Vulnerability to cyber-attacks remains the top concern for RIAs, yet worries about liabilities for errors and issues caused by AI and wire fraud are on the uptick, a new study says.
According to the 2025 RIA Bi-Annual Risk Survey from insurance brokerage Golsan Scruggs released last week, nearly eight out of every 10 RIAs surveyed listed wire fraud/crime/social engineering as a “pressing corporate risk.” Furthermore, four out of 10 RIAs say application errors due to AI are a risk, marking the first time either concern was measured by the RIA Risk Survey.
Overall, cyber breaches remained the top concern for RIAs in 2025, though at somewhat less of a magnitude than shown in the 2023 survey, the data showed.
“Independent advisors are clearly concerned about how sophisticated technology can negatively affect their practices,” said Ken Golsan, co-founder and managing director of Golsan Scruggs. “Whether it is wire fraud, cyberattacks or mistakes from AI, we have seen increased desire to manage and mitigate those risks.”
Kevin Thompson, founder and CEO of 9i Capital Group, for one, plans to increase his E&O exposure in the coming years as more reliance on AI becomes a necessity.
“As for wire fraud, we require multiple authorizations prior to any wire activity, which includes actually speaking with the client and having the client confirm via email that a request is being made, which reduces our risk of errors,” Thompson said.
Thompson adds that criminal activity is not only coming from just random emails, but it is coming directly from custodial relationships. Being able to spot a phishing email, especially those that look legitimate, has become a growing concern for his firm.
“I always direct my advisers to go directly to the website and never click on emails that seem suspicious or ask you to log in directly from that particular email,” Thompson said.
Elsewhere, Jason Thonssen, chief compliance officer at Ballast Rock Private Wealth, says possible AI errors represent the most salient risk in 2025 given the proliferation of AI-powered support in the RIA industry right now. As advisors turn to large language models (LLMs) for quick answers or support on a project, Thonssen believes it is too easy to accept the output as fact when there should be an element of “double checking” the work.
“This is especially true for more objective prompts where the LLM initially wants to give you a positive response when that may not be the case. Many of the LLM ‘agents’ created by enterprise platforms involve extensive prompts to bring the agent to its full operation – a much different situation than a free account with little background,” Thonssen said.
ADJUSTING TO A DANGEROUS NEW WORLD
As to whether his firm has adjusted its compliance, cybersecurity, or training programs in response to these new AI concerns, Thompson says he is adamant about making direct contact with clients and having receipt of that client communication before any money movement or transaction is done. Furthermore, he personally speaks to the client prior to any movement of assets to make sure the client is the one asking for the transaction to occur.
“It is a necessary step to avoid a litany of issues that could occur when you are trying to be fast for the sake of expediency,” Thompson said.
Meanwhile, Ballast Rock’s Thonssen coaches his staff to check any hyperlink and sender email address before clicking. He also trains them to have a critical eye on context and ask questions like “Does this request fit a client’s personality or known patterns?” or “Am I the person that this client/partner/coworker would reach out to for this?”.
“We have updated our policies to require aliases of any client PII that could be entered into AI agents. We also urge all advisors and firms to ask their AI partners how client information is handled, archived, and used before signing a contract,” Thonssen said.
Finally, Travis Johnson, managing director of XYPN Compliance, says cybersecurity remains the biggest and fastest-moving risk. He sees smaller firms are trying to protect themselves without over-engineering programs that cost more or take more time to manage than is practical. In his view, the true goal is effective defense, not unnecessary complexity.
“Advisors are eager to adopt AI tools, especially notetakers that simplify documentation and automate back-office work, but many remain cautious. In this highly regulated industry with evolving guidelines, the lack of consistent privacy policies and strong data-security frameworks can make the potential for regulatory scrutiny and exposure too high,” Johnson said.
Emphasized Johnson: “Our rule of thumb: start small, test internally, and only expand once you’ve verified compliance and controls.”
Choice anxiety, prestige bias, and the temptation to make selections based on outsourced confidence are just some of the parallels between investing and the world of wine tasting.
Regulators found Bank of America's monitoring software had a known flaw Merrill left uncorrected for years.
While AI has become a go-to research tool for affluent investors, new HSBC research suggests human advisors remain the deciding voice when investment decisions are made.
A 5-4 ruling preserves the Federal Reserve's independence for now, but the legal fight over presidential removal power is far from settled.
For years, large firms have been facing penalties and questions from regulators over interest rates for clients’ cash accounts.
Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income
Direct indexing is on pace to outgrow ETFs and mutual funds. Northern Trust's Ken Lassner explains why the advisors who get it wish they had started sooner.
