Illegal activities, poor governance, cybersecurity, and reporting failures were the top risks for the sector. Lexology PRO analyses insurance enforcement activity in 2025 to identify key risks and trends for businesses.
The data in this article is based on Lexology PRO’s Scanner, our automated regulatory monitoring tool covering 18 regulatory areas and tracking over 1500 regulatory sources. Full details on Scanner’s regulatory coverage can be found here.
Global enforcement activity across the insurance sector
Insurance companies are operating in a higher-risk regulatory environment, but the enforcement trends over the last 12 months present a mixed picture globally. While US state regulators continue to scrutinise business practices, and big-name insurers face significant penalties in other parts of the world, enforcement by UK regulators remains low and inconsistent.
Historically, the sector has worked with ageing systems and infrastructure, but the emergence of digital and cyber risk requires businesses to evolve, and in some regions, the sector has been leading on AI adoption.
Which violations did the most active enforcement agencies target?
Across the globe, illegal and unauthorised activities, cybersecurity, claims handling, and reporting failures were key areas of focus for regulators in 2025.
Regulators shut down illegal and scam websites
Illegal operations and unauthorised entities were a key target for some regulators.
Italy’s Institute for the Supervision of Insurance (IVASS) has continued to block illegal or authorised websites offering insurance to consumers. Since the authority began doing this in November 2023, it has blocked over 320 websites (Italian language only), and 2025 was representative of that trend. The authority has made clear its commitment to protect consumers from scams, including through its “Protect Yourself” (Italian language only) webpage, which warns consumers of cases of unauthorised operators offering fake insurance policies.
IVASS isn’t the only regulator which has used its regulatory powers to pull the plug on scam websites across financial services. The Australian Securities and Investment Commission (ASIC) – which flagged concerns with insurance practices in its 2025 priorities – has shut down 130 scam websites per week (including investment platforms, crypto investment, and others) since it established this process in 2023.
Reporting and transparency are key for insurers
Insurers face stringent reporting requirements, and failure to comply can often lead to hefty penalties and, in some cases, orders for compliance improvements.
Following a multi-year investigation, the New York Department of Financial Services (NYDFS) announced that it had fined 37 auto insurers a total of over US$20 million for failure to promptly report insured vehicle information to the state’s motor vehicle government agency. Insurance groups have reportedly blamed the state’s ageing reporting system, which makes timely reporting tricky.
Elsewhere, in a bid to ensure transparency and compliance with reporting, Belgium’s Financial Services and Markets Authority (FSMA) reached settlements with insurance companies for failing to disclose returns on investments in transparency reports for supplementary pensions.
Insurers must prioritise stronger governance and expertise of employees
Regulators were particularly wary of the way insurers operated, their governance frameworks, and internal controls and processes. Norway’s Financial Supervisory Authority published several supervision reports in 2025, identifying numerous weaknesses in governance frameworks amongst several insurance companies, including one involving a subsidiary of a leading Nordic insurer. In most of these cases, the authority told the companies that they must strengthen governance, improve solvency management, and enhance customer protections.
In some jurisdictions, companies are required by law to ensure that any employees providing insurance services meet certain professional knowledge and competency requirements. Belgium’s FSMA reached a settlement with Lloyd’s Insurance NV in December 2024, after it found that 38.5% of those responsible for providing insurance in the organisation lacked the necessary knowledge and competence.
Despite very little enforcement activity against insurers in the UK, the country’s prudential regulator fined a reinsurer for governance deficiencies (this is discussed in more detail in the UK section below).
What did US state agencies prioritise in their enforcement?
An industry-wide investigation by the NYDFS found that cybersecurity failures by auto insurers contributed to the exposure of New Yorkers’ personal data in 2021. The agency secured US$11.3 million in fines in November 2024 against two companies, and more than US$19 million in fines against several others in October 2025. As well as the fines, the companies agreed to undertake remedial measures and improve their cybersecurity processes.
Claims handling was a key priority for US state regulators. In California, Tesla’s insurance provider came under fire recently for repeated violations of the state’s claims-handling laws, including delayed payments and inadequate responses to policyholders.
