One Unvetted Subcontractor Cost a Security Company Its Largest Contract

The incident report landed on the security company owner’s desk on a Wednesday. A subcontractor guard deployed to a warehouse site over the weekend had been involved in an altercation with a trespasser. The guard used excessive force. The trespasser sustained injuries. The police were called.

During the investigation, it emerged that the subcontractor guard’s security license had expired six weeks earlier. His background check was from three years ago and had never been refreshed. The subcontractor company’s public liability insurance had lapsed the previous month.

The primary security company — the one with the client contract — was now facing a negligence claim from the injured trespasser, a regulatory investigation for deploying an unlicensed guard, and a breach of contract claim from the warehouse client.

The client terminated the contract immediately. It was worth $11,000 per month — their largest account at $132,000 per year. The legal costs to defend the negligence claim ran to $45,000, ultimately settled for $28,000. The regulatory fine for deploying an unlicensed guard: $12,000.

Total cost of one unvetted subcontractor deployment: over $85,000 in direct costs, plus the permanent loss of a $132,000 annual contract.

The security company owner’s response: “We trusted the subcontractor to keep their own house in order. That was our mistake.”

Why Security Companies Use Subcontractors (And Why It’s Risky)

Subcontractors are an operational necessity for most security companies. They provide surge capacity for large events, fill roster gaps when guards call in sick, cover geographic areas where you don’t have local staff, and allow you to bid on contracts larger than your permanent workforce can service.

The business logic is sound: using subcontractors lets you scale revenue without proportionally scaling fixed payroll costs. A security company with 30 full-time guards and a network of 15-20 vetted subcontractor guards can service contracts that would otherwise require 45-50 employees.

The risk logic, however, is brutal: when a subcontractor guard causes an incident, the liability flows upstream to you. Your client’s contract is with your company, not with the subcontractor. Your insurance takes the first hit. Your reputation is damaged. Your client relationship is strained or destroyed.

This creates a compliance imperative: you must verify subcontractor credentials with the same rigor you apply to your own employees — arguably more rigor, because you have less day-to-day visibility into their operations.

The Five Compliance Gaps That Create Liability

Gap 1: Expired Company Licenses

Every security subcontractor must hold a valid company license to operate in your jurisdiction. These licenses have expiry dates. When they lapse, every guard deployed under that company becomes unlicensed — even if their individual licenses are current.

Verifying a subcontractor’s company license at onboarding isn’t enough. You need to verify it continuously. A 12-month license can lapse between your quarterly reviews, and if you deploy their guards during that gap, you’re exposed.

Gap 2: Lapsed Insurance

Public liability insurance is non-negotiable. If a subcontractor’s insurance lapses and their guard causes an incident, the claim falls entirely on your policy. Your insurer may then deny coverage because you failed to verify the subcontractor’s insurance status — a standard condition in most security liability policies.

Insurance certificates have expiry dates, just like licenses. A subcontractor who was fully insured when you onboarded them 18 months ago may not be insured today.

Gap 3: Unverified Guard Licenses

Individual guard licenses are separate from company licenses. Each person deployed to your sites must hold a valid, current individual security license for the jurisdiction they’re working in. Interstate or cross-border deployments add complexity: a guard licensed in one state may not be licensed in another.

The subcontractor sends you a list of “available guards” for a weekend callout. How do you verify that each one is currently licensed? If you’re checking manually, you’re not checking at all — you’re trusting the subcontractor’s word.

Gap 4: Stale Background Checks

Background checks have a shelf life. A clean background check from three years ago doesn’t account for arrests, charges, or convictions that occurred since. Best practice is annual refreshes for all personnel deployed to your contracts — but most security companies don’t enforce this for subcontractor guards.

Gap 5: Missing Site-Specific Training

Some client sites have specific requirements: government security clearances, first aid certification, working at heights, confined space entry, or particular use-of-force policies. Your contract with the client guarantees compliance. If a subcontractor guard arrives on-site without the required training, you’re in breach.

Building a Subcontractor Compliance System

The Contract Protection Dimension

Smart security companies protect themselves contractually in both directions — upstream with their clients and downstream with their subcontractors.

Upstream (Client Contracts): Clearly define subcontractor use rights. Some clients prohibit subcontractor deployment entirely. Others allow it with prior approval and documentation requirements. Know your contractual obligations before deploying a subcontractor guard.

Downstream (Subcontractor Agreements): Your agreement with each subcontractor should include: requirement to maintain current licenses and insurance, obligation to notify you immediately of any changes in compliance status, indemnification clause for incidents caused by their personnel, right to audit their compliance documentation at any time, and requirement to provide updated credentials on a defined schedule.

Without these contractual protections, you’re exposed on both sides. The client holds you responsible for the subcontractor’s failure, and you may have no recourse against the subcontractor if their insurance has lapsed.

The Operational Reality: Making Compliance Practical

The reason most security companies don’t have rigorous subcontractor vetting isn’t that they don’t care. It’s that the manual effort required is impractical at scale.

If you use 15 subcontractor companies with 3-5 guards each, that’s 45-75 individuals whose credentials need tracking. Each one has 4-6 documents with different expiry dates. That’s 180-450 expiry dates to monitor manually.

No operations manager is going to maintain a 450-line spreadsheet of subcontractor document expiry dates and check it daily. The spreadsheet gets created with good intentions, falls behind within weeks, and becomes unreliable within months.

The only practical solution is automation: a system that tracks every document, alerts before expiry, and prevents deployment when compliance has lapsed. Not because people aren’t trustworthy — because the volume of compliance data exceeds what humans can reliably manage manually.

The Bottom Line

Subcontractors are a necessary part of the security industry’s operational model. They provide flexibility, geographic coverage, and surge capacity that would be impossible with permanent staff alone.

But every subcontractor you deploy carries your brand, your liability, and your client relationships. When they fail, you fail — regardless of what your subcontractor agreement says about indemnification. The client holds you accountable. The regulator holds you accountable. Your insurer expects you to have verified compliance before deployment.

The security companies that use subcontractors safely aren’t the ones with the best subcontractor partners. They’re the ones with the best compliance systems — the ones that verify before they deploy, monitor continuously, and never assume yesterday’s compliance status is still valid today.