Insurers need to be thinking about blockchain technology and virtual currencies like bitcoin and how to approach these areas of emerging risk as they become harder to ignore, according to panelists at the 2018 Professional Liability Underwriting Society (PLUS) Directors & Officers Symposium.

“This is sweeping through for the insurance industry,” said Christopher O’Brien, partner at VENABLE LLP, during a panel discussion at the conference held in New York. “Your clients are going to touch these risks even if they’re not blockchain companies.”

Virtual currency, such as bitcoin, is an unregulated digital form of currency that can be used as a substitute for legally recognized currency and eliminates the so-called “middle-man,” which includes banks and clearing houses.

Blockchain is the technology used for verifying and recording virtual currency transactions through a shared database. Although some believe that, when appropriately applied, blockchain is a revolutionary technology, according to O’Brien, there is also the potential for fraud if inappropriately applied.

“I’d say this is the second pitch of the first inning,” he said. “We’re at the very beginning of this technology, even though it’s been around since 2009.”

Because it has only recently become more prevalent, and the hazards of blockchain technology and virtual currencies are still being quantified, there is hesitation among insurers about whether these risks are insurable, panelists said.

“It’s a tough question,” said panelist Mary McCutcheon, partner at Farella Braun & Martel.

“I work in a lot of areas of insurance, and my clients don’t want to touch this area,” added panelist Christina Terplan, partner at Clyde & Co. US LLP. “They think it’s scary.”

Perhaps with good reason, as questions remain involving data security and privacy, O’Brien said.

“We’re talking about a shared network,” he stated. “So, is personal information being shared? How is that being secured? Obviously, the risk of theft in this space is great as well.”

Indeed, data usage is an issue, as the data for blockchain is housed in lots of different locations and lasts forever, stated panelist Dara Tarkowski, partner at Actuate Law LLC.

“What does that mean when there are laws that require you to erase the data when you’re no longer using it? How does that work with blockchain?” she asked, adding that a lack of understanding of the technology as it is still emerging and evolving can come into play with insurer hesitation.

“There’s a concern that if the insurer doesn’t understand this technology, they’re not comfortable as to what bad things can be done with it,” she said.

ICO Debate

Other concerns surrounding this technology involve initial coin offerings (ICOs), or public offerings made up of digital tokens, and whether they are considered securities subject to the same rules and regulations as equity market offerings. During the panel discussion, Tarkowski described an ICO, at its base, as an alternative way to raise capital through the issuance of a token.

“As of November or December, we’re starting to see the ramifications of what not doing an ICO properly actually looks like,” she said. “There has been a flurry of securities litigation that’s been filed directly in relation to several of the coin offerings that have happened. All of the lawsuits center around one primary theory, and that theory is that you violated securities laws because what you’ve done is sold an unregistered security.”

In fact, SEC Chairman Jay Clayton in a recent hearing before the Senate Banking Committee emphasized his position that ICOs are securities and subject to the same investor protection rules as equity market offerings, Reuters reported.

“If the SEC is calling this a security, I think it’s going to be very hard to get around that,” O’Brien said.

Is the Bubble Bursting?

Given the concerns regarding data and privacy risk, coupled with the SEC taking a closer look at ICOs, digital currencies and blockchain technology, insurers have shied away from this space, panelists said.

However, that may not be an option for long, said moderator Kevin LaCroix, executive vice president at RT ProExec.

“This is not something you can elect away from,” he said. “So, if your reaction to this is to just put your head in the sand and say, ‘I’m just not going to deal with this,’ I’m here to tell you that’s not an option.”

O’Brien agreed that while seemingly risky, the space isn’t going to be easy to ignore.

“We’re clearly, in my view, in a bubble. Maybe the bubble has burst or maybe we’re in the bursting part of it, but it’s not going away,” he said. “I think what we’re seeing is its going to experience a correction, and then the long-term effects of the technology are that it’s going to grow.”

With this in mind, the question isn’t necessarily whether to insure this emerging risk but how, panelists agreed.

“It becomes a coverage issue,” O’Brien said. “If you’re writing a D&O (directors and officers) policy for a company, and you didn’t think about ICOs, you didn’t think about risks associated with cryptocurrency, and you just rolled over your same policy language, arguably you are in for it, because you don’t have the line that says you’re not.”

LaCroix added as a word of caution to insurers: “If you say you’re against this, and you’re not going to touch it, you’re all in. You have to put an exclusion on your policy. You can’t just say, ‘We’re not going to do it.'”

Gaps in Coverage

That said, exclusions have led to coverage gaps in the space as well, making things even trickier, McCutcheon said. Many private management liability policies or public policies have exclusions for privacy risks, or professional services exclusions are written into a D&O policy, she explained.

“The D&O policy isn’t going to be a solution,” she said. “Other forms are going to have to step in and pick up that slack.”

The conversation has been focused on regulatory coverage, she added, as regulatory coverage for public D&O has become broader to include formal and informal investigations and even inquiries.

“For cryptocurrency (virtual currency), [there’s] nothing,” she said. “So that’s just a real difference.”

She said that while there has been talk of policies that integrate the technology risks to include privacy, technology errors and omissions (E&O), and cyber all in one form, it can be difficult for the policyholder to feel adequately protected with several different policies in place.

“There are situations where maybe there is a professional services exclusion in a D&O policy, so you have a claim that’s not covered because it’s a professional services issue,” she said. “But you go to your professional services carrier, and they go, ‘Well, you didn’t define professional services properly,’ or there’s an exclusion, so there are gaps in coverage. Obviously, you can’t insure everything, but I would like to see things move toward…trying to find a workable solution. Right now, we are right in the bubble, so when the bubble is gone, what are things going to look like?”

Future Best Practices

In the meantime, panelists encouraged insurers to look for insureds that have been around the space longer and have a track record.

“I think with all new technology and any type of emerging risk, you want to look at who is backing it and what is the thought process behind it,” O’Brien said, adding that the unregistered ICO space is a little more difficult because there is currently no insurance in that area.

“I think the first one into the space is going to be able to pick their insureds, so that’s a good thing,” he said. “It’s a less competitive marketplace.”

He encouraged insurers that are considering entering the ICO space to take a “venture capital approach.”

“Don’t pick the [insureds] who are the riskiest ones,” he said. “Do not insure the company that wants to build the world’s largest aquarium on the blockchain.”

He said it’s important to understand the technology well enough to know that its application makes sense and to find a management team that has been around for a while.

“There are plenty of companies who aren’t going to fit those parameters. Let somebody else insure them,” he said. “If you pick the winners, you won’t have any losses.”

Tarkowski agreed, adding that insurers should try to identify companies that have “dotted as many I’s and crossed as many T’s as possible.”

“They [should] actually have a compliance policy and procedures and be self-aware enough to say, ‘Even if we are not going to go so far as to register what we need to register, here are the policies and protections we’ve put into effect to protect our investors’ money,'” she said. “If they’ve done that, or even hired legal counsel to assist them with it, it’s a little bit of a safer bet.”

Despite any risks and gray areas regarding blockchain technology, virtual currency and ICOs, she added that “it isn’t all bad, and it isn’t all scary.”

O’Brien agreed, encouraging insurers to keep an open mind.

“This is a technological innovation,” he said. “I encourage you to be skeptical, but don’t be a cynic.”