Issue #36 - Transferring Risk
Risk. How likely is something to happen?
That word - risk - and that question - how likely is something to happen? - are responsible for more money changing hands in this world than just about anything else.
They are the basis for insurance.
The modern insurance industry began in London in 1686. Edward Lloyd operated a coffee house on Tower Street that was frequented by sailors, merchants, and ship owners. Patrons would share stories and the coffee house quickly became the place for reliable shipping news in London. Long distance ocean voyages were perilous back then, and ships along with cargo were often lost at sea. Merchants and ship owners wanted financial protection in the event they lost a ship, and underwriters would offer to cover the loss if something happened. If you wanted maritime insurance in the last 17th century, you went to the coffee house. Lloyd’s of London was born.
Despite Edward Lloyd dying in 1713, Lloyd’s of London lived on and over the next 300 years would become the largest insurance marketplace in the world.
Lloyd’s is a fascinating business and an increasingly relevant character in the crypto story. Like cargo on a ship, digital assets in custody need to be insured too and a lot of the insurance that exists in the industry today was acquired through Lloyd’s of London.
Before we start, I want to thank Jacob Decker at Woodruff Sawyer for educating me on this topic over the last 3 years. He is one of the best brokers in the business and helped secure insurance coverage for the likes of BitGo, Bitstamp and Opensea, among others.
Let’s zoom in…
The money in your bank account is insured by the Federal Deposit Insurance Corporation (FDIC), a US government entity. Banks pay the equivalent of insurance premiums to the FDIC, and the FDIC in turn insures your checking and savings account balances up to $250,000. Similarly, the securities in your brokerage account are insured by the Securities Investor Protection Corporation (SIPC), a government mandated non-profit. US broker dealers pay the equivalent of premiums to SIPC, and SIPC in turn insures your brokerage accounts up to $500,000, including $250,000 for cash deposits.
Now what about your crypto held at exchanges and custodians?
Like banks and broker dealers, crypto exchanges and custodians are assuming risk by holding digital assets on behalf of their customers. And very predictably, they’d like to transfer some of that risk to insurance companies.
But unlike banks and broker dealers, crypto platforms don’t have a government backstop; at least not yet They must obtain private insurance. Over the last eight years, the aggregate amount of insurance in the industry has grown tremendously. Most major, regulated platforms have some coverage now, and they all have a similar structure.
The insurance maintained by centralized crypto platforms is not a single policy, it’s a combination of different types of insurance each intended to cover a unique set of risks. It is often described as a “tower”.
The bottom of the tower represents the most at risk funds (crypto in hot wallets), the top of the tower represents that funds least at risk (crypto in cold storage).
Hot wallets are generally insured with crime insurance. A crime policy covers the loss, damage, destruction or theft while assets are in transit or transmission. Because hot wallets are online and easily accessible, crime insurance was a natural fit. Because funds in hot storage at the most at risk, the premiums on crime insurance are higher and the coverage amounts are lower. Crime policies will generally cover anywhere from $10-100M of loss.
Now $100M might seem like a lot, but keep in mind large exchanges and custodians each hold billions of dollars of cryptocurrency for users. $100M is a small fraction of their overall liability.
It’s also important to note the vast majority of assets managed by exchanges and custodians are in cold storage. The general rule is “98 and 2”. 98% of assets are in cold storage, and 2% are in hot wallets to satisfy intraday deposits and withdrawals. That means the $100M crime policy only needs to cover the 2% of assets in hot wallets. Now that still might not get you 100% coverage, but the math looks a lot better.
The other 98% of assets in cold storage are generally insured with specie insurance. Specie cover focuses on the theft or destruction of assets while stored in secured locations. Because cold storage is offline wallets in secure locations, specie insurance was also a natural fit.
Because assets in cold storage are generally deemed to be less risky, specie policies tend to have higher dollar amounts. It is customary in the industry for platforms to receive 4, 5, 6, even 700M of specie coverage. Now $700M is nothing to sneeze at, but it still pales in comparison to the total liability these platforms have.
Interestingly, the crime and specie policies are written in dollar amounts, not cryptocurrency. This means in the event of a market rally, the dollar value of the crypto being insured could dwarf the dollar value of the insurance policy. It’s a little wonky, like having $25,000 of coverage on your car, but over the next year the value of your car increases 10x. You’re stuck…
Not only are exchanges and custodians underinsured, with usually less than 10% of their liability covered by the combination of crime and specie insurance, but the industry in the aggregate is heavily underinsured. Optimistically, there may be $20-30B of underwriting appetite globally. That means if you add up all the policy amounts insurance companies are willing to issue, that’s the number. That is still less than half the value of all assets in custody at Coinbase…one exchange!
There are many reasons for this - crypto is new, these companies don’t have long track records, and their internal controls are evolving.
But the one I want to talk about is reinsurance.
Investors, exchanges and custodians aren’t the only groups that need insurance. Insurance companies need insurance too.
We call this reinsurance.
Reinsurance is the insurance purchased by an insurance company to insulate it (in part) from the risk of a major claims event.
Imagine that all the crypto exchanges and custodians with insurance experienced a major loss on the same day. Assuming the loss is covered, the insurance companies that wrote the coverage will have liability in the billions. For them to issue these policies in the first place, they need to know they can sell some of that liability to a reinsurance company as a way to limit their losses in the event of a catastrophe. When it comes time to pay the claims from the hacks, both the primary insurers and the reinsurance companies are on the hook.
Reinsurance is a critical component of any insurance market because its existence allows primary insurers to be more aggressive with the risk they underwrite. For example, an insurer may only be comfortable having $100M of crime liability for crypto custody on its books. Without reinsurance, they can only write a total of $100M in coverage. However, with reinsurance, they could write $400M of crime liability, and sell 75% ($300M) to a reinsurer. The primary insurer may even make money if the reinsurer is charging a lower rate than they are charging their customers.
The reality today is the reinsurance market for crypto-related crime and specie is virtually non-existent. As a primary insurer issuing policies to exchanges and custodians, that means 100% of the risk stays on your books. The reinsurance market (or lack thereof) is one thing preventing the primary crypto insurance market from growing. Reinsurers aren’t comfortable with the risk associated with hot and cold storage yet, so they are carving crypto out of the portfolio of risk they purchase from primary insurers.
If the industry wanted $100B of primary coverage, which would still only cover a small fraction of assets in custody on major crypto platforms, we may need $50B or more of reinsurance appetite. That’s just not there today.
I’m not going to unpack insurance in DeFi completely, but I did want to briefly touch on it.
DeFi throws a wrench in the insurance equation becomes it removes all the centralized counterparties from the equation.
Since they are replaced by smart contracts, the obvious question is “can you insure a smart contract”? Potentially, but it gets complicated fast. Who is the policy issued to? Someone needs to pay the premium. DeFi users are pseudonymous.
Given the obvious challenges DeFi faces with traditional insurance providers, software engineers do what they do best…they build decentralized versions of the same thing.
Insurance protocols that operate like a decentralized Lloyd’s of London are insuring a small percentage of the open positions in DeFi today. This is a really nascent corner of the market I am excited about, and there are at least half a dozen new projects focused on making DeFi insurance cheaper and more efficient.
Thanks for reading,
Not a subscriber? Sign up below to receive a new issue every Sunday.