Insurance in the crypto space: the emerging international market for insurance of NFTs with a focus on the Commonwealth Caribbean
United States Supreme Court case of SEC v. WJ Howey Co ., 328 US 293, more specifically defined a security as “a contract, transaction or arrangement whereby a person invests his money in a joint venture and is led to expect profits solely from the efforts of the promoter or a third party.” As such, the US Securities and Exchange Commission (SEC) has declared that NFTs have the potential to be called securities given certain conditions, such as those described under the Bahamas policy above.
Securities are not traditionally insurable. Therefore, NFTs considered to be securities are likely not to be insurable. However, theories have circulated that the principles and policy forms that apply to either property, cyber or crime insurance may also apply to NFTS. Furthermore, art and species insurance has also been considered to be applicable for NFTs with NFTs that are categorized as specie – an asset of high value.
The fall of FTX, inherent risk of NFTs and existing insurance products
The arrest Monday night in the Bahamas, pending extradition to the United States, of collapsed cryptocurrency exchange FTX’s founder, Sam Bankman-Fried, reveals the uncertainty that continues to plague the cryptocurrency industry and related NFT markets. Charges by US federal prosecutors against Bankman-Fried include conspiracy to commit securities fraud and wire fraud – all of which have called into question not only the stability and reliability of cryptocurrencies and, by extension, NFTs, as financial products, but their ability to to be effectively regulated. .
In September 2021, FTX moved from Hong Kong to the Bahamas, likely as a result of the favorable regulatory environment. In contrast to the Chinese regulatory environment that had become increasingly restrictive for the cryptocurrency industry, the Bahamas made regulatory strides in the 2020 enactment of the Digital Assets and Registered Exchanges Act, 2020 (DARE) which regulates the emerging digital asset and cryptocurrency business on the island.
The failure of FTX has so far been linked to mass asset withdrawals from depositors revealing a US$8 billion deficit on the company’s books, leading to the company being filed for bankruptcy in November 2022. However, the precursor to FTX’s failure is being investigated by US officials and has to date been reported as being linked to the company’s potentially illegal transfer of billions in client assets to crypto hedge fund Alameda Research – a company also owned by Bankman-Fried.
The question remains to what extent FTX’s collapse implies any failure in either the regulation of cryptocurrencies or NFTs, or more specifically their inability to be effectively regulated?
The details of the cause of the collapse, potential regulatory failures, the digital asset liquidation process, and likely network of subsidiaries and other companies involved in the FTX collapse remain to be revealed, and are discussed in Part II of this article. But what can still be openly speculated from events so far is whether digital assets such as NFTs are inherently vulnerable to systemic vulnerabilities caused by the new technology underlying the assets and any potential regulatory failure.
The Bahamian DARE Act, which came into effect on December 14, 2020, is administered, pursuant to section 4 of the Act, by the Securities Commission of the Bahamas (SCB) which consists of a board of directors and several subdivisions including supervision, examinations, and enforcement departments to carry out the administration of actions in its area of responsibility. The law provides the legal framework under which FTX operated, and other cryptocurrency exchange powerhouses such as OKX, continue to operate.
The key question is whether the failure of FTX is a reflection of inadequate regulation of new financial assets, or whether it is simply the imperceptible result of corporate corruption such as Enron Corp. despite set regulatory frameworks. The answer is not entirely clear at this stage, as it will likely take many months for sufficient details surrounding FTX’s collapse to emerge
Nonetheless, the DARE Act provides a strong prototypical infrastructure for digital asset regulation. The Act defines a digital asset as a “digital representation of value distributed through a DLT platform where value is embedded or where there is a contractual right of use and includes without limitation digital tokens”; here DLT refers to distributed ledger technology. The Act further defines digital tokens to include virtual currency tokens and non-fungible tokens (or NFTs).
The purpose of the Act, i.e. regulation of the issuance, sale or trade of digital assets in or from the Bahamas, is realized under Section 5(1) which gives SCB the authority to:
- “Regulate, Monitor and Monitor the Issuance of Digital Assets and Persons Conducting Digital Asset Businesses in or from the Bahamas”; and
- “Develop rules, guidance and recommendations in connection with the implementation of digital asset operations and initial token offerings”.
Section 39 gives SCB the power to inspect and investigate businesses such as FTX, OKX or P08 that are registered under and regulated by the Act. Section 40 ensures that SCB can retain qualified outside agents to conduct necessary inspections and investigations of registered entities, thereby ensuring manpower to monitor registrants under the DARE Act. Part VI of the Act describes offences, penalties and sanctions for breaking the Act, and describes such offenses as failure to comply with the Act which attracts a person to willful misrepresentation which can result in both a fine and imprisonment for up to ten years.
