A mid-sized recruitment agency in the South West places a candidate into a regulated compliance role at an FCA-authorised wealth manager. The candidate's CV claims a level 4 Diploma in Regulated Financial Planning and a clean SMCR record. Nine months in, an internal audit at the client reveals that the candidate never held the qualification, had previously been the subject of an upheld complaint at a former employer, and that two of the references on file had been written by the candidate's own associates using personal email addresses that nobody at the agency had thought to question. The client incurs remediation costs to re-paper the client portfolio, pays compensation to affected clients, and self-reports to the FCA. A letter before action follows. The claim — for remediation, regulatory legal costs, and consequential loss — is for £420,000.
That kind of letter is the moment a recruitment agency's Professional Indemnity Insurance either responds, or it doesn't. The detail of what the policy covers, the limit it is written at, the wording of the vetting and references extension, and whether the underwriter has been told accurately about the agency's mix of permanent versus contract work and the sectors it places into — those things, decided months earlier at renewal, are what determines whether the next twelve months go well or badly for the principals of the business. PI cover for UK recruitment consultants is not regulated in the way that solicitors' or accountants' cover is, but the contractual and reputational stakes are every bit as material, and the underwriting market for the sector has hardened noticeably since the IR35 reforms of 2017 and 2021 and the post-2020 surge in data-breach claims against recruiters.
This guide is for directors, MDs, COOs and finance leads at UK recruitment agencies, employment businesses, executive search firms and RPO providers who want to understand what their PI policy is actually doing for them, what the regulatory backdrop looks like in 2026, where claims actually come from, and how to think about cover limits sensibly. It runs longer than most online explainers because in this sector the detail matters — a generic "£1 million is fine" rule of thumb has put more than one agency in difficulty when a claim has arrived.
What Professional Indemnity Insurance covers for recruitment consultants
At its core, Professional Indemnity Insurance — PI or PII interchangeably — pays the legal costs of defending a civil claim made against your agency by a client, candidate, or third party who says they have suffered financial loss as a result of professional services you provided, and pays any damages or settlement awarded against you, up to the limit of the policy.
For a recruitment business, "professional services" is a broader envelope than many directors realise. It typically covers permanent placement, contingent and retained search, temporary and contract worker supply (both as an Employment Business under the Conduct Regs and as an Employment Agency), RPO, embedded recruiter arrangements, executive search, psychometric and behavioural assessment, candidate vetting and reference-checking, right to work verification, IR35 status work where the agency provides input into the determination, and the handling of candidate and client personal data through the agency's applicant tracking system.
Most policies respond whether the alleged failure was a missed vetting step, a negligent reference, a CV that should have raised questions and didn't, a misclassification of a contractor's tax status, a breach of confidentiality, a misjudged restrictive-covenant situation, a defamatory reference, or a data breach affecting candidate personal data. The cover is built around the words "any civil liability arising from the provision of professional services" — and the heart of any renewal conversation is making sure the definition in the schedule mirrors what the agency actually does.
What PI does not cover is also worth being explicit about. It does not cover the tax owed to HMRC where an IR35 determination is overturned — that liability sits where the off-payroll rules put it and is not insurable as a matter of public policy. It does not cover regulatory fines, including ICO civil monetary penalties and EAS penalties. It does not respond to dishonesty, fraud, or criminal conduct by you or your directors. It does not cover fee disputes about the agency's own invoices (though those can pull PI in if the client counter-claims on the underlying work). And it does not cover bodily injury, property damage, or employer's-liability matters — those sit on separate covers.
The regulatory backdrop — what UK recruitment businesses are operating under
There is no single regulator of the recruitment industry in the way that the SRA regulates solicitors or ICAEW regulates chartered accountants. Instead, recruitment consultancies operate against a layered patchwork of statutes, statutory instruments, codes of practice, and contractual obligations. The interaction of all of them is what shapes a PI underwriter's view of the risk.
The Employment Agencies Act 1973 is the bedrock legislation. It distinguishes between an "Employment Agency" (which finds permanent work for workers, or workers for employers) and an "Employment Business" (which supplies workers it engages itself to an end-user on a temporary or contract basis). Most modern recruitment groups operate as both, often through the same legal entity, and the distinction matters because different conduct rules apply.
