Knowing where to look for coverage is key to solving the AI puzzle.
Financial, Executive and Professional Risks (FINEX)
Artificial Intelligence
Generative Artificial Intelligence (Gen AI) is gaining traction with financial institutions, transitioning from an emerging technology to a strategic tool. Most firms are now in the early stages of adoption, focusing on governance frameworks, evaluating risks, and understanding how Gen AI fits into their plans. Many initial Gen AI uses are taking place in the back office, where the technology helps drives efficiency through increased productivity and automation of repeatable tasks. In the mid to long run, expect Gen AI to play an increasingly important role in the front office, helping firms better engage with customers and to create new and innovative advisory and financial products.
Managing the risks associated with Gen AI is like solving a complex puzzle—no single insurance policy covers all potential exposures. Instead, a comprehensive risk management strategy must be pieced together using various policies from your insurance portfolio.
Unpacking the pieces
As a general-purpose technology, Gen AI can be integrated into a wide range of applications. Accordingly, Gen AI creates risks that can permeate potentially every facet of a financial institution’s operations, creating significant disruptions to existing risk profiles while creating new and potentially uncovered risks. In no particular order, those risks might include:
01
Bias & Explainability
Complex AI models makes it challenging to explain their decisions. AI systems may inadvertently reflect and perpetuate biases present in training data.
02
Quality Concerns & Hallucination
Produces plagiarized content due to limited training data or a lack of understanding of originality.
03
Overreliance
The growing capabilities of AI raise the concern of excessive reliance without sufficient critical evaluation.
04
Infrastructure & Third Parties
Companies relying on external parties may face risks associated with the reliability, security, and continuity of those services. Internal resources require investments in talent and data storage.
05
Regulatory
Rapid advancements in AI may outpace the development of appropriate regulations, leaving companies navigating uncertain legal landscapes.
06
Data Privacy & IP
AI's complex algorithms and data usage fuel IP and data privacy risks. Mass data usage challenges the definition and protection of rights, ownership, and liability.
07
Crime
Gen AI tools can be misused for social engineering attacks, enabling financial scams and the creation of sophisticated fake identities & deep fakes.
08
Liability
How to determine which party is at fault when Gen AI makes a decision?
09
Content moderation
The diversity and unpredictability of generated outputs makes it difficult to establish clear content moderation guidelines.
10
Data accuracy
Biased, incomplete, or erroneous data leading to inaccurate outcomes, amplifying misjudgments and perpetuating disparities in decision-making processes. Datapoisoning.
11
Ethics
AI applications may raise ethical dilemmas, such as the use of facial recognition, surveillance, or autonomous decision-making in sensitive areas like healthcare and criminal justice.
12
Workforce Disruption
As more companies adopt AI applications to automate their process, there is an increased risk of job displacements and unemployment.
Taking stock of the puzzle pieces
It's important to note that coverage is, as always, highly fact-dependent, with the likelihood of finding coverage varying based on the specific circumstances of each claim or scenario.
To manage the risks posed by Gen AI effectively, financial institutions should adopt a multifaceted approach to insurance. This involves understanding how different risks align with various insurance policies. Our heat map illustrates the correlation between some of the top Gen AI risks and many of the insurance policies carried by firms today. Boxes codded “green” represent a high likelihood of finding coverage; “red”, a low likelihood; and “yellow” where coverage will depend heavily on the particulars of the claim and policy language at issue.
Putting the pieces together
Cyber insurance: navigating increased vulnerabilities and data privacy
Not surprisingly, cyber security remains a top priority for business leaders in our 2024 Global Directors' and Officers' Survey Report. Gen AI introduces significant cyber risks complexities, both from increased vulnerabilities and its inherent operational requirements.
We’ve written previously about Gen AI’s implications for cyber insurance. One of the primary concerns is the heightened vulnerability due to hackers leveraging Gen AI for more sophisticated attacks. Hackers can use Gen AI to automate and enhance their tactics, making it easier to exploit weaknesses in an institution's cyber defenses.
Additionally, Gen AI systems rely on the collection, storage, and use of vast amounts of data, creating substantial risks related to data privacy and security. Financial institutions must handle sensitive information, and any breach can lead to severe financial and reputational damage. As these institutions adopt Gen AI, the volume and sensitivity of data processed will only increase, necessitating robust cyber insurance coverage.
