Over the past few years, much has been made regarding blockchain technology and its potential to be a tool for streamlining a variety of business transactions. Some companies observe blockchain as a disruptive, revolutionary engineering that will transform the way they do the job, while others are more skeptical. With the hype, will 2017 be the break out year for blockchain in the insurance plan industry? Check out?The Insurance Significance of Blockchain, also from the April issue of Risk Management.
Distributed ledger technology, often called “blockchain,” is fast emerging as a potential solution with regard to businesses in many sectors, frequently with promises of higher security, reduced risk as well as greater efficiency. With just about any new technology, however, come new risks. Risk supervision professionals should understand, review and plan for the risks his or her organization will face resulting from the implementation of blockchain-not solely today but in the future. 3 risks in particular merit consideration.
1. Vendor Risks
Many industries and institutions exploring blockchain applications lack the institutional knowledge to develop and implement a new blockchain-based solution and deploy good contracts on any machine completely in-house. A robust blockchain-as-a-service market, along with numerous industry consortia, provide blockchain apps for specific use cases in several industries. The value of these services, however, is only as strong as the vendor providing the service, and this developing market, you will need to carefully select vendors make certain that proper contract conditions are in place to appropriately send risk to them.
As many of these companies are recent startups therefore may lack the assets to handle any loss arising from blockchain, associated risk managers should verify the insurance coverage for their organization under the vendor’utes insurance policies as an additional secured. The vendor’s coverage limitations need to be sufficient to cover losses that the company could uphold arising out of the vendor’s supply of blockchain services. Risk executives should also verify their corporation’s additional insured status simply by requiring a copy of the retailer’s insurance policy. Do not settle for certificates of insurance, which is not executed on the insurance carrier and is not proof of coverage. Hand-in-hand with this shifting with risk to the vendors’ insurance policies, contract documentation should note that risk-shifting while incorporating terms built to mitigate some of the pitfalls more insured coverage (such as boundaries on scope and offered limits found in many typical additional insured endorsements).
2. Credential Security
While blockchain offers a variety of new features as well as promises to improve information protection by automating the verification operation for transactions, systems are simply as secure as the feeder point. For a public system, any person who gains access to the private tips that allow a user to “sign” the ledger effectively becomes this user because current devices generally do not provide for multi-factor authorization. With bitcoin, for example, anyone with a personal key for a particular set of bitcoins could transfer those funds at will no matter what ownership. Because the security of private keys is entirely user-defined, loss in access is a real concern.
The same holds true for any application that uses any permissioned entry system, where buyers are invited and confirmed by the group to use the blockchain. Access to the blockchain-and with it the ability to accessibility and potentially modify data going forward-is only as obtain as the access system constantly in place to verify permissioned users. Traditional material risk management procedures it’s still imperative to manage and protected credentials on both public as well as permissioned blockchain applications.
3. Insurance Coverage Gaps
With any new technology, existing insurance coverages may contain wording in insurance grants, coverage extensions, circumstances, definitions and exclusions this eliminate coverage for failures simply because the loss is related to any operation or deployment of a blockchain.
By way of example, some business crime policies define income as a “government-backed currency.” In this definition, if a nuller gained unauthorized access to personal keys on the bitcoin blockchain and taken funds for his or her benefit, an insurance quote that would otherwise cover fraudulent transfers of money would not produce coverage for this loss simply because bitcoin is not a government-backed currency.
Similarly, an problems and omissions or professional culpability policy could exclude coverage for blockchain-based liabilities through a large cyber exclusion. It is essential, consequently, for risk managers so that you can conduct a detailed review of his or her organization’s insurance program to ensure the changes brought about by their organizations adoption of these new technologies never undercut essential insurance coverage due to restrictive policy language. Specialized policy, including some cyber coverage, may fill this distance. A careful policy review and periodic insurance audits will help mitigate this risk as being the organization implements blockchain technologies.