Bitcoin is a kind of digital cash. Transactions are fast and free (if a trading platform isn’t used). They can take place globally in close to real time. No bank? No problem. Bitcoin is “peer-to-peer”: no middlemen are needed to process payments. Transactions are recorded publicly on the “blockchain,” which is like a distributed electronic ledger.
Bitcoin use required technical expertise at first. This is changing. More than $7 billion in bitcoin is currently in circulation. Big banks and corporate investors have made eight and nine figure investments into blockchain-based systems for non-bitcoin uses. One new blockchain-based value transfer system, Ethereum, has a market capitalization of more than $1 billion. Even the U.S. Postal Service has gotten into the act, and issued its own blockchain whitepaper.
While most businesses at present may regard electronic currencies as ethereal, the potential benefits in a wide variety of industries are not hard to envision. Nor are the risks. Regulatory risk management and effective risk transfer via insurance should be core concerns for any business beginning to consider how it might use, or adapt to, the blockchain.
Regulatory risk management is hard where new regulations are still being written but old ones remain in force (and where not all countries share the same rules). Know your customer (KYC), anti-money laundering (AML) and tax and accounting obligations are some areas of focus for legitimate businesses that want to benefit from the technology but remain above board.
Is it possible to couple new and disruptive technology with an existing legal system? It seems so, as bitcoin can now be bought with cash transferred directly from U.S. bank accounts to intermediaries who purchase the bitcoin for account holders. These intermediaries have to satisfy their banking counterparties that they comply with U.S. KYC and AML requirements, and will take steps to validating identity and residence before letting users engage in certain transactions (this adds some cost to the transaction, and reduces or removes user anonymity).
What about insurance? While the asset class may be new, insurance policy language will be interpreted and applied using existing insurance rules and risk management frameworks.
A business that keeps or maintains bitcoin should consider whether its current insurance program will cover bitcoin or blockchain assets and the attendant first- and third-party losses. Some policies may include explicit bitcoin exclusions. Others may include electronic data or new digital currency exclusions that carriers may attempt to apply to such assets. Specialized coverage may also be available, as noted below.
New or atypical risks may also need to be considered. For example, how will value be determined given the fact that bitcoin’s value in fiat currency fluctuates? Policy limits described in dollars need to account for an asset whose dollar value is not static. How about coverage for seemingly esoteric risks like damage from sunspot activity or electromagnetic pulse? Where are digital assets actually located? Will coverage be available for losses that have an international nexus or exist in multiple places at the same time?
Similar considerations arise in evaluating third-party coverage needs. CGL, D&O, E&O, cyber and other policies should be evaluated to determine their application in the event of third-party claims arising out of this new technology.
Insurance markets themselves appear to still be evaluating coverage for bitcoin and blockchain assets. As such, “off the rack” solutions may not be available. Some of the larger and more established bitcoin platforms describe their insurance coverage on their websites. One of the better known bitcoin platforms says that it “is insured against theft and electronic compromise in an amount that exceeds the average value of online bitcoin it holds at any given time.”
Will bitcoin replace dollars any time soon? That seems unlikely. But bitcoin may be moving into the mainstream, along with other blockchain uses. It’s time to start thinking about how to manage the risks.