Insuring Fintech: What's the risk?
On 19 March 2024, we invited clients and colleagues to our fantastic AI – Insurance Reimagined event (see here for more information).
One of the hot topics discussed by our colleague Nichola Donovan was the multitude of challenges we’re seeing arise in technology contracts. These include (but are certainly not limited to):
- sector specific regulatory requirements (for example, those that apply to outsourcing and cloud services and, of course, a growing spectrum of AI regulation);
- considerations around intellectual property (including, for each category of IP concerned, ownership rights and licence rights); and
- balancing a customer’s requirement to ensure appropriate oversight and control against a providers’ need to protect its product and shared environments.
Hearing these insights from our Intellectual Property and Technology colleagues, prompted us to think about the ever-present issues faced by new and developing Fintech companies – based on the same, but perhaps often heightened, challenges. Technology is redefining the financial services sector and the way businesses interact with clients and customers. Fintech companies can be exposed to additional risks when considering the need for an ability to rapidly scale up, including the risks arising from their technology contracts.
Of course, risks to Fintech companies are frequently being transferred to their insurers. With the benefit of a Q&A with our Fintech colleagues, we have identified some of the perhaps most prominent claims risks that will be on insurers’ horizons with a number of key product lines becoming exposed.
The headline question we asked of our colleagues was: what types of exposures are Fintech companies most worried about?
The answer…
Start-ups will have different exposures to the more mature providers, but there are some common themes that all Fintech companies are thinking about daily. These include:
- Contractual risk: The contractual risks we’ve discussed generally in the context of technology contracts loom large for Fintech companies. Investors backing new technology will expect start-ups to grow quickly and the pressure to generate revenue, coupled with the relative weakness in bargaining position, may mean that new entrants are more likely to accept (whether knowingly or through inexperience) unfavourable terms in order to secure an attractive high value contract. This may expose start-ups to greater, or unexpected, liability, or may even restrict the way in which they can do business in the future.
- Cyber-attacks: Virtually all companies are potential targets for cyber-attacks, which is a key concern for Fintech companies because of the data they are holding. This is not just about the volume of data (which is often quite large), but also the type of data – Fintech companies will almost certainly hold personal data and sensitive information (such as credit scoring), which is valuable and desirable to cyber criminals. Fintech companies will need support and resources to maintain appropriate cybersecurity – start-ups in particular may not have this ready-to-go in-house and are likely to look to external suppliers.
- Rapid growth: Fintech companies are aiming to seize opportunities and edge out their space in the market with speed and efficiency. The wish for quick growth and development may also present risks. As Fintech companies scale their business, the customer base is likely to grow rapidly, placing great pressure upon risk management procedures to be developed and maintained at pace too. In such high pressure circumstances, questions often arise for start-ups, for example, as to whether it has adequate processes in place to oversee and manage its third party service providers, especially those that are critical to operations and onward service provision and also whether processes for onboarding customers are robust and effectively implemented. Rapidly growing Fintech companies are, we often see, under the particular attention of regulators.
- Financial crime: Fintech has transformed the ease of global transfer of funds with fast digital payments. It’s perhaps no surprise that hackers are targeting Fintech companies, exploiting vulnerable automated payment systems to intervene in real transfers and to create fake user profiles to facilitate the potential for criminal activities like money laundering. There is real and increasing concern about the prevalence of social engineering attacks – leveraging on rapidly evolving technology to make impersonation scams much more sophisticated (the true-to-life AI deepfakes are a stand-out example).
- Reputational risk: Of course, all of these risks (to mention only a few) bring with them the overarching concern for protecting reputation. Where there is a heightened risk of data breach (or at least a perceived heightened risk), and regulatory interest, even where no issues actually arise, reputational impact can be irreversible and costs of dealing with public relations specialist, as well as responding to regulatory queries, can be substantial.
These thoughts are of course not intended to be exhaustive, but thinking about the sorts of challenges our Fintech clients are facing prompted us to consider alignment with the insurance sector and how insurers can not only protect the technology sector, but in doing so, support and encourage innovation and dynamic change.
For more about the work DLA is doing with Fintech companies, see Fintech. We’re also pleased to work alongside excellent Data, Privacy and Cybersecurity teams, all of whom are ready to answer any more questions our insurer sector clients might have about the risks their Fintech policyholders are facing.
The UK Insurance and Reinsurance Disputes team forms part of DLA Piper's leading, multi-disciplinary, global insurance sector, consisting of over 400 lawyers representing major insurance and reinsurance companies internationally on all aspects of their business, including claims, disputes and investigations, transactional, regulatory and all forms of commercial advisory work. Find out more about DLA Piper's insurance capabilities in the UK and globally.