By Stacy Braverman, Director of Compliance, Insurance, RegEd

About the Author: Stacy Braverman is Director of Compliance, Insurance concentrating on insurance regulatory change. Stacy has been in the insurance industry for 40 years with experience in legislative affairs and regulatory compliance. She was previously the Chief Legislative and Compliance Officer for a CNA subsidiary who led in the development of compliance alerts within their operations system. Her experience includes serving as the Chair of an industry association government affairs committee, and as a contributor in the development of NAIC Model Act and Regulation language. She also ran a licensing and compliance consulting service providing support for brokers and producers, and the development of suspected fraud training. Stacy has worked with the CODE product for over 13 years.

The regulatory environment for financial services continues to evolve at an unprecedented pace. Firms across insurance, securities, and investment sectors are facing a steady stream of new obligationsfueled by shifting federal priorities, proactive state legislatures, and emerging risks tied to climate, technology, and cybersecurity. While some initiatives lean toward deregulation, the overall trend is toward greater complexity and scrutiny. 

The Expanding Scale of Regulatory Change 

The scale of regulatory activity today is staggering. Each year, more than 40,000 individual regulatory items are issued at federal and state levels. Only a portion of these items impose direct obligations, but firms must still identify, analyze, and determine if the activity is applicable to their business operations. 

  • In 2024, over 4,800 actionable regulations were identified and published through RegEd’s CODE solutions, including more than 1,200 securities regulations, 680 federal insurance regulations, and 2,700 state insurance compliance requirements. 
  • Midway through 2025, activity is already trending higher, with state-level regulatory changes up more than 13% compared to the same period in 2024. 
  • Federal regulatory actions began slowly in early 2025 but are expected to accelerate during the remainder of the year, cascading down to states and amplifying the volume of requirements firms must address. 

For compliance leaders, this underscores a critical reality: regulatory change management is no longer episodic. It is a constant, enterprise-wide effort requiring robust systems, cross-functional collaboration, and the ability to rapidly translate evolving rules into operational controls. 

Federal and State Dynamics: Diverging Priorities 

At the federal level, 2025 is shaping up as a year of deregulation. The administration has signaled looser oversight around Medicare Advantage, ACA subsidies and benefits, premium standards, company mergers, and anti-money laundering rules. Some rollbacks are already in effect, while others are expected to accelerate in the months ahead. 

Yet deregulation does not simplify compliance. Even the removal of obligations demands careful review of policies, procedures, and internal controls to ensure firms remain aligned with current law, while also remaining compliant with internal policies and procedures. 

Meanwhile, states are moving in the opposite direction, actively codifying protections in response to perceived federal retrenchment. For example, states have implemented their own mandates around cancer screenings, contraceptives, vaccines, and mental health parity. This patchwork of state-driven requirements creates greater variability, forcing national firms to maintain nuanced, jurisdiction-specific compliance frameworks. 

In addition, tariffs have emerged as a new regulatory pressure point. Rising costs in auto replacement parts, construction materials, medical devices, and pharmaceuticals are impacting insurance markets and prompting state regulators to respond with new oversight and consumer protections. States that once positioned themselves as havens for specialized entities such as captives and risk retention groups may also be forced to revisit laws as federal tax treatment evolves. 

Climate Risk: A Driving Force Behind Oversight 

Climate and weather-related losses are among the most significant forces shaping regulation in 2025. In just the first half of the year, weather-related disasters cost the U.S. economy $93 billion, a staggering figure that underscores the urgency of regulatory action. 

State regulators are responding with climate-responsive initiatives such as: 

  • Modernized risk-based capital formulas designed to better address liquidity risk in insurers’ investment portfolios. 
  • Heightened oversight of the property and casualty (P&C) market, where wildfires, tornadoes, floods, and severe convective storms are pushing costs upward and reducing availability of coverage. 
  • Increased reliance on state-developed risk models, such as Utah’s wildfire mapping tool, which restricts insurers to uniform assessments of high-risk areas. 

Notably, smaller convective storms – sometimes called “kitty cats” – have caused losses rivaling those of major hurricanes. This is driving property insurance costs higher, even in regions historically less exposed to catastrophic events. Regulators are responding by requiring insurers to expand risk modeling, adjust capital buffers, and strengthen consumer protections.

Technology at the Forefront: AI and Cybersecurity 

Alongside climate risk, technology is shaping the regulatory agenda in profound ways. Artificial intelligence and cybersecurity have emerged as dual priorities across both federal and state regulators. 

