HOW USEFUL WAS THIS POST? RATE, LEAVE A COMMENT REQUESTING CHANGES, AND WE’LL AMEND ACCORDINGLY.
From sanctions evasion through crypto to genetic data privacy, this edition of Risk Wrap highlights six developments shaping compliance, governance, and insurance exposure across high‑risk industries.
Sanctions Evasion Soars as State-Backed Crypto Activity Explodes
The value of crypto received by sanctioned entities in 2025 rose by 694%, a 162% year-on-year increase.
Funds stolen by North Korea (over $2 billion in 2025) reportedly fund the weapons of mass destruction program. Iranian crypto activity is becoming increasingly state-driven, with the Islamic Revolutionary Guard Corps and its proxy networks responsible for more than 50% of the value received in Q4 2025 (which totaled more than $3 billion). Meanwhile, A7A5, the ruble-backed stablecoin, is allowing Russian companies to access global markets. $93.3 billion was processed through A7A5 in less than a year.
International regulatory bodies have significantly increased coordinated efforts targeting crypto-related activity that’s considered to be facilitating sanctions evasion.
Regulators are shifting from targeting individual wallets addresses to pursuing exchanges, brokers, and other service providers. Disrupting their activities can significantly weaken large-scale, state-backed operations.
Regulation surrounding decentralized protocols is still ambiguous. For example, in March 2025, the non-custodial mixer Tornado Cash was removed from OFAC’s Specially Designated Nationals List after a court ruling established that its autonomous smart contracts couldn’t be classed as property subject to sanctions. Regulators are also vigilant about the risks posed by privacy-enhancing tools that obfuscate transactions.
Implications for brokers and their clients:
- Crypto service providers should confirm whether their D&O policies cover regulatory investigations, sanctions enforcement actions, and shareholder claims arising from alleged compliance failures related to illicit activity.
- Given the scale of state-linked cybercrime targeting crypto infrastructure, maintain robust cyber liability coverage that includes protection against hacking incidents, asset theft, and network intrusions.
- Secure robust tech E&O insurance to address failures in transaction monitoring and other compliance controls.
Source: Chainalysis (March 5, 2026). Crypto Crime in 2025 Was Primarily Driven by 694% Surge in State-Driven Sanctions Evasion Volume.
Emerging insurance industries mentioned: Digital Asset and Web3 Insurance.
Debate Intensifies Over Crypto and Fintech National Trust Charters
The Bank Policy Institute (BPI) is evaluating whether to sue the Office of the Comptroller of the Currency (OCC) over the regulator’s decision to grant national trust charters to US crypto and fintech companies. The potential lawsuit stems from concerns that the OCC has reinterpreted federal licensing rules despite repeated warnings from banking groups.
Smaller banking industry groups and state regulators have warned that allowing crypto and payments companies to operate under national trust charters could weaken regulatory oversight and raise risks for the financial system. Critics also argue that the approach could undermine consumer protections.
Resistance increased in February when the American Bankers Association urged the OCC to suspend charter approvals due to risks around crypto firm charters that lack deposit insurance.
Despite the opposition, the OCC continues to grant conditional approvals and the number of applicants is growing.
Implications for brokers and their clients:
- Fintech companies seeking or relying on regulatory charters should review their Directors and Officers insurance to check if it covers regulatory investigations, enforcement actions, and litigation arising from challenges to licensing frameworks.
- Firms should consider business interruption insurance to help mitigate revenue losses and operational disruption if legal disputes, regulatory rulings, or licensing delays prevent them from operating key services.
- Consider specialized fintech insurance policies that cover the unique exposures fintechs face, especially where new technologies are involved.
Source: The Block (March 9, 2026). US banking lobby weighs lawsuit against OCC over crypto, fintech national trust charters: report.
Emerging insurance industries mentioned: Fintech Insurance.
OpenAI Confronts New Lawsuit Over AI Training Data
Another copyright lawsuit has been filed against OpenAI. On March 13, Encyclopaedia Britannica and its subsidiary Merriam-Webster filed the suit, claiming OpenAI copied nearly 100,000 encyclopedia and dictionary entries and used them for training. It claims that OpenAI “cannibalized” its web traffic with AI-generated summaries which are near-verbatim copies of its content.
Britannica also alleges trademark infringement due to the implied authorization to reproduce its content and at times, falsely cite the publisher in AI-hallucinations.
