Monthly Archives: February 2020

Cyber Risk, Homeowners Insurance

Individuals Should Not Rely on Insurance to Protect Their Cryptocurrency Holdings

Leave a comment

By Michael Menapace, Esq. 

Michael Menapace

Many individuals and businesses hold some amount of cryptocurrency.  According to a recent survey, nearly 10 percent of Americans have invested in cryptocurrency since the first Bitcoin was “mined” in 2009.  And, along with the rise in prevalence of virtual currencies in recent years has come a surge in cryptocurrency theft, with one Ponzi scheme defrauding cryptocurrency investors out of $2.9 billion dollars in 2019.  Those who invest in, use, and hold cryptocurrency should protect their assets.  While individuals can purchase insurance to protect themselves if certain types of assets are destroyed or stolen, such as a house, car, or personal property, individuals may have difficulty obtaining coverage for their cryptocurrency.

Bitcoin is just one cryptocurrency built on the technology called the blockchain.  Other virtual currencies include Ethereum, Ripple, Litecoin, Monero, and ZCash.

Homeowner’s insurance protects an insured against the loss of certain property.  For example, if a thief breaks into your home and steals your television, that loss will likely be a covered loss of property under a standard homeowner’s policy.  For an overview of what homeowners insurance typically covers, see here.

Is theft of cryptocurrency covered under homeowners insurance?

Getty Images

But, is an owner of cryptocurrency insured if a thief hacks their computer and steals virtual currency?  Part of the answer relates to the question – what is cryptocurrency?  Are these virtual currencies a security, money, property, a commodity, or something else? As discussed below, it seems unlikely, and inappropriate, for the loss of cryptocurrency to be a covered loss under a homeowners policy.

The Securities and Exchange Commission takes the position that cryptocurrency is, or at least can be, a “security” and cautions that “issuers [of virtual currencies] cannot avoid the federal securities laws just by labeling their product a cryptocurrency or a digital token.”  On the other hand, the IRS has issued Notice 2014-21, identifying cryptocurrency as “property” for federal income tax purposes. Still a third possibility is that cryptocurrency, which can be used to purchase goods and services, is properly classified as money.

As the above demonstrates, the same word, or virtual product, can have different meanings depending on the context.  Here, we are considering how cryptocurrency is interpreted under an insurance policy.  There does not seem to be any reason why cryptocurrency must be treated as the same thing by the SEC, IRS and insurers.  Therefore, the pronouncements of the SEC or IRS should be only of limited assistance.

A common homeowners insurance policy states that the insurer will cover the loss of the insured’s dwelling, other structures, and personal property.  Crytocurrency is clearly not a dwelling or structure, so the question is whether cryptocurrency is “property” in the general sense because homeowners policies often protect against the loss of property.  Beyond the IRS guidance discussed above, there is authority for the position that cryptocurrency is property.  For example, an Ohio state trial court held that cryptocurrency was property covered by a homeowners policy.  That ruling is discussed further below.

Not all homeowners policies are the same

Even if cryptocurrency is property in a general way, however, the insurance analysis does not end there because not all property is treated equally under a homeowners policy.  For example, coverage for the loss of personal property often has a $200 sublimit for “money, bank notes, bullion, gold and [other precious metals], coins, medals, scrip, stored value cards and smart cards.”  Likewise, a homeowners policy may have a sublimit of $1,500 for “securities, accounts, deeds, letters, of credit, notes other than bank notes, . . . tickets and stamps.”  When considering these common sublimits, is it more appropriate to apply the $200 limit for money or the $1,500 limit for those items akin to securities?  At least for some cryptocurrencies, like Bitcoin, an analogy to money seems more appropriate because Bitcoin is specifically designed to be an alternative to traditional currency.  Considering an individual’s ownership of Bitcoin a security does not seem to make sense.  After all, when one thinks of a person owning a security, such as a share of stock in Acme Corp, the comparisons with Bitcoin are thin.

Beyond the issue of whether cryptocurrency is insured generic property, money, or a security, there is another fundamental issue to consider under a homeowners policy.  The insuring agreement in many homeowners policies states that personal property is insured for “direct physical loss to the property described” such loss from vandalism or theft.  Because cryptocurrency is a virtual currency, there is nothing to physically lose or destroy.  What is lost or destroyed is the record of ownership or the “key” to demonstrate ownership of the currency.  Cash can be burden by fire – not so for a currency that never exists physically.  A policyholder would have a difficult time explaining how the plain meaning of “direct physical loss” is met when the virtual currency is stolen.

A couple cautionary notes are required for this discussion.  First, not all homeowners policies are the same.  The terms and conditions of each policy will control; therefore, a generalized discussion about homeowners policies is just that – general.  For example, some policies treat money and securities the same, which could change or eliminate the need for the above analysis.