The Conduct of Employment Agencies and Employment Businesses Regulations 2003 — the "Conduct Regs" — are the operating manual: prohibitions on charging work-seekers (with limited exceptions in entertainment and modelling), rules on advertising vacancies, the information that must be obtained from and given to a hirer and a work-seeker before an introduction, the timing of confirmation of terms, restrictions on transfer fees and temp-to-perm fees, and rules on payment to temporary workers. Material breaches feed directly into negligence claims, and are the standard against which a court will measure what a "reasonable recruiter" would have done. Enforcement sits with the Employment Agency Standards Inspectorate (EAS), now part of the Department for Business and Trade (DBT, formerly BEIS), which can issue warning letters and pursue prohibition orders for serious breaches.
The Recruitment & Employment Confederation (REC) and the Association of Professional Staffing Companies (APSCo) are the two main trade bodies. Neither is a statutory regulator, but both run Codes of Practice that member firms commit to, and both expect their members to hold PI cover. The REC Code is the more widely-cited and is often referenced in larger client MSAs as a contractual standard.
The Immigration, Asylum and Nationality Act 2006 and the associated Home Office Codes of Practice govern right to work. Recruiters who place permanent candidates do not themselves become the "employer" for IANA purposes, but agencies operating as Employment Businesses do — they engage the temporary worker and supply that worker to the hirer, and carry the full statutory excuse obligation. Getting this wrong exposes the agency to civil penalties of up to £60,000 per illegal worker following the February 2024 uplift. We deal with this in our companion guide on right to work checks and recruiter PI.
The off-payroll working rules — IR35 — sit in Chapter 10 of the Income Tax (Earnings and Pensions) Act 2003. From April 2017 in the public sector and April 2021 in the medium-and-large private sector, responsibility for determining whether a contractor's engagement is inside or outside IR35 sits with the end-client, and the PAYE/NIC obligation where the engagement is inside falls on the "fee-payer" — typically the agency at the bottom of the chain that pays the personal service company. HMRC's PAYE/NIC recovery itself is not insurable, but the agency's professional negligence in operating the fee-payer obligations can be. See our IR35 companion guide for the detail.
The UK General Data Protection Regulation and the Data Protection Act 2018 are central to the recruiter's risk profile. Recruitment businesses hold extraordinary volumes of personal data — CVs, ID documents, salary histories, reference correspondence, sometimes special-category data on health, disability and criminal convictions. The Information Commissioner's Office (ICO) is the supervisory authority; ICO penalties can reach the higher of £17.5 million or 4% of global turnover for the most serious breaches. ICO penalties themselves are not insurable, but the defence costs of an ICO investigation, and the third-party civil claims that follow, are.
The Modern Slavery Act 2015 imposes transparency-in-supply-chains obligations on commercial organisations with turnover above £36 million — most larger agencies and almost every RPO provider falls within scope. The Worker Protection (Amendment of Equality Act 2010) Act 2023, in force from October 2024, imposes a positive duty on employers to take reasonable steps to prevent sexual harassment of their workers. The Equality Act 2010 governs discrimination in recruitment — claims that an agency filtered candidates discriminatorily, or acceded to a client's discriminatory brief, can trigger both tribunal and civil claims for which PI is in scope.
What claims actually look like
The popular image of a recruitment PI claim is the high-profile placement that turns sour. The reality is more diverse, and the median claim is smaller and more procedural than the headline cases suggest. Working from anonymised industry patterns, the recurring categories include:
The negligent reference. A consultant takes a reference, summarises it in glowing terms to the placing client, and omits a material qualification the referee mentioned in passing. Three months in, the placement fails for precisely the reason that qualification flagged. These claims typically settle in the £30,000 to £80,000 range, with defence costs frequently matching the settlement.
The CV-misrepresentation claim with thin verification. As in the opening scenario — a candidate's CV asserts a qualification, registration, previous job title, or security clearance that the candidate doesn't actually hold, and the agency's verification was insufficient to catch it. The agency is not the deceiver but is the party that owed the client a duty of reasonable care in verification. Claims can be large, particularly into regulated sectors (financial services, legal, healthcare, education) or senior roles. Settlements in the £100,000 to £500,000 range are not unusual; defence costs alone can reach six figures.
