Everything you need to know to navigate the financial institution insurance market in ≈ 5 minutes per week. Delivered on Fridays.
how fortune 100 companies are disclosing AI risk (and what it means for you)
|
Reading time: 5 minutes Your Friday FiveEvery Friday we review 200+ insurance, legal, and market-risk articles an summarize the best three events your board needs to be aware of on Monday morning. Three developments caught our attention this week:
>>>Listen to the audio version here DOJ is using a billing-fraud statute to investigate corporate DEI programs.SummaryThe Department of Justice opened investigations using a legal tool traditionally reserved for healthcare fraud and defense contractor overbilling. According to the Wall Street Journal, DOJ demanded documents from companies across technology, telecommunications, automotive, defense, pharmaceuticals, and utilities. They want details about workplace policies and promotion programs. The legal theory: holding federal contracts while maintaining certain DEI-related practices may constitute fraud under the False Claims Act. Executive Order 14173 now requires contractors to certify compliance — and agree that it's "material" to payment decisions. (source: JD Supra / Venable LLP) So what?Financial institutions with federal touchpoints should treat this as balance-sheet protection. Community banks with SBA relationships, credit unions in federal programs, and insurers with TRIA coverage all make certifications that we believe could fall under this framework. FCA's qui tam provisions let private whistleblowers initiate lawsuits, and collect a percentage of any recovery. Review recent certifications and document your compliance rationale. The time to build that paper trail is before anyone asks for it. Fortune 100 companies tripled their AI risk disclosures in one year.SummaryBoards are taking AI governance seriously. A Harvard Law analysis of Fortune 100 disclosures found AI risk cited in board oversight jumped threefold in 2025. Directors listing AI in their qualifications rose from 26% to 44%. Committee-level AI oversight assignments quadrupled, from 11% to 40%. More than a third (36%) now disclose AI as a separate 10-K risk factor, up from 14% last year. (source: Harvard Law School Forum on Corporate Governance) The LION LensWhat happened — Fortune 100 voluntary AI and cyber disclosures doubled or tripled across multiple metrics. SEC Chair Atkins rescinded several proposed cyber and AI rules from the prior administration. Why it matters — The disclosure momentum continues despite federal regulatory rollback. Boards treat AI and cyber governance as stakeholder expectations. Investors are watching. Practical implications — For financial institutions, this sets the benchmark. Your disclosures signal whether you match that rigor. Cybersecurity disclosures show similar acceleration. 78% of Fortune 100 companies assign cyber oversight to the audit committee. 73% now align to external frameworks like NIST CSF 2.0 up from 57% last year and just 4% in 2019. 58% report conducting tabletop exercises and simulations, up from 3% in 2019. 86% disclose cybersecurity as a director skill the board has or seeks. Deepfakes have become the second most common cybersecurity incident, trailing only malware. The federal-state split is widening. SEC Chair Atkins rescinded proposed rules on cybersecurity risk management for broker-dealers and investment advisers. He also pulled the "Predictive Data Analytics" rule that would have required firms to address conflicts when using AI in investor interactions. States filled the gap. In 2025, 40 states signed 136 AI law - most addressing deepfakes. The Cybersecurity Information Sharing Act of 2015 expired on September 30, 2025. The LION POVHere's how we're advising clients:
The federal rollback doesn't mean reduced expectations. The bar is being set by market leaders and state legislatures. Want to discuss how these disclosure trends affect your institution? Contact LION Specialty for a confidential review. LinkedIn won by staying boring.Summary While other platforms chased engagement through outrage, LinkedIn stuck with a 22-year-old rule: real names required. Revenue jumped from $7 billion in 2020 to $17 billion in 2025. Membership doubled to 1.3 billion. The growth coincided with content moderation declines at X and Facebook. Users concluded it was worth trading rage bait for earnest monologues about why getting laid off was a blessing in disguise. (source: Wall Street Journal) So what?A 2013 study found 53% of anonymous comments contained attacks or vulgarity — vs. 29% from identified users. When people know they'll be identified, they behave better. The governance implication: systems designed for accountability outperform systems designed for anonymity. For insureds, identity verification reduces fraud and improves risk selection. LinkedIn's growth suggests the market will trade friction for less toxicity. The Bottom LineBoards face pressure from multiple directions this week. DOJ is treating DEI certifications as potential fraud triggers — and whistleblowers have financial incentive to help them find violations. Fortune 100 companies are tripling AI disclosures while federal regulators pull back and states fill the gap with 136 new laws. The institutions treating these as balance-sheet protection exercises will have answers when others are still looking for lawyers. That's why we created the D&O Contract Vigilance Blueprint. It's a 5-day email course to help you:
>>>Get the D&O Contract Vigilance Blueprint Don't wait until a claim hits to find out your institution is under-protected. Thank you for reading today's edition! Want to share this edition via text, email or social media? Simply copy-and-paste the link below: And if this briefing was forwarded to you, subscribe directly here. Stay Covered, Natasha & Mark Co-Founders and Managing Partners LION Specialty |
LION Specialty
Everything you need to know to navigate the financial institution insurance market in ≈ 5 minutes per week. Delivered on Fridays.
Reading time: 5 minutes Your Friday Five The AI Regulation Stalemate President Trump just signed an Executive Order to preempt state AI regulations. Your compliance team is asking what this means. Your board wants to know if the programs you’ve been building for six months still matter. The short answer: keep building. The long answer requires understanding what the Executive Order actually does, what it can’t do, and why state regulators aren’t blinking. What the Executive Order Actually...
Reading time: 5 minutes Your 2025 Year in Review First off, thank you. This week marks our 88th straight week of writing these Boardroom Briefings. Many of you have been with us since the beginning, when we were still finding our footing. Now there's over 2,500 CFOs, CUOs, General Counsels, and Risk Managers at Financial Institutions reading weekly. We know you're busy. That’s why every Friday, we distill 200+ articles into the three signals your board should know about. This week, we're...
Reading time: 5 minutes Your Friday Five Every Friday we distill 200+ insurance, legal, and market-risk articles into three signals your board may need for its Monday briefing. Three developments caught our attention this week: Securities litigation risk exposure for U.S. public companies has reached $13.7 trillion. That's up nearly $2 trillion since July. D&O underwriters are adjusting their models. The insurance industry's AI honeymoon is over. An MIT study shows 95% of firms haven't...