Risks and insurance for cryptocurrency companies - What you need to know
We explore the key risks for companies within the cryptocurrency ecosystem, and examine what options are available for risk transfer through insurance.
Since the introduction of Bitcoin in 2008, the rise and popularity of cryptocurrencies has accelerated in the last few years. Whole industries have been created around it, including software for mining, exchange, payment processing, wallets and so forth. And not to mention e-commerce and retail companies that have started accepting cryptocurrencies as payment options.
The whole ecosystem is still highly volatile, unregulated and very much intangible. This paves the way for fraudulent activities to take place including theft, ransomware, money laundering and much more.
For businesses, liability risks also come into play. Company directors and management have the duty and responsibility to act in good faith and in the interests of the company. This spans across all aspects of running the company. When it comes to crypto, there is a dark side associated with it, such as the use by criminals for money laundering. As a director, you may be held liable for not protecting your clients, employees or even third parties appropriately from these exposures. Shareholders or investors could potentially sue the founders for alleged breach of duty of care if the value of crypto materially declines and that impacts the company's balance sheet. Regulators may conduct investigations for potential breaches. See the recent example of Three Arrows Capital which potentially falls under the scope of a D&O policy.
Directors & Officers (D&O) Insurance protects the executive team and directors from such claims by covering the legal defence and settlement costs for lawsuits and investigations as a result of company mismanagement claims.
Another key liability for the company is if an error or omission in the software causes third parties to suffer an economic loss. In the case of crypto, this could come in the form of errors in the code resulting in incorrect valuations or data security breaches. Professional Indemnity (PI) Insurance is they key policy to protect the company from the legal defence costs due to these such errors.
A common risk throughout the crypto world relates to crime. This comes mostly in the form of cryptocurrency theft whereby digital assets are stolen from digital wallets. A Commercial Crime Insurance policy provides cover for those losses.
Similarly, Cyber Liability Insurance is helpful to cover the losses and data recovery costs associated with ransomware attacks and other cyber attacks by hackers. However, a cyber liability policy will also importantly provide coverage for the costs associated with data breaches, such as regulatory reporting costs, or the potential legal costs if you get sued for damages by your clients due to cyber data breaches.
How easy is it for companies related to crypto to take out these insurance policies?
To be honest it is still not easy. Most insurers are quite wary about the risks involved, mainly due to the volatility, lack of regulation and the high risk of criminal activities as mentioned above. Many insurers hence deliberately choose not to insure any companies related to crypto. Alternatively they put in exclusions in their policies in order not to pay any claims related to crypto. However having said that, we are happy to announce that there is an insurer we can work with in Singapore who is willing to underwrite some crypto firms for D&O, PI and Cyber.
What do you need to prepare to get insured?
It is important to articulate your business activities clearly. Note that less is more, meaning it will be easier to get insured if your business has a narrowed focus of activities rather than working on lots of different areas at the one time, such as being an exchange but also involved in staking and mining etc.
Apart from the (long) insurance proposal forms, be prepared to also supply the insurer with:
- Last financial statements
- Cap table
- Business plan
- Estimated revenue
- AML/KYC policy
- Copy of standard contracts with clients
- Latest vulnerability and penetration testing results
This is not an exhaustive list but gives you an idea about the type of information required. Whilst this may seem like a lot, it is most likely worth it in order to get insured and have protection in place for unforeseen risks.
Does your company have any activities, investments or links to cryptocurrency? Get in touch with us to discuss how you can get insurance in place to protect your company.
Image credit: Freepik