Posted on

Third-Party Risk Management in Construction: How Risk Transfer Breaks (And How To Fix It)


Why “Compliant” Doesn’t Mean Protected

Here’s the hard truth many teams learn too late:

Organized ≠ protected. You can have every COI on file, renewal alerts firing like clockwork, and dashboards showing green across every project—and still be exposed to a six-figure claim the moment an unverified exclusion surfaces.

It’s the reality Kier Construction faced. Their team believed their insurance compliance process was solid, until Jones’ auditors ran the first review and found that only 7% of subcontractors actually met requirements.

For the other 93%, the issue wasn’t missing certificates. It was policy language buried in endorsements and exclusions that quietly shifted the risk back onto Kier.

The certificates were there. The protection wasn’t.

Kier was fortunate. They caught these issues before a claim materialized—not by luck, but because they made a strategic decision to track exclusions and verify coverage at the policy level, not just the certificate level. That choice gave them visibility into risk gaps while there was still time to fix them.

What Third-Party Risk Transfer Really Means

Risk transfer doesn’t happen because a COI exists. It happens when contracts, coverage, and verification align:

  • Contract language defines responsibility
  • Insurance requirements fund that responsibility
  • Verification confirms the coverage actually matches the contract

Most teams handle the first two well. Verification is where they fail.

Common verification failures:

  • A subcontractor’s GL policy excludes residential work on a mixed-use project
  • An umbrella policy that doesn’t follow form with the primary, creating a coverage gap at the worst possible layer
  • An additional insured endorsement that grants status only for ongoing operations, leaving the GC exposed once work is complete

Contracts have also become more specific about risk transfer over the last decade. That means managing third-party risk is partly a documentation and workflow problem: signed agreements, insurance exhibits, COIs and the files that make responsibilities enforceable.

But most compliance systems stop at organizing paperwork—they track documents, not the coverage details that determine whether risk transfer actually holds.

That’s where even sophisticated teams discover their vulnerability: the moment a claim hits and policy language becomes the only thing that matters.

The Comfort Trap: When Compliance Looks Like Risk Transfer

Most COI tracking solutions help you collect certificates, send reminders, and check boxes.

They make insurance compliance look clean: one system to gather COIs, automate renewals, and display compliance in tidy dashboards.

For most teams, that automation genuinely saves time. But it also creates a dangerous illusion: if everything is organized, the risk must be transferred.

Where “COI tracking” stops and risk transfer breaks

COI tracking solves the logistics problem:

  • Collect certificates at scale
  • Automate renewals and reminders
  • Centralize documentation
  • Keep projects moving

Third-party risk transfer breaks in the space between what your contract requires and what the policy language actually provides. That gap isn’t process friction. It’s where uncovered claims come from.

Why tracking isn’t enough

To actually reduce risk, you need interpretation. Jones auditors have analyzed over 1.5 million COIs with 99.5% accuracy. Here’s what that work consistently shows:

The biggest compliance failures aren’t about missing paperwork. They’re about missing context.

You won’t reliably see these issues on a COI. They’re often buried in endorsements, exclusions, and forms—the details many COI tracking solutions never validate.

A COI is not a risk transfer instrument. It’s designed to show what a policy covers, not what it excludes. It might state “Additional Insured per attached endorsement,” but the endorsement itself may not grant it.

Even the certificate warns you: the disclaimer at the top states, in bold, that listing someone as Additional Insured on a COI does not make them one. The carrier has no obligation to recognize that status unless the actual policy and endorsements confirm it.

Those details determine whether a claim is covered or denied—and whether risk transfer holds up when it matters.

Risk Transfer Enforcement: The Layer Most Teams Are Missing

If COI tracking is about collecting proof, risk transfer enforcement is about confirming that proof actually holds.

That’s where expert review comes in: checking certificates and endorsements against contract requirements, scope, and real-world exposure.

It’s the difference between “we received a COI” and “we verified this third party actually meets the contract.”

How Enforcement Changes Outcomes (Real-World Examples)

Manhattan Construction: organized, but exposed

Manhattan was tracking thousands of COIs in spreadsheets and an internal database. The process was organized, sure, but every renewal cycle meant weeks of email loops, delayed approvals, and missed renewals that left projects exposed.

