With fintech growing in importance to The Rock, Gibraltar Insight caught up with Nicolas Palacios Capurro & Patrick Sheppard-Capurro from a company with a pioneering spirit in its DNA …
Capurro Insurance & Investments Limited is a family-owned and run company that has a business history dating back to 1876. The company’s operations are in the financial services market, primarily in Gibraltar, Spain and Portugal.
With over 140 years’ experience in the insurance industry, the firm prides itself on its highly experienced and qualified teams in Gibraltar and London – both able to adapt to global market trends with a proven history of delivering tailored solutions to their clients.
As a result of recent developments in the financial technology (fintech) sector in Gibraltar, Capurro have placed themselves on an educational journey to be able to better understand and meet clients’ requirements dealing within the fintech space.
In recent months, there has been rapid growth of this sector in Gib. With regulations having been introduced in January 2018, the Gibraltar Financial Services Commission (GFSC) has created a regulatory framework for Distributed Ledger Technology (DLT) companies wishing to operate from Gibraltar. This pioneering introduction is clear evidence of the desire to place Gibraltar as a safe and innovative jurisdiction from which DLT companies can operate.
The regulations are aimed at companies that are “carrying on by way of business, in or from Gibraltar, the use of Distributed Ledger Technology for storing or transmitting value belonging to others”. One clear example of such company is Coinfloor, the oldest cryptocurrency exchange in the UK who’ve become the first of over 35 applications to be licensed under the ground-breaking legislation. Another is Huobi, the third largest cryptocurrency exchange in the world who now have operations from Gibraltar.
There’s also been a lot of talk about initial coin offerings (ICOs) and what these really are. The GFSC and Government of Gibraltar have observed the rapid growth of ICO’s as a means of crowd funding. Whilst there are no set dates for regulations to come ‘live’, the Government of Gibraltar and the GFSC recently confirmed at the Gibraltar International Fintech Conference held in London on the 24th October 2018 that regulations for ICO’s are in the final stages of preparation and should come into force by the end of November 2018. Although this has not yet been confirmed, we believe that the new regulations will have similarities to those of the DLT framework and will therefore continue to re-enforce Gibraltar’s commitment in this space.
The GFSC principles
The DLT regulatory framework is based on 9 principles which DLT providers must satisfy. These are as follows:
*Conduct it’s business with honesty and integrity
*Pay due regard to the interests and needs of all it’s customers and communicate in a way that is fair, clear and not misleading
*Maintian adequate financial and non-financial resources
*Manage and control its business effectively, and conduct its business with due skill, care and diligence; including having proper regard to risks to the business and customers
*Have effective arrangements in place for the protection of customer assets and money when it is responsible for them
*Have effective corporate governance arrangements
*Ensure that all of its systems and security access protocols and maintained to appropriate high standards
*Have system in place to prevent, detect and disclose financial crime risks such as money laundering and terrorist financing
*Be resilient and have contingency arrangements for the orderly and solvent wind down
Insurance for DLT Providers
The introduction of the DLT framework, regulated by the GFSC, demonstrated the desire to position Gibraltar as a highly reputable jurisdiction and ultimately ensure the protection of customers’ interests.
Within the nine fundamental principles, the GFSC establishes the need for DLT businesses to be protected by insurance. The key covers should include professional indemnity, Directors’ & Officers’ liability, crime and cyber insurance.
This is where our Commercial/Fintech insurance teams, both in Gibraltar and in London, have worked tirelessly to be able to provide such DLT companies with the required insurance services. Due to this being such a young sector, there has been only muted interest from insurers in this market. As it’s such a young field, it’s fair to say there’s limited knowledge and expertise of underwriters regarding the DLT/Fintech sector. However, Capurro is committed to promoting Gibraltar’s involvement in this sector, working with leading underwriters to enter into this new market and helping to provide the education required. It is their mission to ensure that as an insurance broker, they’re able to educate London market underwriters and provide DLT/Fintech clients with the necessary insurance coverage for their businesses.
Why the London Market?
The London market is one of the world’s largest open markets for insurance, it is the place where many of the most complicated and largest risks are written from all over the world. The uniqueness of this market is due to the very unusual risks that have been written.
Capurro’s access to the London market is accomplished by maintaining long-standing working relationships with leading specialist Lloyd’s brokers who have joined them on this journey in this new market and negotiate preferential terms for clients from a range of quality insurers.
The key insurance covers
There are a number of key insurance covers which DLT/Fintech companies should have in place.
Professional indemnity insurance is a type of liability insurance that provides protection for those who provide services to clients. The cover is designed to protect the insured, if a client alleges that they have been provided with faulty or inadequate services. Under a professional indemnity insurance policy, the insured’s legal defence costs will be covered, along with any compensation payment that the insured may need to pay to the client for their financial loss, due to the inadequate services. The amount payable by the insurer in this situation is typically in excess of a self-insured retention and up to the limit of indemnity, with both of these amounts defined in the policy. Additionally, in many cases, clients may make allegations against the directors or officers of the company for lack of oversight and control, if applicable. This is where directors’ & officers’ liability insurance will come to the fore. With both professional indemnity and directors’ & officers’ liability insurance, there are various extra add-on features that may be included, where appropriate.
Reputation is everything
As we become increasingly dependent on technology, cyber risk is one of the most talked about topics. There isn’t a week when some sort of computer and privacy cyber risk is highlighted in the news. Take Facebook or British Airways scenarios, for example. It’s no surprise that cyberattacks have become the modern crime, which is why Capurro provides extensive cyber insurance products to protect clients’ businesses.
These cyber-attacks can happen in many ways such as, theft of funds where a hacker will steal money from a company’s bank account; damage to digital assets whereby a hacker is able to damage the system which your company works on, resulting in huge business interruption costs and in many cases leaving your business in great reputational prejudice; or data breach and privacy crisis management in which the firm’s customers’ personal information is exposed or stolen by a hacker or other criminal who has gained access to the firm’s electronic network.
If you believe that “Cyberattacks only affect large international companies” you are wrong. It is only because these large companies have news exposure and that it is not newsworthy to report about smaller companies.
If you believe that “The bank should be responsible to reimburse theft of funds from my account”, then you are wrong again. The bank will not be responsible if it involves you or an employee being negligent in allowing access to a hacker.
According to the Risk.net annual survey of operational risk practitioners, out of the top 10 operational risks for 2018, at #1 is IT disruption; at #2 is Data compromise; at #4 is Theft and fraud (particularly cyber) (source: https://www.risk.net/risk-management/5424761/top-10-operational-risks-for-2018 ). All of these risks are cyber related.
Data breach has now become an every-day occurrence but, unfortunately, as is the case with many insurance covers, most people do not recognise the need for the insurance until the disaster has already happened, when it is obviously too late. Since it is estimated that the average cost of a cyber-security breach is between £65,000 and £115,000 for a small/medium sized business, this has become one of the major issues of this decade.
To find out or discuss any of the products or topics mentioned in this article, please get in touch with our team (+350) 200 40850