The IR35 status determination dispute. A contractor is supplied on an outside-IR35 basis on the strength of an SDS from the end-client. HMRC later finds the engagement should have been inside and pursues the agency as fee-payer. The agency's tax liability is not insurable; what is potentially insurable is the agency's onward claim against, or defence of a claim from, the end-client where the dispute turns on which party failed to apply reasonable care. The April 2024 PAYE offset rules have reduced headline quantum but the dispute pattern remains active. See our IR35 companion article.
The right to work miss. An employment business supplies a worker who turns out not to have the right to work; the Home Office issues a civil penalty against the agency (the IANA employer of an agency temp). Civil penalties up to £60,000 per illegal worker are themselves not insurable, but PI can respond to the agency's exposure to the end-client where the hirer argues the agency's failure caused reputational or operational loss. See our right to work companion article.
The candidate database breach. An ATS misconfiguration, a phishing email, or a contractor exfiltrating data exposes candidate CVs — sometimes tens of thousands. The ICO investigates; a small number of candidates bring civil claims. PI typically responds to ICO defence costs and to the third-party civil claims; cyber responds to technical incident response, breach notification and business interruption. The ICO fine itself is uninsurable.
The restrictive covenant assistance claim. A senior candidate moves between two clients of the same agency, taking a small team. The first client alleges the agency knew or ought to have known about non-solicit and non-compete obligations and facilitated their breach. Defence costs are regularly six figures before the matter settles.
The defamatory or negligent reference about a non-placed candidate. An agency declines to put a candidate forward and, in a follow-up call with another client, characterises the candidate in terms the candidate later argues are defamatory. Defamation cover is usually included within a recruitment PI wording but the inner limit may be lower than the main limit — worth checking.
How much cover do you actually need?
The minimum is not the answer. Most agencies that lose a claim discover, with hindsight, that they should have been carrying more. There is no statutory minimum and the REC/APSCo codes do not impose a hard figure; the figure that's right for your business depends on the size of the engagements you take on, the sectors you place into, and the client contracts you sign.
A rough proxy: think about your three largest live client relationships. What is the maximum plausible single loss the most exposed could allege — the placed candidate's full first-year salary multiplied by three, perhaps, plus the client's remediation costs, plus the agency's own defence costs (which themselves frequently run into six figures on a contested claim). Your PI limit should comfortably exceed that worst-case figure, with headroom.
In broad terms, the market splits along these lines. Very small permanent-only agencies — sole-trader to two-or-three-consultant operations placing into SME and OMB clients on standard terms — often start at £100,000 to £500,000 of cover. Many client MSAs will demand more, however, and the lower end is only comfortable for the smallest agencies with the simplest exposure. The professional-services norm — the £1 million to £2 million bracket — is where the great majority of established UK recruitment agencies sit. £1 million is the floor most corporate MSAs specify; £2 million is increasingly common above that. Higher limits — £5 million and above — are common for executive search firms placing into board and C-suite roles in regulated financial services, contract supply businesses with significant volumes in financial services or healthcare, RPO providers operating in a Tier-1 capacity for large corporates, and any agency with a single client that materially exceeds the rest of the book. £10 million is not unusual for the larger end of executive search, and FTSE and major-bank MSAs increasingly stipulate £10 million as a contractual minimum.
The shape of the limit also matters. Most recruitment PI policies are written on a claims-made basis with a per-claim limit and an aggregate cap. A £2 million "any one claim" policy with an unlimited reinstatement covers very differently from a £2 million "any one claim, £4 million aggregate" policy, which in turn covers very differently from a £2 million "in the aggregate" policy where a single large claim exhausts the year. Agencies with portfolio-style exposures — a single ATS data breach can produce hundreds of small civil claims, each within excess but cumulatively large — should pay particular attention to aggregate adequacy.
