Company Insurance Due Diligence Checklist Template

Insurance Inventory & Documentation Review

A complete, current inventory of all insurance policies is the foundation of any meaningful review. Many companies discover during this phase that they cannot locate current copies of all their policies — which is itself a governance finding.

• Compile a complete inventory of all current insurance policies — policy type, insurer, policy number, coverage limit, premium, inception date, and expiry date
• Obtain current copies of all policy documents — not just schedule summaries; full policy wording including terms, conditions, and endorsements
• Confirm all policies are current and active — no lapsed, expired, or cancelled policies being relied upon
• Identify the policyholder for each policy — confirm the correct legal entity is named on each policy; particularly relevant for group structures with multiple entities
• Identify any additional insureds — confirm which third parties (landlords, lenders, customers, partners) are named as additional insureds and whether this is appropriate
• Confirm the broker relationship — who places and manages insurance for the company? Is the broker arrangement current and documented?
• Confirm insurance renewal dates are tracked — are renewal dates in a central calendar with adequate lead time for review and renewal?
• Review any self-insurance or captive arrangements — document scope and any regulatory requirements associated
• Confirm insurance records are securely stored and accessible — not solely held by the broker or a single employee
• Note any policies with upcoming renewals within 90 days — flag for priority review and renewal action

Liability Insurance Review

• Review general liability insurance — confirm coverage limits, retroactive date (if applicable), and key exclusions; assess adequacy for the company’s risk profile and contractual requirements
• Review professional indemnity / errors and omissions insurance — confirm coverage reflects current services provided; assess whether limits meet customer contractual requirements or regulatory minimums
• Review product liability insurance where applicable — confirm coverage extends to all current products and markets; assess adequacy of limits relative to product revenue and potential claims
• Review public liability insurance — confirm coverage for third-party bodily injury and property damage; assess limits relative to premises and activity risk
• Review employers’ liability or workers’ compensation insurance — confirm it meets statutory minimums in all jurisdictions where employees are located; confirm no gaps for remote workers or international employees
• Confirm liability policies cover the correct business activities — any new services, products, or markets entered since the last review must be within scope
• Review any umbrella or excess liability policy — confirm attachment point aligns with underlying limits and that coverage is not gaps-riddled
• Assess coverage for contractual liability — many liability policies exclude or limit coverage for liabilities assumed under contract; assess whether this creates gaps
• Review occurrence vs claims-made basis for each policy — confirm reporting requirements and extended reporting periods (ERPs) for claims-made policies
• Document liability coverage findings — adequacy assessment, key exclusions, gaps identified, and recommended actions

Property & Business Interruption Insurance Review

• Review commercial property insurance — confirm all owned and leased properties are covered; assess whether insured values reflect current reinstatement costs, not original purchase or market values
• Confirm contents coverage is adequate — all equipment, inventory, and business assets are covered at current replacement value
• Review property policy exclusions — flood, earthquake, terrorism, and other excluded perils; confirm whether additional cover is required given the company’s location and risk profile
• Review business interruption (BI) insurance — confirm coverage period is adequate (typically 12–24 months) for the time required to resume full trading following a major loss
• Assess the BI indemnity period — is it sufficient to cover the time to rebuild, restock, replace equipment, and restore the customer base?
• Review contingent BI coverage — does the policy cover losses arising from a supplier or key customer suffering an insured loss?
• Confirm any lease-imposed insurance obligations are met — landlords typically require specific property and liability coverage minimums
• Review any equipment breakdown or machinery insurance — applicable for businesses reliant on critical plant, equipment, or technology infrastructure
• Assess coinsurance and underinsurance risk — property policies with average clauses can result in proportional reduction of claims if sums insured are below replacement value
• Document property and BI findings — coverage adequacy, valuation status, key exclusions, and any recommended uplifts

Directors & Officers and Management Liability Review

D&O insurance is frequently misunderstood and inadequately reviewed. Coverage scope, Side A vs Side B vs Side C distinctions, and exclusions for known circumstances all require specific attention.

• Review Directors and Officers (D&O) insurance — confirm coverage structure (Side A, B, and C), policy limits, and whether limits are shared or separate
• Assess D&O coverage adequacy for current risk profile — regulatory environment, investor base, litigation environment, and the personal exposure of current directors
• Confirm D&O covers all current entities and subsidiaries — coverage must extend to all entities where individuals act as directors
• Review key D&O exclusions — dishonesty, fraud, prior and pending litigation, prior known circumstances; confirm no material known circumstances that should have been disclosed at inception
• Review Employment Practices Liability (EPLI) — coverage for wrongful termination, discrimination, harassment, and other employment-related claims; confirm limits and key exclusions
• Review fiduciary liability insurance where applicable — for companies managing pension plans or other employee benefit plans
• Review crime and fidelity insurance — coverage for employee dishonesty, theft, fraud, and forgery; assess limits relative to the company’s financial exposure
• Confirm run-off coverage exists or is available — for outgoing directors and in M&A contexts where the target’s D&O coverage will be replaced
• Review any prior acts coverage — confirm claims relating to acts before the current policy inception date are covered where applicable
• Document D&O and management liability findings — coverage structure, adequacy assessment, known risks, and any recommended enhancements

Cyber Liability Insurance Review

Cyber liability is the fastest-growing and most frequently contested insurance line in corporate portfolios. Coverage scope, exclusions, and the interplay with other policies require specific, detailed review — not a line item in a general liability review.

