From cannabis bans to web3 exploits, this edition of Risk Wrap highlights six developments shaping compliance, governance, and insurance exposure across high-risk industries.
National Clampdown on Hemp-Derived THC Poised to Wipe Out Entire Product Lines
On November 12, 2025, President Trump signed legislation banning most consumable hemp-derived THC products across the country.
From November 12, 2026:
- The 0.3% threshold will apply to total THC for delta-8 and other isomers (not just delta-9) on a dry-weight basis. Products outside the limit will be classified as marijuana under federal law and will be illegal.
- The threshold for total THC per container will be set at 0.4 mg. Many hemp edibles exceed that.
The ban covers consumable hemp-derived cannabinoid products sold for personal or household use, synthesized cannabinoids, and various forms of THC in edibles, vapes, and topical creams.
Implications for brokers and their clients:
- Seek to safeguard revenue with business interruption coverage that compensates for shutdowns or supply-chain disruptions caused by the ban.
- Verify whether D&O insurance covers legal and regulatory actions tied to changing federal oversight and compliance requirements.
- Assess coverage for inventory loss and forced disposal.
Source: JD Supra (November 17, 2025). Hemp Industry Alert: Federal Ban on Hemp-Derived THC Products – Immediate Action Required.
Rising Exploits Expose Weaknesses Across the Web3 Ecosystem
The H1 2025 Global Web3 Security Report by Blockchain Security Alliance, Beosin, and Footprint Analytics highlights escalating losses across the ecosystem. More than $2 billion was lost in the first half of the year, with centralized exchanges accounting for the largest share. DeFi projects followed.
Ethereum remains the most affected public chain, with $1.7 billion lost across 81 attacks.
Attack patterns show clear concentration:
- 70% of losses stemmed from contract vulnerabilities.
- Additional vectors included price manipulation, private key compromise, social engineering, and infrastructure flaws.
Beosin’s AML analysis shows limited recovery rates:
- 11% of stolen funds were frozen or recovered.
- 4.6% of stolen funds moved to exchanges.
- 13% of stolen funds flowed into mixers.
Implications for brokers and their clients:
- Ensure custodians, exchanges, and other asset holders secure crypto-asset insurance that responds to high-severity loss events and low recovery rates.
- Review crime and cyber policies to confirm coverage for digital asset theft, protocol-specific risks, and unique web3 attack vectors.
- Secure smart contract failure insurance to address losses arising from exploits, coding flaws, and technical failures.
Source: Beosin, Blockchain Security Alliance, Footprint Analytics. (2025). 2025 H1 Global Web3 Security Report.
Hallucinations and Deepfakes Spark a New Era of Defamation Lawsuits
AI-generated misinformation has driven a rising number of defamation lawsuits. In July 2024, for example, Google’s AI Overview falsely stated that a Minnesota electrical cooperative had disbanded, causing confusion among members and disrupting operations.
Two mechanisms sit at the center of most cases:
- Hallucinations: factually incorrect or unsupported outputs presented as authoritative, often reinforced with fabricated citations or quotes.
- Deepfakes: synthetic images, audio, or video that can be weaponized in commercial settings for fraud or reputational harm.
The legal landscape remains unsettled. Traditional defamation requires publication to a third party, but it is unclear whether an AI-generated output shown to a single user through a search engine meets that threshold.
Fault is also complex. In classic defamation, liability turns on negligence or actual malice. AI hallucinations are unintentional — yet a company may still be exposed if it deploys systems known to produce unreliable or misleading content.
Implications for brokers and their clients:
- Review tech E&O policies to confirm they cover AI-specific defamation risks and inaccuracies generated by autonomous systems.
- Evaluate regulatory exposure per jurisdiction. The EU AI Act includes provisions related to AI-generated content, while the US continues to lack alignment between state and federal rules.
- Work with insurers that have regulatory expertise in AI governance, liability standards, and content-risk frameworks.
Source: Development Corporate (November 13, 2025). AI Defamation Lawsuits: The Complete Guide for Tech Leaders (2025).
