If you are reading this Legal Update, chances are that you have already heard of Decentralized Finance (DeFi). Put simply, DeFi is a decentralized platform that enables peer-to-peer provision of various types of financial services without the need for a central intermediary (such as a bank). DeFi transactions are enabled by public blockchains, such as Ethereum, Solana, Terra and Avalanche.
The volume of transactions that take place in the DeFi space is massive and is continuing to grow exponentially, as measured by the overall value of cryptocurrency assets deposited in DeFi protocols (i.e., “total value locked” or “TVL”). Given the growth experienced by the DeFi market, it is not surprising that DeFi users have sought to take advantage of risk allocation devices similar to those used in other markets and industries. One such risk allocation device is insurance. Given the fact that DeFi is—by its nature—decentralized and its users are accustomed to decentralized financial products, it makes sense that insurance solutions provided to DeFi users would likewise have decentralized characteristics. Indeed, we have seen a number of providers established recently in the emerging decentralized insurance space for the purpose of offering decentralized insurance solutions. However, insurance coverage of events that affect the DeFi ecosystem (e.g., cybersecurity coverage for DeFi exchanges) need not be decentralized—which provides ample opportunity for existing providers of such insurance coverage to expand their current offerings into the DeFi market.
In either case, insurance providers will need to ensure that their operations are in compliance with the insurance regulatory framework in the United States, which is complex and nuanced. These nuances will be familiar to current insurance industry participants but may not be as obvious to new entrants to the market, such as decentralized insurance providers. Each US state has its own code of insurance laws and its own insurance regulatory authority that enforces and monitors compliance with those laws. This means that offering an insurance product on a nationwide basis in the United States—regardless of whether the insurance product is decentralized or not—requires an operating model that is compliant with the insurance laws of over 50 US states and other jurisdictions. Some considerations that are important in structuring an insurance provider’s operations—including providers of coverage to DeFi—include the following:
1. Operating as an Insurance Company. US state insurance laws uniformly require a person that transacts an insurance business in a US state to be licensed as an insurance company in that state unless a state-specific exemption from such licensing requirements applies. The scope of activities that constitute “transacting” insurance is typically very broad. For example, issuing or delivering an insurance contract in a US state would generally be considered “transacting” an insurance business in that state and would therefore require the person engaging in such an activity to be licensed as an insurance company. While we have seen arguments that a DeFi insurance solution offered via a smart contract should not constitute an “insurance contract,” we believe that state insurance regulators would likely view such arguments with skepticism. While the definition of “insurance contract” varies significantly from state to state, an insurance regulator would typically view a contract that satisfies that definition to be an insurance contract—regardless of the form in which it appears (i.e., a smart contract could be an insurance contract even if no insurance policy is issued to the customer so long as the smart contract meets the definition of “insurance contract” under the relevant state’s law).
As an illustrative example, the New York Insurance Law generally defines an “insurance contract” as any agreement “or other transaction” whereby one party becomes obligated to confer benefit of pecuniary value on another party depending on (1) a fortuitous event (i.e., an event that is substantially beyond the control of either party) in which (2) the latter party has a material interest that will be adversely affected by such event. In our view, a smart contract would constitute an agreement “or other transaction” between the insurance provider and a customer, and—so long as the smart contract obligates the provider to compensate the customer depending on the happening of a fortuitous event that adversely affects the customer—this type of smart contract would very likely constitute an “insurance contract” under the New York Insurance Law. Accordingly, an insurance provider that issued a smart contract such as this for New York customers would be required to be licensed as an insurance company in New York unless an exemption from such licensing requirements were applicable.
2. Other Licensable Activities. Depending on the specific US state insurance laws, certain licensing requirements may apply to activities such as marketing insurance products, adjusting or settling insurance claims, receiving compensation in the form of a percentage of insurance premiums (i.e., commissions), underwriting insurance products, receiving insurance premiums and a wide variety of other activities related to insurance. These licensing requirements are enforced by state insurance regulators strictly. As one example, a cloud-based platform that offered insurance solutions to its customers and was licensed as an insurance agency—but failed to ensure that all of its employees had the appropriate insurance licenses and failed to comply with certain other state insurance laws—recently became subject to a multi-state investigation and was required to pay millions of dollars in fines.
These licensing requirements may be applicable to the decentralized insurance provider itself or to its partners or investors. For example, if a decentralized insurance provider has organized a decentralized autonomous organization (DAO) whose members have the authority to vote on whether a particular insurance claim should be paid, state insurance regulators might take the position that these voting rights permit DAO members to adjust or settle claims and therefore require them to be licensed as independent adjusters. As another example, a third party engaged by a decentralized insurance provider to market its products may be considered by state insurance regulators to be selling, soliciting or negotiating insurance—activities that typically require the person performing them to be licensed as an insurance producer.
3. Rebates and Inducements. Most US states have enacted insurance laws prohibiting insurance companies, insurance agents, insurance brokers and other licensees from paying any rebate of an insurance premium to an insured or providing any special advantage or favor to any insured that is not specified in the insurance policy. These laws would typically prohibit a decentralized insurance provider from, for example, offering lower insurance premium rates to holders of its DeFi token or to the members of its DAO or from offering free or discounted products or services (such as token “airdrops”) to its insureds or to applicants for its insurance products.
4. Reserve Requirements. US state insurance laws typically require an insurance company to maintain reserves for purposes including the payment of losses and claims and the expense of adjusting and settling claims. If a decentralized insurance provider is using a liquidity pool model for some or all of its reserves, whereby liquidity pool participants are compensated with tokens for providing reserve liquidity to the pool, state insurance regulators may assert that the liquidity pool is not sufficiently large to ensure that the insurer is adequately reserved and/or that the liquidity pool does not constitute the insurance provider’s assets to the extent liquidity may be withdrawn from it by participants at any time.
The above list of insurance regulatory considerations is not exhaustive but does represent some key areas on which we would expect state insurance regulators to focus in reviewing a decentralized insurance provider’s operations.
While these insurance regulatory hurdles may be challenging to overcome, they also present a significant opportunity for an insurance industry participant that both employs sophisticated underwriters with knowledge of the DeFi space and understands the US insurance regulatory framework to capture a significant proportion of the still-nascent US DeFi insurance market. Moreover, capturing this market could lead to cross-pollination opportunities in offering other types of insurance products (i.e., not just those related to DeFi) to consumers in the DeFi space. Just as with the now-established insurtech market, working within the boundaries of US state insurance laws will likely prove to be critical to decentralized insurance market participants as they seek to expand their operations and broaden the scope of their product offerings.