Every compliance manager has been here. You send over your insurance requirements as part of vendor onboarding. A few days later the vendor responds: the limits are too high, their broker says the endorsement is not available, their policy does not work that way, or they have been doing business for twenty years without anyone asking for this.
Vendor pushback on insurance requirements is not the exception. It is routine. How you handle it determines whether your compliance program is a genuine risk management tool or a formality that erodes whenever someone complains loudly enough.
This post covers the most common types of pushback, how to evaluate whether the objection has merit, and how to hold the line on what matters without unnecessarily damaging the vendor relationship.
Before You Respond: Know What You Are Actually Protecting
The first step when a vendor pushes back is not to defend your requirements. It is to understand them well enough to know which elements are non-negotiable and which have room for discussion.
Not every requirement in a standard insurance schedule carries equal weight. A general liability limit that is materially above market for a low-risk vendor relationship is a different issue than a missing additional insured endorsement. The former may be adjustable without meaningfully increasing your exposure. The latter is a structural gap in your risk transfer that cannot be waived without consequence.
Before engaging with the vendor, answer these questions internally:
Which requirements flow directly from your contract or from regulatory obligations? These are non-negotiable. Your contract already committed you to them, and waiving them without a corresponding contract amendment creates a gap between what your agreement says and what you have actually verified.
Which requirements reflect your organization’s risk tolerance for this specific vendor relationship? These may have room for calibration depending on the nature and scope of the engagement.
Which requirements are standard boilerplate that may not have been reviewed for relevance to this particular vendor? These are the ones most worth scrutinizing before the conversation starts.
Going into a pushback conversation without this clarity puts you in a weak position. You will either hold every line reflexively, which breeds unnecessary conflict, or concede too easily, which undermines the program.
The Most Common Types of Pushback
“Our broker says they cannot add that endorsement.”
This is the most frequent objection and also the most frequently overstated. What a vendor’s broker cannot do and what they are unwilling to do are often conflated. Additional insured endorsements, waivers of subrogation, and primary and noncontributory language are all standard commercial insurance provisions. If a broker is saying these cannot be added, the more likely explanation is one of the following: the vendor has not clearly communicated what is being requested, the broker is unfamiliar with the specific endorsement language, or the vendor is relaying a softened version of “the endorsement costs extra and we do not want to pay for it.”
Your response should be direct and specific. Ask the vendor to have their broker contact you directly or provide a written explanation from the broker specifying which endorsement cannot be added and why. In most cases, direct broker engagement resolves the issue. If a broker genuinely cannot add a standard endorsement, that is worth knowing because it raises questions about the quality of the underlying policy.
“Our limits are already higher than most clients require.”
This may be true. It is also irrelevant to whether the limits meet your requirements for this relationship. Your limits are set based on your organization’s exposure, not on what other clients have accepted.
That said, this objection is worth engaging with honestly. If your general liability requirement is $5 million for a vendor providing remote software support with no physical access to your facilities and no data handling, it is fair to ask whether that limit reflects the actual exposure in the relationship. If it does not, adjusting to a more proportionate requirement is a reasonable and defensible decision.
If it does reflect the exposure, the response is simple: the limits exist because of the risk your organization faces, not as a negotiating position. The vendor is free to seek coverage increases from their insurer, and you are willing to wait while they do.
“We have never had to provide this before.”
This objection is purely social pressure. It has no bearing on whether the requirement is appropriate. The fact that another client did not ask for something does not mean your organization is wrong to ask for it, and it does not reduce the risk you are managing.
Acknowledge it without conceding to it. Something like: “I understand this may be a new request for your organization. Our requirements reflect the specific risk management standards we apply to all vendor relationships at this level of engagement. We are happy to work through the details with you and your broker.”
What you are not doing is apologizing for having standards.
“The additional cost is prohibitive.”
Insurance endorsements and limit increases do carry premium costs, and for smaller vendors this can be a genuine constraint rather than a negotiating tactic. The appropriate response depends on the nature of the relationship.
For a critical vendor that is difficult to replace and genuinely cannot absorb the cost, there are a few options worth considering. You can explore whether your organization is willing to compensate for the incremental premium increase as part of the contract pricing. You can assess whether alternative risk mitigation measures, such as a larger indemnification obligation, can partially substitute for the missing coverage. Or you can accept a limited waiver with documented acknowledgment of the residual risk, approved by the appropriate internal stakeholders.
