The regulatory environment for financial services continues to evolve at an extraordinary pace. Across insurance, securities, and investment markets, firms are navigating an expanding web of requirements driven by shifting federal priorities, increasingly assertive state legislatures, and persistent risks tied to technology, cybersecurity, and climate. 

While parts of 2025 reflected a renewed push toward federal deregulation, the year ultimately reinforced a familiar reality for compliance leaders: the volume, variability, and complexity of regulatory change continue unabated. As firms look ahead to 2026, success will depend not on reacting faster, but on building sustainable, enterprise-wide capabilities to manage change as a constant. 

The Expanding Scale of Regulatory Change 

The scale of regulatory activity today remains staggering. Each year, more than 40,000 individual regulatory items are issued at federal and state levels. Only a portion of these items impose direct obligations, but firms must still identify, analyze, and determine applicability across diverse business models and jurisdictions. 

  • In 2025, over 4,600 actionable regulations were identified and published through RegEd’s CODE solutions, including more than 1,200 securities regulations, 500 federal insurance regulations, and 2,900 state insurance compliance requirements. 
  • Midway through 2025, activity was already trending higher, with state-level regulatory changes up more than 24% compared to the same period in 2024. 

As 2025 progressed, those expectations largely materialized. Regulatory change management once again proved to be a continuous, enterprise-wide discipline – requiring structured workflows, cross-functional coordination, and the ability to translate evolving rules into operational controls with speed and consistency. 

Federal and State Dynamics: A Year of Divergence 

In 2025, federal and state regulators continued to move in increasingly different directions. 

At the federal level, the year was defined by selective deregulation. Agencies signaled reduced oversight across areas such as Medicare Advantage, ACA benefits, premium standards, merger review, and certain anti-money laundering requirements. In some cases, rulemakings were delayed, narrowed, or paused altogether, creating temporary relief for firms – but also uncertainty around long-term expectations. 

Importantly, deregulation did not eliminate compliance work. Firms were still required to assess changes, unwind outdated controls, update policies and procedures, and ensure internal standards remained aligned with current law. 

States, meanwhile, continued to expand their regulatory footprint. In response to perceived federal pullbacks, many states codified consumer protections through mandates covering cancer screenings, reproductive health, vaccines, mental health parity, and utilization management, and imposed consumer protections related to Medicare Advantage and Medicare supplement plans. The result was a more fragmented compliance landscape, particularly for firms operating nationally. 

Tariffs and cost pressures also emerged as a notable regulatory theme in 2025. Rising prices for auto parts, construction materials, pharmaceuticals, and medical devices prompted increased scrutiny from state insurance departments, with new filing requirements, consumer protection measures, and rate review considerations layered into existing frameworks. 

Looking ahead to 2026, this federal-state divergence shows no signs of narrowing. If anything, firms should expect continued variability as states assert greater independence in shaping insurance and financial services oversight. 

Climate Risk: From Emerging Issue to Embedded Oversight 

Climate-related risk continued to move from the periphery to the center of regulatory focus in 2025. Severe weather events – ranging from wildfires and floods to tornadoes and severe convective storms – drove historic losses and intensified scrutiny of insurer solvency, pricing, and availability of coverage. 

State regulators responded by advancing initiatives such as: 

  • Enhancements to risk-based capital frameworks to better address liquidity and concentration risk 
  • Increased oversight of property and casualty markets experiencing reduced capacity or affordability challenges 
  • Expanded use of state-developed risk models, including wildfire and flood mapping tools that standardize assessments of high-risk areas 
  • Broadened premium credit mandates involving risk-reduction measures, including hurricane/wind mitigation and reinforced roofs 

Notably, smaller but more frequent convective storms continued to generate losses rivaling those of major hurricanes, pushing climate-driven oversight into regions previously considered lower risk. 

As firms move into 2026, climate risk is no longer a standalone topic – it is embedded within capital planning, underwriting governance, rate filings, business continuity planning and enterprise risk management. 

Technology in the Regulatory Spotlight: AI and Cybersecurity 

Technology-driven regulation accelerated throughout 2025, with artificial intelligence and cybersecurity emerging as persistent focal points. 

Artificial Intelligence 

Regulators continued to refine expectations around AI governance, particularly as AI use expanded beyond underwriting into claims handling, fraud detection, utilization review, and customer engagement. 

Key themes in 2025 included: 

  • Increased scrutiny of algorithmic bias and discriminatory outcomes 
  • Expectations for documented AI governance programs, audits, and human-in-the-loop controls 
  • Broader oversight of third-party vendors supplying AI-enabled tools 

By 2026, firms should expect AI regulation to mature further – shifting from guidance and principles toward more explicit, enforceable standards.  There will be continued uncertainty as state lawmakers and attorney generals push back against federal preemption efforts toward state-level AI laws viewed as hindering innovation or creating excessive burdens. 

Cybersecurity 

Cyber risk remained a top regulatory concern in 2025, with ongoing rulemaking and guidance addressing: 

  • Incident response planning and breach notification 
  • Data protection standards and third-party risk 
  • AI-enabled threats, social engineering, and insider risk 

Even in jurisdictions that have not formally adopted the NAIC Insurance Data Security Model Law, regulators continued to expand expectations through examinations, bulletins, and informal guidance. 