Is cryptocurrency considered property?

Second, individuals should not take too much comfort in the one reported decision on cryptocurrency as property under a homeowners policy.  In the Kimmelman v. Wayne Insurance Group decision from an Ohio trial court, the court ruled that cryptocurrency was generic property, not money, and the policy’s $200 sublimit did not apply.  Whether this decision is persuasive in other courts remains to be seen, but there are reasons why it should not.  The Ohio court did not provide a fulsome analysis of the issues, which limits its usefulness.  For example, there is no discussion on whether the policy’s submits for electronic funds or securities should apply.  In addition, the policy language is at issue in that it was drafted in 1999, years before cryptocurrencies were invented.  Newer policy language may not be the same.  Finally, the court relied heavily on the IRS guidance mentioned above, which states that cryptocurrencies are treated as property.  But that IRS guidance also states that cryptocurrency is treated as property “for income tax purposes.”  While IRS guidance on tax issues is persuasive, that guidance should have no impact on how insurance contracts should be interpreted.

The court was also persuaded that Bitcoin was general property, not money, because it could be exchanged for money, i.e. it is a convertible virtual currency.  But that rationale doesn’t explain that various forms of currency are converted to other kinds of currency all the time, e.g. Euros are converted into dollars.  Indeed, Bitcoin was originally conceived as a currency “akin to cash” by Satoshi Nakkamoto in his whitepaper Bitcoin: A Peer-to-Peer Electronic Cash System.  And outlets such as the Wall Street Journal report Bitcoin value under “Currencies” with the Euro, U.S. Dollar, the Japanese Yen, etc., not under Stocks, Bonds or Commodities.  No one would argue that the Yen is not money but is property that can be converted into U.S. Dollars.

It also bears a mention that the focus on Bitcoin, even if the Ohio decision were correct, does not necessarily apply to other cryptocurrency platforms that have different purposes from Bitcoin.  For example, Ethereum was created for a different purpose from Bitcoin.  Ethereum, while it has a value associated with its coins/tokens, its original and fundamental purpose included providing a platform where one can build out new applications rather than simply being a substitute for traditional currency.  (For an explanation of the different types of cryptocurrencies, see this tutorial (last updated Jan. 2020)).  In all, I believe that Kimmelman was wrongly decided or, at least, of limited persuasive value that other courts should not find persuasive.

What Can Individuals Do?

The bottom line is that individuals should not rely on their homeowners policies to protect them from the loss of cryptocurrencies.  Commercial entities, in contrast, can buy crime policies or cyber insurance policies, which are largely unavailable to private individuals.  What can individuals do?  They must take proactive steps to protect themselves rather than relying on someone compensate them if their assets are lost or stolen.

For example, if an individual is using “hot” storage for their Bitcoin, i.e. having the virtual currency accessible online, the currency is vulnerable to theft by hacking or ransomware attack. The owner might consider, therefore, having a commercial third party hold the virtual token or coin in its digital wallet for the individual.  That commercial entity can be insured under a crime or cyber policy.  If the individual is using “cold” storage, e.g. storing the currency offline on a flash drive, the cold storage is vulnerable to physical destruction or old-fashioned theft.  In that case, the individual should secure the flash drive from theft and physical description by keeping it in a fire-proof safe.  Frankly, these are precautions that individuals should be taking even if the risk of loss were covered by a homeowners policy.  But, until coverage for cybercurrency for individuals is widely available under a homeowners policy, owners would be wise to take steps to protect their digital assets from bad actors and physical accidents.

Michael Menapace is a Non-Resident Scholar of the Insurance Information Institute, a partner at Wiggin and Dana LLP, and a professor of Insurance Law at the Quinnipiac University School of Law.

Business Insurance, Business Risk, Cyber Risk, Terrorism Risk

Emerging cyber terrorism threats and the Federal Terrorism Risk Insurance Act

1 Comment
Cyber is a relatively new, evolving risk. Insurers manage their exposures, in part, by setting coverage limits and excluding events they don’t want to insure.

On December 20, 2019, President Trump signed a federal funding package that includes a seven-year extension of the Terrorism Risk Insurance Act (TRIA). TRIA provides for a federal loss-sharing program for certain insured losses resulting from a certified act of terrorism.

Passage of the act was met with resounding approval by the insurance industry. You can read more about it here.

A critical mandate of the TRIA extension is for the Government Accountability Office (GAO) to make recommendations to Congress about how to amend the statute to address emerging cyberthreats. Triple-I recently hosted an exclusive members-only webinar featuring Jason Schupp of the Centers for Better Insurance, who discussed issues likely to be addressed by the GAO report.

