The emergence of the FinTech industry has been largely welcomed, as it has given consumers alternatives to the traditional offerings and, therefore, more choice and more control over how they manage their finances. However, as the industry becomes larger and more innovative, so too do the business risks it faces.
FinTech firms face the threat of liability from a number of areas, including negligent advice, the technology not working as it should, and the security of customer data.
Until recently, the insurance industry has struggled to provide cover for those in the FinTech sector. This is due to the fact that the activities of a FinTech can encompass those of a regulated firm as well as that of a technology company; which are traditionally underwritten by completely different areas of the insurance industry. This resulted in a lack of understanding of the exposures faced by FinTech firms from an insurance perspective. There is also the fact that, as an emerging market, there is a lack of industry data around historical claims. The majority of firms are also still in their early stages.
All of the above factors combined to mean that many FinTech organisations have faced difficulties in finding both an insurance broker and insurer who would be able to offer an appropriate solution.
Some insurers now either have FinTech specific policies, and some add in the cover. One of the key things is cover for claims arising out of the data and around the platform or service not performing as it was intended to.
I really feel that insurance should form part of the overall risk management process
The underwriting process that insurers take is actually very similar to that of the FCA, in the sense that they will really want to drill down on worst case scenarios. They want to know what could go wrong, and how you take steps to manage these risks and mitigate them accordingly. They will want to pay particular attention to things like the due diligence process (if applicable), the experience of the key personnel, the compliance function and the types of customers that you will be dealing with – naturally retail is deemed higher risk than institutional.
If a company loses data or has a data breach, then it’s a bit of a grey area. A comprehensive policy should provide cover for any resultant claims that are made due to this if people suffer from a financial loss, but there won’t be any first party cover. A Cyber/Data Liability policy provides cover for the costs that would be incurred in dealing with the breach. For example, having to notify everyone that the issue has occurred, the PR costs in minimising the damage, the costs of repairing or replacing your computer systems, programmes and data, loss of income out of the interruption to your business etc.
A comprehensive policy for a FinTech firm will offer cover for Professional Indemnity, Directors & Officers Liability, Crime and Cyber/Data Liability. It would be best to have all elements on a single policy and ideally with the same insurer, as there can be overlaps between the sections where a claim would be covered. There aren’t many insurers or brokers in the market who are able to actually offer appropriate cover for those in the FinTech space, so make sure you choose a provider who is experienced.
Cover should also be there for electronic and non-electronic and for social engineering theft. The hacker can hack the client’s IT systems and then fraudulently impersonate that client to hoodwink the Fintech company into sending monies to the wrong place. Irrespective of the fact that you can prove that the problem arose from a hack against the client’s system; the FinTech company will be liable for that loss, and this should be covered under a comprehensive Crime policy.
I really feel that insurance should form part of the overall risk management process. Use a broker and insurer who will take the time to understand your business, the risks that you face and who can, therefore, tailor the policy to suit your own individual needs, rather than applying a broad brush approach. Particularly when it comes to cyber, it is certainly wise to, first of all, understand where your risks actually are before you buy insurance, by way of a review by a third party to identify these. Any insurance policy can then be built around what exposures are faced, rather than a generic policy.
As a specialist broker that provides all types of financial institutions advice and guidance on their insurance programmes please do not hesitate to contact me if you would like to discuss further