In her new article, illumend CEO Kristen Nunery introduces the “Accidental Risk Manager,” a hidden role most prevalent in SMBs, and explains how broken Certificate of Insurance (COI) workflows are creating unrecognized legal and financial exposure for companies
Key Takeaways
- illumend CEO Kristen Nunery argues that most companies don’t manage Certificate of Insurance (COI) compliance—they delegate high-stakes risk decisions to untrained employees.
- Nunery identifies the biggest failure in third-party insurance compliance isn’t complexity. It’s unclear ownership and a lack of accountability.
- Nunery warns that manual COI workflows, such as spreadsheets, email, and shared drives, create invisible risk that only surfaces after financial damage occurs.
- Nunery emphasizes that collecting COIs is not the same as validating coverage, yet most organizations mistake document management for risk management.
- Nunery concludes that organizations that shift to structured, AI-powered compliance systems gain real-time visibility, consistent enforcement, and control over insurance risk.
INDIANAPOLIS, March 26, 2026 /PRNewswire/ — Most companies don’t have a COI process, they have an “Accidental Risk Manager,” according to Kristen Nunery, CEO of illumend, the next-generation AI platform redefining how companies manage third-party risk and insurance compliance.
In businesses across construction, commercial real estate, retail, and energy and utilities, among others, Nunery says critical Certificate of Insurance (COI) decisions are routinely made by employees with no formal training, no clear standards, and no supporting systems. Administrative staff, HR coordinators, and operations teams are quietly determining whether the company is protected or exposed, often without realizing the stakes. The consequences, she says, aren’t theoretical. They show up when a claim is denied, a contract falls apart, or a loss hits the balance sheet.
In her new article, “The Accidental Risk Manager: Why Insurance Compliance Fails Even in Capable Hands—and What to Do About It,” Nunery argues that COI review isn’t administrative work—it’s risk management. And she says that treating it as a back-office task leaves companies dangerously exposed.
Why Third-Party Insurance Compliance Fails Due to Ownership Gaps
Third-party insurance compliance has become more complex, but complexity isn’t the real issue, according to illumend CEO Kristen Nunery. The real issue, she says, is ownership.
As vendor networks expand and insurance requirements grow more nuanced, companies are pushing critical risk decisions into parts of the business that were never designed to handle them. At the same time, most SMBs don’t fully understand their own coverage. The industry data makes that clear: 90% of small business owners are not confident they are adequately insured, 51% report being less than “very prepared” to handle risk, and 96% fail basic insurance knowledge assessments.
Now layer that reality onto third-party compliance. The result, Nunery says, is decisions that look administrative on the surface, but carry real financial consequences underneath.
How “Accidental Risk Managers” Are Assigned Certificate of Insurance (COI) Compliance Responsibility Without Training
Nunery describes the “Accidental Risk Manager” not as a formal role, but as a pattern that shows up across organizations.
Insurance compliance is routinely handed off to operations, HR, finance, or administrative staff. She says these individuals are expected to interpret dense policy language, validate coverage, and enforce contractual requirements without training, standards, or support.
But, Nunery says they’re not just processing documents. They’re deciding:
- Whether a vendor is allowed on-site
- Whether a claim will be covered
- Whether the company is exposed
“You’re not reviewing paperwork. You’re making risk decisions,” said Nunery. “And most people in this role were never set up to do that.”
Why Certificate of Insurance (COI) Compliance Systems Fail Due to Manual Workflows and Fragmented Tools
illumend’s CEO points to the tools most companies rely on, including spreadsheets, email, and shared drives, as a primary reason compliance systems fail.
These tools weren’t designed for risk evaluation, she says, but they’ve become the default. And they fail in predictable ways:
- No consistent standards
- No real-time visibility
- No reliable validation
“Manual interpretation of complex insurance documents doesn’t scale,” Nunery said. “It creates invisible risk that only becomes visible when it’s too late.”
This isn’t a training problem, Nunery says. It’s a structural one.