SEC Moves to Redefine Digital Assets in Project Crypto Rulemaking
On November 12, 2025, SEC Chair Paul S. Atkins outlined the next phase of Project Crypto, indicating that several principles introduced throughout 2025 may move into formal rulemaking. Key points included:
- Plans to create a token taxonomy and refine the Howey investment-contract framework. The taxonomy would clarify that digital commodities, network tokens, digital collectibles, and digital tools are not securities.
- A forthcoming “Regulation Crypto” proposal aimed at establishing tailored disclosures, exemptions, and safe harbors for digital asset distributions.
- The view that once an investment contract has “run its course,” the underlying token may support trade, and subsequent transactions may no longer be treated as securities transactions.
- Confirmation that tokenized securities will continue to be classified as securities under federal law.
- A directive for Commission staff to explore recommendations allowing certain tokens linked to an investment contract to trade on platforms outside SEC oversight, including those regulated by the CFTC or state authorities.
Implications for brokers and their clients:
- As classification rules evolve, issuers, exchanges, and custodians face elevated governance risk. D&O policies should be reviewed for coverage of regulatory inquiries, defense costs, and alleged mismanagement tied to shifting digital asset standards.
- The Regulation Crypto regime introduces significant compliance complexity. E&O policies should be evaluated to ensure they respond to disclosure failures, advisory errors, procedural missteps, and token-issuance irregularities.
- Regulatory clarity may accelerate M&A activity in the crypto sector. Transactional liability insurance can mitigate deal risks arising from past compliance gaps and uncertain regulatory histories.
Source: Sidley Austin LLP. (November 17, 2025). Breaking Down “Project Crypto”: SEC Chairman Atkins Outlines Next Phase of Digital Asset Oversight.
Casinos Hit With $168 Million in Fines as Scrutiny Grows Worldwide
Over $168 million in penalties have been issued in the casino industry so far in 2025. The countries with the highest number of fines include Spain, the US, Lithuania, Sweden, and the UK. In 2024, regulators issued over $150 million in penalties to casino operators, with the average fine increasing by 28% compared to 2023.
Common reasons for penalties include:
- AML failures.
- KYC violations.
- Lapses in protection against problem gambling.
- Advertising violations, including targeting minors, running misleading promotions, or failing to include responsible gambling messaging.
- Improper financial reporting.
- Operational license violations.
- Game integrity issues such as faulty random number generators or manipulated games.
- Data protection breaches.
- Failure to prevent underage gambling.
- Enforcement is becoming more stringent in many regions, with the UK issuing some of the largest fines worldwide. Regulators increasingly expect operators to implement robust transaction monitoring and will assess whether violations are isolated or systemic.
Implications for brokers and their clients:
- Ensure adequate D&O coverage, as enforcement actions frequently target executives and board members.
- Obtain reputational protection, as significant penalties can erode consumer trust and investor confidence.
- Consider business interruption insurance to protect revenues when regulators impose operational restrictions or temporary suspensions.
Source: Casino Industry News. (2025). Casino Industry Fines & Penalties.
AI Infrastructure Investment Sparks Fears of Massive Overvaluation
Hundreds of billions in AI infrastructure investment have raised concerns about inflated valuations and uncertain profitability. Fears escalated after investor Michael Burry (known for betting against the US housing market) shorted several major tech shares.
Legal expert Greg Ramos told Investing News Network that the sector may be overbuilding capacity without sufficient demand. He compared current investment trends to the telecom bubble, where excessive buildout led to a severe market correction. Ramos noted that capacity-sharing models with flexible resource allocation may help reduce risk.
Implications for brokers and their clients:
- Consider misrepresentation and warranties insurance to address claims that investors were misled about demand projections or infrastructure needs.
- In the event of a market correction, robust D&O insurance may help protect against securities litigation.
- Work with insurers that have AI-specific regulatory and governance expertise.
Source: Investing News Network. (November 18, 2025). AI’s Infrastructure Boom: Risks, Legal Insights and Innovation.