Run-off cover and retroactive date
If you wind down the agency, retire, or sell, your liability for placements already made does not vanish. Claims-made PI responds only if the policy in force when the claim is notified covers the alleged work. Once you stop trading and stop paying premiums, the last policy is the last policy that will ever respond — unless you buy run-off.
There is no statutory minimum run-off period for a UK recruitment business — the requirement is contractual and practical rather than regulatory. The standard commercial limitation period under English law is six years from the date the cause of action arose. Six years is therefore the practical run-off standard for most recruitment businesses and the figure most acquirer due diligence will press for in a sale. Run-off is normally priced as a single up-front premium calculated as a multiple of your last working-policy premium — commonly 100% to 250% across the run-off period in aggregate. Selling rather than winding down does not automatically transfer the obligation to the acquirer; the sale documents have to address it explicitly, and the buyer will usually want either an insured run-off in place at completion or a contractual indemnity backed by escrow or W&I cover.
The retroactive date matters at the other end of the timeline. Continuity of cover — an unbroken retroactive date going back to the agency's first day of trading — protects against claims relating to historic placements emerging late. A retroactive date that has slipped forward because cover was allowed to lapse leaves a window of placements uninsured. Underwriters will normally honour the retroactive date you have if you can document continuous cover; lose the documentation and you may lose the date.
What underwriters look at
Underwriters look at six things before they price a recruitment PI renewal. Knowing what they look at lets you prepare a submission that gets a sensible quote rather than a reluctant one.
First, placement volumes and revenue split — gross fee income and how it splits between permanent placement, temporary/contract supply, executive search, and RPO. A permanent-only book is a different risk from a high-volume contract supply book where a single ATS breach can affect hundreds of workers, and both differ from an executive search book where each placement is large and high-profile.
Second, the sectors placed into. Financial services placements (particularly regulated functions), legal sector placements (SRA and BSB registration verification), healthcare and social care (NMC, GMC, HCPC and DBS checks), and education (enhanced DBS and barred-list checks) carry higher loss expectations than general commercial roles. Public-sector placements into security-cleared roles are a distinct underwriting category.
Third, IR35 process maturity — the agency's onboarding process for new contractors, the contracts used with PSCs and umbrella providers, the handling of SDSs from end-clients, and the agency's capacity to challenge an SDS. A documented standard operating procedure is materially easier to insure than a process that lives in a partner's head.
Fourth, data protection and IT controls — where the ATS is hosted, administrative access, password and access policies, MFA, incident response plan, notifiable breaches to date, and whether a separate cyber policy is in place. Underwriters increasingly want sight of the privacy notice and the data retention policy.
Fifth, claims history. Five years of claims, notifications and circumstances is the standard ask. A clean history priced through cleanly; a notified circumstance that has not crystallised still hangs over the renewal until it is closed out.
Sixth, contract terms with clients. Agencies that operate on their own terms of business — with sensible limitation-of-liability caps, clear scope of services, and proportionate indemnity language — are a different risk from agencies that routinely sign client MSAs without negotiation, accepting uncapped indemnities and broad warranty language that PI may not match.
The work you do before you submit the renewal proposal form is what shapes the quote.
How Apex helps
Apex Insurance Brokers Limited is an independent FCA-authorised insurance broker based in Bristol. We are not tied to any one insurer, we are not part of a network, and we do not run our own policy or underwriting decisions. We act as your broker, which under FCA Conduct of Business rules means we represent your interests in the negotiation with the insurance market.
In practice that means we take your renewal information, present it to insurers we think will price your particular profile sensibly, negotiate terms, and explain the differences in wording between the quotes that come back. We do not promise a particular price or a particular insurer — those are underwriting decisions that depend on your individual profile. What we do undertake to do, because it is regulatory, is act fairly, with integrity, and with reasonable skill and care, and tell you the basis on which we are remunerated. That information is on our Terms of Business page, and the route to raising concerns is on our Complaints page.
We also support agencies on the broader risk picture that sits around PI — Public Liability and Employer's Liability for the agency's own staff, cyber cover for the data-breach and ransomware exposures that PI was never designed to address, Directors' and Officers' cover for the board, and Employment Practices Liability for claims by the agency's own employees.
