From AI-driven compliance risks to mounting pharmaceutical litigation, this edition of Risk Wrap highlights five global developments that are reshaping liability, compliance expectations, and insurance coverage.
AI in Compliance: What Risks do Companies Fear the Most?
AI is becoming a key technology for legal and compliance functions. Early adopters are already benefitting but face challenges around implementation, policy gaps, and the inherent risks of deploying AI in sensitive areas.
White & Case’s recent study, 2025 Global compliance risk benchmarking survey, shows that 36% of respondents report using AI in both compliance and investigations processes, while 26% report using it exclusively for compliance.
The most common application of AI in compliance is for large-scale text analysis, with organizations relying on the technology to:
- Summarize documents (88%).
- Review documents during investigations (85%).
- Conduct risk assessments (83%).
Organizations cited the following concerns about using AI in compliance:
- Data protection risks (64%).
- Inaccuracy (57%).
- Bias (27%).
Despite the risks, 37% of companies are yet to implement a formal governance policy. Public companies are further ahead in this area, with 75% reporting policy adoption compared to just 44% of private companies.
Implications for brokers and their clients:
- Businesses deploying AI should ensure both internal use and vendor contracts are backed by insurance that explicitly responds to AI-driven failures.
- Weak or absent AI governance can lead to higher premiums or insurability challenges, as underwriters increasingly assess governance maturity.
- Traditional cover may not extend to AI errors. Tech E&O is often required, and exclusions for misrepresentation or bias are tightening, while overlaps between cyber and E&O policies can create disputes if wordings are not carefully aligned.
See other graphs from the study below.
Source: White & Case. (September 25, 2025). 2025 Global Compliance Risk Benchmarking Survey: Artificial Intelligence in the Compliance and Investigations Function
FDA Launches Aggressive Crackdown on Deceptive Pharma Ads
The Food and Drug Administration (FDA) has announced a major crackdown on misleading direct-to-consumer pharmaceutical advertisements.
The agency is sending thousands of warning letters and about 100 cease-and-desist notices to pharmaceutical companies running deceptive ads. They’re also launching rulemaking to close the “adequate provision” loophole that allowed drug companies to conceal safety risks in ads.
A 2024 review in the Journal of Pharmaceutical Health Services Research showed that 100% of pharma companies’ social media posts mentioned drug benefits but only 33% mentioned potential harm.
From now on, pharmaceutical ads will have to clearly present drug risks along with benefits. The FDA has started using AI to monitor ads proactively and will aggressively enforce current laws after a period of declining oversight.
Implications for brokers and their clients:
- D&O, E&O, and media liability cover should explicitly extend to regulatory investigations and advertising-related claims.
- Heightened reputational risk makes crisis-management extensions critical to mitigate the financial impact of regulatory or consumer backlash.
Source: U.S. Food and Drug Administration. (September 9, 2025). FDA Launches Crackdown on Deceptive Drug Advertising.
Social Engineering, AI Exploits, and Access Hacks Dominate 2025 Crypto Crime
Crypto crime is soaring, but what tactics do attackers rely on most? In Q1 2025, $1.63 billion was lost due to access-related thefts (83% of the period’s total). Phishing and social engineering accounted for another $594 million, while smart contract flaws caused losses of $263 million. AI-related exploits, primarily targeting insecure APIs, rose by 1025% compared to 2023.
Implications for brokers and their clients:
- Cyber and crime policies should be reviewed to confirm coverage for AI-related vulnerabilities, social engineering, and smart contract failures.
- Reputational harm from large-scale breaches may require crisis-management cover to protect brand and investor confidence.
- Clients may need stronger security governance and vendor risk management to satisfy insurer scrutiny.
Source: TechRound. (September 3, 2025). The New Norm Of Crypto Crime: Why 2025 May Be Web3’s Hardest Year Yet.
Sweden’s Gambling Sector Under Money Laundering Spotlight
A new risk assessment has revealed that Sweden’s gambling market is more susceptible to money laundering than previously believed. The most serious vulnerabilities are linked to very high turnover, high transaction volumes, and the apparent anonymity of online play. Land-based casinos, once seen as lower risk, are now considered more exposed.
These findings may lead to stricter regulations. The Gambling Authority noted that its revised methodology aligns with both the national risk assessment and the European Commission’s supranational framework.
Implications for brokers and their clients:
- Operators should ensure their insurance extends to AML investigations, financial crime, and reputational harm.
- Repeated AML failures frequently lead to higher deductibles, restricted limits, or even non-renewal of cover.
- Insurers may expect operators to demonstrate more robust risk management frameworks before offering favorable terms.
Source: SiGMA. (September 29, 2025). Swedish gaming regulator raises alarm over money laundering risk.
New York’s Cybersecurity Rules Hit Full Force in November 2025
New York’s Department of Financial Services (DFS) has set November 1, 2025, as the final compliance date for the amended 23 NYCRR Part 500 Cybersecurity Regulation.
Originally introduced in 2017 and strengthened through a Second Amendment in 2023, the rules apply to all DFS-regulated financial services businesses, including banks, insurers, mortgage lenders, money transmitters, and virtual currency firms.
The upcoming deadline marks the point when all key requirements must be fully operational and auditable. Among the major changes are:
- Expanded multi-factor authentication across users and systems.
- Comprehensive asset inventories that document ownership, sensitivity, location, support lifecycle, and recovery objectives.
- Continuous vulnerability management with automated scans and timely remediation.
- Strict access privilege reviews and controls, including Privileged Access Management for Class A firms.
- Enhanced monitoring and training, including advanced detection tools and mandatory social engineering training.
Implications for brokers and their clients:
- Cyber liability tailored to fintech and crypto firms is now critical to address ransomware, breaches, and regulatory penalties.
- Tech E&O remains essential where inadequate controls or system failures cause third-party loss or trigger investigations.
- Coverage is increasingly conditioned on documented compliance with DFS standards. Firms that cannot demonstrate this may face exclusions or claim denials.
Source: JD Supra. (September 29, 2025). Are You Ready? New York DFS Cybersecurity Regulation Compliance Deadline Approaches Its Final Compliance Phase.