Excerpts: How Certificate of Insurance (COI) Compliance Failures Impact Non-Specialist Employees and Organizational Risk
In the article, illumend CEO Kristen Nunery provides a practitioner-focused perspective on how third-party insurance compliance functions in day-to-day operations. The following excerpts highlight how untrained employees are increasingly responsible for complex COI compliance as requirements grow, without the systems or support needed, turning routine administrative tasks into high-stakes risk decisions.
She describes how non-specialist employees are assigned responsibility for Certificate of Insurance (COI) compliance in practice:
“If you work in HR, operations, finance, or administration, there’s a good chance you’ve been handed a COI and told to ‘just make sure this is compliant’—with no training, no checklist, and no safety net. Just you and a document full of unfamiliar terms.”
Nunery adds that as third-party insurance compliance demands increase, responsibility expands without corresponding systems, structure, or resources:
“Collecting certificates is not the same as verifying compliance. When that gap shows up, it shows up all at once—an uninsured vendor on-site, a denied claim, a contract dispute, or an audit revealing inconsistent enforcement across your organization.”
She outlines what “Accidental Risk Managers” must do to reduce risk and regain control over third-party insurance compliance:
“The solution isn’t to work harder or be more careful—it’s to stop treating compliance like an administrative task. You need clear standards, systems that can evaluate coverage against requirements, and visibility into where you’re exposed. Without that, you’re not managing risk—you’re reacting to it.”
Why Certificate of Insurance (COI) Document Collection Fails to Deliver True Insurance Compliance Validation
Nunery draws a clear distinction between document management and actual risk evaluation. Most systems in use today, she says, are built to collect documents, not evaluate risk. They can store certificates, track expiration dates, and send reminders, but they don’t answer the question that actually matters: Does this coverage meet the requirement, or not? Nunery says that gap is where risk lives.
How AI-Native Insurance Compliance Platforms Improve Certificate of Insurance (COI) Risk Evaluation and Visibility
illumend CEO Kristen Nunery describes a shift toward what she calls “AI-native insurance compliance,” a fundamentally different approach to how compliance is executed.
Instead of layering automation onto legacy systems, AI-native platforms like illumend are designed to interpret and evaluate insurance data at the core. They analyze policy language, compare it against requirements, and identify gaps in real time.
These platforms, Nunery says, move compliance from a reactive, manual task to a continuous evaluation process, reducing reliance on individual interpretation and improving consistency across the organization.
Why Certificate of Insurance (COI) Compliance Requires Capabilities—Not Just Features or Automation
Drawing a clear distinction between features, automation, and capabilities in insurance compliance systems, illumend CEO Kristen Nunery says most legacy approaches focus on features, like document storage, expiration tracking, and notifications, or automation, which speeds up manual tasks without changing how decisions are made.
But according to Nunery, these approaches don’t solve the core problem: “They make broken processes faster. They don’t make them more reliable.”
She argues that effective Certificate of Insurance (COI) compliance requires capabilities such as the ability to interpret policy language, evaluate coverage against requirements, and make consistent decisions at scale. She notes that those capabilities don’t exist in manual workflows and don’t emerge from automation alone.
Instead, Nunery says they require a fundamentally different system design. She notes the key distinction: features manage documents, automation accelerates tasks, but capabilities determine outcomes.
How AI-Native Insurance Compliance Goes Beyond Automation
Unlike platforms that layer automation onto legacy document workflows, illumend is built from the ground up to interpret policy language, evaluate coverage against requirements, and identify gaps in real time—capabilities that don’t exist in manual processes and don’t emerge from automation alone. illumend CEO Kristen Nunery emphasizes that most organizations misunderstand what AI actually enables in insurance compliance. While many associate AI with basic automation, such as faster document processing, reminders, or workflow acceleration, she argues that AI-native compliance systems operate at a fundamentally different level.
“Automation speeds up tasks. AI changes what’s possible,” Nunery said.