Another critical aspect is the need for new third-party relationships to develop the necessary infrastructure and software solutions. These partnerships can introduce additional vulnerabilities, as third-party providers might not always have the same level of security measures. Cyber insurance must therefore address risks associated with these external partnerships.
Given these factors, most coverage under cyber insurance for Gen AI will be found in the product's core coverage areas: network security and data privacy. This coverage is crucial for managing risks related to data breaches, hacking, and unauthorized access to sensitive information.
Example: A financial institution integrates Gen AI into its operations, using third-party software solutions and platforms. A hacker exploits a vulnerability in one of these third-party platforms, gaining access to sensitive customer data. Cyber insurance would help cover the costs of breach notifications, credit monitoring, and legal fees associated with managing the breach.
Employment Practices Liability (EPL): addressing workforce disruptions and discrimination
Gen AI is set to cause significant workforce disruptions, but perhaps not in the ways commonly expected. While it's true that certain positions may be eliminated over time due to automation, Gen AI will also drive financial institutions to adopt new approaches to talent acquisition and team structuring. This technological shift requires firms to adapt their hiring practices and reorganize teams to fully leverage Gen AI's capabilities.
EPL insurance will play a crucial role in covering risks arising from these changes. As institutions restructure their workforce and implement new talent strategies, they may face allegations of wrongful termination, discrimination, or other employment-related issues. EPL insurance provides protection against such claims, ensuring that institutions can navigate these transitions with reduced financial risk.
Another significant consideration under EPL is third-party discrimination or harassment. Many overlook that EPL insurance covers claims of discrimination or harassment made by non-employees, such as customers or job applicants, even when these allegations are not directly related to employment within the firm. This coverage is vital in scenarios where Gen AI applications may inadvertently cause harm.
Example: A bank uses a Gen AI-powered chatbot to assist with customer service. If the chatbot displays bias against a protected class, violating anti-discrimination laws, the bank could face allegations of third-party discrimination. EPL insurance would help cover the legal costs and potential settlements associated with such claims.
Professional Indemnity / Errors & Omissions (PI/E&O) insurance: professional services and overreliance on Gen AI
PI/E&O coverage is broad and highly dependent on a firm's specific activities. In the financial institution space, PI/E&O coverage primarily addresses the use of Gen AI in the performance of professional services. This includes any Gen AI-driven processes or applications that assist in providing financial advice, managing portfolios, or other professional services.
We’ve written previously about the insurance implications of Gen AI and professional services. What differentiates Gen AI from existing exposures, such as robo-advisors or programs designed to aid financial professionals, is the degree to which Gen AI operates independently. To maximize its benefits, Gen AI often requires minimal human oversight, which can significantly alter the risk landscape. This reduced human involvement can lead to faster and more widespread claims, as errors or malfunctions in the AI can go unnoticed for longer periods, potentially causing greater harm.
Additionally, overreliance on Gen AI without adequate oversight can create significant risks. Firms may become too dependent on the technology, neglecting necessary checks and balances. This lack of oversight can result in poor performance, financial losses for clients, and subsequent legal and regulatory actions.
Example: A financial institution employs Gen AI to automatically balance investor portfolios. If the Gen AI's performance falters due to an error in its algorithms or a lack of proper oversight, it could lead to substantial financial losses for investors. These losses could trigger lawsuits from disgruntled clients, as well as scrutiny and potential action from regulatory bodies.
Casualty insurance: understanding the “general” in general liability
Often thought of as "slip and fall" insurance, casualty insurance can encompass much more, especially in the context of Gen AI. For financial institutions, General Liability (GL) insurance, particularly coverage for personal and advertising injury, becomes highly relevant. Gen AI has the capability to generate content and work products that might inadvertently use copyrighted or otherwise protected materials from third parties.
Financial institutions must also consider their third-party relationships and the levels of GL coverage required by each side. The adoption of Gen AI can significantly alter these requirements over time. For example, if a third-party vendor's Gen AI system produces content that infringes on copyrighted materials, both the financial institution and the vendor may face legal liabilities.
Example: A financial institution uses Gen AI to create marketing materials and prospectuses. If the Gen AI system generates content that includes copyrighted images without proper authorization, the institution could be sued for copyright infringement. General Liability insurance would help cover the legal costs and potential settlements associated with such claims.
