RIA Insurance Requirements: What Your Custodian Actually Expects After You Buy E&O

RIA insurance requirements have quietly become one of the most important compliance details an independent advisor can miss. Not because regulators changed the rules overnight. But because the major custodians did.

If you recently purchased E&O coverage and assumed you were done, you are not alone. Most advisors make that assumption. Most custodians will tell you otherwise.

Here is what you actually need to know.

Why Custodians Started Raising Their Insurance Requirements for RIAs

For years, carrying Errors & Omissions insurance was considered best practice for independent investment advisors — recommended, but rarely enforced. That changed in 2021 when Charles Schwab became one of the first major custodians to formalize insurance requirements for all RIA firms on its platform. Fidelity Institutional followed. Other custodians have moved in the same direction since.

The reasons are straightforward:

• Custodians hold your clients’ assets. When fraud or negligence occurs at your firm, the custodian can get pulled into the legal and financial fallout.
• Independent RIAs have grown rapidly in number and complexity, increasing operational risk across the board.
• Cybercrime, wire fraud, and social engineering attacks targeting advisory firms have increased significantly in frequency and sophistication.

Custodians are not raising their requirements to be difficult. They are doing it because one uninsured failure at a small RIA can create liability that extends well beyond that firm.

The $1 Million Aggregate: What It Means and What It Doesn’t

Most major custodians set a minimum aggregate of $1 million in total coverage. That number sounds straightforward. It isn’t.

The $1 million is not just E&O. Understanding the full scope of RIA insurance requirements means recognizing that the aggregate typically needs to include coverage for:

• Professional liability (E&O)
• Social engineering and funds transfer fraud
• Cyber liability and data breach
• Employee theft and crime, if you have staff

This is where many advisors run into trouble. They purchase a $1 million E&O policy, submit their Certificate of Insurance, and get notified that their coverage is incomplete. The policy exists. It just does not cover what the custodian is actually asking for.

E&O covers professional mistakes. It does not cover someone tricking your assistant into wiring $200,000 to a fraudulent account. Those are different risks, and they require different coverage.

E&O Coverage: The RIA’s Coverage Foundation

Errors & Omissions insurance is still the core of your program. It protects your firm when a client alleges that negligence, a mistake, or a failure to act caused them financial harm.

Common E&O claims for RIAs include:

• Unsuitable investment recommendations
• Failure to execute a trade or follow client instructions
• Inadequate disclosure of risks or conflicts
• Missed deadlines or administrative errors

Most custodians require at least $1 million per occurrence or aggregate in E&O coverage. If you are already a client of AdvisorCovered, you have this covered through our Nationwide program. But E&O is the starting point — not the finish line.

Not sure what liabilti limit to select? Learn how to select the right liability limits for your E&O coverage.

Social Engineering: The Coverage Gap Most Advisors Don’t Know They Have

This is the one that catches advisors off guard.

Social engineering is when a bad actor manipulates your staff psychologically — or impersonates a client convincingly enough — to trick someone into authorizing a fraudulent wire transfer or releasing sensitive account information. No hacking required. Just a well-crafted email, a spoofed phone number, or an urgent request that looks exactly like it came from a trusted client.

It is one of the fastest-growing sources of financial loss in the advisory industry. And most standard E&O policies exclude it entirely.

When advisors review their RIA insurance requirements with us, social engineering is almost always the gap we find first. A few things to understand:

• It is almost always sublimited, meaning even if your total policy is $1 million, the payout for a social engineering claim may be capped at $100,000 to $250,000
• It can be added as an endorsement to your E&O or cyber policy, or covered under a standalone crime policy
• Fidelity Institutional has specifically required RIAs to carry a minimum of $250,000 in social engineering coverage as part of their mandate
• Schwab’s requirement includes social engineering as one of the covered categories within its $1 million aggregate limit

The practical question to ask your broker: what is my social engineering sublimit, and does it satisfy my custodian’s specific requirement?

Cyber Liability: Now a Custodian Expectation

RIAs handle some of the most sensitive financial data in existence. Social Security numbers, account credentials, tax records, banking details — all of it flowing through your systems every day.

Cyber liability insurance covers your firm when that data is compromised. Specifically:

• Data breaches and unauthorized access to client information
• Ransomware attacks that lock down your systems
• The cost of client notification, credit monitoring, and forensic investigation
• Legal defense costs and regulatory fines related to a breach

Schwab’s mandate explicitly includes coverage for theft by hackers. Fidelity’s requirements include cyber coverage as a component of its broader mandate. Neither custodian considers a standard E&O policy sufficient to satisfy this requirement on its own.

