Cryptocurrency insurance – best practices for custodians

The contents of this article were originally delivered as a talk at an event hosted by Future Processing (opens a new window), on 27 April 2023.

The advantages of cryptocurrencies continue to draw interest from investors and businesses, creating demand for crypto-related services. As the market evolves, underwriters are becoming increasingly sensitive to the risks involved in the custody and management of cryptocurrency and other digital assets. Firms seeking to insure themselves against such risks must ensure they have robust mitigation measures in place to alleviate concerns.

An evolving market for cryptocurrency cover

At its core, a cryptocurrency is a form of digital currency that uses cryptographic techniques to secure transactions without reliance on a central authority, such as a bank or government. First introduced to the public in 2009, cryptocurrencies have disrupted traditional models of financial services by enabling cheaper, faster, and frictionless transactions and near-instant settlement, while reducing the need for duplicative record-keeping and reconciliation.

Valued at USD 4.67 billion in 2022 (opens a new window), the global cryptocurrency market is set to expand at a compound annual growth rate (CAGR) of 12.5% from 2023 to 2030. Despite their appeal, however, cryptocurrencies – like fiat currencies – are not without risk. Once purchased, cryptocurrencies must be securely stored to eliminate the risk of hacks, or theft in moving the assets away from their owners. Generally, this is done via one of two means, or a combination of the two:

  • ‘Warm’ or hot storage – otherwise known as ‘digital wallets’ or ‘hot wallets’, these devices are connected to the Internet. Warm storage options use various encryption techniques to secure a user’s private key(s) in desktop, mobile, or cloud-based locations, and may be operated by third parties (custodial wallets) or by the holder themselves (non-custodial wallets). These solutions are unified by the use of technology to mitigate risks.

  • ‘Cold’ storage – offline wallet solutions. These may be paper (where keys are printed or written down by hand) or hardware solutions, such as external hard drives, USB keys or hardware wallet devices. These solutions are unified by the ‘air-gap’ between the storage media and the Internet.

The provision of insurance cover for the safekeeping of crypto assets typically falls within the remit of either the crime/fidelity market or the specialist (or ‘specie’) market. The specie market has historically focused on protection for valuable, high-end items, including fine art, bullion, and jewellery, both when stationary and in transit. As holders of crypto and other digital assets have increasingly turned towards cold storage, the specie market has expanded to include the cover of crypto.

Custody insurance – what are insurers’ concerns?

The ongoing maturing of cryptocurrency markets is prompting increased interest among insurers for both cryptocurrency and other digital asset-related risks. As familiarity with these exposures continues to grow, the expectation is that underwriters’ appetites will continue to broaden.

Currently, the principal form of cover for holders of digital assets stored in a cold storage solution is custody insurance. Although the exact coverages will vary from insurer to insurer, this will typically provide protection for the following risk exposures:

  • Physical destruction of devices that store private keys (or parts of keys) by fire, flood, windstorm, earthquake, and other natural perils

  • Theft of devices, by employees or third parties at sites that store private keys (or parts of keys)

  • Theft or copying of private keys by employees or third parties while in transit from their place of custody

Custody insurance is suitable for any firms that hold and store digital assets, either for their own interests or on behalf of others. This includes banks, custodians, exchanges, and others.

Preparing for insurance renewals

The relative infancy of the crypto market means that best practices for the custodianship of digital assets continue to evolve. Nevertheless, firms that can demonstrate evidence of robust risk management protocols will inevitably be perceived as having a more favourable risk profile.

To better protect digital assets held within cold storage locations, firms should consider the following measures:

  • Internal risk management structures, such as specifying who has authority to transact with these assets, and to what limits

  • Multi-signature schemes – for instance, requiring two of three co-signers’ signatures in order for a multi-signature cryptocurrency transaction to take place (‘M of N’ protocols)

  • Crypto withdrawal whitelisting, through which holders of cryptocurrency are required to specify approved recipients in advance to prevent unauthorised transactions or transactions with fraudulent addresses

  • Hardware solutions – for example, GPS-linked devices to safeguard crypto transactions and withdrawals

  • Software solutions, such as delayed transaction requirements

  • Physical security measures, including protection of storage devices within safes and vaults, installation of CCTV, and dummy transaction procedures to prevent front-running

  • Immediate notification of insurers when there is a change in circumstances, such as when co-signers’ change roles

Firms may also be required to implement certain mitigation measures as a condition of their insurance policies. For instance, at the inception of the insurance policy period, firms may be required to transfer their crypto assets into a new account with the creation of a new private key, thereby eliminating the risk posed by prior copies or theft.

For further information please visit Lockton’s Emerging Asset Protection (opens a new window) page, or contact:

Bob Williams, Vice President

T: +44 776 924 2297

E: bob.williams@lockton.com

Our latest LEAP content