Intellectual Property (IP) Insurance: protecting against infringement and valuing intangible assets
Intellectual Property (IP) insurance encompasses several distinct products, none of which have been widely purchased by financial institutions in the US—until now. The advent of Gen AI is set to change this landscape significantly as more firms look to protect themselves from the very real IP risks created by the technology.
IP insurance actually comes in several different flavors. IP litigation insurance is designed to protect against allegations of infringement on protected materials in ways that General Liability or Professional Liability might not. This type of insurance is crucial for financial institutions utilizing Gen AI, as it offers robust protection against the unique risks posed by AI-generated content.
Example: A financial institution employs a Gen AI software vendor to automate customer service interactions. The software allegedly infringes on another company's patented technology. The financial institution and the Gen AI vendor are sued for IP infringement. Although the vendor is contractually obligated to defend the financial institution, they do not have IP litigation insurance and lack the financial resources to adequately fund the defense and settlement. This leaves the financial institution exposed to significant legal and financial risks.
When contracting with third-party Gen AI vendors, firms should also consider the availability of IP coverage. Ensuring that vendors have adequate IP litigation insurance can mitigate risks and provide a stronger defense in case of legal disputes.
Additionally, IP insurance can safeguard IP used as collateral for loans, ensuring that the value of these intangible assets is adequately protected. Products like WTW's first-to-market Intangible Asset Protection (IAP) solution offer comprehensive coverage to protect the value of a firm's own IP. This coverage will be particularly important as firms look to develop their own Gen AI offerings or integrate the technology into their platforms.
Property Insurance: safeguarding physical infrastructure and business continuity
Property insurance, a first-party coverage, is distinct from the liability-focused policies we've discussed so far. While many of the liability and regulatory risks that financial institutions will encounter during the Gen AI adoption phase will not be covered by property insurance, this coverage still plays an essential role.
Property insurance is particularly important for financial institutions that are building or expanding the physical infrastructure necessary to support large databases of customer or other data to power Gen AI offerings. As institutions invest in data centers and other physical assets, property insurance becomes crucial for protecting these investments against physical damage and loss.
Additionally, Gen AI may significantly alter how business interruption and extra expense are calculated for property losses. In a traditional setting, business interruption coverage is straightforward, covering lost income and operational expenses following a property loss. However, with Gen AI, the downtime of data centers or other infrastructure can have broader and more complex implications, potentially affecting the continuity of AI-driven services and operations.
Example: A financial institution's data center, which hosts customer data used to train and update a Gen AI program, is damaged by a fire. The fire destroys critical hardware and disrupts the data storage and processing capabilities. Property insurance would cover the cost of repairing or replacing the damaged equipment. Furthermore, business interruption coverage would compensate the financial institution for the loss of income and additional expenses incurred during the downtime.
In this scenario, the institution must also consider the broader impacts on their Gen AI operations. The disruption of the data center means that the AI programs cannot be updated or maintained, potentially affecting the institution's services and customer interactions. Property insurance, combined with comprehensive business interruption coverage, helps ensure that the institution can recover both the physical assets and the operational capabilities necessary to continue leveraging Gen AI.
Fidelity / Bond / Crime Insurance: navigating employee theft and gen AI-powered attacks
Fidelity/Bond/Crime insurance, another first-party coverage, is designed to protect financial institutions against losses resulting from employee theft, fraud, and computer crime. The adoption of Gen AI will impact this coverage in several ways.
On one hand, Gen AI provides new tools and methods for firms to safeguard against internal threats. Advanced AI systems can monitor transactions and employee behavior for signs of fraudulent activity, offering a proactive approach to preventing theft and fraud.
On the other hand, Gen AI introduces new attack vectors that bad actors can exploit. As AI technologies become more sophisticated, so do the tactics employed by criminals. One emerging threat is the use of Gen AI to create deepfake video calls and other convincing forgeries that can deceive even vigilant employees.
Example: A financial institution's employees receive a video call that appears to be from the firm's treasurer, instructing them to transfer a substantial sum of money to an offshore account. In reality, the video is a deepfake created by cybercriminals using Gen AI to mimic the treasurer's appearance and voice. The employees, convinced by the authenticity of the call, execute the transfer, resulting in a significant financial loss for the institution.
