This week, SEC Chairman Jay Clayton issued a statement on Initial Coin Offerings (ICO) addressing the legality, fairness, and risks associated with those offerings. Although the agency’s bulletin was one of many recent public statements by federal agencies on ICOs and cryptocurrencies generally, this new warning highlights additional issues and concerns with the ICO phenomenon that are particularly relevant to insurance coverage.
First, the SEC’s statement reinforced the increasingly publicized perils associated with offering or participating in ICOs. Given the risks of allegations of fraud, market manipulation, and other wrongful conduct (even if meritless), entities contemplating ICOs face legitimate exposure to claims by investors and government agencies that traditionally would be covered by D&O insurance. The existing market for ICO insurance is extremely limited, but based on current forms, companies seeking D&O coverage for ICOs should consider the following issues.
- A threshold issue in determining potential D&O coverage for ICOs relates to the ability or willingness of a carrier to offer coverage for claims arising from an ICO. Some commentators have pointed to unique challenges related to geography, valuation, corporate structure, quality control, and regulatory hurdles posed by ICOs that insurers may deem too risky or simply inappropriate for D&O coverage. On the other hand, insurers are often quick to categorically exclude certain types of new claims (the proliferation of TCPA-related exclusions comes to mind) but have not yet taken a similar approach to ICOs, signaling that insurers may not want to abandon opportunities in this new market prematurely.
- Assuming coverage is available, one primary focus in evaluating coverage is whether the cryptocurrency tokens at issue are “securities” subject to state and federal regulation. The argument for and against both sides is still developing, but several companies have issued white papers in conjunction with ICOs taking the position that their tokens are not securities. In a July 2017 investor bulletin, the SEC took the position (now backed by subsequent enforcement activity) that “[d]epending on the facts and circumstances of each individual ICO, the virtual coins or tokens that are offered or sold may be securities.” Companies and their corporate officers contemplating ICOs can try to mitigate post-offering exposure through D&O insurance, but private company D&O forms typically include broadly worded public offering or securities exclusions. Therefore, unless the particular coin offering is exempt from registration, companies will have to look to public company D&O forms, which offer coverage for securities claims but are generally harder to place and may be subject to more stringent exclusions and underwriting requirements.
- Public company D&O forms often include “conduct” exclusions barring coverage for fraud, intentional violations of laws, and illegal personal profit. Whether deservedly or not, ICOs have gotten a reputation for operating at the fringe of legality, with one former SEC commissioner stating bluntly that ICOs are “the most pervasive, open and notorious violation of federal securities laws since the Code of Hammurabi.” The SEC’s recent statement refers to “fraud,” “manipulation,” and potential “refunding” of investments “if something goes wrong,” all of which, if alleged as part of a claim, could trigger exclusions under D&O policies. Companies should carefully review policy language to address these risks and, if possible, tailor any exclusions narrowly to maximize potential coverage for ICO-related activities.
Second, for the first time, the SEC’s statement specifically warned “market professionals,” including securities lawyers, accountants, and consultants, of the risks entailed in assisting companies in evaluating, planning, and executing ICOs. The inherent complexity and unpredictable nature of coin offerings as investment vehicles has always posed a legitimate risk of exposure under policies other than D&O. But the SEC has now underscored additional potential liability of secondary actors in ICOs that likely have various levels of insurance coverage for the professional services they provide.
- E&O / Professional Liability: Errors and omissions insurance covers companies and individuals in the event that a client holds them responsible for providing or failing to provide a professional service that did not have the expected or promised results. In the context of the “market professionals” identified in the recent SEC statement, this would include claims against the lawyers, accountants, broker-dealers, investment advisors, and consultants involved in an ICO who may be named as defendants in post-offering lawsuits if the token loses value or the ICO otherwise does not go as planned. For the same reasons that the offering company should not overlook its own insurance, other market professionals should ensure that their own professional liability exposure is adequately protected in the event of an ICO-related claim.
- Cyber / Crime: FINRA has warned that “[n]ew technologies and topics that are the subject of media buzz are often used by fraudsters as an opportunity to dupe investors.” Operating with little oversight and established procedural safeguards compared to traditional offerings, ICOs are prime targets for hackers. Fraudsters often focus on the weakest link in the computer network, which often times is a vendor or other secondary player, in order to gain indirect access to the “crown jewel” at the primary target. Companies involved in ICOs should consider purchasing cyber and crime coverage, including coverage for social engineering coverage, to protect from hackers or other fraudulent actors who attempt to infiltrate computer systems to benefit from or disrupt the ICO.
- Cross-Border: The global reach of ICOs offered through the internet is a significant advantage provides significant advantages but can also lead to increased regulation and liability outside the United States if problems arise with foreign investors. European regulators, for example, have issued recent warnings regarding the risks of ICOs. If companies involved in ICOs have international presence or investor claims involve alleged wrongful acts taking place in foreign countries, traditional liability policies may not apply. Companies should be sure to review their liability policies or address potential international exposure, including by reviewing provisions regarding coverage territory and applicable law and venue.
Companies contemplating an ICO, as well as those market professionals assisting in those efforts, are becoming well-aware of the inherent risks in this exciting new field, but should not overlook ways to mitigate that risk by negotiating robust insurance coverage to maximize recovery in the event of a claim.