An operator has used the same activity provider in Greece for 12 years. No incident has ever occurred. When a new safety audit asks for the supplier's current risk assessment, updated insurance certificate, and staff qualification records, the operator discovers they have nothing dated within the last three years. The relationship is strong. The compliance file is empty.
The problem
The Health and Safety Executive's guidance on managing contractors and suppliers states that duty holders must take reasonable steps to verify that those they engage are competent and adequately insured, and that this verification must reflect current conditions, not historical assumptions. ABTA's due diligence standards reinforce this position, requiring members to conduct regular reviews of supplier compliance documentation, with the frequency determined by the risk level of the activity. Long tenure with a supplier can actually increase risk rather than reduce it. Research from the British Safety Council found that complacency in long-standing commercial relationships is a contributing factor in 23% of workplace safety incidents involving third-party contractors. Familiarity breeds assumption. Operators stop asking for updated documents because they trust the relationship. Suppliers stop volunteering information because no one is requesting it. The result is a compliance gap that widens with every year of undocumented trust. In enforcement actions and litigation, regulators do not accept relationship duration as evidence of due diligence. They ask for documents, dates, and records.
The documentation gap in long-term relationships
New supplier relationships typically start with a burst of documentation activity: insurance certificates are collected, safety policies are reviewed, site visits are conducted. Over time, this rigour fades. Annual reviews become biennial, then occasional, then nonexistent. The supplier's file contains onboarding documents from years ago and nothing current. This pattern is remarkably common. A 2023 survey by the European Tourism Association found that 58% of operators had at least one supplier whose compliance documentation was more than two years out of date. Among suppliers with relationships exceeding five years, that figure rose to 71%. The documentation gap does not mean the supplier is non-compliant. It means the operator cannot demonstrate compliance, which amounts to the same thing in a regulatory or legal context.
What changes without you noticing
Long-term suppliers change in ways that are invisible without active monitoring. Ownership structures shift through buyouts or generational transfers. Key safety personnel retire or leave. Insurance coverage is adjusted, sometimes with reduced limits or new exclusions. Equipment ages beyond its rated service life. Subcontracting arrangements evolve as the supplier grows or contracts. A supplier you vetted in 2018 may be a materially different business in 2026, operating under the same name but with different people, different equipment, and different risk characteristics. Without current documentation, you are managing a relationship with a version of the supplier that may no longer exist.
Rebuilding the evidence base
Transitioning from relationship-based trust to documented compliance does not require ending the relationship or treating long-standing partners as adversaries. It requires setting a clear schedule for documentation renewal, communicating expectations transparently, and making the process as easy as possible for the supplier. Most suppliers, when asked professionally, are willing to provide updated documents. The resistance typically comes from the operator's side, where staff feel awkward asking a long-term partner for paperwork that has never been requested before.
What to do now
Trust and compliance are not substitutes for each other. A strong supplier relationship is valuable, but it does not produce the documented evidence that regulators, insurers, and courts require. The operators who face the worst outcomes after an incident are often those with the longest, most trusted supplier relationships, precisely because they stopped checking. Maintaining current documentation protects both the operator and the supplier by ensuring that problems are identified and addressed before they become incidents.