A 500-unit property management company isn't just managing leases and maintenance requests. It's managing a continuous stream of insurance certificates from every vendor who sets foot on any property in its portfolio. HVAC technicians, plumbers, electricians, landscapers, cleaning crews, elevator maintenance companies, parking lot services, capital improvement contractors - each one comes with a COI, each COI has a different expiration date, and each property may have different certificate holder names and minimum coverage requirements.

Add commercial tenants into the mix - retail centers, office buildings, and mixed-use properties commonly require tenants to carry liability insurance and name the landlord as an additional insured - and the administrative load becomes genuinely significant. The average regional property management firm with 20 properties and 40 active vendors is tracking somewhere between 150 and 300 active certificates at any given time, across multiple expiration cycles and coverage types.

This guide is for property managers who are tired of chasing COIs manually, and for developers building integrations with property management systems. We'll cover what you need to collect, where the failure points are, how the major PM software platforms fall short, and how an API-first approach to automated COI verification changes the equation.

Why Property Managers Face a Unique COI Problem

Most industries deal with vendor COIs in a relatively uniform way - you have a standard set of vendors, a standard coverage requirement, and a single certificate holder. Property management breaks every one of those assumptions.

Multiple Properties Mean Multiple Certificate Holders

Every property in a portfolio may be owned by a separate LLC. "Sunset Ridge Apartments LLC," "Lakewood Commons Property Holdings," "Main Street Commercial Partners" - these are real certificate holder names, and they matter. A COI naming the management company instead of the actual property owner LLC is not compliant, even if every coverage limit is correct. This is one of the most frequent COI errors in property management, and it requires a human-readable check, not just a limit comparison.

When you're onboarding a new vendor who works across 12 properties with 12 different LLCs as the named insured, you need either 12 separate COIs or a blanket endorsement that covers all locations - and you need to verify which one you actually received.

Multiple Vendor Types Mean Multiple Coverage Requirements

A residential cleaning crew and a roofing contractor carry fundamentally different risk profiles. The cleaning crew might need $1M general liability. The roofer probably needs $2M general liability, $1M workers compensation, and a certificate for any subcontractors they bring on site. Your pest control vendor needs a pesticide applicator license in addition to standard GL. Your elevator maintenance company may need a specialized service contractor endorsement.

There is no universal coverage checklist. Each trade category needs its own minimum requirements matrix, and that matrix may vary by state, by property type, and by the specific risk profile of the work being done.

Commercial Tenants Add a Second COI Track

Residential property management mostly deals with vendor COIs. Commercial property management - retail, office, industrial, mixed-use - also deals with tenant COIs. Most commercial leases require tenants to carry general liability insurance, name the landlord and property management company as additional insureds, and provide updated certificates annually or upon request.

A retail center with 30 tenants means 30 tenant COIs to collect at lease signing, 30 to re-collect each anniversary, and 30 to check whenever there's an incident. None of this is optional - if a customer slips in a tenant's store and the tenant's insurance has lapsed, the landlord may be exposed.

Maintenance Emergencies Create Verification Pressure

The plumber who shows up at 2 AM for a burst pipe is not going to wait 48 hours while you run down a COI from their broker. This is a real operational tension. Work needs to start immediately, but insurance verification takes time. Property managers who haven't built a proactive vendor pre-qualification system routinely find themselves in the position of either delaying emergency repairs or allowing unverified vendors onto the property. Neither outcome is acceptable.

What COIs to Collect in Property Management

Not every vendor relationship requires the same documentation. Here's how to think about the categories:

Service Contractors - All Trades

Anyone performing work at the property needs a COI before they start. This includes recurring vendors (annual HVAC contracts, monthly landscaping) and one-off vendors (the electrician called in for a specific job). The key document is an ACORD 25 Certificate of Liability Insurance naming the property owner entity as the certificate holder and, ideally, as an additional insured on a primary and non-contributory basis.

