CFC outlines pitfalls in standard fintech policies
Cyber specialist CFC has published a free guide for brokers on the complexities of insuring fintechs, saying these businesses aren’t likely to find all of their exposures covered in a single policy.
Traditional cover offers often don’t address failure of technology, sub-contractor liability or intellectual property infringement, CFC says.
"The insurance industry is on the cusp of a more modernised approach for fintech businesses. It is now crucial for brokers to advise clients on potential pitfalls in standard insurance policies and source policies tailored to their unique needs,” it said.
Fintechs bridge both the finance and technology sectors and so traditional exposures of professional liability, management liability and crime are still present, while the integration of technology creates emerging threats and heightened privacy concerns.
CFC says fintechs are prime targets for cyber criminals and often rely on third-party contractors which creates an extra liability risk related to negligent advice and failings in client service. High transaction volumes and use of innovative new technology also leave fintechs vulnerable.
Theft of funds, cyber event and professional liability are key exposures.
CFC Financial Institutions Practice Leader Neil Beaton says brokers play an important role in advising technology-led financial services clients on emerging risks and the potential gaps in standard insurance policies.
The new guide is designed to help brokers understand why fintechs need bespoke insurance, and includes an overview of the key exposures as well as claims examples to demonstrate how bespoke cover responds amid an evolving regulatory environment and risk of technology failure and cybercrime.
"Fintech businesses have a unique combination of exposures that don’t fit the typical financial institution,” Mr Beaton said. “Hopefully our guide will provide a valuable resource and help ensure brokers can source policies that are tailored to the unique needs of their fintech clients.”
The guide says many Financial Institution insurers have “chosen to avoid this new area of the market all together,” and tech Errors & Emissions (E&O) insurers aren’t likely to cover exposures from the provision of financial services products, advice or provide comprehensive regulatory investigations coverage.
This is leading to "grey areas” within insurance placements.
“There will be finger-pointing between insurers over proximate cause of loss – was it arising out of financial or technology services?,” the guide said, adding insureds may be required to pay multiple deductibles and run the “risk of having no coverage”.
The guide outlines four claim examples.
In one, a fraudulent customer at a digital challenger bank simultaneously placed “buy” orders on assets on two different devices without enough account balance and later sold the assets and took the profits. A fintech insurance policy containing crime cover allowed it to recover nearly all of the financial loss.
In another, investors in a start-up electronic money institution filed a suit alleging misleading claims and mismanagement of funds. Its specialist fintech policy was able to offer management liability cover to the directors.
In a third example, an investment platform which uses AI to categorise retail investors into different investment portfolios based on a questionnaire was accused of unsuitable allocations. Its fintech policy was able to provide professional indemnity cover.
Lastly, CFC detailed a case in which a payment and money remittance firm was investigated for alleged failings in anti-money laundering and financial crime controls. Its fintech policy covered regulatory investigation costs.
Here are the key fintech liability threats listed by CFC:
Theft of funds
High volumes of payments, transactions and customer accounts, as well as the growth and implementation of new technology leaves fintechs vulnerable to theft committed by an employee or external party.
Cyber event
Network security, data breaches or a denial-of-service attack, as well as the damage and rectification costs following these incidents are major concerns.
Professional liability
Negligent advice and failings in client services especially a risk as fintechs make use of innovative product distribution models and/or rely on third-party contractors, adding additional extra liability risk due to third-party negligence.
Regulatory environment
Fintechs must implement suitable and satisfactory risk management systems and consider regulations in multiple territories if they operate internationally.
Technology failure
Technology failure can lead to loss of income or inability to access services.
IP infringement
In a sector with IP at the core of its value, litigation will be commonplace. Most traditional FI policies will exclude cover for IP infringement – a key fintech coverage.
Sub-contractor vicarious liability
Fintechs can be liable for any errors or omissions caused by suppliers.
Download the guide here.