It wasn’t until they switched to Jones that renewal churn stabilized and the company cut its insurance workload by 50%. Time that used to go into chasing renewals now goes into managing risk.

SavCon: from surface checks to real audits

SavCon’s previous insurance compliance software handled the basics but couldn’t go beyond surface-level verification.

After switching to Jones, they could finally conduct thorough audits, including ACORD 855 forms and complete policy reviews. Their broker could log in, review policies directly, and collaborate on findings within the same platform, cutting review time from days to minutes.

Insurance review shifted from administrative work to real risk management.

Bulley & Andrews: defensible decisions, not just faster workflows

Bulley & Andrews moved from a manual, siloed process—with weeks to reach a final status and frequent payment delays—to a streamlined flow measured in minutes.

Automation made the process scalable. Expert verification made it defensible.

Risk Transfer As Infrastructure (Not An Add-on)

For many companies, risk management lives in emails and spreadsheets—invisible until something goes wrong. Jones turns it into an operational system.

Insurance compliance isn’t static. Requirements that made sense two years ago may now be creating friction without reducing risk. The best systems don’t just enforce rules, they refine them based on portfolio-level realities.

Real portfolio optimization

Jones’ risk and compliance specialists regularly review client portfolios, identify where requirements are too strict or too lenient, and recommend targeted adjustments. That’s how one New York owner-operator cut their noncompliance rate in half—not by chasing vendors harder, but by removing three requirements that were blocking compliance without actually protecting against risk.

It’s consulting baked into software. An operating system for risk transfer.

The evolution:

  • COI tracking solved the logistics problem
  • Risk transfer enforcement solves the liability problem

When automation and expert verification work together, compliance becomes more than a status. It becomes evidence that risk is truly transferred.

That’s the shift happening across construction and real estate: forward-thinking GCs, property managers, and owner-operators are treating risk transfer enforcement not as an add-on, but as core infrastructure—because in an industry where one overlooked exclusion can cost millions, collecting COIs alone won’t shield you.

Protected is the new Compliant.

What to do next

If you’re building a third-party risk transfer program that holds up under real pressure, you need two things:

  • Automation that enables seamless scale for any volume of insurance documents
  • Expert verification to ensure the contract and coverage actually align

Jones helps construction and real estate teams operationalize risk transfer—combining AI agents trained on insurance logic, expert auditing (completed within 24 hours), and robust integrations to close the risk gap across every project.

Book a demo to see how compliance can finally mean protection.

FAQ: Third-Party Risk Transfer in Construction

What is third-party risk transfer in construction?

It’s the process of allocating responsibility for loss (from third-party work) through contracts and insurance, and confirming that coverage actually matches what the contract requires.

Is collecting COIs enough to transfer risk?

No. A COI documents insurance. It doesn’t confirm whether endorsements, exclusions, and policy language satisfy contractual requirements.

Why do “compliant” dashboards still lead to uncovered claims?

Because compliance often measures documentation completeness, not coverage adequacy. Risk transfer fails when exclusions, missing endorsements, or layer gaps aren’t identified before work begins.

What’s the difference between COI tracking and risk transfer enforcement?

COI tracking manages collection and renewals. Risk transfer enforcement verifies coverage and endorsements against the contract and project exposure.

How does expert review reduce risk?

It catches what summary documents don’t show—exclusions, endorsement limitations, waiver issues, and layer gaps—before they become claim problems.

Posted on

7 Best AI-Powered COI Tracking Tools for Construction & Real Estate

TOP PICK

JONES
 TrustLayer SmartCompliance Billy BCS MyCOI CertFocus
ℹ️

Turnaround Time
 <24h full audit✨Seconds to AI Compliance SnapshotFast 48h standardNot consistently guaranteedReasonable ~48 hoursDelays up to a week reportedSlow 48h standardDepends on complexity and tierReasonable Variable turnaround timesSeveral days for human-reviewed casesReasonable 2–5 days standardSpikes to 7–14 days during renewalsSlow Multi-day turnaroundNot consistently guaranteedSlow
🎯