Commercial Tenants

Lease agreements for commercial space typically specify minimum coverage requirements, the certificate holder name (usually the landlord entity and property management company), and the requirement to provide a certificate within a certain number of days of lease execution and annually thereafter. For larger tenants or anchor tenants, leases may also require umbrella coverage above standard GL limits.

Capital Improvement Contractors

General contractors hired for significant renovation or capital improvement projects carry higher risk and warrant stricter requirements - typically $2M or higher GL per occurrence, $5M aggregate, builder's risk coverage for the duration of the project, and certificates for all subcontractors. These jobs also typically require additional insured endorsements on the contractor's GL policy, not just blanket additional insured language on a certificate.

Parking and Amenity Vendors

Parking lot management companies, valet services, pool maintenance contractors, fitness center equipment maintenance - these vendors are often overlooked in COI programs because they feel peripheral to the core business. They're not. An incident involving a vendor operating an amenity you've contracted out creates the same liability exposure as any other vendor.

Minimum Limits by Vendor Type

Vendor Type GL Per Occurrence GL Aggregate Workers Comp Auto Liability
General cleaning / janitorial $1,000,000 $2,000,000 Statutory Not required
HVAC / plumbing / electrical $1,000,000 $2,000,000 Statutory $1,000,000 if vehicles used
Landscaping / groundskeeping $1,000,000 $2,000,000 Statutory $1,000,000
Roofing / structural contractors $2,000,000 $4,000,000 Statutory $1,000,000
General contractors (capex) $2,000,000 $5,000,000 Statutory $1,000,000
Commercial tenants (retail/office) $1,000,000 $2,000,000 Statutory (if employees) Not typically required

These are baseline minimums. Your insurance broker and legal counsel should review your requirements matrix annually, particularly as portfolio size and property types change.

The 3 Most Common Property Management COI Failures

In our conversations with property management teams, three failure patterns come up again and again. They're not exotic edge cases - they're routine process failures that happen at predictable points in every vendor relationship.

1. Vendor Starts Work Before COI Is Received

This is the most common failure and the hardest to prevent operationally. A maintenance request comes in, a vendor is dispatched, work begins - and the COI hasn't been verified yet. Maybe the vendor is in your system from a year ago, but their policy renewed and the new certificate hasn't been collected. Maybe they're a new vendor and the onboarding process is still in progress. Either way, a vendor performing work on your property without a verified COI exposes you to direct liability for any incident that occurs during that work.

The fix requires two things: a hard gate in your vendor dispatch system (no work order issued to a vendor without an active verified COI on file) and a fast-path COI verification process so that approval doesn't take two business days.

2. COI Expires During a Long-Term Contract

Annual service contracts - HVAC maintenance agreements, landscaping contracts, elevator service agreements - typically span multiple insurance policy periods. A vendor might sign a 3-year maintenance contract with their annual GL policy renewing each March. If nobody is actively tracking that renewal date, that vendor will be on your property with an expired COI from April through whenever someone notices.

The solution is proactive expiration tracking with automated renewal reminders sent to both your team and the vendor. For more on this, see our guide to tracking COI expiration dates automatically.

3. Certificate Holder Name Is Wrong

The vendor sends a COI. The coverage limits look fine. The expiration date is good. But the certificate holder reads "ABC Property Management" when it should read "Sunset Ridge Apartments LLC." Or it names the right LLC but uses an outdated address. Or it lists the parent holding company but not the specific property entity that owns the building where the work is being done.

This is a soft failure - the vendor does have insurance, but the COI as issued doesn't provide the protection the property owner needs. Certificate holder errors are extremely common and require a verification step that goes beyond just checking coverage limits and dates. You need to verify the named certificate holder against a known list of your property entities.