What to do next
If you are within ninety days of your PI renewal, this is the moment to look at the policy you currently hold and decide whether the limit, the wording, and the broker relationship are doing what you need them to. If you are mid-policy, this is the moment to make sure your file shows everything notifiable has been notified — the rules on disclosure during the year are strict, and getting that wrong is the single most common reason a claim fails to be covered.
To talk through your agency's PI position with an Apex broker, see the recruitment consultants sector page or contact us. The first conversation costs nothing and does not commit you to anything.
Frequently asked questions
Is PI insurance compulsory for UK recruitment consultants?
There is no general statutory requirement that a UK recruitment agency or employment business hold PI insurance. However, the REC and APSCo Codes expect members to carry PI cover, and most corporate Master Service Agreements impose minimum limits as a contractual condition. Large corporate, financial services and public sector clients regularly stipulate £5 million or £10 million as a floor.
Does my PI cover both Employment Agency and Employment Business work?
It should — but the policy schedule needs to say so. The definition of "professional services" determines what the policy responds to. A wording that lists "the introduction of work-seekers to hirers" but does not pick up "the supply of workers engaged by the insured" can leave the Employment Business side uncovered. Most modern recruitment PI wordings cover both, but it is worth checking at renewal, particularly if your perm/contract mix has shifted.
How does PI sit alongside cyber cover for a data breach?
The two cover different things and most established agencies need both. PI responds to third-party civil claims arising from a breach and the defence costs of an ICO investigation. Cyber responds to the agency's own first-party costs: technical incident response, forensic investigation, breach notification, business interruption, ransomware extortion costs (subject to sanctions screening), and PR support. ICO civil monetary penalties themselves are not insurable under either policy.
What does PI do for an IR35 status determination dispute?
Strict tax liability for unpaid PAYE and NIC is not insurable as a matter of public policy — that sits where the off-payroll rules put it. What PI can respond to is the agency's professional negligence exposure where an SDS is later overturned, the end-client argues the agency failed to apply reasonable care in operating the fee-payer obligations, or the agency's onward claim against another party in the chain. See our IR35 companion article for the detail.
What happens to PI if my agency is acquired?
Claims-made cover responds to claims notified during the policy period in respect of work falling after the retroactive date. On an acquisition, either the buyer puts run-off in place at completion for the target's historic period, or the buyer absorbs the target's exposure under its own policy by endorsement. Both work but need to be agreed in advance and documented in the SPA. The most common acquisition-related PI failure is for run-off to be assumed rather than placed.
How long should run-off cover run for after wind-down?
Six years is the practical standard for most UK recruitment businesses, aligned to the ordinary contractual and tortious limitation period under English law. Some MSAs specify longer (twelve years for executed deeds), and an executive search firm or healthcare staffing business with long-tail exposure may sensibly buy longer. Run-off is normally a single up-front premium calculated as a multiple of the last working-policy premium.
Will my PI premium increase if I notify a circumstance?
Possibly, but it depends on the circumstance, the eventual outcome, and the underwriter's view. A circumstance that closes out without crystallising into a claim usually has little long-term effect on premium. The most common notification failure is to not notify a circumstance you knew about — non-disclosure can void cover entirely.
Can I switch PI brokers part-way through a policy year?
Yes, although most broker changes happen at renewal because the relationship and disclosures are set up around the annual cycle. There is no regulatory requirement to stay with one broker. If you change mid-year, the existing policy stays in force until renewal and the new broker takes over the next renewal submission.
Related guides
- Right to work checks and the recruiter's PI exposure
- IR35 status determination and the recruiter's PI exposure
- Recruitment consultants sector page — speak to a broker
- All sectors
About Apex Insurance Brokers — Apex Insurance Brokers Limited is authorised and regulated by the Financial Conduct Authority, FCA firm reference 724952. Registered in England and Wales, Companies House 07014570. Last reviewed: May 2026.
This guide is general information about Professional Indemnity Insurance for UK recruitment agencies, employment businesses and executive search firms and is not advice tailored to any individual firm's circumstances. For advice on your own renewal please speak to a broker — contact@apexinsurancebrokers.co.uk or 0117 325 0027.
