RICHARD LANGDON: Yes. Thanks, Laura. So I am Richard Langdon. I'm the Asset Management Industry leader within the financial institutions team at Willis, where we focus on delivering insurance and risk solutions to the asset management sector.
CHRIS PARKIN: HI. My name is Chris. I am a claims analyst in the Client Insight Analysis team. We analyze a sample of claims across all lines of FINEX business and produce reports and learnings based on that information.
LAURA KELLY: Thank you. Today we're going to revisit our podcast from 2023, in which we discussed the differences between what our asset management clients are indicating are their priority risks versus the reality of the claims actually being experienced by them. Our aim today is to look at the landscape in 2025 to ascertain if anything has changed.
So to quickly recap, we identified in 2023 that the key priority risk for 2023 was cyber risk, but claims data indicated a low percentage of claims from the asset management industry. I think, Richard, you commented that asset managers tended to be less susceptible than other FIs. Can you remind us of that point?
RICHARD LANGDON: Yeah, I think so. I think if you take an institutional asset manager, by and large, the amount of sensitive data, customer data that they will hold is typically far less than other more retail-focused businesses. And by that, I mean a bank or an insurance company, a wealth manager, for example, where they're holding far greater data sets on individual customers and other things.
So I think that's why we see, I think, statistically they are in a lower claims, fewer instances of cyber claims that we typically see from asset managers. And I think that's probably the reason why.
LAURA KELLY: And the majority of claims that were being experiences were around malicious data breaches.
RICHARD LANGDON: Data loss came in as our number one ranked risk amongst directors and officers this year. And I think the types of cyber attack that we do see would reinforce that. And I think asset managers may not sit on institutional managers, may not sit on large amounts of sensitive customer information, but they do hold significant amounts of confidential and sensitive data.
And that may relate to deal flow, trading strategies, insider information potentially. If that gets out, that's potentially very damaging reputationally above anything else. So I think there are definitely instances of cyber activity with asset managers, but just in a slightly different focus, I guess.
CHRIS PARKIN: The cyber claims that we've seen for asset managers, even though there's no great frequency overall, if you look within that sample, the greater frequency for both claims have occurred and the amounts going towards costs, malicious data breaches head and shoulders above everything else. And I can certainly see why that would be a concern for insurers.
LAURA KELLY: And I'm imagining that because of the new regulations across the EU with DORA and the UK regulatory requirement, which was effective from March 2025, has highlighted those third party risks within cyber as in this instance, but across the board, which may increase the perception that the risk is greater in those particular areas. Is that something you'd agree with?
CHRIS PARKIN: Yeah, I mean, the cyber world is constantly shifting. I mean, the only constant really is change. I mean, this year, in the last three months alone, we've seen retail take an absolute battering on cyber. And we couldn't have predicted that there was nothing really to indicate that that was going to be a trend going forward.
So asset managers could well be next on the list. That's not out of the realms of fantasy. So it's extremely important that the insureds have got the relevant cover and cover that's going to tend to their needs in the event of an incident.
RICHARD LANGDON: I'll just add to that, Laura. Those new regulations coming in are super important with respect to the overall resilience of firms around these risks. Firms having to really demonstrate their scenario, testing their resiliency plans, their ability to mitigate and contain a potential incident.
So I think this is all positive in terms of how the industry reacts and responds to these types of events. Hopefully these recent instances that Chris mentioned in the retail space don't continue. But I think as an industry, the asset management world has really had to up its game with respect to the digital resilience and operational resilience around these risks.
CHRIS PARKIN: And it's not only your own resilience that needs to be in place. You need to ensure every vendor you use, where every supplier you use, anywhere where your data is touched. They need to have also the correct resilience and recovery plans in place
LAURA KELLY: A quite degree of focus on that. And I understand and this is just industry publications that have said that one of those particular retailers that were affected did have insurance. Others did not. Do you see that as a potential shift in those firms purchasing cyber insurance, Richard?
RICHARD LANGDON: I think it'll definitely sharpen the minds in terms of those that currently don't have provisions in place. I think you can't do anything about that. But even that said, the breadth of cost, remediation costs, yeah, getting the businesses back up and running are significant there. The escalation of costs, I think, is incredibly quick. So the limit adequacy for cyber insurance becomes incredibly important in terms of not just making sure you have the provision, but making sure you have adequate position in terms of your wordings, your coverage, your limits, and actually that it's appropriate for--
LAURA KELLY: The purpose.
RICHARD LANGDON: --for the business. Yeah.
LAURA KELLY: Yeah. Another area that we did talk to in the original podcast was that the highest volume in terms of frequency are claims on PI and D&O policies. And now I remember that Thijs who was from our Claims Insight and Analysis team at that stage, said that a lot of this can stem from when there's periods of economic uncertainty, then it can lead to increasing claims from shareholders, et cetera. Are we still seeing those types of claims in volume, Chris?