How Buildium, AppFolio, and Yardi Handle COI Tracking

The major property management platforms all have document storage capabilities, and most allow you to attach documents to vendor records. But document storage is not COI management. Here's the practical reality of each platform:

Buildium allows you to store vendor documents and set document expiration dates manually. You can build a workflow around this - attach the COI, manually enter the expiration date, set a reminder. But Buildium doesn't read the PDF. It doesn't extract coverage limits. It doesn't check whether the certificate holder matches your property entity. Everything beyond file storage requires manual data entry.

AppFolio has similar capabilities - vendor document management with manual expiration tracking. AppFolio's open API does allow third-party integrations to sync vendor data, which creates an integration path for automated COI processing, but AppFolio itself doesn't parse certificates.

Yardi Voyager, being an enterprise platform, has more robust vendor compliance module options. But even Yardi's vendor compliance module typically requires manual data entry for COI details - the sophisticated extraction and compliance scoring still needs to come from an external system.

The gap these platforms share is the same: they can store insurance documents, but they can't tell you whether those documents actually meet your requirements. That requires parsing the PDF to extract structured data, then comparing that data against your requirements matrix. This is exactly the integration gap that a COI parsing API fills - see our COI compliance best practices guide for the full workflow.

Building a Scalable COI System for Property Management

A functional COI management system for a property management company has five components: vendor onboarding, document collection, automated parsing, compliance verification, and renewal management. Here's how each piece works.

Vendor Onboarding Checklist

Before any vendor is added to your dispatch system, they should complete an onboarding process that includes submitting their COI, W-9, license and contractor registration where applicable, and signing your vendor agreement. The COI is a hard requirement - incomplete vendor files should not be activated in your system.

Your vendor onboarding form should collect the vendor's broker contact information along with the COI. When renewal time comes, you want to be able to contact the broker directly rather than waiting on the vendor to forward documents.

Automated Ingestion via API

Once a COI PDF is received - whether via email attachment, vendor portal upload, or direct broker submission - it should be immediately pushed through a parsing API. The API extracts every structured field from the ACORD form: insurer names, policy numbers, coverage types, per-occurrence limits, aggregate limits, effective dates, expiration dates, certificate holder name and address, additional insured status, and any special endorsements noted in the description of operations.

This extraction takes seconds and eliminates the manual data entry step entirely. The extracted JSON goes directly into your compliance database.

Compliance Verification Against Property Requirements

With structured data in hand, automated compliance checking is straightforward. Your system compares the extracted fields against your requirements matrix for that vendor type and property. Does GL per occurrence meet the minimum for this trade? Is the certificate holder name an exact or near-match for the owning entity? Is the expiration date at least 30 days in the future? Is the property management company listed as an additional insured?

Any field that fails a check flags the COI for human review. COIs that pass all checks are automatically approved and activate the vendor's status in your PM software.

Renewal Reminders Per Property

The parsed expiration date feeds directly into your renewal reminder workflow. Automated notifications go out at 60 days, 30 days, and 14 days before expiration - first to the vendor, then to your team if the vendor hasn't responded. If a COI expires without renewal, the vendor's status in your dispatch system is automatically suspended until a new certificate is on file.

Sample API Workflow for Property Managers

Here's what the core integration looks like in practice. Your property management application receives a COI PDF (via email webhook, vendor portal, or direct upload), posts it to the parsing API, and gets back structured JSON to drive compliance decisions:

// 1. POST the COI PDF to the parsing endpoint
const response = await fetch('https://api.coiparseapi.com/v1/parse', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer YOUR_API_KEY',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    pdf_url: 'https://your-storage.com/cois/vendor-abc-2026.pdf',
    property_id: 'prop_sunset_ridge_001'
  })
});

const coi = await response.json();

// 2. Parsed JSON includes all ACORD fields
// {
//   "certificate_holder": "Sunset Ridge Apartments LLC",
//   "insured": "ABC HVAC Services Inc",
//   "general_liability": {
//     "each_occurrence": 1000000,
//     "aggregate": 2000000,
//     "effective_date": "2026-01-01",
//     "expiration_date": "2027-01-01"
//   },
//   "workers_compensation": {
//     "el_each_accident": 1000000,
//     "effective_date": "2026-01-01",
//     "expiration_date": "2027-01-01"
//   },
//   "additional_insured": true,
//   "compliance_score": 94
// }

