Skip to main content

Article

Protecting wealth management from digital risks

Wealth managers have undergone a significant change recently with a move towards digital tools. It is critical to establish if traditional insurance products provide adequate protection.

Protecting wealth management: Professional indemnity policies may fall short in covering AI and other digital risks

Wealth managers have undergone a significant shift, as decades of face-to-face services make way for digital tools designed to streamline the advisory process. Many organisations are now leveraging algorithmic platforms in conjunction with human interaction to reduce costs and distribute advice more efficiently when constructing portfolios. However, the shift away from human oversight presents a host of new risks. Therefore, it is critical that organisations establish whether traditional insurance products provide adequate protection.

Emerging digital risks

Algorithmic and artificial intelligence (AI) risk: As digital tools take an increasingly pivotal role in the management of client assets, client risks shift from faulty human advice to the integrity of algorithmic and AI solutions. Reliance on algorithms for investment decisions creates the possibility of errors, biases, or overfitting (where a model is too closely tailored to historical data) that could lead to suboptimal outcomes for the client. The inability of wealth management platforms to capture a client’s risk tolerance may lead to misalignment in asset allocation or conflicts of interest. Additionally, inaccurate or unreliable predictions may be produced if the underlying data supplied to AI models is incomplete, biased, or not representative of future market conditions. As reported in The Global Risks Report 2024, respondents to the Global Risks Perception Survey rank AI-generated misinformation and disinformation as the second biggest risk for 2024, after extreme weather.

Cyber and technology risk: Reliance on technology leaves wealth management platforms exposed to the risk of malicious cyberattacks or failures in the infrastructure itself. Access by cybercriminals to the vast amounts of sensitive client information wealth managers possess could result in identity theft, fraud, and reputational damage for the wealth manager and its clients. Additionally, attackers can target the criticality of algorithms to the platform’s business to influence investment decisions — potentially leading to financial losses for clients.

Fiduciary risk: Wealth management platforms still owe a fiduciary duty to the investor in the same way a human adviser does, despite being digitally driven. Any breach of obligations to a client could result in fines, civil litigation, or regulatory investigations. In the US, new rules proposed by the Securities and Exchange Commission would require organisations to address conflicts of interest associated with their use of predictive data analytics to prevent them from placing their interests ahead of investors’ interests. Wealth managers should ensure that clients understand the limitations and assumptions of the algorithms used to generate investment recommendations.  

Does your professional indemnity policy address emerging risks?

While organisations should take steps to mitigate these emerging risks, fully negating their impact is unrealistic. It is critical insurance protection is robust enough to respond where other mitigation fails. Professional indemnity (PI) insurance provides protection against third-party claims of professional negligence, errors, or omissions in the delivery of services. PI policies are generally designed to safeguard organisations from potential financial losses resulting from the legal actions of dissatisfied clients.

However, traditional PI policies commonly segregate financial and technology services into separate policies. Often, financial services PI policies have terms and conditions that are incompatible with the risks of a digital organisation. Common flaws traditional insurance policies contain in responding to emerging risks could include:

  1. Mechanical breakdown/infrastructure exclusions 
    Exclusions designed to manage large aggregating events for insurers, such as public utilities or infrastructure failure, are commonly drafted to also exclude software or hardware failures beyond the insured’s control. As the typical wealth management operating framework relies significantly on third-party software and service providers, there is potentially a major gap in coverage resulting from technology failures that lead to claims.
  2. Intellectual property infringement exclusions 
    Almost all PI policies will have a form of intellectual property exclusion — even if these exclusions are only for deliberate acts. This potentially creates a coverage gap for wealth management platforms where talent from other organisations has been leveraged to help build critical algorithmic code. If developers have used code belonging to their original organisation, this could lead to IP infringement litigation and battles with insurers over whether the action was deliberate and thereby excluded.
  3. Cyber exclusions 
    Some PI policies may exclude coverage for either cybersecurity or data breaches. PI insurers may view covering these risks under a standalone cyber insurance policy as more appropriate. However, cyber policies are not designed with exclusions of other policies in mind, which often results in coverage gaps. For example, a cybersecurity incident such as tampering with critical algorithms may cause a valid professional indemnity claim, leading to a client loss. Cyber insurers may subsequently look to professional service exclusions in cyber policies, landing the claim squarely in the gap between the two policies.
  4. Wrongful act definitions 
    Some policy wordings define a wrongful act as being an act, error, or omission committed by an employee of the insured or any person or entity for whose acts, errors, or omissions the insured is held to be legally responsible. A wrongful act must be established to trigger coverage. Coverage issues may occur where third-party claims result from the usage of AI, as insurers may argue that the AI is neither an employee of the insured nor an external person or entity.

How to address the coverage gaps

It is critical that your organisation counters the gaps and flaws in traditional PI policies to build resilience and eliminate risk. Policies should be designed to negate both the digital and financial services risks applicable to each business. Insurance policies can be tailored to cover the emerging risk areas discussed in this article. The Marsh Challenger and Disruptor Insurance (CADI) is a solution available to help wealth management organisations plug coverage gaps.

CADI can offer broad protection against:

  • Internal and external fraud, including social engineering.
  • Civil liability arising from the provision of professional and financial services, meaning that you do not need to purchase two separate PI policies.
  • Specific cover to address regulatory requirements.
  • Cryptocurrency crime, covering digital assets in hot wallets and cold storage.
  • Directors and officers (D&O) liability, whether your company can or cannot indemnify a director or officer.

To find out more about how Marsh can help you in this space, please contact your adviser.