Rugg explains why insurance cover should be a key priority for fintech companies and how business owners can safeguard their operations with the right policy

The fintech industry arose out of a desire to change the financial services industry, where many smart individuals with innovative ideas were looking to develop and progress their concepts within the market. It’s easy to imagine that insurance was probably not at the forefront of their minds.

At Markel International, we first started to look at providing insurance for fintech companies back in 2015; it was a case for us of getting into the minds of those entrepreneurs, so that we could better understand their businesses and then address the potential risks that could disrupt their day-to-day operations. We identified that there were four key exposures impacting the fintech space – professional indemnity, directors and officers (D&O) liability, theft, and cyber liability – which led to Markel creating and launching a single solution policy in 2016.

Prior to this insurance product launch, fintech companies had no option but to purchase separate policies for each exposure.This meant that there could be significant gaps in cover between each individual policy. In some cases, companies were not able to purchase the breadth of cover required at all.

What’s included in the cover

Professional indemnity (PI) is a key cover and usually a requirement for regulated companies. Fintech companies have a duty to act responsibly and in the best interests of clients, but occasionally errors can happen for which companies will be liable to those clients and other third parties, which can lead to claims against them. It is important for a company, therefore, to protect their reputation in the industry by being able to respond to such claims quickly and efficiently. We have seen many examples of how this could transpire. One insured company, for example, had a situation, whereby, it overlooked options to take up bonus shares on behalf of customers resulting in a loss to their clients.

Protect your senior leadership

D&O is another important cover for any person taking a directorship or senior management position. One of the prime aims of a D&O policy is to protect the personal assets of directors and senior managers when they are involved in litigation. This policy covers the costs involved in the legaldefence of individuals when they are sued. It covers the costs that may be assumed by the individual in defending themselves or to reimburse the company where they have covered the individual for the above costs.

D&O is also an important tool to have when fintech companies are fundraising. Most investors will want to know about the insurances in place at director level before deciding to invest. The regulatory scrutiny on directors and senior managers is continuing to increase as the industry saw with the extension of the Senior Managers and Certification Regime (SM&CR). Employment wrongful act disputes are also a key element of coverage for any director. Some of the claims our organisation has seen in this area include directors being prosecuted for not having the necessary permissions to transact business and an employment case alleging unfair dismissal.

The rise in theft

Theft is a growing exposure for fintech companies, due to the increasing prevalence of criminals moving to electronic fraud. This has largely been through methods such as social engineering and push payment fraud, but they are also exposed to more traditional employee fraud. One case that we dealt with involved a dishonest employee who had access to company accounts from which he was able to transfer funds into his own bank account. Even after leaving the company he was still able to continue fraudulently transferring funds, which highlighted a huge weakness in the controls of that company. It’s important that fintech companies have comprehensive crime cover as part of their insurance policy which will cover electronic and non-electronic fraud, and which extends to both internal (employees) and external (third party) criminal acts.

Cyber response

Cyber is often at the top of risk managers’ concerns at the moment, understandably so as the rate of cyber-attacks has increased significantly in recent years. Fintech companies, through the reliance on technology platforms, are certainly a target and as the industry witnesses more widespread cases of malware attacks, including a spike as a result of the ongoing war in Ukraine, it is inevitable that some fintech companies will be hit.

“D&O is also an important tool to have when fintech companies are fundraising."

A key tool to have in the armoury of a fintech company’s risk management process is a crisis management/breach response service. When a crisis event happens (e.g., cyber-attack or a theft), having a panel of experts on hand and accessible 24/7 to be able to navigate a company through this period can be the difference between survival and failure, not just from the immediate financial loss, but also from potentially fatal reputational damage. Having this type of insurance cover as part of robust risk management will allow companies focus on their performance, without fear of their reputation being called into question.

The Markel fintech policy provides full liability cover in the event of a cyber-attack. In addition, the policy covers first party exposures such as profits lost due to an interruption in the company’s business operations, following an attack, and the costs of rectifying damage to systems and data.

Regulatory scrutiny

Regulatory scrutiny on the fintech industry continues to increase as the industry continues to grow. Most recently, we have seen the FCA scrutinising the challenger bank sector of the industry, highlighting weaknesses in Anti-Money Laundering (AML) and Know Your Customer (KYC) processes. In the past, we have seen scrutiny on the peer to peer lending sector and continued regulatory interest in the Buy Now Pay Later space. Regulatory investigations into companies can be very expensive. Having an insurance policy that provides cover for the costs arising from these investigations is therefore an important part of risk management.

Payment Services Directive 2 (PSD2)

Being a relatively new industry, fintech continues to evolve in the services provided and how they are offered. A development in recent years was the introduction of open banking in the UK, and equivalents worldwide, coming out of the Payment Services Directive 2. This gave rise to two new activities being rapidly adopted by the fintech industry in account information service providers (AISPs) and payment initiation service providers (PISPs), giving new exposures largely around the use and protection of customer data. For fintech companies that wish to offer these services, it’s important to have a regulatory compliant policy that provides specific cover for the liabilities that need to be insured under the insurance guidelines for PSD2. 

Managing risks successfully

Having an insurance policy that has been crafted to suit the needs of the fintech industry ensures your business will not be left exposed to undue threat. A robust policy alongside risk management, gives companies the confidence to scale and prosper knowing they are protected should the worst happen.