For a vendor that is one of many in a competitive market, the calculus is different. If meeting your insurance requirements is a condition of doing business and the vendor cannot or will not meet them, the practical question is whether you are better served working with a vendor who can.
“Our policy is claims-made, not occurrence-based.”
This objection arises most often when your requirements specify an occurrence form for general liability. As discussed in an earlier post in this series, most commercial general liability policies are written on an occurrence form. A vendor presenting a claims-made CGL policy is unusual and worth investigating.
It is not necessarily disqualifying. A claims-made policy can provide adequate protection if the retroactive date covers the full engagement period and appropriate tail coverage provisions are in place. However, it requires more careful review than an occurrence policy and additional contract language to address the tail coverage obligation. Do not simply accept it without understanding the implications.
How to Hold the Line Without Damaging the Relationship
The goal of a pushback conversation is not to win an argument. It is to reach a state where your organization’s risk is adequately managed and the vendor relationship can proceed. These two things are usually compatible.
A few principles that help:
Separate the requirement from the relationship. Frame your requirements as organizational standards that apply consistently across all vendor relationships at a given risk level, not as a personal judgment about the vendor. This is accurate and it removes the adversarial dynamic. You are not saying the vendor is untrustworthy. You are saying your program requires verification.
Be specific about what you need and why. Vague requirements are easy to push back against because the vendor does not know what would satisfy them. A clear statement of exactly what endorsement is required, what limit is needed, and what the contractual basis for the requirement is gives the vendor something concrete to work toward. It also makes it harder to argue that the requirement is unreasonable without engaging with the substance.
Engage the broker directly when possible. Most pushback is resolved faster when your compliance team communicates directly with the vendor’s insurance broker rather than routing everything through the vendor. Brokers understand the technical requirements and can usually find solutions that the vendor alone cannot. Offering to speak directly with the broker signals that you are serious and that you know enough about insurance to have a substantive conversation.
Set a clear timeline. Open-ended compliance gaps tend to stay open. When a vendor is working to resolve a deficiency, establish a specific date by which the updated certificate or endorsement must be received. Note it in writing. This is not aggressive. It is how compliance programs maintain integrity over time.
Document everything. Every pushback conversation, every exception granted, every deadline set should be documented. If a gap exists and a claim arises, your organization’s exposure is significantly better managed if you have a clear record of what was identified, when, what remediation was requested, and what the vendor committed to.
When to Escalate and When to Walk Away
Not every pushback situation resolves neatly. Some vendors genuinely cannot meet your requirements and are not willing to seek alternatives. Some objections mask a deeper unwillingness to comply that will not improve with time.
Escalation is appropriate when: the vendor is a critical relationship whose loss would create operational disruption, the gap is material and time-sensitive, or the vendor is non-responsive after a documented request with a clear deadline. In these cases, internal escalation to legal, risk management, or senior leadership is the right move. The decision to waive a requirement or accept a gap should not rest with the compliance team alone. It should involve the people who bear responsibility for the organization’s risk posture.
Walking away is appropriate when: the vendor is not critical, alternatives exist, and the vendor has demonstrated an unwillingness to engage seriously with the requirements. A vendor who will not maintain basic insurance protections for a current engagement is a vendor who will not maintain them for a future one either. The compliance gap is a signal about how the vendor manages risk generally.
A Note on Requirements That Deserve Scrutiny
Holding the line is right when your requirements are right. It is worth acknowledging that vendor pushback sometimes surfaces genuine issues with the requirements themselves.
If a significant portion of your vendor base is pushing back on the same requirement, that is data. It may mean your limits are above market for that vendor category. It may mean a specific endorsement requirement is being applied where it is not appropriate. It may mean your standard requirements were written for a different risk profile than the one you are actually managing.
The right response to systemic pushback is not to waive requirements individually on a case-by-case basis. It is to review whether the underlying requirements are calibrated correctly and adjust them through a formal process if they are not. Individual waivers without formal review create inconsistency that is difficult to defend and harder to track.
Clarita tracks deficiency status and remediation timelines across your vendor portfolio, so compliance gaps do not get lost in email threads and your team has a clear record of every pushback conversation and resolution. If your program manages vendor insurance compliance at scale, join the waitlist to get early access.