FAQPage JSON-LD (hand-rolled — add via Yoast Custom Field or theme injection)
{
"@context": "https://schema.org",
"@type": "FAQPage",
"mainEntity": [
{
"@type": "Question",
"name": "Is PI insurance compulsory for UK recruitment consultants?",
"acceptedAnswer": {
"@type": "Answer",
"text": "There is no general statutory requirement that a UK recruitment agency or employment business hold PI insurance. However, the REC and APSCo Codes expect members to carry PI cover, and most corporate Master Service Agreements impose minimum limits as a contractual condition of working with the client. Large corporate, financial services and public sector clients regularly stipulate £5 million or £10 million as a floor."
}
},
{
"@type": "Question",
"name": "Does my PI cover both Employment Agency and Employment Business work?",
"acceptedAnswer": {
"@type": "Answer",
"text": "It should — but the policy schedule needs to say so. The definition of professional services in the schedule is what determines what the policy responds to. A wording that lists the introduction of work-seekers to hirers but does not pick up the supply of workers engaged by the insured to a hirer can leave the Employment Business side of the business uncovered. Most modern recruitment PI wordings cover both, but it is worth checking explicitly at renewal."
}
},
{
"@type": "Question",
"name": "How does PI sit alongside cyber cover for a data breach?",
"acceptedAnswer": {
"@type": "Answer",
"text": "The two cover different things and most established agencies need both. PI responds to third-party civil claims and the defence costs of an ICO investigation. Cyber responds to the agency's own first-party costs: technical incident response, forensic investigation, breach notification, business interruption, ransomware extortion costs and PR support. ICO civil monetary penalties themselves are not insurable under either policy."
}
},
{
"@type": "Question",
"name": "What does PI do for an IR35 status determination dispute?",
"acceptedAnswer": {
"@type": "Answer",
"text": "Strict tax liability for unpaid PAYE and NIC is not insurable as a matter of public policy. PI can respond to the agency's professional negligence exposure where a Status Determination Statement is later overturned, the end-client argues the agency failed to apply reasonable care in operating the fee-payer obligations, or the agency's onward claim against another party in the chain. The April 2024 PAYE offset rules have changed the quantum picture but not the underlying dispute pattern."
}
},
{
"@type": "Question",
"name": "What happens to PI if my agency is acquired?",
"acceptedAnswer": {
"@type": "Answer",
"text": "Claims-made cover responds to claims notified during the policy period in respect of work falling after the retroactive date. On an acquisition, the typical structure is either that the buyer puts run-off cover in place at completion for the historic policy period of the target, or that the buyer absorbs the target's exposure under its own existing policy by way of an endorsement. Both routes work but need to be agreed in advance and documented in the share purchase agreement."
}
},
{
"@type": "Question",
"name": "How long should run-off cover run for after wind-down?",
"acceptedAnswer": {
"@type": "Answer",
"text": "Six years is the practical standard for most UK recruitment businesses, aligned to the ordinary contractual and tortious limitation period under English law. Some MSAs specify longer, and an executive search firm or healthcare staffing business with long-tail exposure may sensibly buy longer than six. Run-off is normally a single up-front premium calculated as a multiple of the last working-policy premium."
}
},
{
"@type": "Question",
"name": "Will my PI premium increase if I notify a circumstance?",
"acceptedAnswer": {
"@type": "Answer",
"text": "Possibly, but it depends on the circumstance, the eventual outcome, and the underwriter's view. A circumstance that closes out without crystallising into a claim usually has little long-term effect on premium. A settled claim, particularly above the policy excess, typically does affect renewal pricing. The single most common notification failure is to not notify a circumstance you knew about — non-disclosure can void cover entirely."
}
},
{
"@type": "Question",
"name": "Can I switch PI brokers part-way through a policy year?",
"acceptedAnswer": {
"@type": "Answer",
"text": "Yes, although in practice most broker changes happen at renewal because the relationship and the disclosures are set up around the annual cycle. There is no regulatory requirement to stay with one broker. If you change mid-year, the existing policy stays in force with the existing insurer until renewal and the new broker takes over the relationship and the next renewal submission."
}
}
]
}