Nunery explains AI-native platforms like illumend perform forms of analysis and validation that are not scalable, or even possible, for human reviewers:
- Continuous policy interpretation at scale: AI can read and interpret thousands of insurance documents simultaneously, applying consistent logic across every certificate without fatigue, variation, or delay.
- Real-time requirement matching and gap detection: AI can instantly compare policy language against contractual requirements and flag discrepancies as they arise, rather than after manual review or downstream failure.
- System-wide risk visibility across all vendors: AI can aggregate and evaluate compliance data across entire vendor ecosystems, identifying patterns, inconsistencies, and exposure points that no individual reviewer could realistically detect.
Nunery says these AI-native capabilities shift compliance from a reactive, document-based process into a continuous, system-level evaluation of risk.
“If your compliance process depends on human interpretation, it will always be inconsistent,” Nunery said. “AI removes that variability.”
Read the full article: https://www.linkedin.com/pulse/accidental-risk-manager-why-third-party-insurance-fails-nunery-ppxqc.
To learn more about how illumend approaches third-party insurance compliance: https://www.illumend.ai.
Frequently Asked Questions
Why am I being asked to review Certificates of Insurance (COIs) if I’m not trained in insurance?
illumend CEO Kristen Nunery explains that most organizations assign COI review to non-specialists because of unclear ownership, thereby creating the “Accidental Risk Manager.” In many SMBs, this responsibility falls to operations, HR, finance, or administrative staff, who lack training or standards, because compliance is treated as administrative work rather than risk management, even though it requires policy interpretation, coverage validation, and risk judgment.
How do I know if a Certificate of Insurance (COI) is actually compliant or just looks complete?
A COI is only compliant if the underlying policy meets all contractual requirements, not simply because the document exists. Illumend CEO Kristen Nunery emphasizes that many organizations mistake collection for validation, when true compliance requires verifying coverage types, limits, and endorsements against requirements to identify gaps before they create financial or legal exposure.
What are the biggest risks of managing Certificate of Insurance (COI) compliance with spreadsheets and email?
Manual workflows create invisible risk because they lack consistent standards, real-time visibility, and reliable validation. As illumend CEO Kristen Nunery points out, tools like spreadsheets and email can be used to track documents. But, they cannot evaluate coverage, leading to hidden gaps that typically surface only after a denied claim, audit failure, or a contract issue.
What does an AI-native insurance compliance platform actually do differently?
AI-native insurance compliance platforms like illumend evaluate coverage automatically rather than just storing documents or speeding up tasks. According to illumend CEO Kristen Nunery, these systems interpret policy language, match coverage to requirements in real time, and flag gaps instantly, transforming compliance into a continuous, system-level risk evaluation that removes inconsistency and reduces reliance on individual judgment.
About illumend
Founded in 2025, illumend™ is the most complete AI-powered platform transforming how businesses manage third-party insurance compliance and risk. Backed by myCOI, the leader in third-party insurance compliance management with more than 15 years of expertise, illumend reimagines compliance by guiding every step of the process—from document review and expiration tracking to risk flagging, communication and resolution—within one intuitive system. Built on myCOI’s institutional foundation—having processed more than 45 million documents, managed over 1.2 million agreements, cleared more than 750,000 third-party partners, and identified more than two million coverage gaps before claims—illumend brings this depth of compliance intelligence into an AI-native platform. At its core is Lumie, illumend’s conversational AI guide that reads complex insurance documents, flags issues in real time and explains them in plain language, empowering anyone to take confident, informed action. To learn more, visit https://www.illumend.ai.
Media contact:
Michael Tebo
Gabriel Marketing Group (for illumend)
Phone: 571-835-8775
Email: michaelt@gabrielmarketing.com
View original content to download multimedia:https://www.prnewswire.com/news-releases/illumend-ceo-kristen-nunery-most-companies-dont-have-a-coi-processthey-have-an-accidental-risk-manager-302726375.html
SOURCE illumend