The Fidelity/Bond/Crime insurance would cover the loss resulting from this fraudulent transfer. The coverage helps mitigate the financial impact of such sophisticated attacks, ensuring that the institution can recover from the loss and implement additional safeguards to prevent future incidents.
Directors & Officers (D&O) Insurance: protecting leadership in the age of gen AI
D&O insurance is crucial for protecting a financial institution's leadership, especially during the early adoption phase of Generative AI (Gen AI). As indicated by the entirely green column in our heat map, D&O coverage is highly relevant for addressing the various risks and liabilities that ultimately flow up to a firm's leadership.
The 2024 Global Directors' and Officers' Survey Report highlights the increasing importance of systems and controls, emphasizing the need for robust oversight and governance. That’s highly relevant during this initial adoption phase, when senior executives and board members are keen to ensure they are protected as they balance the use and investment in Gen AI against the associated risks. Implementing the wrong Gen AI strategy can result in significant financial losses, regulatory scrutiny, and reputational damage, making robust D&O coverage indispensable.
Additionally, as firms establish new corporate leadership positions focused on Gen AI governance, these individuals may also be subject to liability and regulatory scrutiny. D&O insurance should provide protection for these new roles, safeguarding against potential legal actions and ensuring that leadership can navigate the complexities of Gen AI adoption with confidence.
Example: A financial institution implements a Gen AI program to make credit card lending decisions. It is later revealed that the AI system discriminated against a protected class, resulting in biased lending practices. The issue quickly gains attention on social media, causing public outcry and leading to a significant drop in the firm's stock price. Multiple federal and state regulators open inquiries into the firm's practices, further exacerbating the situation.
D&O insurance would provide coverage for the legal costs and potential settlements arising from these regulatory inquiries and lawsuits. This coverage ensures that the firm's leadership is protected against personal liability, allowing them to focus on addressing the underlying issues and restoring the institution's reputation.
Putting the pieces together
Managing the risks associated with Gen AI requires a comprehensive and holistic approach. Financial institutions must consider how each piece of their insurance coverage fits together to form a complete risk management strategy. Addressing the unique challenges posed by Gen AI across various policies helps protect against potential exposures.
Financial institutions may want to consider the following as part of that strategy:
Scenario analysis & crisis response planning:
Like a cyber tabletop, conduct scenario analysis and crisis response planning to reveal coverage gaps, necessary improvements, and integration of insurance into AI governance frameworks.
Cross-policy coordination:
Just because a risk is excluded under one policy doesn’t mean it’s automatically covered elsewhere. Ensure cross-policy coordination by scrutinizing coverage provisions, substantive wording, and other clauses, while considering different deductibles/retentions, limits, and notice provisions.
Question benchmarking:
As Gen AI use increases and the technology improves, mirroring your neighbor’s approach to insurance might not be all that useful. Avoid relying solely on benchmarking for limit adequacy and retention levels. Use advanced analytics to understand your firm’s unique risk profile and make better, bespoke risk management decisions.
Proactive underwriter engagement:
In case there was any doubt, financial institutions are now in 2024 being asked by underwriters about Gen AI. Consider getting ahead of these questions through proactive engagement, demonstrating your firm’s superior governance framework and understanding of your risks. While these factors might not drive outsized renewal results today, the market and the risks will continue to evolve. It’s not hard to imagine a world, not unlike the current cyber insurance environment, where strong Gen AI governance makes the difference between renewal success and heartache.
Scrutinize policy wording & proposed changes:
Although Gen AI isn’t currently excluded under most policies, that doesn’t necessarily mean that it’s covered, either. Gen AI presents several nuances that might frustrate existing policy wordings, potentially leading to claim complications or even outright denials. Work with a broker who understands your policies at a technical level to scrutinize possible Gen AI claim scenarios for your firm against existing policy wordings. Then, at each renewal, consider how proposed changes might impact your coverage for Gen AI and associated risks.
Conclusion
By taking a proactive approach, financial institutions can effectively piece together a robust insurance strategy that addresses the multifaceted risks of Gen AI. Just like solving a complex puzzle, the key to success lies in understanding how each piece fits into the bigger picture, ensuring comprehensive and cohesive coverage.