HOW USEFUL WAS THIS POST? RATE, LEAVE A COMMENT REQUESTING CHANGES, AND WE’LL AMEND ACCORDINGLY.
From AI governance to Peru’s cannabis industry, this edition of Relm’s Risk Wrap highlights six developments shaping compliance, governance, and insurance exposure across high-risk industries.
AI Governance Failures: An Intensifying Material Risk Facing Directors and Officers
Poor AI governance is becoming a liability risk for directors and officers as regulations start to mature. For global firms, the challenge is compounded by regulatory fragmentation.
However, the implications extend well beyond compliance. AI governance increasingly affects company valuation, disclosure obligations, and investor trust. Valuations are driven heavily by intangible assets including data, IP, and reputation, and these assets are highly sensitive to governance failures.
A growing concern is ‘AI-washing,’ where companies overstate or misrepresent the capabilities of AI systems to enhance valuations or investor appeal. When those claims unravel through poor performance or regulatory investigations, the resulting loss of intangible value can be significant.
Implications for brokers and their clients:
- AI providers should ensure their directors and officers insurance explicitly responds to AI governance failures and is aligned with current regulatory requirements.
- Organizations using AI should review professional indemnity and tech E&O cover to confirm it responds to claims arising from AI faults.
- Organizations using AI should assess third-party risk transfer arrangements, including indemnities from AI vendors and the scope of vendors’ insurance coverage, to ensure contractual protections and insurance limits are adequate and coordinated with their own policies.
Source: Insurance Business (February 5, 2026). AI governance failures are becoming a D&O liability risk.
Ignorance Is No Defense Under the UK’s New Fraud Prevention Law
In the UK, AI governance is especially critical when it comes to fraud thanks to the Failure to Prevent Fraud offence introduced by the Economic Crime and Corporate Transparency Act 2023. Under this legislation, large organizations can be criminally liable if they fail to prevent fraud that benefits the company, whether it’s committed by employees, agents, or associated persons, and whether or not senior management knew about the misconduct.
AI systems (especially agentic ones) can perform actions that resemble fraudulent behavior, like manipulating data or misrepresenting information that could help secure contracts. If such actions occur and the organization benefits, regulators may view the absence of adequate AI oversight and safeguards as a failure to implement “reasonable procedures” to prevent fraud.
Organizations can’t simply blame AI when things go wrong. They must demonstrate robust governance, documented risk monitoring, and compliance frameworks that address both UK fraud prevention requirements and emerging AI regulations.
Implications for brokers and their clients:
- Review crime insurance policies to confirm whether losses arising from AI-enabled fraud are covered.
- Review whether regulatory and defense costs related to AI-enabled fraud are covered under existing professional indemnity policies.
- Review policy wording to ensure clarity around acts of employees versus automated systems.
Source: KPMG UK (2026). AI-driven fraud: Corporate liability under the failure to prevent offence.
Spain’s 2026 Gambling Reforms Raise the Compliance Bar
Spain’s gambling regulator, the Dirección General de Ordenación del Juego (DGOJ), has revealed its regulatory priorities for 2026. Player protection and tackling unauthorized gambling are central themes, with a focus on prevention of using alert systems, risk detection, and deposit controls.
Two systems are being introduced for this purpose. The Joint Deposit Limits System will enable the monitoring of players’ exposure, and a system for detecting risk behaviors is in the pipeline.
The DGOJ emphasized the importance of international cooperation when tackling illicit activity, as unlicensed operators exploit regulatory gaps across jurisdictions. Authorities are planning enhanced cooperation with law enforcement and other cross-border partners to protect consumers more effectively.
The DGOJ also stressed that the supply chain within commercial operations requires attention and that advertisers, technology platforms, and content providers all share the responsibility of containing the unauthorized market.
Implications for brokers and their clients:
- Collaborate with insurance providers that specialize in the gambling industry and have deep expertise in Spanish regulation.
- Verify whether existing policies will cover the costs that may arise from breaches of Spain’s increasingly prescriptive safer gambling operations.
- Investigate third-party and professional liability insurance to protect against claims linked to failures by technology providers, advertising partners, or monitoring tools that are now considered part of a shared responsibility framework under Spanish regulation.