• Confirm a standalone cyber liability policy exists — do not assume cyber risks are adequately covered under general liability, property, or professional indemnity policies
• Review first-party cyber coverage — breach response costs, business interruption from cyber events, data recovery, ransomware payments (confirm policy position on ransomware), and system replacement costs
• Review third-party cyber liability coverage — claims arising from a breach affecting customers, regulatory fines and penalties (confirm GDPR fines are covered), and defence costs
• Assess cyber coverage limits relative to the company’s data risk profile — volume of personal data held, customer data sensitivity, payment card data, and healthcare data
• Review cyber policy exclusions carefully — war and terrorism exclusions (increasingly relevant for nation-state attacks), system failure vs malicious attack distinctions, and prior known incidents
• Confirm the policy’s position on infrastructure failure — many cyber policies exclude losses caused by failure of cloud or internet infrastructure providers; assess whether this creates a gap
• Review the insurer’s security requirements — most cyber policies require specific security controls (MFA, patching policies, EDR, backups); confirm the company is compliant; non-compliance can void coverage
• Assess coverage for social engineering and funds transfer fraud — confirm whether business email compromise and invoice fraud are covered under cyber or crime insurance
• Review incident response provisions — confirm the policy provides access to breach response services (legal, forensics, PR) and that the approved panel is accessible
• Document cyber coverage findings — coverage scope assessment, critical exclusions, security control compliance status, and recommended enhancements

Claims History Review

• Request a claims history for all insurance lines for the past three to five years — date, nature, amount paid or reserved, and current status of each claim
• Review the claims history for patterns — recurring claim types may indicate underlying risk management failures rather than isolated incidents
• Review any declined or disputed claims — confirm the grounds for declination; a history of coverage disputes may indicate policy terms or insurer quality issues
• Confirm all currently open claims — nature, reserve level, expected resolution, and any policy limits implications
• Assess the impact of the claims history on current and future premiums — understand how past claims are affecting the current cost of insurance
• Identify any incidents that should have been reported under a claims-made policy but were not — late notification can void coverage
• Review the company’s claims management process — who manages claims? Is there a documented notification process? Are claims reported promptly?
• Identify any large potential claims not yet formally notified — circumstances that may give rise to a claim should be notified to the insurer as potential circumstances
• Review any self-insured retentions (SIRs) or deductibles — confirm they are financially manageable and appropriately reserved in financial statements
• Document claims history findings — claims summary, pattern analysis, open claims, and notification compliance assessment

Coverage Gaps, Compliance Requirements & Adequacy Assessment

• Identify contractual insurance requirements — customer contracts, supplier agreements, lease agreements, financing documents, and any other contracts imposing specific insurance obligations; confirm all are met
• Identify statutory and regulatory insurance requirements — mandatory covers in the company’s jurisdictions (employers’ liability, workers’ compensation, motor insurance, professional indemnity minimums for regulated activities); confirm all are in place
• Review key customer and supplier certificate requirements — confirm certificates of insurance can be provided in the formats and with the limits requested
• Conduct a structured coverage gap analysis — review the company’s principal risk areas against existing coverage; identify any material risks without insurance protection
• Assess insurance adequacy for key risk scenarios — worst-case property loss, major liability claim, cyber breach, director investigation; confirm coverage would respond adequately
• Review any risks that are deliberately uninsured — confirm this is a documented, conscious decision rather than an oversight
• Assess whether insurance limits have kept pace with business growth — revenue, headcount, assets, and geographic footprint may have grown significantly since limits were last reviewed
• Review any industry-specific insurance requirements — regulated sectors, professional bodies, and industry standards may impose specific coverage requirements
• Assess the quality and financial strength of insurers — confirm key insurers carry investment-grade credit ratings; an insurer that cannot pay a claim is no protection at all
• Document gap analysis findings — identified gaps, uninsured risk assessment, compliance shortfalls, and prioritised recommended actions

Renewal Strategy & Risk Management Review

• Review the broker relationship — is the current broker providing adequate market access, technical advice, and claims support? When was the appointment last reviewed?
• Confirm renewal strategy for each policy line — renewal at current terms, market test, tender, or restructure
• Review the risk management programme — what controls are in place to reduce insured risks? Is the insurer aware of and giving credit for these controls?
• Review health and safety practices as they affect employers’ liability and public liability premiums — documented H&S policy, training records, and incident reporting
• Review cybersecurity controls as they affect cyber insurance renewal — MFA adoption, patching cadence, backup strategy, and incident response plan; these directly affect both premium and coverage availability
• Prepare renewal documentation — proposal form responses, updated risk information, and any material changes to the business that must be disclosed
• Review any recommendations from insurers or surveyors — outstanding risk improvement recommendations that have not been implemented may affect coverage at renewal
• Benchmark premiums against the market — are current premiums competitive? Has the market hardened or softened since the last renewal?
• Confirm senior management sign-off on the insurance programme — the board or relevant committee should formally approve the insurance programme annually
• Document renewal strategy and risk management findings — recommended actions for each line, renewal timeline, and accountability for implementation