New opportunities and challenges are on the horizon as the ILS sector looks to help manage everything from cyber risk to cryptocurrency and intangible assets, says Peter Dunlop at Walkers Bermuda.

Bermuda has a long history of innovation in the insurance space. Led by pioneers Fred Reiss, Bob Clements and others, Bermuda was the first to develop the captive insurance model in the 1960s and a solution to the US casualty crisis of the 1980s.

With the implementation of the Insurance Amendment Act 2008 and the introduction of the light-touch regulated special purpose insurer (SPI), Bermuda embraced third party capital convergence and launched itself to pole position as the world's leading insurance-linked securities (ILS) marketplace.

More recently, to meet the rising tide of insurtech initiatives, in 2018 the Bermuda Monetary Authority (BMA) launched a temporary licence innovative insurer class for both general and long-term business, and created the insurtech regulatory sandbox and innovation hub.

We in Bermuda await the implementation of the BMA's Guidance Note #20 on SPIs and the outcome of the consultation period for proposals made by the BMA for a new permanent licence, non-sandbox innovative insurer class, and a new collateralised insurer class, with permanent capital requirements and the ability to fully fund its liabilities via outwards reinsurance.

Meanwhile, as the losses from hurricanes Harvey, Irma and Maria in 2017 and Typhoon Jebi and the California wildfires of 2018 creep higher, and the ILS market wrestles with the side-effects of trapped capital, the burning question for the ILS industry is now "what other lines of business can ILS adapt to?".

According to most panels on the ILS conference circuit the answer to that question is "cyber insurance". Without doubt, cyber insurance will continue to grow in its application and demand, but is cyber insurance truly a good fit for ILS? Will it provide the return to investors that has been missing from property catastrophe risks these last two years?

What is cyber insurance?

Cyber insurance is not new. Losses from cyber events were first asserted through errors & omissions policies without those coverages specifying that they covered "cyber" losses. In response, standalone cyber policies were developed in the late 1990s from those professional liability coverages and have increased in sophistication and demand commensurately with the growth of the technology industry.

Cyber insurance began as a relatively narrow coverage, covering first party costs of investigation and remediation caused by data breaches or cyber events. Loss data was scarce and rates on line were high, while pricing in traditional classes was decreasing.

Now, as cyber insurance—both first party and third party—has become de rigueur, the market has softened. Coverage terms have broadened while pricing remains flat.

First party coverage

Today, first party coverages include hacking, cybercrime, damage to electronic data, increased costs, and/or loss of income similar to business interruption losses, cyber extortion, cyber terrorism, and crisis management damage.

They also include notification costs, a head of damage caused by legislation such as the California Security Breach and Information Act 2003, which requires Californian businesses to notify affected parties of unauthorised cyber breaches resulting in a loss of personal data.

Third party coverage

Common third party liability coverages indemnify for damages and defence costs arising from third party claims caused by data breaches from network security, distribution of private data arising from such data breaches, electronic media defamation and invasion of privacy, funds fraud, and cyber terrorism.

The marriage of cyber and ILS

Would third party capital and cyber insurance make a good union? Demand for cyber insurance is increasing, while third party capital provides a resilient platform from which the insurance industry can increase efficiency and grow in size, scope and geography.

However, ILS makes sense in the natural catastrophe class because investors are attracted to the diversified returns, uncorrelated to the shocks of financial markets, that nat cat events offer.

Those events are geographically confined and there is a wealth of historical weather and catastrophe data to work with. In addition, natural disasters are seasonal (although it remains to be seen what increasing impact climate change will have on the nat cat high severity/low frequency model) and therefore somewhat predictable.

Can the same be said of cyber? Cyber insurers have already been struck by waves of losses caused by data breaches in the US retail and healthcare sectors, including big names such as Target, UPS and Anthem. There is reportedly a wave of cyber-related litigation in California.

Concurrently, there is a relative lack of data required to produce a robust, well-balanced, competitively priced insurance product. Hackers and cyber criminals are ever more advanced and unpredictable in their attacks and, unlike nat cat, cyber knows no geographical limits.

It is not seasonal. Cyber losses do not lose force when they make landfall. They cannot be extinguished as a wildfire might be. Pricing is decreasing and cyber losses are arguably not uncorrelated from the financial markets, thus removing the investment motivation.

Research undertaken by the Institute of Insurance Economics found that in 2018 global annual losses from cyber risk were $600 billion with only $6 billion insured, but it is fair to say that an uncontrolled and undisciplined collaboration between cyber insurance and ILS could result in catastrophic cyber insurance losses and at the same time scare off the third party capital providers that are so vital to the growth of the insurance industry. It cannot be long until we see a cyber cat bond—but an ultra-prudent underwriting approach is a must.

