In this multi-part series, The InsurTech Lawyer shares some thoughts on the opportunities for insurers in the Metaverse. Originally presented at the Association Internationale de Driot des Assurances (AIDA) conference in Zurich, 6-7 October 2022.
In Part 1 (Introduction), we introduced the idea of insurers playing in the Metaverse. In Part 2, we looked at Legal Proceedings and in Part 3 we considered Securities Class Actions. Today we take a look at potential Insurance Coverage under traditional covers. While the technology is new, liability issues still have its roots in traditional legal issues.
D&O insurance policies may provide cover for cryptocurrency related litigation however as always it is important to be wary of exclusions. The case of Kik Interactive Inc. v AIG Insurance Company of Canada  ONSC 8194 demonstrates the potential for standard exclusions to apply to cryptocurrency related litigation, as well as the complexities created by uncertainty between jurisdictions as to legal characterisation of cryptocurrencies.
In Kik, the insured had developed a cryptocurrency called ‘Kin’ and had intended to sell it to the public. Kik had intended to sell Kin in two phases. The first phase was to accredited investors, and the second phase was to the public. Kik had prohibited Canadian residents from purchasing Kin because the Canadian regulator considered it to be a security, and a sale would be a public offering of securities. Kik took the view that Kin was not a security in the United States and so did not register the security with the Securities and Exchange Commission (SEC).
The SEC brought enforcement proceedings against Kik, alleging Kik had failed to register Kin with the SEC and did not comply with US federal securities laws. Kik sought to defend the SEC proceedings and sought coverage from its D&O insurer, AIG. AIG denied the claim on the basis of a standard securities exclusion:
The Insurer shall not be liable to make any payment for Loss in connection with any Claim made against an Insured: […]
(j) alleging, arising out of, based upon or attributable to any public offering of securities by a Company, an Outside Entity or an Affiliate or alleging a purchase or sale of such securities subsequent to such public offering provided, however, this exclusion will not apply to:
Any public offering of securities (other than a public offering described in subparagraph 4(j)(1) above), as well as any purchase or sale of such securities subsequent to such public offering, in the event that within thirty (30) days prior to the effective time of such public offering: (1) the Named Entity shall give the Insurer written notice of such public offering together with full particulars and underwriting information required thereto; and (2) the Named Entity accepts such terms, conditions and additional premium required by the Insurer for such coverage. Such coverage is also subject to the Named Entity paying when due any such additional premium. In the event the Company gives written notice with full particulars and under writing information pursuant to subpart 4(j)(ii)(1) above, then the Insurer must offer a quote for coverage under this paragraph; or
The case against AIG in the Ontario Superior Court of Justice turned on the phrase ‘public offering of securities’. As explored earlier in this paper, whether a cryptocurrency is a security is a matter of law, however the law is of uncertain application. Kik sought to argue the exclusion did not apply on a number of fronts.
Kik argued that the meaning of the word ‘securities’ in the exclusion was ambiguous and that ‘public offering of securities’ meant an ‘initial public offering of shares’. This was because the exception to the exclusion referred to an ‘initial public offering’. The Court was not convinced with this argument, noting that the exclusion was broad and was not qualified to only capture ‘initial’ public offerings; the exclusion applied to all public offerings. Furthermore, the Court considered that the term ‘public offering of securities’ was not ambiguous and simply meant a sale to the public.
As a second ground, Kik also argued that the word ‘alleging’ in the exclusion was ambiguous. Kik argued that the exclusion only applied where there is no dispute that the item issued was a security, but the issue is whether the company in fact issued them. Kik contended the exclusion could not apply where it is alleged that something the company did not describe as a security is not a security. As Kik argued that the sale of Kin was not a sale of security, the exclusion could not apply. However, the Court was also unconvinced with this argument noting that as long as there is an allegation of a claim arising out of a public offering of securities, the claim is excluded. Similarly, the Court did not agree with Kik’s argument that the word ‘securities’ in the policy only applied to ‘shares’. While shares are one type of security, they are not the only type.
Ultimately the Court held that the exclusion applied to the claim because the SEC Complaint alleged that the purchases of Kin were a purchase of unregistered securities. Accordingly, the exclusion was made out.
This case highlights the unique risks arising from cryptocurrency related litigation:
- the decentralised and perceived unregulated nature of cryptocurrency led Kik to provide a worldwide offering of its cryptocurrency, while if it was a typical security it would be offered only in particular jurisdictions;
- the potential for different characterisation in different jurisdictions appeared to influence Kik when deciding where to offer Kin to the public. It was clear to it that it would be a security in Canada but it took a bet on the United States; and
- Kik took a bet that Kin was not a security under the US laws, but the insurance exclusion applied to a situation where the SEC had alleged it was a security.
Some other D&O risks arising from cryptocurrencies
The challenge for directors and officers of companies that now have cryptocurrency on their balance sheet is understanding how they can best discharge their duty of exercising their powers with due care and diligence in respect of a subject matter they may know little about. A significant risk that comes to mind is security of cryptocurrency. Access to cryptocurrency is by way of a private key, an alphanumeric code. Anyone with knowledge of the code is able to transact the cryptocurrency. Loss of the alphanumeric code, or a typing error in preparing a transaction, may render the cryptocurrency lost forever.
Without ensuring robust security processes for these private keys, it is questionable whether directors and officers are discharging their duties with due care and diligence. Loss of cryptocurrency may occur due to failure put into place such protocols, and if the amounts are significant, could lead to allegations of mismanagement of the corporate treasury function. D&O insurers may wish to inquire on whether companies intend to hold cryptocurrency, how such currency may be stored, whether a third party provider is utilised, and the security protocols in place to mitigate against theft. For example, use of a hot storage provider (where the crypto wallet is connected to the internet) may be viewed less favourably as cold storage (physical offline storage) due to the greater risk of hacking losses. Similarly, security protocols requiring multiple signatures (multisig) also mitigate against loss as multiple keys will be required to authorise a transaction.
These issues are even more significant for cryptocurrency exchanges, companies whose business is in holding crypto and performing transactions on behalf of others. As illustrated above, cryptocurrency exchanges are increasingly being targeted by plaintiffs.
Click here to read Part 5 (DAOs)
Tim Chan is an insurance & insurtech lawyer at global law firm Norton Rose Fulbright and Founder of The InsurTech Lawyer blog. He regularly advises insurers and startups on emerging legal issues affecting the industry. Follow Tim on Twitter: @timinsydney