Auditing Depth
 Full Scale Model
(AI Agent + Experts)✨Built for Construction and Real EstateComprehensive		 OCR + AI extractionAuditing service lacks insurance depthLimited OCR-based extractionAuditing service lacks insurance depthLimited OCR + AI extractionGC-FocusedStandard OCR + AI extractionService-heavy COI management (Generalist)Standard OCR + “Illumend” AI extractionService-heavy COI management (Generalist)Standard OCR + AI extractionService-heavy COI management (Generalist)Standard

Vendor Experience

 No login • No fees✨Branded communicationFrictionless No login • No feesGeneric communicationDecent Login requiredGeneric communicationCumbersome No login • No feesGeneric communicationDecent No login • No feesGeneric communicationDecent Login requiredGeneric communicationCumbersome Registration + FeesGeneric communicationCumbersome
🔌

System Integrations
 Procore, Sage, Vista, CMiC, MRI, Yardi +✨Procore’s most complete compliance integrationComprehensive Procore, Vista, CMiCStandard Procore, BILL, FranConnectMissing CRE/Construction integrationsLimited Procore, CMiC, Sage, VistaStandard Procore, MRI, Yardi, Vista +Lacks Sage integrationStandard Procore, Sage, Vista, CMiC, MRI, Yardi +Multiple CRE/Construction integrationsComprehensive Procore, CMiC, SageStandard
💲

Service Model & Pricing
 Usage-basedSimple fee per record ✨Unlimited users, audits and supportPredictable Tiered/CustomUsers report renewal pricing varies significantlyUnpredictable Tiered + Add-onsBase plans exclude key features; expensive add-onsConditional Per RecordCosts increase linearly with every new record addedConditional Per VendorVariable fees per vendor pile up quickly as you scaleConditional Custom QuoteDifficult to budget; complex pricing modelUnpredictable ModularComplex fees (Software vs. Service vs. Vendor Pay)Unpredictable

Who Are the Main Players in 2025?

The COI tracking landscape for Construction and Real Estate breaks into four groups:

1. Generalist COI Management

  • myCOI – a long-standing, generalist COI solution used across multiple industries with a recognizable brand name.
  • BCS – service-heavy COI management software for multiple industries, including CRE and Construction.
  • CertFocus – COI tracking for multiple industries with a professional, service-heavy back end.
  • Docutrax – legacy COI tracking and management service providing deep insurance brokerage expertise.
  • Ebix – legacy solution for multiple industries offering a general insurance services suite with COI auditing as one of many offerings.

2. AI- and OCR-Forward Tools

  • TrustLayer – OCR-first + AI document extraction; self-service UI layer for insurance auditing and verification.
  • SmartCompliance – OCR-based compliance management; less emphasis on insurance depth.
  • PINS – OCR-based COI tracking for logistics, transportation and construction.
  • Injala – Pure-play OCR workflow and automation including a self-service UI layer for manual auditing.
  • Evident – Insurance verification network, often deployed via brokers.
  • Certificial – Data infrastructure for real-time COI updates for insurance agencies and brokers serving end customers in multiple industries.

3. GC-Focused Full-Service Tools

  • Billy – modern COI and document management for General Contractors with value-added features for Subcontractors.

4. Vertical AI + Expert-validation

  • Jones – purpose-built for Construction and Real Estate portfolios; combines expert-trained AI with a large team of insurance auditors.

What “AI-Powered COI Tracking” Really Means in 2025

“AI” is used loosely across the category, making it difficult for buyers to distinguish real AI capabilities from marketing claims and limited “AI Wrappers”.

Based on product research, customer conversations, and competitive analysis, we’ve identified three functional categories that clarify what you’re actually getting:

1. Professional Service Model: Basic Automation + Managed Services
How it works:
Basic workflow automation accelerates insurance collection through automated emails and vendor portals. But insurance auditing, compliance verification, and integration remain manual. Service teams must audit data against requirements, resolve compliance gaps, and manually enter information into third-party systems.
Impact:
You get depth when service teams are well-trained, but turnaround times typically stretch to several days or weeks. Without well-trained insurance experts, audit quality can vary, especially when volume increases.
2. Self-Service Model: OCR/AI + Software Tools
How it works:
OCR models complete the first step to extract, classify, and structure insurance data, requiring service teams to audit the data against individual insurance requirements manually. More advanced models may flag missing fields, expired dates, or insurance limit gaps, then route them to the operations team for full auditing.
Impact:
The software may provide basic automation, but does not encode insurance logic to complete the more time consuming step of full insurance auditing. Greatly reduces manual data entry and speeds up basic checks, but core work remains manual. These tools can tell you what’s there, but not whether the policy truly meets your contract requirements. The burden of interpreting edge cases still sits with your team.
3. Full Scale Model: AI Agents + Expert Validation
How it works:
Automated AI agents are trained on insurance logic to handle extraction, classification, auditing, routing, compliance gaps, and integration, while insurance experts validate edge cases and monitor accuracy, specifically policy language in COIs, endorsements and policies to achieve contract compliance where exposure is material or AI confidence is low.
Impact:
The system delivers efficiency (AI automates most of the auditing work) without compromising on depth (insurance experts validate coverage and edge cases) to actively reduce claim exposure at scale.

The distinction comes down to where expertise lives. In service-heavy models, expertise depends on human review capacity, which limits speed. In self-service models, expertise sits with your team, requiring knowledge you may not have, which may provide speed but limits depth.

The third approach, which we call the Full Scale Model, encodes insurance logic into the system and pairs it with expert auditing to scale compliance seamlessly, accelerating actual AI-powered risk management across any portfolio size.

Speed vs. Accuracy in COI Management

Most teams switch COI tracking solutions because they’ve hit one of two road blocks:

  • Too slow: Documents sit in queues for days or weeks, especially during January and July renewal spikes. Vendors can’t get on site, tenants wait on approvals, and internal teams spend time chasing status updates.
  • Too inaccurate: OCR-based tools mark certificates as “compliant”, but miss critical policy language in COIs and endorsements.

For high-volume CRE and Construction portfolios, neither road block works. You need fast turnaround so vendors can be approved in hours, not days, and deep enough review to catch coverage gaps before they become insurance claims.

That’s the advantage of full scale models: AI intelligently processes data and flags compliance issues, while specialists make the final call on unique coverage gaps that require validation. This combination removes the time consuming and error-prone work so teams can focus on decisions that carry real risk.

AI Replacing Legacy OCR

The shift from Optical Character Recognition (OCR) to true document intelligence with AI agents is well underway. Traditional OCR tools read COIs by extracting and classifying text fields, like policy numbers and expiration dates, but lack the ability to understand and reason through policy language. This results in a dangerous gap: documents may appear “compliant” but in fact contain risk exposure.

AI-powered COI verification, on the other hand, interprets documents the way a trained auditor would. Instead of merely extracting data, the AI agent is trained to understand policy context, interpret language in COIs and endorsements (e.g., Waiver of Subrogation, Completed Operations), and verify compliance across all use cases, including pesky edge cases.

Why AI Agents Still Need Human Experts

AI models trained on insurance documents can dramatically reduce manual data entry and speed up deterministic validation. But in high-stakes environments like CRE and Construction, small differences in wording can materially change coverage.

The full scale model is increasingly the standard for teams that care about both speed and accuracy rather than trading one for the other.

Jones leads this shift by combining domain-specific AI agents (trained on tens of millions of COIs and 50,000+ insurance rules) with expert human validation. This hybrid model shrinks turnaround time while maintaining accuracy, enabling teams to move faster without increasing risk.

Prebuilt Compliance Networks Accelerating Time to Value

Vendor networks are becoming a major differentiator among COI tracking solutions. These networks store previously verified documents and accelerate vendor onboarding.

Some solutions such as TrustLayer and Certificial promote automated vendor networks for faster COI collection and authentication. But in practice, many of these “networks” are just vendor directories showing historical data that relies on oversight by insurance brokers, not actively maintained compliance records.

The Jones Network, by contrast, is a fully operational compliance network tailored to Construction and Real Estate. With over 110,000 vendors and subcontractors, it solves a visibility problem that has plagued the industry: teams waste time searching for vendors project-by-project, with no way to see if a vendor already has current insurance on file somewhere in the system.

