is Not the Same as Validating Coverage

Nunery draws a clear distinction between document collection and actual compliance validation. Most systems in use today are built to collect documents — not evaluate risk. They can store certificates, track expiration dates, and send reminders. But they don't answer the question that actually matters: does this coverage meet the requirement, or not?

"Collecting certificates is not the same as verifying compliance," Nunery writes in the article. "When that gap shows up, it shows up all at once — an uninsured vendor on-site, a denied claim, a contract dispute, or an audit revealing inconsistent enforcement."

Why AI-Native Compliance Platforms Do What Automation Alone Can't

Nunery describes a clear hierarchy in compliance system design: features manage documents, automation accelerates tasks, but capabilities determine outcomes.

AI-native insurance compliance platforms like illumend are designed to interpret and evaluate insurance data at the core — not as a layer on top of legacy document storage. They analyze policy language, compare it against requirements, and identify gaps in real time.

That means:

  • Continuous policy interpretation at scale — AI reads thousands of certificates simultaneously with consistent logic, no fatigue, no variation
  • Real-time requirement matching and gap detection — discrepancies flagged as they arise, not after manual review or downstream failure
  • System-wide risk visibility — compliance data aggregated across entire vendor ecosystems, identifying patterns no individual reviewer could realistically detect

"Automation speeds up tasks. AI changes what's possible," Nunery said. "If your compliance process depends on human interpretation, it will always be inconsistent. AI removes that variability."

In Kristen's Words

"The solution isn't to work harder or be more careful — it's to stop treating compliance like an administrative task. You need clear standards, systems that can evaluate coverage against requirements, and visibility into where you're exposed. Without that, you're not managing risk — you're reacting to it."

— Kristen Nunery, Founder & CEO, illumend