Source: SiGMA World (February 2, 2026). Safer gambling: Spain’s 2026 regulatory roadmap.
PSLV Launch Failure Raises Liability Questions in the New Space Economy
India’s Polar Satellite Launch Vehicle suffered an anomaly that prevented it from delivering 16 payloads into orbit. Despite the overall failure, Orbital Paradigm’s Kestrel Initial Demonstrator capsule survived long enough to separate and transmit a few minutes of flight data before crashing back to Earth.
This incident raises questions about launch risk and liability in the new space economy, since technical anomalies can trigger significant financial and contractual exposure for launch providers, satellite operators, and payload customers. Existing liability frameworks may be tested as commercial activity expands.
Implications for brokers and their clients:
- Operators should ensure their launch and in-orbit insurance clearly defines trigger points for partial failures, rideshare losses, and non-nominal mission outcomes.
- Operators should review cross-waiver and indemnity provisions to confirm alignment and avoid unintended uninsured gaps.
- Emerging space companies should regularly reassess coverage limits and exclusions as mission complexity increases, particularly when flying as secondary payloads on shared launch vehicles.
Source: Payload Space (January 13, 2026). Exclusive: Orbital Paradigm Emerges as the Lone Survivor of Failed PSLV launch.
$128 Million Balancer Exploit Highlights Persistent Smart Contract Risk in DeFi
In November 2025, the Balancer DeFi protocol experienced a major security breach in its V2 Compostable Stable Pools, resulting in over $128 million in digital asset theft due to vulnerabilities in its smart contract logic.
Attackers exploited precision rounding errors in swap calculations, where repeated rounding down of token amounts during batchSwap operations led to distorted prices and enabled large-scale asset drains.
Another technique involved manipulating exchange rates through malicious smart contract code. Pools could then be drained through swaps made at favorable rates.
The exploit affected at least 27 other forks across multiple blockchains, despite multiple prior security audits. The methods used by the attacker are consistent with recent trends in cybercrime targeting DeFi.
Implications for brokers and their clients:
- Investigate smart contract failure insurance that covers losses from on-chain exploits and logic vulnerabilities.
- Evaluate cyber and technology E&O policies to ensure coverage for losses arising from third-party protocol code reuse.
- Assess whether existing policies provide adequate coverage for regulatory investigations and securities litigation arising from protocol exploits, particularly where governance failures, audit reliance, or disclosure practices are scrutinized following a major loss event.
Source: Rescana (November 24, 2025). Comprehensive Analysis of the $128 million Balancer V2 DeFi Exploit: Attack Vectors, Impact, and Mitigation Steps.
Peru’s Cannabis Sector Continues to Develop Across Medical and Industrial Uses
Peru’s progressive regulatory approach to medicinal cannabis and hemp is positioning the country as an emerging leader in Latin America for innovation, patient access, and industrial development.
A key milestone was the enactment of Law No. 32195 in December 2024. This enabled the use of non-psychoactive hemp in cosmetics, food products, textiles, construction, and other industrial applications, as long as firms comply with safety, quality, and traceability standards. Draft regulation has since been published, covering the requirements for production, transformation, and commercialization.
Meanwhile, the established pathways for medicinal cannabis products continue under the national regulatory framework, which has enabled the expansion of marketing authorizations and compounding practices. Compounding has widened the range of therapeutic options available, especially for patients with chronic conditions.
One particularly effective pathway is the registration of cannabis-based products as natural products. As of mid-2025, DIGIMED had granted 27 marketing authorizations for cannabis-related products, 23 of which are registered under this category.
Implications for brokers and their clients:
- Investigate regulatory liability and directors and officers insurance to cover risks arising from licensing compliance, product authorizations and evolving legal requirements.
- Ensure product liability insurance extends to cannabis-derived medicines, cosmetics, and industrial hemp products, including coverage for recalls and contamination claims.
- Businesses entering the industrial hemp market should review property, marine cargo, and supply chain insurance to address risks linked to cultivation, processing, cross-border transport, and traceability obligations.
Source: International Bar Association (December 4, 2025). Regulatory evolution of medicinal cannabis and the new legal framework for hemp in cosmetic and food applications in Peru.