CHRIS PARKIN: Certainly what Thijs said is absolutely on point. Yeah, it very much comes back to May. You live in interesting times, and I think we are certainly seems to be going through that cycle once again. So I would imagine that we will see increased levels of claims from that sphere. But that's not particularly apparent as of yet.
RICHARD LANGDON: I think what we've also seen, Laura, is not just periods of economic uncertainty where as you touched on, can lead customers to look-- their eyes can be drawn towards possible reasonings for poor performance sometimes. And they can look for negative reasons potentially why performance may have not been quite what they expected it to be potentially.
The other thing I think is obviously the periods of very high volatility within markets, which is, again, something that will no doubt feed through in terms of PI claims in particular, just around some of the operational trading process type errors that result. And obviously when you get these particularly unstable volatile periods, those can jump up in terms of frequency and magnitude.
The other point I think is worth mentioning is those defense costs have escalated alarmingly in the last few years. In terms of those legal advice, costs and so on, this is the cost inflation in that space is has been not insignificant in the last few years. And so complex D&O claims really can escalate quickly in terms of cost of claims.
LAURA KELLY: And I see from the data that the understanding of how that breaks down in those types of claims is incredibly important. And we've seen in the claims data itself that these costs are escalating. So understanding how those claims are broken down and what the likely impact for you is going to be incredibly important. Is there anything in the data that suggests what the largest D&O losses were in 2025?
RICHARD LANGDON: From what we've seen with respect to the claims data that we have is really that the larger D&O losses that we saw in the asset management world in 2025 came from events relating to regulatory compliance in particular. So monitoring, reporting, that kind of thing, M&A activity and other fiduciary responsibilities. Claims for improper business practices again ranked clearly, that was the most frequent instance of claim that we saw in on under D&O policies in 2025.
LAURA KELLY: So looking at 2025 and the risk landscape in the recent D&O survey is anything or has anything changed?
RICHARD LANGDON: I think just in respect to 2025, I think one area that we continue to see claims activity is in the employment practices liability space. This has been a trend that we've noticed for the last 12 to 18 months probably. And something that was reinforced by our D&O survey this year where, again, health and safety ranked as the fourth most dominant risk with respect to business leaders in the asset management world.
I think that, yeah, there has been a general shift in terms of employer-employee relations post COVID, much more focus on culture, well being. That type of aspect of the employment relationship. So we've seen claims activity to reflect that. And very much increased number of claims that we've seen in wage and hour disputes, unfair dismissal, various types of discrimination, be that age, disability, gender, et cetera. And obviously, then if we're talking about businesses with potentially a US presence as well, the quantum of those risks can take a significant shift.
So one thing I would note also is that there does seem to be a high proportion of asset managers that still don't have entity employment practices liability or EPL cover in place. This is an area that we are seeing a lot more activity and it is something that I have noticed there are a good proportion of asset managers that don't have that specific provision in place.
LAURA KELLY: Is there any other evolving risks or challenges that you are hearing from your clients?
RICHARD LANGDON: I think, yeah, I mean, there are two that I sort of really-- that come to my mind. The first is really around AI adoption. I think, this is obviously getting a huge amount of airtime for good reason at the moment. But from what I'm seeing, I'm seeing the overall adoption within asset management tends to be quite focused at this point in the process. So we are seeing AI processes coming in for investment research, for distribution, for example, but not yet really in terms of really expanding across the investment decision-making process, the implementation process.
I think that suddenly the risk reward profiles changes quite dramatically when you go down into those parts of the business. The governance framework around all this is evolving and it is incredibly complex. Also, with respect to accountability, when things do go wrong in terms of who actually who owns that AI process. Is it the leaders? Is it the developers? I think there's still a lot of work to go into that granular point around accountability with respect to AI risks.
CHRIS PARKIN: And certainly at the moment, as in this early stage, really, of AI, the evolution of AI is far outpacing anything that regulation can keep up with. Each time you go back and look at something that's AI-based, it's far better than it was a week ago or three months ago. So it's how quickly that will start becoming entwined with everything we do and how we regulate that within certainly asset managers, especially if it goes down an investment route, investment strategy route, which I'm assuming it will.
The second area that I think is really evolving at the moment is around climate and sustainability. I think we've seen over the last period of time that the risks associated with sustainable investing, around regulatory compliance and marketing and the fiduciary responsibilities and so on. These risks have started to outweigh the commercial opportunity that was very much in focus a few years ago in the asset management space.
So I think you've very much seen a pullback from asset managers. The close of the net zero asset management initiative, for example, the declining number of new funds in sustainable investment funds redemptions.
It's telling a story in terms of the overall attitude within the industry towards sustainable investing just with respect to the risk aspect and also to the fact that there's so much regional divergence with respect to sustainable investing now, not just with respect to what the new administration in the US has-- how they're looking to move things along but also between Europe and continental Europe and the UK. You're getting significant regional divergences appearing in terms of the regulatory landscape and how sustainability sits within those.
