Insurance

Insuring others means securing yourself first

The insurance industry is uniquely exposed to the very non-financial risks it helps clients manage: sensitive personal data, cybersecurity, conflicts of interest, algorithmic bias, and ESG compliance. With increasingly complex products and digitalized services, insurers face growing regulatory scrutiny and reputational exposure.

Key Risks

Cyberattacks and Customer Data Leaks

In 2021, AXA’s Asia division suffered a ransomware attack targeting its offices in Thailand, Malaysia, Hong Kong, and the Philippines. Hackers claimed to have stolen sensitive medical, identification, and contractual data. Under GDPR, China’s PIPL, and California’s CCPA, insurers must notify breaches promptly and ensure strict data protection for health, financial, and biometric records.

Conflicts of Interest in Distribution

In 2020, Wells Fargo paid $3 billion USD to settle U.S. claims related to the unauthorized opening of millions of bank and insurance accounts. Sales incentives had encouraged unethical practices by employees. This case accelerated the implementation

Algorithmic Discrimination

With AI increasingly used to price and underwrite policies, insurers face legal and ethical challenges around indirect discrimination (age, gender, health conditions). Investigations in California and France have begun examining unfair rate differentials, particularly in auto and health insurance.

Exposure to Sanctions and AML Failures

Although not always central actors, insurers are often entangled in complex structures involving sanctioned entities or high-risk jurisdictions.

In 2019, UniCredit paid $1.3 billion USD to resolve U.S. sanctions violations including transactions involving clients in Iran and Sudan even though the primary business was banking, not insurance.

Navigating Non-Financial Risks in the Insurance Industry

Mandatory ESG Portfolio Reporting

Under the SFDR and CSRD, insurers must now disclose ESG metrics for their investment portfolios and underwritten product including climate impact, diversity, and social responsibility KPIs.

AI Regulation and Pricing Transparency

Regulators require explainable models for risk scoring and pricing. France’s ACPR has conducted inspections to detect algorithmic discrimination in rate setting.

Exclusions and Green Underwriting Pressure

NGOs such as Reclaim Finance and Insure Our Future have pressured insurers to stop underwriting fossil fuel projects. ESG criteria now influence underwriting decisions and capital allocation.

What This Means for Your Business:

Compliance now goes far beyond contracts: it includes commercial ethics, algorithm governance, and climate exposure.

Historical misconduct even by third parties or agents can lead to class actions or regulator scrutiny.

The insurance product is no longer neutral: it must now demonstrate positive impact, transparency, and equity.

Book My Executive Briefing

Sources

  • BleepingComputer & Le Monde Informatique, “AXA Asia Ransomware Attack,” May 2021

  • U.S. DOJ, “Wells Fargo Agrees to Pay $3 Billion,” February 2020

  • OFAC, “UniCredit Settlement for Sanctions Violations,” April 2019

  • European Commission, Sustainable Finance Disclosure Regulation (SFDR), 2021

  • ACPR, “Algorithmic Pricing Controls,” 2023

  • California Department of Insurance, “Bias in Auto Insurance Rates,” 2022

  • Reclaim Finance, “Insurers & Fossil Fuels Scorecard,” 2023