State regulators also penalised companies for improper claims handling and overcharging of policyholders following hurricanes in the country.
What has happened to enforcement in the UK?
There have been signs that the UK Financial Conduct Authority’s overall fines per year have dropped to the lowest levels in over a decade, with insurance companies and insurance-related entities notable absentees in its list of fines in 2025.
This comes as the UK’s leading consumer watchdog launches a “super-complaint” to the FCA to address poor standards in the home and travel insurance markets. The watchdog noted that “While the FCA has acknowledged ‘substandard’ service and widespread failings among insurers, it’s taken little decisive action to address the problems in these markets.”
In September 2025, however, the FCA announced that motorists will receive £200 million in insurance compensation after suffering wrongful insurance payout deductions. While insurers’ handling of the historic claims breached rules in the UK, the FCA said that they have since overhauled their processes to comply with the Consumer Duty, which came into force in 2023.
Another notable action came from the UK’s Prudential Regulation Authority, which imposed a £1.78 million fine on Barents Reinsurance S.A for failure to manage and control its operations responsibly and effectively, with specific deficiencies in governance and regulatory reporting.
High-profile insurers hit with fines across the Asia-Pacific
Big-name insurance providers were subject to enforcement actions in the Asia-Pacific region.
ASIC continued its strong enforcement across the financial services sector, including securing a successful AU$16.8 million fine against Allianz and AWP for false and misleading statements about travel insurance benefits. The regulator also recently secured an AU$23.5 million fine against one of Australia’s largest superannuation fund trustees for unreasonable delays and failures to handle insurance claims in a timely manner.
New Zealand’s largest insurer, IAG New Zealand Limited, was in hot water for making false and/or misleading representations in relation to its insurance products, receiving a NZ$19.5 million fine in October 2025.
Elsewhere, Thailand’s regulator took targeted actions against KWI Insurance for its failure to allocate required insurance reserves and provide financial statements and reports.
In December 2024, South Korea’s Personal Information Protection Commission fined 12 insurance companies, including Hyundai Marine & Fire Insurance and AXA Non-Life Insurance, for using personal information for marketing purposes without obtaining proper consent.
What to expect from enforcement against insurers in 2026 and beyond
The protection of consumers is unsurprisingly the biggest priority for regulatory agencies. Insights from enforcement activity and the regulators’ own 2026 priorities statements suggest that complaint handling remains one of the biggest consumer pain points.
ASIC, for example, has signalled claims and complaints handling failures by insurers as a key priority for 2026. As part of the UK FCA’s Consumer Duty focus areas for 2025 to 2026, it expects to publish an interim report on pure protection insurance and an ongoing review of premium finance in motor and home insurance.
The European Insurance and Occupational Pensions Authority’s (EIOPA) 2026 priorities also list the fair treatment of consumers in claim handling as a key focus amongst EU authorities, as well as operational resilience and sustainability issues. EIOPA emphasises that national supervisory authorities will expect insurers to properly assess and manage risks related to climate change and sustainability.
Geopolitics and cyber risk exposures for directors have been highlighted as key issues for the sector in 2026. Allianz's recent publication states that “D&Os [Directors and Officers] can be held accountable for misjudging the impact of geopolitical developments on their company’s operations or for failing to adequately adapt to the legal or regulatory requirements in different countries.”
Clyde and Co’s emerging risk predictions for insurers in 2026 include, among others, social media addiction and sanctions as key issues for the sector. The firm states in its prediction that “With social media platforms integrating more AI functions, including AI chatbots, insurers should be aware of evolving and expanding risks associated with claims alleging mental health issues or instances of physical harm prompted by users’ interactions with AI.”
The sector is an early adopter of AI amongst the financial services industry, with the technology increasingly being used for automated underwriting, risk assessment, and claims processing. Given the high risks associated with the extensive use of policyholders’ personal data, it likely makes the sector a focus for regulatory scrutiny. Differing approaches to AI regulation across borders mean insurers will have to tread carefully and implement risk-based AI governance programmes.