Tag Archives: digital currency

What’s in Store for Blockchain?

Blockchain, blockchain, blockchain! What does that mean for insurance? No one knows yet, but that doesn’t stop blockchain from being one of the hottest topics in the insurance industry right now. This week, I take a look at the direction this puck is heading.

Hype or reality?

Last September, the World Economic Forum published a report titled, Deep Shift – Technology Tipping Points and Societal Impact. The report is based on surveys with more than 800 executives and experts about new technologies and innovations. The point of the report is to identify deep shifts in society that result from new technologies. These include areas such as 3D printing, driverless cars, wearables and artificial intelligence.

I was drawn to shift No. 16, simply called “Bitcoin and the blockchain.” By 2025, 58% of these experts and executives believed we would hit the tipping point for Bitcoin and blockchain. This was defined as:

“10% of global gross domestic product will be stored on blockchain technology.”

To put that into context, the total worth of Bitcoin today in the blockchain is about 0.025% of today’s $80 trillion global GDP.

Also of interest, especially given that it looks like Tunisia will be the first country to issue a digital currency on a blockchain, shift No. 18 was called “Governments and the blockchain.” Here, almost three out of four in the survey group expected that “governments would collect tax via a blockchain by 2023.”

It’s a reality then!

It’s certainly looks that way. And $500 million of venture capital money in 2015 can’t be wrong, can it?

The prospect of a seismic shift on a par with the impact of the Internet is compelling. That explains all the attention, predictions and excitement about blockchain. But, if we use the evolution of the Internet as a benchmark, the development of blockchain today for commercial use is equivalent to the Internet in, say, the mid-1990s, at best.

The debates on Bitcoin, on whether private or public blockchains will be used, on Sybase vs Oracle (oops, wrong century) are yet to play out. The ability of the Bitcoin blockchain to scale to handle massive volumes at lightning speed remains unproven.

Now, just as it was in 1995, blockchain technology is at an embryonic stage. Still finding its way, it has yet to prove it is a viable, industrial-strength, large-scale technology capable of solving world hunger.

That is why I am going to focus on the use case for insurance rather than the technology itself. (For one explanation of how blockchain works, go to Wired.)

The smart insurance contract

This is getting the most attention right now. The notion of automating the insurance policy once it is written into a smart contract is compelling. The idea that it will pay out against the insurable event without the policyholder having to a make a claim or the insurer having to administer the claim has significant attractions.

First, the cost of claims processing simply goes away. Second, the opportunity for fraud largely goes away, too. (I hesitate here simply because it is theoretical and not yet proven.) Third, customer satisfaction must go up!

One example being used to illustrate how these might work came from the London Fintech Week Blockchain Hackathon last September. Here, a team called InsurETH built a flight insurance product over a weekend on the Ethereum platform.

The use case is simple. In the 12 months leading up to May 2015, there were 558,000 passengers who did not file claims for delayed or canceled flights in and out of the UK. In fact, fewer than 40% of passengers claimed money from their insurance policy.

InsurETH built a smart contract where the policy conditions were held on blockchain. Using the Oraclize service to connect the blockchain with the Internet, publicly available data is used to trigger the insurance policy.

In this case, a delayed flight is a matter of fact and public record. It does not rely on anyone’s judgement or individual assessment. It is what it is. If a delayed flight occurs, the smart contract gets triggered, and the payout is made, automatically and immediately, with no claims processing costs for the insurer and to the satisfaction of the customer.

Building on this example and applying it to motor, smart contracts offer a solution for insurers to control claims costs after an accident. A trigger that there has been an accident would come to the blockchain via the Internet from a smartphone app or a connected car. Insurers are always frustrated when customers go a more expensive route for repairs, recovery and car hire. So, with a smart contract, insurers could code the policy conditions to only pay out to the designated third parties (see related article by Sia Partners).

So long as the policy conditions are clear and unambiguous and the conditions for paying are objective, insurance can be written in a smart contract. When the conditions are undeniably reached, the smart contract pays. As blockchain startup SmartContract put it, “Any data feed trusted by a counterparty to release payment or simply complete an agreement can power a smart contract.”

To understand this better, I asked Joshua Davis, the technical architect and co-founder at blockchain p2p InsurTech Dynamis, to explain. He said:

“You need well-qualified oracle(s) to establish what ‘conditions’ exist in the real world and when they have been ‘undeniably reached.’  An oracle is a bridge between the blockchain and the current state of places, people and things in the real world.  Without qualified oracles, there can be no insurance that has any relation to the world that we live in.

“As far as oracles go, you can use either a single trusted oracle, who puts up a large escrow that is lost if they feed you misinformation, or many different oracles who don’t rely on the same POV [point of view] or data sources to verify that events occurred.

“In the future, social networks will be the cheapest and most used decentralized data feeds for various different insurance applications.  Our social networks will validate and verify our statements as lies or facts.  We need to be able to reliably contact a large enough segment of a claimant’s social network to obtain the truth.  If the insurance policy can monitor the publishing or notification of our current status to these participants and their responses accurately confirm it, then social networks will make for the cheapest, most reliable oracles for all types of future claims validation efforts.”

