Insurers haven’t reacted to increased regulatory scrutiny with blanket changes to coverage – instead, they’ve gotten sharper at underwriting.
“There haven't been any blanket changes to the actual policy forms. If anything, they just keep broadening,” said Jessica Thayer (pictured), senior vice president and financial services practice leader at Starkweather & Shepley Insurance. “What we're seeing is more underwriting to each specific risk.”
Rather than reacting to headlines or anticipating sweeping enforcement actions, carriers have shifted their focus to the internal mechanics of individual firms. That includes leadership bios, investment strategy, and client base – especially for breakaway firms or newly formed RIAs.
“They're really underwriting to those individuals that are making the decisions, creating the strategy and the philosophy of that organization,” said Thayer.
Carriers have taken this approach because the sector hasn’t experienced a systemic regulatory crackdown since the financial crisis. “The last one was really the credit crisis. That was the last big regulatory event where the underwriters all reacted with either coverage restrictions or higher premiums, or restrictions in capacity,” Thayer said.
While insurers remain relatively stable on professional liability coverage, they’re significantly more cautious when it comes to alternative investments or less regulated assets.
“Underwriters like consistency, and they like the known part of things, so they love regulation,” Thayer said. “When you start looking into private funds or even digital assets, that's when underwriters start getting a little uneasy.”
Crypto involvement, in particular, has become a red flag. “Some underwriters won’t provide quotes if you have digital currency, or if that’s part of your strategy,” she said.
Pricing reflects this discomfort. Firms managing regulated products like 40 Act funds tend to see better rates, while those involved in private placements or complex alternatives often pay more – if they can get coverage at all.
“It’s not really cut and dry,” Thayer said. “Each investment advisor, broker-dealer works with different products, has different client bases – that all sort of works into it.”
Client base also matters. Larger pension funds, for example, are considered more litigious and carry higher potential claim severity than individual high-net-worth investors.
Some carriers are willing to take on higher-risk clients – at a price. “They might have higher deductibles, but they're willing to work with organizations that take on more risk,” she said.
Unlike E&O, cyber liability policies have changed significantly – not in scope, but in how insurers vet risk.
“At the beginning of the cyber insurance phase [policies] were definitely more restrictive. What we see now is because of the amount of competition in this area, the policies are now quite broad,” said Thayer.
Still, that coverage depends on a firm’s ability to meet security baselines. Without multi-factor authentication or endpoint detection, there’s no path to a policy. “If you don't have MFA... there's no way you're going to even get insurance,” she said.
In financial services, the biggest exposure is extortion, not data theft. “Somebody clicks on a link that they shouldn't... Typically, those hackers don't act. They learn the behavior of the organization,” Thayer said. Once they have mapped how systems operate and where money moves, they shut everything down and demand a ransom.
Originally, insurers refused to cover ransomware. The concern? It would make insured firms more attractive targets. That has changed.
“In order to be competitive in this area, they have broadened it to cover cyber extortion,” she said. But not all policies are created equal. “Some insurers do sublimit that... but we don't typically recommend it because that really is where the exposure exists.”
Understanding sublimits has become essential. Thayer advised firms to review these terms carefully – particularly those related to extortion – and incorporate the findings into their contingency planning.
Wealth management consolidation has added operational and reputational risk, especially when it comes to legacy liability.
“In terms of the way we address it from a risk standpoint, it does dovetail with what the purchase and sale agreement says,” said Thayer.
In most deals, the acquired firm purchases tail coverage – usually for one to six years. “For six years, it can be a good amount of premium that is being paid,” she said. Ideally, the same insurer already covering the firm provides the tail, preserving continuity.
That isn’t always possible. “Some [carriers] may be charging a crazy amount, or they were providing a restriction that we needed covered, so we'll go to another insurer and get that tail – but that's typically not ideal,” she said.
Coverage for legacy liabilities under the acquirer’s program is rare, which makes proper tail coverage essential. “It's not as frequent as putting the firm that's being acquired programs into tail or runoff coverage,” she added.
Reputation becomes an issue when clients choose to fight claims they believe are baseless. Insurers want to settle – clients don’t want to appear guilty.
“They want to protect their reputation,” Thayer said. “Sometimes... I'll see that one of our clients doesn't want to settle. They want to keep fighting....it’s imperative to choose an insurer that you feel comfortable will be a partner during the claim process” she said.
As firms grow, adopt digital strategies, and diversify offerings, insurers are watching more closely – not to restrict coverage, but to select clients with a tighter lens. “For the most part, what we're seeing is broadened coverage, really underwriting to the exposures and trying to get more market share where they can be profitable,” she said.