Schupp said the report will likely serve as a starting point for a discussion about cyber threats and how the insurance industry can better meet the needs of businesses, nonprofits and local governments for cyber insurance. It will address:

  • Vulnerabilities and potential costs of cyber-attacks to the United States;
  • Whether adequate coverage is available for cyber terrorism;
  • Whether cyber terrorism coverage can be adequately priced by the private market;
  • Whether TRIA’s current structure is appropriate for cyber terrorism events; and
  • Recommendations on how Congress could amend TRIA to meet the next generation of cyber threats.

Cyber terrorism is already covered under TRIA, but such acts don’t fit neatly into the TRIA framework. Because cyber limits and conditions are already narrow, TRIA’s current make available requirement has not been effective in providing coverage for cyber-terrorism events at the same limits and conditions as non-cyber events.

Schupp proposes that the requirement be amended so the coverage doesn’t exclude insured losses specific to the loss of use, corruption or destruction of electronic data or the unauthorized disclosure of or access to nonpublic information.

But expanding the requirement carries considerable risk. If insurers are required to make more coverage available for cyber events than they are comfortable with the result could be a pullback in property and liability insurance generally – not just for cyber events. Any expansion must be balanced with the terms of the backstop.

Schupp concluded that the GAO’s investigation and report (which is required to be completed by June 2020) is likely to kick off a multi-year debate that could substantially redefine U.S. cyber insurance markets. Insurers, policyholders and other stakeholders should engage accordingly.

To learn about how to become a member of Triple-I visit iiimembership.org.

Disaster Preparedness, Disaster Resilience, Flood Insurance

Triple-I’s insurance for resilience project

Leave a comment

In this video, Sean Kevelighan, CEO of the Insurance Information Institute (Triple-I), talks about the Triple-I’s Resilience Hub that the organization began developing in 2019 in partnership with Aon and the Colorado State University Department of Atmospheric Science.

The Hub’s goal is to use data in a way that helps people visualize and understand the risk of natural catastrophes with which they are living as catastrophes become more severe and more people move into high-risk areas.

“We’re tracking hurricane paths all the way back to 1990 so that when we forecast with those relative years, people can better understand what the impact might be in today’s economy,” said Kevelighan.

The project also tracks public flood insurance take-up rates through the National Flood Insurance Program. The average take-up rate for flood insurance is only 12 percent for the nation.

The Hub is part of the Triple-I’s overall insurance for resilience project, which aims to build a coalition that includes government agencies such as FEMA, private sector stakeholders such as Aon, and academic institutions such as the Wharton Risk Center to maximize impact. The Hub’s goal is to provide in one location easy-to-use content to empower consumers to make data-driven decisions when it comes to managing their exposure to extreme weather events.  “What we want to drive in the long run is behavioral change. We want people to think twice about where they are living and how they’re living so that they can be more resilient.”

Insurance Industry

JIF Insights: Former U.S. Economic Adviser: “Expansions Don’t Die of Old Age”

Leave a comment

 

Jon Hilsenrath, chief economics correspondent for The Wall Street Journal (left), and Glenn Hubbard, past chairman of the U.S. Council of Economic Advisers.

Glenn Hubbard, former chairman of the U.S. Council of Economic Advisers, projected 2 percent U.S. GDP growth for the next year – a bit more optimistic than the 1.8 percent consensus estimate of professional economic forecasters.

The U.S. economic recovery remains in record-setting territory, and though the pace of real GDP growth has slowed – from 3.1 percent in the first quarter of 2019 to 2 percent in the second and 1.9 percent in the third – there are few signs the expansion is fading. According to the Federal Reserve Bank of St. Louis, the current growth rate is consistent with the economy’s potential growth rate, which most economists estimate at between 1.75 percent and 2 percent.

“Expansions don’t die of old age,” Hubbard told attendees at Triple-I’s Joint Industry Forum. “They die of some shock, some policy action that strangles them.”

Asked by Jon Hilsenrath, chief economics correspondent for The Wall Street Journal, whether President Trump’s 3 percent growth target was realistic, Hubbard said it could be achieved, “but it would require some really outsized assumptions.”

“You’d need 2 percent-plus productivity growth,” he said, adding that weak population growth and continued low labor force participation are greater obstacles to reaching such an optimistic target.

Despite technological advances that might be expected to drive productivity, the Organization for Economic Cooperation and Development (OECD) reports, “productivity growth has declined sharply” in recent decades. Low labor force participation is associated with lower GDP and tax revenues, according to the Congressional Budget Office (CBO). It’s also associated with larger federal outlays, because people who aren’t in the labor force are more likely to enroll in federal benefit programs. Labor force participation has been weak since the end of the recession and, despite upticks in 2016 and 2017, the CBO expects it to remain so until 2027.

Slow and steady

“Barring anything unforeseen,” Hubbard said he doesn’t believe a downturn is imminent. He pointed to countries like Australia that have experienced decades-long slow, steady expansions.