With the opportunities created by advances in technology come certain challenges. Two such challenges are in the areas of cryptoasset enforcement and intangible asset valuation.

Cryptoasset enforcement

The BMA introduced the Digital Assets Business Act 2018 (DABA), which provides for the licensing and supervision of digital assets— cryptocurrencies—business activities in Bermuda, and the Companies and Limited Liability Company (Initial Coin Offering) Amendment Act 2018 (the ICO Act), which amends the Bermuda companies legislation to create a framework for the regulation of ICOs, more broadly now referred to as tokens.

While the legislative regime in Bermuda for DABA and ICO entities is robust, there are challenges ahead when things do not go according to plan. Not only are cryptoassets difficult to insure but it is well publicised that the Securities and Exchange Commission in the US, the Financial Conduct Authority in the UK and the Monetary Authority of Singapore have all taken enforcement action against cryptoasset entities in a variety of perimeter issues (ie, performing regulated activities for a cryptoasset business without appropriate authorisation).

In addition, insolvencies of Bermuda-regulated cryptoasset businesses raise unique problems for Bermuda liquidators:

  1. The lack of clarity on the accounting treatment and valuation of digital assets makes evaluating the solvency or lack thereof of a digital asset a complicated task.
  2. Under the Bermuda Companies Act 1981, broad powers are afforded to Bermuda liquidators when seeking to recover assets in the liquidation of Bermuda companies, but the recoverability of digital assets will be dependent on the ability to identify targets to seek recourse against. Many digital assets are created and transferred using anonymous blockchain technology meaning that, while the BMA can identify the parties to a public digital asset transaction from the party names given, those names might be aliases or false altogether, making the process of ascertaining the identity of transferors and transferees of digital assets difficult.
  3. With DABA and ICO technology being decentralised, the global and borderless nature that underpins the maintenance and transfer of many digital assets can cause uncertainty when determining how and where to enforce rights relating to digital assets held by a company in liquidation. Bermuda liquidators have a traditional toolbox to assist them in multi-jurisdictional insolvencies, which might not be enough, including:
    1. A Section 195 order, compelling any person connected to the company to provide the liquidator with any books and papers relating to the company.
    2. A scheme of arrangement, between a company and its creditors to restructure a company by varying the rights of the certain stakeholders.
    3. A Norwich Pharmacal order, compelling a party to disclose information in circumstances where one has knowledge of a wrongdoing but not of the identity of the wrongdoer.
    4. A Bankers Trust order, compelling a Bermuda bank to provide discovery to enable tracing of funds believed to be owned by the company and held by the bank.

Intangible asset valuation

Intangible assets are non-physical assets such as copyrights, patents, trademarks, and goodwill, and are distinguished from physical assets. According to a 2015 report of Ocean Tomo, an intellectual property bank, 84 percent of the S&P 500's value is derived from intangible assets. This amounts to an inversion of balance sheet values for tangible and intangible assets from 1975 when intangible assets were valued at 17 percent.

This exponential increase in intellectual property value, led in part by the technology boom, requires us to account for those intangible assets in a more modern way. GAAP and IFRS accounting value intangible assets differently—depending on whether those intangible assets were acquired or grown internally—and under both accounting systems intellectual property is valued less favourably than tangible assets such as plant and machinery.

The result is corporate valuations for companies rich in intangible assets that are lower than should otherwise be appropriate. This has a knock-on effect on corporate borrowing costs, credit ratings and corporate financial health as a whole.

These days that difference in accounting approach is outmoded. Insurance and ILS might turn that problem into an opportunity by finding a means to establish an insured value for those intangible assets and provide an intangible asset credit guarantee for, say, regulatory capital relief purposes.

Conclusion

With the loss creep of the 2017 and 2018 nat cat seasons it is to be expected that third party capital investors would look for a different, more stable and remunerative insurance class to collateralise. Correspondingly, the insurance industry requires increased capacity and ILS seems an obvious means of raising it.

It remains to be seen whether the pricing and low levels of data and loss history for cyber justifies a large scale move to cyber away from nat cat coverage, which itself still has very low penetration in undeveloped and developing economies and is aggravated by climate change.

The irresistible rise of technology creates not just opportunities but also challenges, especially in the areas of cyber, cryptoasset enforcement and intangible asset valuation.

Whatever lies in store for cyber, technology, and ILS, Bermuda is an established leading jurisdiction for fintech and insurtech and is well positioned to continue its history of innovation and reinvention.

Originally published by Bermuda: Re + ILS.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.