Artificial Intelligence

  • AI in underwriting: Nineteen states have already approved AI-driven severe convective storm risk models, covering over 12 million properties. 
  • Oversight of discriminatory outcomes: Regulators are focusing on algorithmic bias and ensuring compliance with anti-discrimination laws. 
  • Governance expectations: Financial institutions will be expected to conduct audits of AI systems, establish governance programs, designate AI compliance officers, and implement human-in-the-loop oversight. 
  • Expanding scope: AI regulation is extending beyond underwriting into fraud detection, claims mitigation, utilization review, and customer-facing interactions such as chatbots and personalized recommendations 

Cybersecurity

  • In 2024 alone, more than 40 new requirements were issued around incident response, standards, reinsurance, and data security. 
  • Regulators are particularly focused on AI-driven breaches, social engineering, and employee privacy, with some states permitting insurers to mask identification of claims staff to reduce threats. 
  • While only 27 jurisdictions have formally adopted the NAIC Insurance Data Security Model Law, evolving guidance continues to broaden expectations, ensuring that firms remain vigilant even outside those states. 

The convergence of AI and cyber risk is accelerating oversight and forcing firms to elevate both their technical defenses and governance frameworks. 

Health Insurance and the Complexity of Omnibus Laws 

The health insurance sector remains a focal point of regulatory activity. With uncertainty around ACA subsidies and federal benefits, many states now require insurers to file dual premium rates for 2026 – one assuming continuation of subsidies, and one without Federal regulators have also issued new rules on market integrity, coverage denials, enrollment standards, and income eligibility verification. Recently, a court ordered a stay of some of the federal rule that was expected to become effective in August.  Catastrophic coverage will be permitted for people who cannot afford health insurance due to the changes and short-term limited duration health insurance rules enacted during the prior administration will not be enforced.  CMS has published a guidance letter, which will prompt the states to revise their guidance on filings and the various changes.   

Other hot-button areas include: 

  • Prescription drug oversight and expanded regulation of pharmacy benefit managers. 
  • New mandates for coverage of treatments for substance use disorders and obesity. 
  • State-level measures addressing step therapy, mental health parity, and coverage of out-of-network services. 

Overlaying all of this is the resurgence of omnibus legislation – sprawling, multi-topic bills that often tuck insurance provisions alongside unrelated measures. In 2024, 22 such bills totaling 2,400 pages were distilled by RegEd’s expansive team of regulatory experts into 145 actionable requirements. In 2025, the pace has already accelerated, with 47 omnibus regulations tracked so far, underscoring the need for firms to remain vigilant in spotting critical provisions buried within broader legislation. 

What Compliance Leaders Should Do Now 

The volume and complexity of 2025 regulatory activity highlight a set of clear imperatives for compliance organizations: 

  • Anticipate More Change, Not Less: Even in a deregulatory environment, the net effect is rising obligations across federal and state levels. 
  • Prioritize State-Level Awareness: With states filling gaps left by federal rollbacks, compliance teams must track and adapt to divergent state frameworks. 
  • Build Climate and Technology Readiness: Climate risk modeling, AI governance, and cybersecurity resilience are becoming non-negotiable. 
  • Prepare for Legislative Complexity: Omnibus bills and multi-layered health regulations require sophisticated monitoring and rapid analysis. 

For firms operating in today’s environment, regulatory change is no longer just a compliance function – it is a core strategic priority. Success depends on the ability to monitor developments, interpret their impact, and implement responsive measures across the enterprise. 

How RegEd Can Help

RegEd’s Regulatory Change Management is a workflow-enabled enterprise software solution that provides firms with everything they need to be aware of, comply with, and demonstrate compliance with all relevant regulatory changes. Comprised of more than 30 regulatory experts with over 300 years of combined knowledge and experience in the insurance and securities industries, RegEd’s Regulatory team delivers regulatory change analysis for new and amended rules that is easily digestible for compliance and business units. 

Our Regulatory Change Management offering helps firms manage regulatory change through the delivery of actionable content, in a closed-loop process, across the enterprise. This strengthens the firm’s compliance program, lowers compliance costs, and reduces non-compliance risk. 

Schedule a consultation to learn how RegEd’s Regulatory Change Management solution helps compliance leaders: 

  • Free resources to focus on high-value work
  • Improve relationships with business units
  • Ensure Policies & Procedures are in line with regulatory requirements
  • Achieve peace of mind knowing that regulatory changes are handled

Scroll to top