“One of the reasons this expansion has gone on for so long,” Hubbard said, “is that it has not been as robust throughout as other expansions.”

He pointed to the “lower for longer” interest rate environment as a risk area for the insurance industry, noting that difficulty earning spread could lead to “pockets of excess risk taking.” While many have warned about this risk,  insurers have shown they can earn profits while maintaining reserve adequacy. As Triple-I recently reported, 2019’s third-quarter $48.1 billion net income after taxes for the property/casualty industry was the second highest since Q3 2007 and only slightly below the highest profit ($49.4 billion), in  Q3 2018.

2020 Elections: Don’t Be ‘Overly Conventional’

On the U.S. elections, Hubbard said “If you’re focused on the economy and economic variables, the President should have a very good chance of being re-elected.”

“I think, though, it’s a mistake to be overly conventional,” he continued.  “That kind of analysis may have led people astray in calling the 2016 race. I look at underlying currents in the economy, and I see a current of many people doing very well, others doing less well – neither side is completely playing to both of those groups.”

Hubbard said he “wouldn’t rule out” a Democratic presidential win, even if the candidate came from the far Left.

“When I ask business leaders about uncertainties they’re worried about, this is number one on their list,” Hubbard said, “because a scenario that delivers a far-Left Democratic President also delivers a Democratic Senate and could mean very different policies.”

Disaster Preparedness

Zurich North America’s report on California wildfires: Investing in resilience is key

Leave a comment

By Max Dorfman, Research Writer, Insurance Information Institute

A new report by Zurich North America, in collaboration with DuPont and the nonprofit Institute for Social and Environmental Transition (ISET-International), examines the ever-increasing risk of wildfires in California. Based on a study utilizing Zurich’s  Post-Event Review Capability methodology, “California fires: Building resilience from the ashes” draws from research and interviews with those affected by the fires in addition to civic and nonprofit representatives involved in risk reduction, response and recovery. The report seeks answers to why these fires have become so hazardous, and the ways in which communities can become more resilient.

The Deadliest Fires Yet

Fires are becoming more frequent in California, with an increasing number of people living closer to affected areas. The state suffered the largest and most destructive wildfires in state history in 2017 and 2018. The 2018 Camp Fire alone claimed the lives of 86 people and devastated the town of Paradise.

With this danger in the “wildland-urban interface”—essentially where hazardous wildlands meet homes and businesses—residents and business owners need to understand their risk. Education is essential to protect these areas. “Education is one of the first steps to help residents take necessary precautions against wildfires,” said Marcel Milani, Global Strategy Leader, Resilient Construction, DuPont. “Once business and homeowners understand what’s at risk, and that they are in control of building site retrofits that could save their property and their lives, they will invest in change.”

California is Taking Steps to Limit the Next Big Fire

California has developed Fire Hazard Severity Zone Maps to demonstrate the areas that have the greatest probability and intensity of potential wildfires. These maps help show which homes need to meet Chapter 7A of the California Building Code, which requires homes be built to certain fire-safe standards. Paradise which has experienced multiple fires since 2008, provides an important example of why this is so significant. Homes built in compliance with Chapter 7A codes tended to fare better than those built before 2008, when the codes were put in place. Of the 350 homes built to the Chapter 7A code in Paradise, 51 percent survived compared to 18 percent of the 12,100 homes built before 2008.

However, in some cases, the rising cost of homes and increasing population leads to communities that, according to the report, are “disproportionately of lower socioeconomic status, elderly or otherwise more vulnerable.” The costs of fire-resistant structures mean fire-resistant homes likely need to be built alongside retrofitted buildings. Indeed, the report found that perceived cost was one reason 7A codes were not adopted. And for vulnerable populations, there needs to be help. “Reducing the costs of retrofitting homes and buildings to fire-resistant standards would be a step in the right direction,” said Karen MacClune, Ph.D., Executive Director for ISET-International. “Providing funding or low-cost loans for the most vulnerable would support them to take action.”

Pushing the Conversation Forward

Despite California instituting new building codes and statewide fire hazard mapping, the study recommends that further practices need to be undertaken. Other key takeaways from the report include:

  • There needs to be more data on benefits and costs of mitigation that could in turn help set priorities
  • There continues to be development in high-risk areas, further amplifying the risk and danger of these fires
  • Many Californians impacted by fire are slow to take actions to reduce their risk
  • There needs to be more preparation for a fire’s aftermath
  • Mechanisms are required to ensure adequate insurance

All of this leads back to the core concept of resilience.

“With resilience, it’s about minimizing impact, avoiding impact or shortening impact. Our job as an insurance provider is to make someone whole after an event,” said Ben Harper, Head of Corporate Sustainability at Zurich North America. “Proper resiliency planning differs based on the customer and the region, among other variables. But it shares a common thread: action before an event.”