
Dhiren Harji
Digital Assets Client Executive, Financial Institutions
-
United Kingdom
UK financial institutions are increasingly entering the digital asset sector, driven by advancements in the underlying technology, record-high cryptocurrency prices, and enhanced regulatory clarity. To enter the digital assets market quickly while potentially mitigating risk and conserving resources, these institutions are likely to collaborate with established service providers or custodians.
In this article, “service providers” refers to businesses that offer technology enabling financial institutions to take custody of their own or their customers' assets, while “custodians” denotes entities that hold assets on behalf of financial institutions.
Since insurers already offer coverage for these third parties, financial institutions must address and navigate aggregation risk issues when developing their insurance programmes.
Aggregation risk pertains to the potential for a single event or series of events to trigger multiple claims across a portfolio of insureds. This risk is particularly pronounced in the realm of digital assets due to the limited number of custodians, service providers, and insurers in the space. As financial institutions engage with third-party providers — many of whom are already insured — understanding how aggregation risk influences their insurance coverage is essential for effective risk management.
Financial institutions entering the crypto space have several options for handling digital assets.
They can develop their own custody solution from scratch. This approach grants financial institutions greater control over the custody process, instilling confidence, and allowing them to mould the solution to their needs.
They can partner with a digital asset service provider that offers a solution for self-custody of digital assets. This allows financial institutions to enter the digital asset space with a robust product, act as custodians themselves, and reduce counterparty risk without needing to make a significant investment in a proprietary solution.
Alternatively, they can outsource custody of digital assets entirely to a third-party custodian. There are many custodians with extensive experience, rigorous controls, and robust insurance programmes.
Utilising third-party services inherently carries the risk of significant breaches. These may arise from latent vulnerabilities in a service provider’s hardware or software, or from breaches at a third-party custodian. Such breaches could be perpetrated by employees of the service provider, custodian, or external parties.
When engaging a service provider, the financial institution typically has responsibility for key generation and storage. In these scenarios, institutions can build substantial insurance programmes, as insurers' aggregation risk is reduced. However, in the event of a direct loss of assets caused by a breach at a custodian, any insurance purchased by the custodian would be shared among all affected parties, meaning that the insurance coverage may not be proportional to an individual financial institution’s risk. Furthermore, a custodian’s policy is unlikely to respond if the financial institution's systems are compromised.
Therefore, it is crucial for financial institutions to understand that they continue to face risks, whether from underinsurance or residual exposure, when utilising custodians. However, securing adequate coverage can be challenging due to the limited availability of digital insurance in the market. Insurers may have already reached their maximum capacity with certain custodians, further complicating the process.
As aggregation issues persist, financial institutions must adopt strategies to effectively navigate them.
To begin with, they need to choose the right custodian or service provider. Conducting thorough due diligence on third parties is essential to fully understand their controls and ensure that their procedures align with the institution’s needs.
Financial institutions must also understand what they are covered for (and not covered for) under a custodian or service provider’s insurance policy. They can then collaborate with a broker to design insurance programmes that take these coverages into account, either topping up their limit of liability or insuring against scenarios that are not covered under the custodian or service provider’s policies.
At Marsh, we recognise the complexities of the digital asset landscape and the aggregation challenges faced by insurers and financial institutions. By demonstrating a financial institution’s separation of risk to insurers, we can help alleviate concerns regarding aggregation risk and facilitate meaningful risk transfer.
Marsh’s tailored insurance programmes enable financial institutions to enter the digital asset space with increased confidence through:
To discuss your specific circumstances and potential risk transfer options further, please contact your Marsh advisor.
Digital Assets Client Executive, Financial Institutions
United Kingdom