Britannica is seeking unspecified damages and a court order to halt the alleged misuse of its material. An OpenAI spokesperson stated that its practices are consistent with fair use.
Implications for brokers and their clients:
- AI companies should investigate media liability insurance to cover copyright and trademark infringement claims arising from the use of third-party content in training data or generated outputs.
- Review tech E&O coverage in case of claims that AI models generate inaccurate attributions.
- Consider business interruption insurance that addresses revenue losses or operational disruption due to court orders or litigation.
Source: Reuters (March 17, 2026). Encyclopedia Britannica sues OpenAI over AI training.
Lines of business mentioned: Tech E&O Insurance, Media Errors & Emissions Insurance, Business Interruption Insurance.
Space Economy Risks Every Operator Must Prepare For
Governments are rapidly modernizing space‑sector regulation, and operators now face a tightening web of compliance expectations across multiple domains. As commercial launch activity expands, regulators are sharpening their focus on operational risk, environmental impact, and the long‑term sustainability of Earth’s orbital environment.
Four areas in particular are becoming central to licensing and supervision across the US, UK, Australia, and other jurisdictions:
Cybersecurity exposure is accelerating. Launch sites, ground stations, and satellite systems are high‑value cyber targets, and regulators increasingly expect operators to demonstrate resilience against intrusions that could disrupt missions or compromise critical communications. Cyber preparedness is becoming a prerequisite for mission approval rather than a post‑launch consideration.
Environmental scrutiny is intensifying. Agencies are demanding more detailed environmental impact assessments for launch operations, including analysis of emissions, noise, and local ecosystem effects. These processes can trigger additional mitigation requirements, extend approval timelines, and introduce significant cost uncertainty for operators.
Debris mitigation expectations are rising. Global regulators now require operators to show how they will minimize debris creation, support responsible end‑of‑life disposal, and align with international standards. Incorporating debris‑management strategies early in mission design is increasingly necessary to avoid licensing delays.
Health and safety compliance is broadening. Operators must demonstrate robust workplace safety practices, not only for onsite teams but also for surrounding communities exposed to risks such as falling debris or explosive propellants. As launch frequency grows, so does the regulatory emphasis on public‑safety assurance.
Implications for brokers and their clients:
- Consider specialist space economy insurance to protect satellites and spacecraft against loss or damage during launch and in-orbit.
- Secure comprehensive third-party liability coverage to meet regulatory requirements and address potential injury or property damage claims arising from incidents including launch failures and debris impacts.
- Investigate robust cyber liability insurance tailored to the risks associated with space economy operations.
Source: Norton Rose Fulbright (December 2025). Getting to launch: Navigating regulation in the global space economy.
Emerging insurance industries mentioned: Space Economy Insurance.
Can Genetic Data Ever Be Anonymous? New GIPA Lawsuit Sparks Debate
A proposed class action lawsuit has been filed against Tempus AI Inc., alleging violations of the Illinois Genetic Information Privacy Act (GIPA) following Tempus’s acquisition of Ambry Genetics.
According to the complaint, Tempus obtained genetic information from Ambry’s database without obtaining the written consent required under GIPA. The lawsuit also claims that genetic information was disclosed to third parties, including pharmaceutical and biotech companies, without the authorizations required by the statute. The plaintiffs are seeking statutory damages, injunctive relief to stop further disclosures, and certification of a class action.
The dispute also challenges the concept that genetic data described as “de-identified” can truly be anonymous. The plaintiffs argue that genetic information is inherently identifying and therefore may still be traceable to individuals even when personal identifiers have been removed.
Under GIPA, companies must obtain written consent before collecting, using, or disclosing genetic information. If plaintiffs prove harm, violations can incur statutory damages ranging from $2500 to $15,000 depending on whether the conduct is classed as negligent, reckless, or intentional.
Implications for brokers and their clients:
- Companies handling genetic or health data should investigate cyber liability insurance to cover claims involving unauthorized collection, disclosure, or misuse of sensitive personal information.
- Companies developing healthcare AI systems should secure robust tech E&O coverage for claims alleging failures in system design, data governance, or compliance with privacy laws.
- Companies involved in acquisitions or large-scale data processing should check whether D&O policies cover shareholder or regulatory actions arising from alleged failures in data governance or privacy compliance.
Source: JD Supra (February 27, 2026). Genetic Goldmine or Legal Landmine? Tempus AI Confronts GIPA Exposure.
Lines of business mentioned: Cyber Liability Insurance, D&O Insurance.