Is this simply too good to be true?

Personally, I don’t think it is. Of course, a smart contract doesn’t have to be on the blockchain to deliver this use case.

However, what the blockchain offers is trust. And it offers provenance. The blockchain provides an immutable record and audit trail of an agreement. The policyholder does not have to rely on the insurer’s decision to pay damages because the insurer has broken its promise to keep the client safe from harm. As the WEF report states, this is an “unbreakable escrow.” The insurer will pay before it even knows what happened.

There’s another reason for going with the blockchain: cybersecurity!

With the blockchain sitting outside the corporate firewall and being managed by many different and unconnected parties, the cyber criminal no longer has a single target to attack. As far as I’m aware, blockchain is immune to all of the conventional cyber threats that corporations are scared of.

What happens when you put blockchain and P2P insurance together?

In December, I published a two-part article on Peer 2 Peer Insurance (here are Part 1 and Part 2). When you put the P2P model together with the blockchain, this creates the potential for a near-autonomous, self-regulated insurance business model for managing policy and claims.

Last year, Joshua Davis wrote an interesting white paper called “Peer to Peer Insurance on the Ethereum Blockchain.” He presents the theory behind blockchain and the creation of decentralized autonomous organizations (DAO). These are corporate entities with no human employees.

The DAOs would be created for groups of policyholders, similar to the P2P group model with the likes of Guevara and Friendsurance. No single body or organization would control the DAO; it would be equally “controlled” by policyholders within each group. All premiums paid would create a pool of capital to pay claims.

And because this is a self-governing group with little or no overhead, any float at the end of the year would be distributed back among the policyholders. Arguably, this makes the DAO a non-profit organization and materially increases the capital reserve for claims costs.

The big question mark for this model is regulation. There still is no answer to who will maintain the blockchain code within each DAO when regulations change. But, what does seem a dead certainty is that someone, somewhere is figuring out how to solve this.

Blockchain offers the potential for new products and services in a P2P insurance model. It should also open insurance to new markets, especially those on or near the poverty line.

For now, we must watch to see what comes from the likes of Dynamis, which is using smart contracts to provide supplementary employment insurance cover on Ethereum.

Innovation will come from new players

It has been my belief for some time that, in the main, incumbent insurance firms will not be able to materially innovate from within. As with Fintech, the innovation that will radically change this industry will come from new entrants and start-up players, such as:

Dynamis

SmartContract

Rootstock

Everledger (see previous article on Daily Fintech)

Tradle

Ethereum Frontier

Codius (Ripple Labs) (update: Codius discontinued)

This is particularly true with blockchain in insurance. These new age pioneers are unencumbered by corporate process, finance committees, bureaucracy and organizational resistance to change.

Besides, the incumbent insurance CIOs have heard this all before. For decades, software vendors have promised nirvana with new policy administration, claims and product engines. So, why should they listen to the claims that blockchain is the panacea for their legacy IT issues? But,  that is a subject for another post … watch this space!

Ransomware: Your Money or Your Data!

Your client, ABC Corp. is going about its business and then gets this message:

police

The above is a typical ransomware message, according to a recent Symantec Security Response report. What’s next? Pay the “ransom” and move on? Ransomware is a type of malware or malicious software that is designed to block access to a computer or computer system until a sum of money is paid. After executing ransomware, cyber criminals will lock down a specific computer or an entire system and then demand a ransom to unlock the system or release the data. This type of cyber crime is becoming more and more common for two reasons:

1. Cyber criminals are become increasingly organized and well-funded.

2. A novice hacker can easily purchase ransomware on the black market.

According to the FBI, this type of cyber crime is increasingly targeting companies and government agencies, as well as individuals. The most common way that criminals execute their evil mission is by sending attachments to an individual or various personnel at a company. The busy executive opens the file, sees nothing and continues with his work day. However, once the file has been opened, the malware has been executed, and Pandora has been unleashed from the box!

Now that the malware has been unleashed, a hacker can take over the company’s computer system or decide to steal or lock up key information. The criminals then make a “ransom”demand on the company. The ransom is usually requested in bitcoins, a digital currency also referred to as crypto-currency that is not backed by any bank or government but can be used on the Internet to trade for goods or services worldwide. One bitcoin is worth about $298 at the moment. Surprisingly, the amounts are generally not exorbitant (sometimes as nominal as $500 to $5,000 dollars). The company then has the choice to pay the sum or to hire a forensics expert to attempt to unlock the system.

The best way companies can attempt to guard against such cyber crime attacks is by educating employees on the prevalence and purpose of malware and the danger of opening suspicious attachments. Employees should be advised not to click on unfamiliar attachments and to advise IT in the event they have opened something that they suspect could have contained malware. Organizations should also consider backing up their data OFF the main network so that, if critical data is held hostage, they have a way to access most of what was kidnapped. Best practices also dictate that company systems (as well as individual personal devices) be patched and updated as soon as upgrades are available.