Teams can browse a unified directory of vendors, filter by trade or market sector, sort by location and popularity, and see compliance history with Jones Risk Ratings. From there, they can invite vendors directly to projects and properties with one click. This eliminates the need to search for vendors project-by-project and accelerates onboarding from days to seconds.

Use Case Snapshots

Scenario 1: ENR 400 General Contractor
A national ENR General Contractor juggles hundreds of active projects and thousands of subcontractors at any given time. The COI management solution must keep up with:
  • Frequent onboarding of new subs who need site access quickly
  • Project-specific insurance requirements that change by project, trade, scope and contract
  • Field teams who live inside Procore, CMiC, Vista or Sage
  • Stop gap on subcontractor payments if insurance is not compliant

In this environment, purely manual verification causes jobsite delays and payment issues, while OCR- and AI-only tools trade accuracy for speed, exposing the GC to uninsured losses and project interruptions that impact schedules and subcontractor relationships.

Scenario 2: National CRE Portfolio
A national CRE owner-operator manages thousands of vendors and hundreds of tenants, with large insurance renewal spikes in January and July. A COI management solution here must:
  • Maintain consistent turnaround times even at renewal peaks
  • Ensure tenant insurance meets lease requirements without causing service frustration
  • Surface compliance status inside MRI, Yardi or similar systems so property teams do not have to do double entry in multiple portals
  • Minimize friction for vendors and tenants by avoiding unnecessary logins or surprise registration fees

Real Estate teams in this category often move away from legacy tools not just because of feature depth, but because of business impact: slow, manual reviews can’t keep up with renewal spikes and leave systems of record out of sync with active compliance status, increasing workload and risk exposure at the worst possible moments.

Scenario 3: Third-Party Property Manager
Third-party property managers enforce insurance requirements on behalf of building owners across multiple properties. An effective COI solution for them must:
  • Automate collection and reminders so coordinators aren’t manually chasing every vendor and tenant to submit their COIs
  • Provide clear, consistent gap descriptions that vendors, tenants, and their brokers can easily respond to and resolve
  • Offer straightforward reporting on compliance rates and risk exposure to the portfolio
  • Not add friction with mandatory logins or vendor registration fees

Without these capabilities, third-party PMs become compliance administrators rather than risk advisors, spending thousands of hours on back-and-forth emails instead of delivering the strategic oversight their owners expect.

How to Choose the Right COI Tracking Solution

Feature lists are useful, but most buying decisions come down to a handful of practical questions about value and ROI:

1. What turnaround time do we actually need?
If your team needs to approve vendors in less than 24 hours, especially during renewal season, waiting days or weeks for verification can slow projects down and create last-minute problems. Ask for real-world turnaround data from companies of your scale and size, and request customer references to cut through the marketing noise.
2. How deep does our audit need to go?
For low-risk vendors, AI and OCR-based tools may be enough. For multifamily residential, commercial, institutional, mission critical, environmental or high-value work, you likely need expert validation on what the COI claims, what the policy actually says, and what the contract requires. Clarify exactly what each platform audits and where your team still needs to step in.
3. What will this feel like for our vendors and tenants?
Login requirements, vendor registration fees and confusing communication all translate into slower COI collection and more escalations. Review the actual communications, informational links and upload flows your vendors will see, not just the admin interface. Also consider the customer support infrastructure–how quickly will your vendors and tenants get their questions answered?
4. How does this connect to the systems of record we use?
For CRE and Construction teams, the real value appears when compliance data surfaces in Procore, CMiC, MRI, Yardi, Vista, Sage, and other systems of record, not only in a standalone web-based software application. Ask whether integrations are embedded, bi-directional and near real-time, or limited to nightly syncs and manual exports.
5. Is the pricing model predictable?
Usage-based pricing makes sense in some cases, but it makes budgeting difficult. Ask whether pricing is per-COI review, per-vendor, or flat-rate, and whether vendors or tenants are charged fees. If you’re an enterprise Owner, Operator or General Contractor, volume-based discounts may be available.
6. Does this platform actually specialize in our industry?
Generalist tools can work for smaller portfolios. As volume and risk increase, Construction and CRE expertise becomes more important. Look for proof that the software provider understands vertical specific workflows, not just generic COI tracking.