Cyber coverage can be added as an endorsement to your E&O policy or purchased as a standalone policy. Standalone policies typically offer broader protection and higher limits. For most independent RIAs, a standalone cyber policy in the $1 million range is worth the additional premium.

One important note: cyber liability coverage is coming to AdvisorCovered in the near future through our partnership with Cowbell. If you have questions about cyber coverage in the meantime, contact us directly.

Crime and Fidelity Coverage: Protecting Against the Threat Inside

Nobody wants to think about employee theft. But the data is uncomfortable.

According to industry research, the average occupational fraud scheme goes undetected for approximately 18 months. The median loss is around $150,000. And roughly 90% of business theft losses trace back to internal employees — not outside criminals.

For RIAs with staff, crime and fidelity coverage is an increasingly standard part of custodian insurance requirements. Here is what it covers:

• Employee dishonesty: Staff members redirecting firm funds or client assets for personal gain
• Forgery and check fraud: Altered payees, forged signatures, fraudulent vendor payments
• Theft of client funds: Specific endorsements to cover assets belonging to your clients, not just your firm

A few important distinctions:

• Solo RIAs without employees are typically exempt from the employee theft component of custodian requirements — you cannot legally steal from yourself in an insurance context
• If you manage ERISA retirement plan assets, federal law requires a separate ERISA Fidelity Bond totaling at least 10% of the plan’s assets — this is a DOL mandate, not just a custodian preference
• Standard crime policies protect firm assets; you must specifically confirm your policy includes third-party fidelity language to cover client funds

Recommended starting limits for independent RIAs range from $250,000 for smaller solo practices to $1 million or more for firms with staff and significant wire transfer volume.

The COI Problem: When Your Coverage Exists But Doesn’t Satisfy

Here is a scenario that happens more often than it should.

An advisor purchases E&O coverage, receives their Certificate of Insurance, and submits it to their custodian during onboarding. The custodian comes back with a problem. Not because the advisor lacks insurance — but because the policy does not include the right endorsements, the aggregate limit is structured incorrectly, or a required coverage category is missing entirely.

Account access gets delayed. Sometimes it gets restricted.

A few things to get right on your COI before submitting:

• Make sure the certificate reflects all required coverage categories, not just E&O
• Confirm your aggregate limit meets your custodian’s minimum threshold across all required coverages
• Check that social engineering and cyber endorsements are listed explicitly — not assumed
• Some custodians require themselves to be listed as a certificate holder or additional interested party

This is not a paperwork formality. It is a compliance requirement with real consequences for your ability to operate.

What to Ask Your Custodian Before You Finalize Your Coverage

Custodian insurance requirements are not uniform, and they do change. Before finalizing your insurance program, get specific answers to these questions directly from your custodian:

• What is the minimum aggregate coverage required?
• Is social engineering coverage required, and is there a minimum sublimit?
• Do you require standalone cyber liability, or will an endorsement satisfy the requirement?
• Is crime or fidelity coverage required for my firm size and structure?
• Do you need to be listed on my Certificate of Insurance?
• What is your process if my coverage lapses or falls below your minimum?

Do not rely on what a colleague told you their custodian requires. Requirements vary by institution and they get updated. Confirm directly. Every time.

Pulling It Together

Meeting your custodian’s insurance requirements for your RIA means building a layered program — not buying a single policy and hoping it covers everything. Here is the practical framework:

• E&O: $1 million minimum, claims-made policy from a carrier that understands the RIA market
• Social engineering: At minimum $250,000 sublimit; confirm this satisfies your specific custodian’s requirement
• Cyber liability: Required by most major custodians; standalone policy preferred over endorsement alone
• Crime/fidelity: Required if you have employees; confirm third-party language covers client funds, not just firm assets
• ERISA bond: Required by law if you manage retirement plan assets; separate from your general fidelity coverage

No single policy covers all of this. A well-structured program layers these coverages deliberately, with limits and endorsements that reflect how your firm actually operates.

AdvisorCovered Can Help

AdvisorCovered was built specifically for RIAs, IARs, and independent financial professionals. We understand what custodians are looking for, and we can help you build a coverage program that satisfies those requirements — not just on paper, but in practice.

If you recently purchased E&O through AdvisorCovered and want to review your full coverage picture, contact us. If you are just getting started, get a quote today.