Key Takeaways
It is not a secret that the fintech industry has experienced significant growth over the course of the last 5 years. $9.4 billion dollars was invested in fintech companies in Q2 of 2016 alone. Whether it is the sheer size of investments, growth in revenues, or other KPI’s, the fintech industry is here to stay. The often less discussed areas of growth however, are the growing operational risks and challenges faced by companies in the space.
A tailored insurance program is an essential tool for any fintech company. This post will identify the growing risks faced by the various areas of fintech and explore how carefully implemented insurance programs are essential risk mitigation measures against the growing threats.
We’ll identify 5 key categories of companies within the fintech space and the unique risks faced by each category. We’ll finish by showcasing how proper insurance coverage mitigates the potential for substantial losses.
The 5 Key Areas of Fintech
Though not exhaustive, we’ll focus on the following:
- Payments (digital wallets and P2P payments)
- Investments (equity crowd funding and P2P lending)
- Financing (crowdfunding, lending, and other credit facilities)
- Advisory (robo-advisory and wealth management)
- B2B SaaS platforms (integration with enterprise clients)
Common (and Evolving) Risks
1. Data Security and Cyber Crimes (Hacking, Data Breaches, and DNS Attacks)
Data security threats are not unique to any one particular segment of the fintech industry, and all companies should be wary. The threats themselves are becoming more advanced as many companies are moving to cloud-based servers. The five most common are malware, web application attacks, point of sale attacks, insider compromise, and distributed denial of service attacks. Aside from having legal implications (see Graham Leach Bliley Act), data breaches come with significant cost generators: notification costs, PCI fines, reputation damage, legal expenses, settlements with affected 3rd parties, investigation costs, and system damage to name a few.
Considering the growing costs and implications of cyber related risks, a comprehensive Cyber Liability Insurance policy can mitigate costs associated with all of the above losses. Some Cyber Liability policies can even be structured to provide coverage for losses associated with cyber-related crimes (whether committed by employees or 3rd parties.)
1st party cyber crimes (done internally) can also negatively impact the managers and directors of the firms. Managers and directors of firms whose employees are found to conduct cyber crimes often face personal “failure to supervise” claims. These can come from regulatory agencies or from the company’s investors. In either case, a well-designed directors & officers liability policy will provide for the necessary defense costs and shield the personal assets of the directors, managers, and board members.
2. IP-related claims (rise of patent lawsuits and trolls)
The payments space has seen a significant rise of IP related lawsuits. In 2015, over 65% of IP related suits were filed by patent trolls, and of all IP related suits, 64% were in the “high tech” sector. IP related suits are also some of the costliest and lengthiest. The average cost of an IP suit is $1.8M per side and can take an average of 3 years.
Needless to say, if your company is in the payments space or holds patents, then IP Insurance should be high priority on the insurance shopping list. IP insurance is unique in the sense that it can be structured to not only provide coverage for defense costs (your company is accused) but it can also provide “abatement” coverage that pays to go after another company that is infringing on your IP. Well-designed IP policies will allow for companies to use their insurance to pay for the litigation costs associated with being both the defendant and plaintiff of an IP lawsuit.
De-Risking Fintech
3. Regulatory Risks
Fintech companies in the lending, crowdfunding, and wealth management space are familiar with the regulatory challenges facing the industry. Whether those from the State Banking Department, SEC, OCC, or CFPB, the costs associated with regulatory investigations can be substantive and lengthy. For crowdfunders, unique SEC regulations post a particular challenge (see Title III Crowdfunding, aka regulation crowdfunding.) Whether the inquiry is related to compliance with investor protection laws or those aimed at protecting borrowers, regulatory compliance is the number one uncertainty facing the fintech industry.
Financing, investment, and advisory firms can mitigate regulatory risks by obtaining a package or lenders policy (directors & officers with professional liability or errors & omissions). These package policies can cover costs associated with regulatory investigations, potential fines, and claims against the company and/or the individual directors and officers should they be personally named in a suit.
Insurance can also help newer companies attract experienced directors or officers who are wary of the additional challenges posed by regulatory risks in the space. Startups can often alleviate some concerns by mitigating the personal risk faced by directors and officers with a D&O insurance policy.
4. Investor Related Suits (and the perils of growing at all costs)
While 2016 saw a decline in investments to Fintech companies compared to 2015, the sheer volume and deal size by VC’s is still substantially larger when comparing to other industries. With investors come investor related lawsuits. Some high profile suits include claims against Can Capital and Lending Club in 2016, however there are plenty of suits against companies not yet thrust into the spotlight.
For online lenders and credit facilities, competition in conjunction with internal pressure and pressure from investors to grow at all costs has often led to loosening of credit guidelines. Furthermore, many investors still expect their investment to materialize in the traditional 3-5 year window, which arguably may not be the right expectancy for companies in the investments and financing segment of the fintech industry. Combine these two risks, along with the potential for IP litigation, and you have the ideal set of circumstances for what can ultimately result in investor lawsuits.
Regardless of industry, a company that has investors should carry directors & officers insurance. Given the unique challenges of fintech companies, specifically online lenders and crowd funders, this coverage should be an essential and baseline risk management tool that indemnifies the company as well as the individual directors and officers of the company.
5. Contractual Liabilities for SaaS Platforms
A large segment of the fintech space consists of SaaS platforms that integrate with enterprise financial institutions. Aside from the already mentioned cybersecurity concerns, the other big risk is typically found in the wording of the contracts (uncapped liability clauses as one example). SaaS firms are particularly at risk for being the cause of a financial loss to their clients while being on the short end of a contract. Claims of this nature typically happen when there is a glitch or malfunction in the software or a breach of data.
SaaS platforms can mitigate these risks by obtaining errors & omissions and cyber liability policies. Errors & omissions coverage will step in to pay for 3rd party financial losses resulting out a software malfunction as well as other contractual liabilities. A well-structured errors & omissions policy will also pay for lost revenue by the policyholder in the event a platform malfunction occurs.
Summing it up
Fintech companies across all verticals within the space have uniquely acute risk exposures that stretch beyond the reach of “basic” business insurance products. However, solutions do exist and those risks can be properly mitigated with some carefully crafted insurance policies.