// 3. Check against your property requirements
const requirements = await getPropertyRequirements('prop_sunset_ridge_001', 'hvac');
const isCompliant = (
  coi.general_liability.each_occurrence >= requirements.gl_per_occurrence &&
  coi.general_liability.aggregate >= requirements.gl_aggregate &&
  coi.certificate_holder === requirements.entity_name &&
  new Date(coi.general_liability.expiration_date) > new Date() &&
  coi.additional_insured === true
);

// 4. Update vendor status in your PM system
await updateVendorStatus({
  vendor_id: 'vendor_abc_hvac',
  property_id: 'prop_sunset_ridge_001',
  coi_status: isCompliant ? 'approved' : 'flagged',
  expiration_date: coi.general_liability.expiration_date,
  parsed_data: coi
});

The compliance score returned by the API gives you a quick signal on overall certificate quality before you run your own requirement checks. A score below 70 usually indicates missing fields or unusual formatting that warrants closer human review.

Tenant COI Management for Commercial Properties

Commercial property management adds a second COI track that operates on a different rhythm than vendor COIs. Tenant certificates are governed by lease language, collected at deal close, and renewed annually - often tied to lease anniversary dates rather than calendar year insurance renewals.

What Commercial Leases Typically Require

A standard commercial lease COI requirement will specify: general liability with per-occurrence and aggregate limits (usually $1M/$2M for retail, potentially higher for food service, medical, or other higher-risk uses), property insurance on tenant improvements and business personal property, workers compensation if the tenant has employees, and an umbrella or excess liability policy for larger tenants or those with higher customer traffic.

The lease will also specify the additional insured requirement - usually the landlord entity, the property management company, and any lenders with a mortgage on the property. Failing to name a lender as required by the mortgage agreement is a lease default in many agreements.

NNN Leases and Tenant Insurance Compliance

Triple-net (NNN) leases, common in retail and industrial real estate, put more responsibility on the tenant - they pay taxes, insurance, and maintenance costs directly. This means the tenant's own property insurance coverage is critical, not just their GL. ACORD 28 (Evidence of Commercial Property Insurance) is the relevant certificate form for property insurance, and you'll need to collect both ACORD 25 and ACORD 28 for NNN tenants.

Handling Subtenants

When a commercial tenant sublets part of their space, the sublease typically flows down the insurance requirements from the master lease. As the property manager, you should require the master tenant to provide evidence that any sublessee also meets your insurance requirements, or require the sublessee to provide a COI directly to you. This is often overlooked and creates compliance gaps when incidents involve subtenants.

A note on certificate holder accuracy for commercial properties: If your retail center is owned by a REIT, the certificate holder name requirements can be complex - the REIT may have a separate property LLC, a management company, and a lender, all of whom need to appear on the certificate in specific ways. Build your entity name database carefully and validate every incoming certificate against it.

Putting It Together: The Property Management COI Stack

The property managers who handle COI compliance well aren't working harder than those who don't - they've built better systems. The difference between a compliant portfolio and a liability-exposed one usually comes down to three decisions: requiring proof of insurance before allowing any work to begin, actively tracking expirations rather than reactively chasing renewals, and using structured data rather than stored PDFs as the basis for compliance decisions.

An API-first approach to COI parsing makes all three of those decisions operationally easy. You don't need to build a custom document review process, hire additional administrative staff, or purchase a standalone COI tracking platform. You need an integration between your vendor intake process and a parsing API that returns structured JSON, and a set of compliance rules that run against that JSON automatically.

The result is a vendor COI program that scales with your portfolio - whether you're managing 5 properties or 500 - without adding proportional administrative overhead.

For more on the full verification workflow, see our guide to automating COI verification and our breakdown of COI compliance best practices.