Where Jones Fits in This Landscape

For General Contractors and Real Estate Managers that need to protect their assets from third-party claims but are drowning in insurance paperwork, Jones is a vertical AI company that automates and streamlines the insurance management process.

Unlike competitors, Jones is not just another COI tracker. We combine the accuracy of insurance experts with AI agents trained on insurance logic to deliver industry-leading speed and expert depth, enabling seamless scale for any volume of insurance documents.

Jones is typically the best fit when you need:
  • Consistent, fast turnaround on reviews, including during renewal spikes
  • AI agents + Insurance experts to validate the edge cases and custom client requirements that matter most in the COI, policy language, and contractual requirements
  • No-login, no-fee submission for vendors, tenants and subcontractors
  • Embedded and bi-directional integrations with tools like Procore, Sage, Vista, CMiC, MRI, and others
  • Flat, predictable pricing with unlimited users, audits and support
  • A prebuilt network of 110,000+ vendors and subcontractors that delivers risk insights and enables one-click onboarding

Other platforms in this guide can still be a good choice when you are:

  • A smaller team primarily trying to get off spreadsheets
  • Relying on an external insurance broker or consulting partner instead of managing compliance in-house
  • Already deeply invested in a generalist solution and only need incremental improvements

If you need seamless compliance that’s fast enough to keep projects moving and deep enough to catch coverage gaps, Jones is the only platform that combines both AI automation and auditing expertise to manage insurance compliance at scale.

Posted on

Jones, the AI-Powered Insurance Verification Platform, Appoints Veteran SaaS Executive Paul Szemerenyi as CEO

NEW YORK, NY – January 14, 2026 – Jones, the leading vertical AI platform for insurance verification in Construction and Real Estate, today announced the appointment of Paul Szemerenyi as Chief Executive Officer.

The transition was initiated by Co-Founder CEO Omri Stern as part of a long-term strategy to scale the company’s operations and meet unprecedented market demand. Szemerenyi, a proven leader with extensive experience scaling global SaaS companies, will succeed Stern as CEO. Following the transition, Stern will remain a central figure in the company’s future, moving into an active role on the Board of Directors to focus on long-term strategy and innovation.

The leadership evolution comes as Jones operates from a position of record strength. The company currently manages insurance risk in over 2.7 billion square feet of real estate properties and construction projects, powered by a team of 231 employees across four global locations.

“When we founded Jones in 2017, I envisioned an AI solution that would fundamentally change how our industry manages insurance risk,” said Omri Stern, Founder of Jones. “Today, we have achieved that vision and more—Jones has become the clear category leader, with 36,000+ projects powered by AI agents that set the industry standard for speed and accuracy. Because we are operating from this position of strength, I felt now was the perfect moment to bring in a new CEO with the specific expertise required for our next phase of scale. Paul possesses a rare combination of operational rigor and people-centric leadership that aligns perfectly with our culture and our ambitions.”

February 24, 2017 – Co-Founders, Omri and Michael, pose after winning 1st place in the AXA InsurTech Venture Competition in Herzliya, Israel.

Szemerenyi brings a distinguished track record as a CEO and go-to-market leader at high-growth SaaS companies including Allbound, Bizzabo, and Fuze. His expertise in scaling global technology platforms will be instrumental as Jones accelerates product innovation and expands its market dominance.

“Jones has built a category-defining AI platform that solves critical pain points for an entire industry,” said Paul Szemerenyi. “The company’s combination of technical innovation, market leadership, and customer trust creates an extraordinary foundation. I am honored to partner with the Co-Founders, Omri and Michael, alongside this world-class team to scale Jones to its full potential.”

The transition will follow a structured period through March 31, 2026, ensuring seamless continuity for customers and partners. All current initiatives and product enhancements remain on track, including the highly anticipated Q1 2026 release of the Jones AI Support Agent.

About Jones:

Jones is a vertical AI company helping construction and real estate firms to make smart decisions about insurance risk so they can boost efficiency and mitigate claims. Serving over 36,000 projects and properties across 2.7 billion square feet, Jones is the only platform that delivers expert insurance verification with AI speed that modern enterprises demand at scale. Learn more at www.getjones.com.

Media Contact:

Bianca Spivak, Chief of Staff

bianca.spivak@getjones.com