Schwab Requires RIAs to have E&O and Cyber Liability Insurance
Starting from 2022, all Charles Schwab custodians must have cyber liability and E&O insurance coverage. This mandate means that all RIAs must have a minimum of $1 million worth of insurance to cover cybercrime and industry fraud.
RIAs have the option of adding a cybersecurity component to their E&O policies or buying a standalone cybersecurity insurance policy.
At this time, only 76% of Schwab RIAs have cybersecurity insurance, according to Schwab's 2021 RIA Benchmarking study. However, no specific dates are available for compliance.
More details will be available from November as Schwab negotiates preferred pricing with a selected group of insurance providers. This will affect the current 13,000 Schwab RIAs, while new RIAs will have a 90-day window to update their insurance policies for compliance.
Protection from Operational Risks
Cybersecurity insurance typically covers ransomware attacks, forensics investigations, fund transfer fraud, and credit monitoring. It also covers any legal fees and recovery costs related to a data breach. Unfortunately, it excludes phishing-related incidents such as social engineering and data theft by hackers or employees.
Therefore, RIAs must obtain separate policies that cover these breaches. E&O insurance, or professional liability insurance, covers the costs of lawsuits that may arise in the case of a data breach. This combination of policies protects Schwab, its RIAs, and investors from day-to-day operational risks.
Schwab's Managing Director of Advisor Controls and Trading, Ian Muir, said in a written statement. "Independent advisors have been growing quickly, and while this growth and success are overwhelmingly positive for investors and RIAs alike, it does bring increased operational risks as firms expand and day-to-day operations become more complex."
Muir also added that "This complexity, combined with rising industry fraud, cybercrime, and trading volatility, means advisors must evaluate how well their firm has protection.
Schwab believes that insurance is a vital component to managing risk at Schwab and in advisors' businesses, and is consistent with the commitment to being a fiduciary for clients."
Cost of the Schwab Directive
On average, a $1 million per-occurrence E&O insurance policy for RIAs starts at about $220 per month, which translates to $2,610 per year. A $750,000 per-occurrence cyber liability insurance for RIAs costs about $105 per month, $1,260 per year.
Meaning, RIAs will have an added insurance cost of $3,870 annually to meet Schwab's requirements. Note that the cost of insurance may be higher depending on the size of the firm, its annual revenue, number of clients, and the insurance provider's limits.
This Schwab directive shows that the financial services firm acknowledges the rapid expansion of RIAs, which are increasingly vulnerable to operational risks. In addition, investors are wary about losses due to cybersecurity breaches, prompting regulators to crack down on RIAs to ensure compliance.
In August 2021, the Securities and Exchange Commission (SEC) sanctioned eight firms, including Cambridge, KMS, and Cetera Advisors, for cybersecurity policies and procedures failures. RIA firms that use Schwab as a custodian should expect more information regarding this new insurance mandate in the coming months.