DARE (Amendment Act), 2022 further empowers the SCB with quasi-judicial powers such as the ability to compel witnesses and produce documents, under Section 40A. If a witness does not comply with section 40A, section 40B states that SCB can apply to the court for the witness to be held in contempt. Section 46A further gives the SCB cross-jurisdictional enforcement powers in devising powers to issue five-day freezing orders stopping any dealing in digital assets or other property to assist in “the administration of digital assets legislation in another jurisdiction” if it considers it to be in the public interest.
SCB also sets annual examination, inspection and enforcement priorities in its administration of the DARE Act. The priorities for 2021 focused on corporate governance and the investigation of fraud schemes based on, for example, global financial crime trends.
Therefore, the risks associated with an NFT are as varied as the NFT itself. However, an NFT falls into two main categories in general, an entirely digital asset like Ayoung Chee’s NFT or an NFT that represents physical ownership of an asset of underlying value, such as the type offered by P08. As for the latter, insurance can certainly be provided for the underlying asset, probably in the case of P08, but the probability of loss in the NFT itself is currently an undefined concept.
However, it is indisputable that the owner of, say, the Winkelman $69 million NFT certainly wants to know that any potential risk of loss, whatever it may be, is insurable. The problem here is that popular consensus believes that the distributed ledger technology that supports an NFT is quite stable and secure, and as such the risk of “loss” of an NFT is minimal. The limitation in this reasoning, however, is that the technology is new, and thus the associated risks have not made themselves fully known.
Nevertheless, there are known risks, just not necessarily common enough to attract the full attention of the insurance market…yet.
For example, while blockchain is quite stable and secure, it is not immune to attacks or disruptions. The security level of the blockchain corresponds to the hash rate or computing power used in the blockchain’s proof of work. Therefore, the more powerful the computer systems used to do this work, the more secure the blockchain and the less vulnerable it is to attack. Nevertheless, there are various attacks that the blockchain, and thus NFTs, are vulnerable to, the most famous being the 51% attack.
The 51% attack involves a bad actor taking control of over 50% of the processing power of the blockchain network so that they can have majority control over the consensus algorithm – the algorithm that authenticates the metadata in a block in the blockchain and therefore would also authenticate an NFT. The proof of work consensus used by Bitcoin is, in the majority opinion, much more secure than the proof of stake consensus used by Ethereum which supports NFTs. In this way, an NFT can effectively be “stolen” or falsely validated, creating exposure to loss for the owner of the NFT. This is where insurance products such as property, cyber or crime will come into play.
Furthermore, case law from the United States District Court, Southern District of New York exemplifies the type of risk associated with NFTs, particularly in the case of Playboy Enterprises International Inc. v. www.Playboyrabbitars.app, et al., No. 21 Civ. 08932 (VM) (SDNY November 13, 2021). In that case, Playboy Enterprises brought suit against the defendants for trademark and unfair competition violations when the defendants sold “fake” Playboy Rabbitars NFTs on counterfeit websites using the Playboy trademark. NFTs are therefore subject to counterfeiting similar to designer clothing.
Trademark infringement is thus another way of being exposed to losses that may be suffered, not by owners of NFTs, but by their creators. Trademark infringement liability coverage may be available under a commercial general liability policy and provides coverage for defense costs, such as defending against a trademark infringement claim, or even counterclaims if the coverage is the plaintiff.
NFTs, and cryptocurrencies as well as digital art for that matter, are currently covered by art and art insurance policies by leading insurance companies.
Conclusion
Insurance solutions will vary according to the risk exposure of a particular NFT associated with the nature of that NFT, as well as the inherent property, cyber, crime or even potential intangible property-related risks; especially with very damaging risk potential as discussed earlier, largely because NFTs are still a highly unregulated market.
Nevertheless, the Commonwealth Caribbean region as a whole, and particularly new regulatory jurisdictions such as the Bahamas, is a hotbed of development in NFT, and cryptocurrency, space and so is likely to become a notable part of the evolving digital world market.
Regardless of developments in the NFT market and associated national regulations, Kennedys, with its breadth of insurance practice covering the very areas of insurance likely to apply to NFTs and with offices worldwide, is well positioned to continue to monitor this evolving asset market and provide advice to customers on the development of risk solutions, potential risk exposure and management.