Compliance Verification, Reconsidered

A property manager who owns fifty buildings has insurance requirements that look something like this. $1M general liability. $5M umbrella. $50K wind deductible. Additional insured endorsement naming the lender. Carrier rated A or better. Multiply that across vendor contracts, lender requirements, and tenant lease clauses, and you have hundreds of requirements pointing at thousands of pages of PDFs. Declarations, endorsements, certificates, loss runs, invoices. The job isn't running queries against tidy fields in a database. The job is reading the policies and deciding, case by case, whether the coverage on file actually satisfies the requirement.

This is why most compliance software is really a dashboard for humans doing the work themselves. A row turns yellow, a paralegal opens the PDF, scrolls to the relevant section, makes a judgment, types into a comment box. The software is project management on top of an irreducibly manual task.

We set out to remove the manual task.

‍

The shape of the work
‍

Compliance verification is not a retrieval problem. Finding the umbrella policy is the easy part. The hard part is reading the endorsement that modifies it, checking whether the additional insured clause names the lender exactly as the requirement specifies, and confirming that no carve-out language excludes mortgagees. That kind of judgment needs domain understanding, not just full-text search.

The work also breaks down by line of business in ways that matter. Property, liability, flood, umbrella, wind, pollution, cyber, employment practices. Each lives in a different kind of document with a different structure. And then there are the cross-cutting requirements that don't belong to a single line at all. Carrier rating, certificate holder, additional insured, waiver of subrogation. Those get verified across every policy a property carries.

Encoding this structure inside an automated system isn't optional. It's how verification at portfolio scale becomes tractable. Without it, every requirement triggers a full read of every document, which is neither fast nor accurate. With it, the system narrows the relevant document set before it does any reading, which is what gives the work room to be done well rather than just done.

‍

Four answers, not two

‍

The instinct in compliance is binary. Pass or fail. The reality is that meaningful verification needs to distinguish four states, and the fourth one is where most automated systems quietly fail.

A requirement can be clearly met, where coverage exists at the required limit with the right endorsements. It can be clearly unmet, where coverage is missing or insufficient and the explanation is specific. It can be ambiguous, meaning a human should look at it and the system needs to articulate why it's ambiguous instead of just hedging. And it can be unverifiable, meaning the coverage probably exists but the documentation on file isn't enough to confirm it.

That fourth state matters more than it looks. The standard failure mode of automated compliance is a confident verdict on no evidence. We force the distinction between "I read the documents and the coverage is missing" and "I don't have documents to read." Those findings trigger very different conversations with a property manager. One asks for paperwork. The other reports a compliance breach to a lender. Conflating them is how compliance automation loses trust in a single quarter.

‍

The invoice question

‍

One of the more annoying realities of multifamily insurance: master policies often don't sit on the property record. A property is covered under a program policy held at the owner level, and the local file only shows an invoice line for premium. A naive verification system flags coverage as missing every time the policy itself isn't uploaded.

Our system handles this differently. Before declaring a coverage gap, it considers every form of evidence on file, including the financial evidence. A paid invoice for property insurance on a property without an uploaded policy is a signal that coverage exists somewhere even when we can't read the policy directly. The verdict becomes "unverified," not "violation." That single distinction eliminates a category of false alarms that has historically been one of the main reasons property managers stop trusting their compliance reports.

‍

Two explanations

‍

Every verdict our system produces comes with two explanations. One is internal and detailed, with citations into the specific documents and clauses the system relied on. That's the audit trail. It's what makes the verdict defensible when somebody asks why. The other is the version a property manager actually reads, in language that doesn't require knowing what an endorsement schedule is.

This is a design choice we don't think enough teams make. The explainability you need for debugging and audit is not the same explainability you need for the end user. Conflating them produces explanations that are either too technical to be useful or too vague to be trusted. Splitting them is more work but it's the only honest way to ship.

‍

What's actually new

‍

Compliance verification has been the kind of work that always looked like it should be automatable and somehow never was. The reason is that the work doesn't fit a CRUD model. It is reading, judgment, and citation. The technology to do that work reliably at portfolio scale didn't exist a few years ago. Now it does, and we've built it.

The interesting part isn't that a machine reads PDFs. Plenty of things read PDFs. The interesting part is that the system decides what to read, what to look for, and whether the coverage on file actually satisfies the requirement. It produces a verdict structured enough to act on and explained well enough to defend. For a domain where every wrong call has real downstream consequences, that combination is the whole game.

‍