By Gerard van Loon, CEO of Alta Signa
Europe’s financial institutions face a mounting array of regulatory demands in 2025 that have implications for their supporting insurers. Beyond the longstanding requirements around ESG, the next wave of oversight includes the Digital Operational Resilience Act (DORA), the EU Artificial Intelligence Act (AI Act), and the European Banking Authority’s upcoming stress tests. These shifts not only impose new compliance burdens but also introduce significant operational risks that are reshaping the insurance needs of financial institutions across the continent.
For insurers, this evolving risk environment presents both a challenge and an opportunity to support financial institutions with tailored coverage solutions that meet their complex regulatory and operational risk profiles. As institutions grapple with the implications of these new regulations, insurance providers are responding with innovative products designed to offer robust protection against emerging liabilities.
The ESG Regulatory Push: Expanding Insurance Needs for Compliance
Environmental, Social, and Governance (ESG) requirements have transitioned from being a corporate ideal to a legal mandate. In recent years, ESG reporting and performance have become critical components of regulatory compliance, with frameworks such as the EU’s Sustainable Finance Disclosure Regulation (SFDR) and the Corporate Sustainability Reporting Directive (CSRD) now mandating stringent disclosures. Financial institutions must assess not only their internal practices but also those of their clients, navigating risks like “greenwashing” penalties or reputational fallout from association with controversial industries.
This shift in liability has prompted, amongst others, greater demand for Directors and Officers (D&O) and Professional Indemnity (PI) insurances with the introduction of affirmative ESG-related coverage components. Financial Institutions increasingly seek insurance policies that help them protect their assets and enterprise value from regulatory penalties, reputational and operational damages linked to ESG violations and shareholders’ actions that seek to recover their direct losses, or the company’s financial losses, caused by these ESG breaches or lack of disclosure.
As European regulators scrutinise ESG compliance more closely, and want financial institutions to actively promote a greener and more socially responsible environment through more effective investment capital allocation decisions, insurers are contemplating sustainable risk transfer solutions that specifically address the increased frequency and exposure of ESG-related claims and legal actions. Policyholders should also expect a re-pricing of their D&O and PI insurance protections due to this increase in regulatory scrutiny and financial exposure.
ESG compliance and reporting is evolving into a complex and daunting task for financial institutions. Not only do financial institutions now scrutinise the customer activities they finance, they must also analyse the products and services they obtain from their outside environment. Knowing how much modern financial institutions rely on IT systems and the digitalisation of their processes, their excessive reliance on energy constitutes a real conundrum or balancing act for these institutions and may cause an inherent risk exposure.
Other than the development of affirmative ESG risk transfer solutions, triggering potentially a re-pricing of the FI insurance policies, insurers should also focus on risk management and help Europe’s financial institutions measure and manage their ESG risk exposures by identifying and assessing the key risk areas and by sharing data and research, analytical tools and risk management methods that will help reduce the potential ESG loss frequency and severity proactively.
In addition to providing financial institutions with adequate ESG risk transfer and risk management solutions, the distribution networks, or customer bases, of these institutions also offer insurers the opportunity to promote insurance solutions that provide a high level of social value. Without entering into excessive detail, one could look at developing and promoting insurance products that protect their customers against the risks of suffering an adverse life changing event such as a disability, serious illness or unemployment or, as part of a private medical insurance policy, pay for preventive healthcare if people adhere to a digitally monitored healthy lifestyle, even if the latter may sound somewhat Orwellian.
Insurers can also team up with financial institutions to provide insurance solutions of high environmental value. A classic example, they can help design insurance products that protect the construction and operations of renewable energy parks financed by a consortium of lenders. Taking this one step further, insurers could use their strong credit ratings to help reduce the finance costs of these renewable energy projects, by guaranteeing a minimum cash flow stream if the anticipated electricity production would unexpectedly fall short due to unfavourable weather conditions. Another less developed example, and in the context of mobility, could see insurers design an insurance pricing system that penalises high mileage vehicles with high CO2 emissions financed by specialised leasing companies. The additional premium charges would be reallocated to help sustain and compensate the insurance losses from the more frequent and severe natural catastrophes caused by climate change due to these high CO2 emissions.
DORA: Ensuring Operational Resilience and Cybersecurity
The Digital Operational Resilience Act (DORA), effective January 2025, is designed to fortify the digital resilience of financial institutions by enforcing comprehensive cybersecurity measures. With the rising incidence of cyber threats, DORA mandates that financial institutions establish a rigorous operational framework that safeguards against IT failures, cyber-attacks, and other digital vulnerabilities. Compliance with DORA not only requires institutions to conduct regular stress testing of their digital systems but also to maintain effective incident reporting and recovery capabilities.