Finally, in the event you are a victim of a ransom attack, you would need to evaluate it constitutes a data breach incident. If the data hijacked is encrypted, notification is likely not necessary (as the data would be unreadable by the hacker). However, if the data was not encrypted, or you cannot prove to the authorities that it was, notification to clients or individuals is likely necessary.

Takeaway

Cyber extortion is more prevalent than most people realize because such events are not generally publicly reported. To protect against this risk, we recommend that companies employ best practices with respect to cyber security and that they consider purchasing a well-tailored cyber policy that contains cyber extortion coverage. Such coverage would provide assistance in the event a cyber extortion threat is made against the company, as well as finance the ransom amount in the event a payment is made.

Bitcoin Is Here to Stay and Will Transform Payment Systems

Since the digital currency known as Bitcoin came on the scene in 2009, much has been written about it, both good and bad.  However, it seems clear that Bitcoin’s underlying “protocol” has the potential to transform the global payments system. Entrepreneurs are flocking to the Bitcoin protocol. Private equity and venture capital, most notably in Silicon Valley, have also begun to make substantial investments in the technology.

The technology for “crypto-currencies” like Bitcoin may hold particular promise for opening up the financial system to the masses of individuals in the world’s poorest countries, the majority of whom do not have access to bank accounts. The technology also has implications far beyond the financial system and could have fundamental impact on voting, legal contracts and real estate transactions, to name just a few.

A debate is raging over whether Bitcoin should be regulated, and, if so, how far regulation should go, to minimize any dangers while not suppressing innovation as Bitcoin develops out of its “infancy.”

Several events have galvanized those in favor of more robust regulation. In October 2013, the FBI arrested Ross Ulbricht, a.k.a. “Dred Pirate Roberts,” who is alleged to have been the mastermind behind Silk Road, a website that was devoted to selling illegal drugs and other illicit items and services. The sole medium of exchange on Silk Road: Bitcoin. In January 2014, Charlie Shrem, a well-known member of the Bitcoin community and the CEO of BitInstant, one of the best-known and largest Bitcoin exchanges at the time, was arrested on money-laundering charges. Then, Mt. Gox, a Tokyo-based digital currency exchange, collapsed, and the loss of millions of dollars of customer Bitcoins spread through the news like wildfire. Taken together, these events have caused many fraud prevention professionals working in law enforcement, regulatory agencies, compliance departments and other institutions where digital currencies could conceivably be an issue to eye Bitcoin and other “alternative” currencies with a healthy dose of skepticism.

In spite of these events, Bitcoin has been gaining support commercially among merchants and retailers. The Sacramento Kings of the National Basketball Association, the Chicago Sun-Times and Overstock.com, among others, now accept Bitcoins as a method of payment. Thousands of small businesses scattered across the U.S., with notable concentrations in San Francisco and New York, also are accepting Bitcoins.

Because Bitcoin is a disruptive technology, there were no real applicable regulatory or enforcement mechanisms in place when Bitcoin came into existence in 2009. The nature of the Bitcoin protocol is such that regulations already in existence, in most cases, could not be easily adapted. The exchange, transmission, trade, securitization and commoditization of Bitcoins all have regulatory implications. Regulators are rightly concerned about such issues as consumer protection, anti-money laundering/countering the financing of terrorism, fraud prevention and other important issues.  However, because of Bitcoin’s disruptive nature, the application of existing regulations often places Bitcoin in a regulatory “gray zone.”

In March 2013, the U.S. Financial Crimes Enforcement Network, known as FinCEN, issued guidance that characterized Bitcoin exchanges in such a way that they must register with FinCEN and follow the Bank Secrecy Act’s (BSA) anti-money laundering (AML) regulations. Exchanges also must develop bank-level AML and Know Your Customer compliance standards for their businesses.

In July 2014, the New York Department of Financial Services (NYDFS) issued proposed regulations regarding “virtual currencies.” The proposal has entered a 45-day comment period. The proposal would require companies involved in virtual currency business activities to have in place policies and procedures designed to mitigate the risks of money laundering, funding terrorists, fraud and cyber attacks. At the same time, the regulations seek to impose privacy and information security safeguards on companies operating in this environment.

As the country’s leading financial center, New York has taken the lead in proposing regulations that seek to balance the need for anti-money laundering, fraud prevention and consumer protection safeguards against the desire to promote innovation within the nascent digital currency industry. Though it is unclear whether the proposed regulations achieve these ends, it might be argued that these regulations are preferable to a regulatory vacuum that leaves industry insiders and investors with more questions than answers. However, the danger of overregulation is that it could drive away legitimate industry actors and the innovation that would follow. Absent investment and innovation in the industry, the technology is largely left in the hands of those who wish to exploit it for nefarious purposes.

Only time will tell.

KEY TAKEAWAYS

1)  Digital currency technology is here to stay, and overregulation could stifle investment and innovation in the industry, leaving the technology in the hands of those who wish to exploit it for nefarious purposes.

2)   Bitcoin technology is still in its infancy, and venture capital and private equity elements are beginning to show real interest in the technology’s exciting potential to transform certain business practices across a wide range industries.

3)  Regulatory agencies have only recently begun to take notice of the potential issues that this disruptive technology presents.