The convergence of AI and cybersecurity is expected to further elevate governance expectations in 2026, requiring tighter coordination between compliance, IT, risk, and legal teams. 

Health Insurance and the Return of Legislative Complexity 

Health insurance regulation remained one of the most dynamic areas in 2025. Uncertainty around ACA subsidies and federal benefit standards prompted many states to require dual premium filings for 2026, reflecting multiple policy scenarios. 

At the same time, federal agencies issued new rules and guidance addressing market integrity, enrollment standards, coverage denials, and eligibility verification – some of which were subsequently delayed or stayed by court action, adding further complexity. 

Other high-activity areas included: 

  • Expanded oversight of prescription drugs and pharmacy benefit managers 
  • New coverage mandates for obesity treatment and substance use disorders 
  • Continued state-level focus on step therapy, mental health parity, and out-of-network protections 

Overlaying these developments was a significant increase in the use of omnibus regulation (both bills and administrative rules). In 2025, large, multi-topic bills increasingly bundled insurance provisions alongside unrelated policy measures, reinforcing the need for sophisticated monitoring to identify actionable requirements buried within broader legislation. 

This trend is expected to continue – and potentially accelerate – in 2026. 

What to Expect in 2026 

As firms plan for the year ahead, several themes are likely to define the regulatory environment: 

  • Sustained State-Level Expansion: States will continue to fill perceived gaps left by federal retrenchment. 
  • More Prescriptive Technology Oversight: AI and cybersecurity expectations will become more explicit and enforceable. We also expect the Securities & Exchange Commission (SEC) to focus on distributed ledger technology as well as the tokenization of financial assets, including securities.   
  • Climate Risk as a Baseline Assumption: Climate considerations will be embedded across regulatory reviews, particularly on the insurance side. 
  • Persistent Legislative Complexity: Omnibus bills and administrative rules and layered guidance will demand faster identification and interpretation of change. 
  • Fighting Fraud: Regulators and legislators across all sectors will continue to focus on protecting investors and consumers from fraud. Scams, fraud, and financial exploitation have surged in recent years, driven in part by technological advances that enable sophisticated criminal schemes. 

In short, regulatory change and investor and consumer protection efforts will remain continuous – not cyclical. 

How Compliance Leaders Can Prepare 

The lessons of 2025 point to clear priorities for compliance organizations heading into 2026: 

  • Design for Continuous Change: Regulatory change management must operate as a living, enterprise process. 
  • Strengthen State-Level Intelligence: Jurisdiction-specific awareness is critical for national firms. 
  • Elevate Governance for AI and Cyber Risk: Technical controls must be matched with strong oversight frameworks. 
  • Invest in Scalable Processes: Volume and complexity require automation, workflow, and expert analysis. 

For today’s firms, regulatory change is no longer just about compliance – it is a strategic capability that directly impacts operational resilience, customer trust, and long-term growth. 

How RegEd Can Help

RegEd’s Regulatory Change Management solution provides firms with a comprehensive, workflow-enabled approach to identifying, analyzing, and implementing regulatory change across insurance and securities markets. 

Backed by more than 30 regulatory experts with over 300 years of combined industry experience, RegEd delivers clear, actionable analysis for new and amended regulations – helping compliance and business teams focus on what matters most. 

Through a closed-loop process that spans awareness, applicability, implementation, and oversight, RegEd helps firms strengthen compliance programs, reinforce accountability, and reduce risk in an increasingly complex regulatory environment. 

Schedule a consultation to learn how RegEd’s Regulatory Change Management solution can help your organization: 

  • Focus internal teams on high-value work 
  • Improve alignment with business units 
  • Keep policies and procedures current 
  • Gain confidence that regulatory change is managed, monitored, and documented 

Watch our two-minute explainer video on RegEd’s Regulatory Change Management solution.

Meet The Authors

  Stacy Braverman, Director of Compliance, Insurance, RegEd

  Margie Webber, Director of Compliance, Securities, RegEd

Stacy Braverman is Director of Compliance, Insurance concentrating on insurance regulatory change. Stacy has been in the insurance industry for 40 years with experience in legislative affairs and regulatory compliance. She was previously the Chief Legislative and Compliance Officer for a CNA subsidiary who led in the development of compliance alerts within their operations system. Her experience includes serving as the Chair of an industry association government affairs committee, and as a contributor in the development of NAIC Model Act and Regulation language. She also ran a licensing and compliance consulting service providing support for brokers and producers, and the development of suspected fraud training. Stacy has worked with the CODE product for over 13 years.

Margie Webber has more than 30 years of experience in the financial services industry. She is Director of Compliance focusing on BD/IA issues at RegEd. Before joining RegEd in 2010, Margie provided compliance and registration-related consulting and outsourcing services for small broker/dealers in the Kansas City area. She has also held the role of Assistant Vice President of the Licensing & Registration Unit at Waddell & Reed, and led her team in the registration and registration-related compliance matters for 2 broker/dealers, 5 investment advisors, 11 insurance agencies and approximately 2500 financial advisors. Margie is very active in industry organizations, particularly the Securities and Insurance Licensing Association (SILA). She served as SILA’s President from 2007 to 2009.

Scroll to top