For insurance, DORA underscores a growing need for operational risk transfer mechanisms such as dedicated cyber insurance policies that cover both the potential first party losses and third party liabilities that arise from the digitalisation of the financial products and services. . Insurers are now crafting Cyber security policies that address broader IT operational risk covers, encompassing not just Cyber incidents such as the response management expenses to data privacy breaches or the reconstitution costs of compromised databases but also the first and third party business interruption due to system failures or cascading IT breakdowns in the supply chain. Cyber insurance policies are broadened to include all the financial consequences of technology failures not Cyber incidents only.
Additionally, insurers are developing risk management tools and services that help financial institutions stress-test their Cyber insurance programmes against specific digital loss scenarios that could jeopardise their operational stability and indirectly their financial solvency. One of the key digital loss scenarios for financial institutions is their emerging reliance on cloud computing, a service provided by a few major global technology companies. While cloud computing creates uncontested advantages in terms of IT cost reductions, flexibility, transaction speed and scalability, it also creates a dangerous concentration risk even insurers’ risk models will struggle to quantify with confidence.
The costs of repairing the reputation or enhancing the Cyber security of a financial institution can be huge too. Customer trust is easily lost but very difficult to regain. Their IT systems are very complex and often dependent on IT services provided by third parties. So, investing in loss prevention measures can be hugely beneficial for financial institutions. Insurers, with their extensive Cyber risk analysis and claims handling experience, can again play a pivotal risk management advisory role. But it should be said, implementing a loss prevention strategy is not straightforward in a financial market environment that creates competitive pressures to reduce costs.
The challenges for insurers to respond adequately to the digital risk exposures faced by modern financial institutions should not be underestimated either. Facing a rapidly changing environment with the emergence of fintechs, cloud computing, artificial intelligence, distributed ledgers and crypto-assets, insurers specialised in the underwriting of financial risks must now invest heavily in new skills that will require continuous training & development. Otherwise, they risk becoming obsolete very quickly. A significant people investment must be made to avoid any underwriting skill gaps.
The AI Act: Addressing Liability for Algorithmic Risks
The EU Artificial Intelligence Act (AI Act), expected to be implemented in 2025, introduces stringent standards around the use of AI, particularly in high-risk applications such as credit scoring, fraud detection, and automated investment and lending decision-making. Financial institutions deploying high-risk AI models must now meet extensive obligations, including data transparency, ongoing monitoring, and conformity assessments. Violations carry steep fines, amplifying the potential financial impact of regulatory breaches.
The implications for financial institutions, of which the insurers are part, are significant. As AI systems become integral to financial and insurance services, errors in algorithms - such as those that miscalculate risk or misjudge client eligibility - can lead to systemic issues that transcend isolated incidents.
And its concentration risk and transactional speed will uncontestedly lead to larger losses, again potentially destabilising the financial institutions that rely on AI for the delivery of their products and their services and general decision-making. Insurers are responding by developing coverage options that specifically address liabilities tied to AI errors, including potential regulatory penalties and the reputational and financial fallout from mismanagement. As AI permeates the financial sector, the insurers’ role in covering algorithmic liabilities will continue to expand even if more research must be carried out to grasp or predict the potential systemic loss scenarios.
The 2025 European Banking Stress Test: Bolstering Capital and Resilience
The European Banking Authority’s (EBA) 2025 stress test will assess the resilience of financial institutions in scenarios that encompass economic, technological, and environmental shocks. Designed to evaluate institutions’ ability to withstand crises, this test places renewed emphasis on ESG factors, operational risks, and capital adequacy, prompting institutions to fortify their financial and operational resilience.
For insurers, the stress test’s focus on systemic risks and operational readiness translates into demand for risk transfer solutions that protect financial institutions from capital erosion and operational shortfalls. All types of property and logistics insurance products will fulfil a critical role in this respect. Financial institutions will pay much closer attention to protecting all types of physical assets underlying their finance or investment arrangements, certainly when exposed to the more frequent occurrence of catastrophic natural perils, such as rain & hail storms, hurricanes, avalanches, landslides and wildfires, caused by climate change.
Liability products such as D&O and PI insurance will play critical roles in safeguarding executives and employees as they navigate compliance with these regulatory requirements. Similarly, capital relief products addressing contingent capital and financial guarantees will be essential for institutions seeking a safety net against potential vulnerabilities exposed by the EBA’s rigorous assessment.
The Intersection of Technology, Regulation, and Sustainability.
This is just a handful of examples of the regulatory pressures that face European financial institutions in 2025. The cumulative impact of ESG mandates, DORA, the AI Act, and the EBA’s stress tests has elevated the importance of comprehensive risk management strategies that integrate insurance as a core component of compliance and resilience planning.
As the regulatory environment for financial institutions continues to evolve, the insurance market must remain agile and keep pace with both the technical underwriting requirements of new legislation and the local nuances across territories, providing tailored products that address the complexities of modern compliance.
This article was originally published in The Insurer - read here (Subscription).