The insurance market for crypto/digital assets is still in its infancy compared with other industries and technologies, and it’s characterized by three major differences: a lack of historical risk data, the unique risks associated with it, and a lack of standard legal terms to be used in policy language. When a market is as new and lacking precedent as this one, carriers approach the underwriting process mathematically and carefully, and insureds will be better prepared for the process if they understand these unique circumstances. The good news? The number of sophisticated underwriters doing their homework and looking to provide solutions is only growing.
The Unique Characteristics of this Particular Technology
Crypto/digital assets running on distributed blockchain networks are uniquely secure due to their distributed nature, consensus mechanisms, immutability, and use of encryption. Like many considerations with respect to security, however, there are trade-offs. Most notably, it is essentially a bearer asset—if the private key (password) has been compromised and digital assets moved to another wallet, the transaction cannot be undone and control over the asset has changed hands permanently. Although cryptocurrency is very secure when up against tampering or fraud compared to a centralized ledger, the vulnerability of the key makes it like carrying around a bundle of cash.
How a crypto token or digital asset is legally classified makes all the difference with respect to the liability implications to its issuer and all other parties that interact with it. There is existing law that dictates roles, responsibilities, tax treatment, and legal exposures associated with issuing, trading, or consuming securities, commodities and property. The flexibility that exists with programmable digital tokens means that many of these cryptocurrencies often do not fit neatly into existing frameworks.
A Young Industry Without Historical Claim Data
Insurance providers rely on historical claim data to develop appropriate policy language, pricing, and limits, but there are no decentralized cryptocurrency companies with even 10 years of operations. In fact, there have still not been any major crypto theft losses paid by the relevant fidelity/crime insurance market, even though fidelity/crime has certainly been one of the earliest insurance products available to the space. Carriers can make an educated guess as to how a loss will occur, but that is far from the level of data typically used for pricing commercial insurance products, making this market a bit like stepping into the void.
The lack of precedent here is not because the insurance products would not pay out. These types of losses have generally not been paid out by insurers in a material way because most operators handling crypto still don’t purchase significant insurance! To be clear, there have been a handful of legal matters implicating management and professional liability policies to date, but many are still open legal matters that have yet to be resolved
Some of the most high profile hacks resulting in the theft of significant crypto are case studies in what not to do; they highlight a lack of the exact processes, procedures, and controls that underwriters look for when assessing whether to insure a company. Many of the ICOs that have led to negative civil or regulatory actions appeared to be unregistered securities on the surface and thus were unable to obtain coverage that would respond to their legal and regulatory troubles. As crypto operators evolve, we should expect the risk profile of these companies to become increasingly palatable to the insurance market.
Legal Wording in Policies is Still Being Defined
One corollary of this being a young industry is that the legal language used in policies has not been standardized and continues to vary by carrier. Since an insurance policy is a legal document, technical teams are at times brought in to assist with policy language to ensure that the words in the document match the intent of the parties involved.
For example, consider the implications for writing a policy when the legal definitions for security versus currency versus commodity are still ambiguous. If a company is handling digital assets that could fall into all of these categories, legal problems could arise. For example, if a carrier is not intending to pick up potential violations of a securities law and then a digital asset is later determined to be a “security, ” they may not have language in their contract that adequately reflects their intentions. Normally, years of policies and court cases solidify the terminology used in a given industry, but for crypto, this is yet another hurdle that slows down the process of writing policies.
It is important to understand that the legal and regulatory environments—and the fundamental nature of both liability and crime/fraud that these policies respond to—are always evolving. Policies in other industries might have the benefit of longer track records, more defined best practices, and a large body of statutory and case law to use as guide rails when drafting a promise to pay via contract.
What Coverage Applies to Crypto?
There are many layers of risk here, from security concerns and regulatory risk to the risk of theft of digital assets. Like any commercial business, however, several commercial insurance products are applicable, such as property, auto, umbrella, workers’ compensation, employment practices, and kidnap and ransom, just to name a few.
Operators in the crypto space most frequently focus on these four types of insurance coverage:
- management liability (aka directors & officers liability or D&O)
- professional liability (aka errors & omissions or E&O)
- network security/privacy liability (aka cyber)
- crime (aka financial institution fidelity bond or commercial crime insurance).
These four coverages top the list due to the potential impact these exposures could have to their business, their customers, and to the personal assets of the board and executives.
Is Cryptocurrency Insurance More Expensive than it Should Be?
It’s still too early to say. Although it may seem high, other emerging risks have seen similar pricing in their early days. There is no substitute for building up a body of historical claim data that will help right-set the pricing structure we’re currently seeing.
To illustrate why the pricing may be high, let’s imagine that a carrier is charging premium equal to 1% of the limit they put up on behalf of the insured (i.e., $10,000 premium for $1,000,000 limit). They need a hundred risks at that price to fund a loss. There are simply too few qualified buyers in the market currently to absorb potential losses, making the stakes very high for underwriters. This dynamic creates an environment for pricing that is relatively high, but one that should change with time.
What Can We Expect Moving Forward?
Best practices are evolving extremely quickly and will become increasingly sophisticated for operators in the space. As things continue to evolve and more of these players purchase risk transfer products, insurance carriers will be able to spread risk across more potential buyers and expand their appetites in order to meet the growing demand.
The insurance industry is always interested in new opportunities to provide solutions for emerging industries and technologies. I am confident that it is not a question of if the insurance industry will be willing to offer meaningful risk transfer solutions to the digital asset space, but rather how quickly. How quickly will best practices for the industry develop, how quickly will premium come into the market to support paying losses, and how steep will the learning curve be for policyholders and underwriters alike? If the past few years is an indication, I believe that 2020 will represent another very positive step up for insuring crypto.