Fintech Innovation Backtracks After Section 1033 Reversal
The CFPB’s reversed course on the Section 1033 rule has left fintechs, smaller banks and investors in an uncertain position. The rule enabled banks to share data securely with third parties at the consumer’s request — without it, innovation has stalled.
Companies that invested heavily in API infrastructure now find themselves stuck in limbo, unsure whether their efforts will align with whatever replacement framework the CFPB eventually develops.
Some firms are already shifting their focus abroad, especially to Europe, where the PSD2 mandate has created a more stable environment for data sharing. India and Latin America are also on the cards for many companies.
Implications for brokers and their clients:
- Ensure D&O, Tech E&O, and cyber policies address regulatory and data-sharing risks — particularly where vendor contracts or cross-border moves increase exposure.
- Review vendor contracts and insurance requirements to cover API providers, banks, and aggregators.
- Anticipate new exposures as fintechs move to Europe, including GDPR and local regulatory risks.
Source: AInvest. (August 23, 2025). Open banking turmoil: Navigating regulatory risk and capital reallocation in fintech.
Californian Cannabis Poison Risks: a 469% Increase
Child cannabis poisonings in California have risen by 469% since legalization. And Research by UCSF discovered that critical care was needed in almost 17% of cases reported to poison control. The numbers are a stark reminder of the potential risks cannabis products can pose, even if a post-legalization world.
While the ultimate responsibility to restrict access lies with customers, packaging rules should help solve the problem. But unlike other states, California doesn’t mandate plain packaging and enforcement can be inconsistent.
Compounding the problem is potency. A 2024 study from the Cannabis Control Commission found that most products sold by retailers in California contain 20% THC or more — five to ten times higher than the levels common in the 1970s and 1980s. The American Academy of Pediatrics warns that even 1.7 mg of THC can be toxic to a child under six years old.
Implications for brokers and their clients:
- Gaps between packaging regulations and enforcement increase liability exposure. Coverage must reflect these uncertainties.
- D&O coverage is critical in case of negligence claims tied to safety practices or compliance failures.
- Expect heightened litigation risk if regulators tighten packaging laws and companies are found lagging.
Source: The Sacramento Bee. (August 25, 2025). California’s cannabis packaging rules are failing. Kids are paying the price.
Hackers Supercharged by AI: What 70% of Executives Fear
Over 70% of executives expect financial crime risk to increase this year, up from 67% in 2023, according to Kroll’s 2025 Financial Crime report. The main drivers are rising cyberattacks and the increasing use of AI by cybercriminals.
The report discusses how attackers increasingly exploit weaker parts of an organization’s supply chain through so-called ‘secret leaks’ — exposed passwords, encryption keys, and credentials left unprotected online.
Modern software practices are compounding the risk. Third-party libraries and tools make it harder to create secure, de-federated interchanges that manage these secrets. Rapid development and the use of new AI tools creates further vulnerabilities.
Many companies remain underprepared. Only 37% of executives said they were very confident their compliance programs can assess supply chain threats, and just 38% believe their programs are very prepared to address these issues in 2025.
Criminals are also using generative AI in increasingly sophisticated ways. Tactics include creating fake accounts to launder funds, impersonating executives to trick employees, and issuing fraudulent payment instructions.
Implications for brokers and their clients:
- Cyber and crime policies must now explicitly address AI-enabled fraud and social engineering.
- Review D&O coverage. Senior leaders could face liability if compliance programs are found inadequate in the face of known AI-enabled risks.
- Strengthen requirements for third-party risk management, including proof of insurance, incident response obligations, and liability sharing in the event of a breach.
Source: Kroll. (April 24, 2025). Financial Crime Report 2025
£1 Million Fine Slams UK Gambling Giant for AML and Safety Failures
The UK Gambling Commission has fined ProgressPlay Limited £1 million for repeated AML and social responsibility failings. The company, which operates 134 gambling websites, will now undergo a third-party audit.
This is the operator’s second penalty, following a £175,718 fine in 2022. AML failures included a lack of adequate money laundering and terrorist financing (MLTF) risk assessment or controls, insufficient scrutiny of customer transactions, and failure to adopt a risk-based approach across its operations.
Social responsibility failures included weak monitoring of customer activity at account opening, delaying early detection of gambling-related harm. There were also inadequate processes in place to evaluate customer interactions and intervene when risks of harm persisted.
Implications for brokers and their clients:
- Repeat offences are red flags for underwriters, likely triggering tougher terms, higher premiums, or exclusions.
- Review D&O policies. Directors could face personal liability when regulators find systemic governance failures around AML or customer harm.
- Policies should be reviewed for coverage of legal fees and remediation costs tied to regulatory failures.
Source: UK Gambling Commission. (August 21, 2025). £1m fine for online operator ProgressPlay Limited.
Novo Nordisk Lawsuit Wipes Out 21% — Biotech Investors on Edge
A securities lawsuit was recently filed against Novo Nordisk, alleging that the company overstated its dominance in the GLP-1 market. Specifically, they were accused of downplaying competitive threats from compounded GLP-1 alternatives and failing to disclose risks related to market saturation. This alleged misrepresentation triggered a 21.8% stock drop and has opened the door to shareholder claims tied to inaccurate disclosures.
Companies with overreliance on a single product line may be more likely to misrepresent market strength (60% of Novo Nordisk’s revenue comes from GLP-1 drugs). By contrast, firms with diversified pipelines are better shielded from regulatory or competitive shocks.
Implications for brokers and their clients:
- Representations and warranties insurance should be reviewed for coverage of disclosure-related claims.
- Policies should be stress-tested for shareholder claims, securities defense costs, and potential settlements.
- Ensure coverage extends to regulatory investigations, as misstatements tied to competition or market saturation often attract regulator as well as investor attention.
Source: AInvest. (August 10, 2025). Securities litigation and the GLP-1 revolution: Novo Nordisk legal challenges reshape biotech investment dynamics.
Can Developers Go to Jail for Code? Inside the Tornado Cash Verdict
The conviction of Roman Storm, co-founder of Tornado Cash, has intensified debate around whether software developers can be held legally responsible for how their code is used. Storm was found guilty of operating an unlicensed money-transmitting business, a charge that carries up to five years in prison.
Critics say the ruling sets a dangerous precedent — potentially criminalising neutral code. Tornado Cash was non-custodial, with users retaining control of their funds. Yet the court ruled that the platform still fell under money transmitter laws, sparking fears that open-source developers could face criminal liability if their software — whatever its function — is misused by bad actors.
Industry groups argue this case reflects a fundamental misunderstanding of decentralized technology and that prosecuting neutral code may stifle innovation.
Implications for brokers and their clients:
- While insurance won’t cover criminal penalties, policies should be reviewed for defence costs, investigations, and liability shifts if regulators broaden definitions of ‘money transmitting’.
- If developer liability expands, policy terms for DeFi clients may tighten.
- Monitor regulatory changes closely and consider potential liabilities triggered by new or evolving legal definitions.
Source: CoinMarketCap. (August 8, 2025). Roman Storm conviction for Tornado Cash sets ‘dangerous precedent’