LAURA KELLY: In terms of claims we're experiencing at the moment, Chris, and you did mention the issues with retail companies, but in terms of asset managers, is there any insights you can provide on those claims being experienced currently?
CHRIS PARKIN: In terms of the claims we currently have in the asset manager sample the top three-- breach of mandate, shareholder issues, and fiduciary breaches, which is what you would expect to see. There hasn't been a real shift change in the landscape, and it was surprising to me in the survey that cyber and EPL were such huge concerns for insurers as that hasn't traditionally been where the claims have been vectoring from, at least in the sample that I've seen.
LAURA KELLY: Looking at the cost associated, particularly with PI and D&O. What I noticed is although the frequency of both of those claims is steady from 2023 to 2025, the actual costs of those has reduced by 20% in the case of PI, and increased by about 25% almost in terms of D&O. So can we derive any possible explanation around this? Anyone, any thoughts or ideas.
RICHARD LANGDON: I mean, I think, certainly, since 2023, when you mentioned these changes that have come through, Laura. So I think certainly within that time, I think, we've definitely seen more asset managers take up standalone cyber insurance. So I think the softer pricing environment that we've seen in that time, the increased capacity and competition that we've seen from insurers has led to better coverage, better product at a better price ultimately.
And I think we've seen more asset managers take up standalone cyber insurance during that time. That potentially could mean that instances that maybe previously would have been notified under a PI policy could potentially now be picked up under a standalone cyber wording. So I think there could have been some of that in terms of some of that cost coming out of the PI world. I think potentially with respect to D&O, I think, a lot of this more EPL-related activity. A lot of that will feed through into D&O coverage.
So I think certainly within our team that we've seen far greater activity in that space, as I said earlier on in the last 12 to 18 months in particular. And I would say that's probably, yeah, definitely having an influence on those D&O costs that you mentioned.
LAURA KELLY: So to summarize, to continue to horizon scan for those new and emerging risks is incredibly important. But you still have to keep an eye on the day to day business operations, particularly in terms of the Operational Resilience acts under DORA and the UK regulation. So keeping an eye on those human error process transaction errors is still fundamentally important to the asset management world.
RICHARD LANGDON: Yeah, I think, yeah, operational process errors are still the one of the most frequent claims that we see. They often manifest themselves in a shorter time period potentially than a D&O claim that can take much more extended period of time to rise to come to the surface potentially. But in terms of frequency, I think those more process trading operations, we do see a lot of activity in that space.
CHRIS PARKIN: Yeah, so certainly back that up. It's the second most frequent event that we have recorded in terms of asset managers.
LAURA KELLY: So everything changes. But everything stays the same in a lot of ways.
CHRIS PARKIN: Yeah, absolutely. Yeah.
LAURA KELLY: Well, thank you both for your participation in today's session. Richard, firstly, over to you for any final thoughts and assistance you can provide.
RICHARD LANGDON: Thank you, Laura and Chris, for an interesting discussion today. I think the disparity sometimes between the perception of risks and what the actual data tells us does tell quite an interesting story in certain instances. And I hope some of the discussion points raised today have been of interest. So please do get in touch with the team if you'd like to discuss any of today's topics with us in more detail. And thank for your time. And, Chris.
CHRIS PARKIN: Thank you so much for having me on today. If today's discussion has raised any questions regarding data associated with asset managers, D&O, any other FINEX line of business, please do get in touch with myself or the team and we can see how we can help you. Thank you.
LAURA KELLY: Thank you guys. And finally, in closing, I would say please do look out for our asset management operational risk workshops, events and thought leadership for further insights and, of course, please do look out for the next All Eyes on FIs podcast in the coming months. Thank you.
NARRATOR: Thank you for joining this WTW podcast featuring the latest thinking and perspectives on people, capital, climate, and risk in the financial services industry. For more information, visit wtwco.com. Willis Towers Watson offers insurance-related services through its appropriately licensed and authorized companies in each country in which Willis Towers Watson operates. For further authorization and regulatory details about our Willis Towers Watson legal entities operating in your country, please refer to our Willis Towers Watson website. It is a regulatory requirement for us to consider our local licensing requirements.
The information given in this podcast is believed to be accurate at the date of publication. This information may have subsequently changed or have been superseded, and should not be relied upon to be accurate or suitable after this date. This podcast offers a general overview of its subject matter. It does not necessarily address every aspect of its subject or every product available in the market, and we disclaimer all liability to the fullest extent permitted by law.
It is not intended to be and should not be used to replace specific advice relating to individual situations, and we do not offer, and this should not be seen as legal, accounting, or tax advice. If you intend to take any action or make any decision on the basis of the content of this podcast, you should first seek specific advice from an appropriate professional. Some of the information in this podcast may be compiled from third party sources we consider to be reliable. However, we do not guarantee and are not responsible for the accuracy of such. The views expressed are not necessarily those of Willis Towers Watson. Copyright Willis Towers Watson.
