Banks increasingly insure against cyberattack, rogue traders

Banks increasingly insure against cyberattack, rogue traders | Insurance Business

Banks increasingly insure against cyberattack, rogue traders
Banks, including Credit Suisse, Deutsche Bank, and Lloyds, are increasingly turning to insurance to mitigate against the rising frequency and severity of operational risks, such as rogue trading and cybercrime.

The majority of such insurance contracts were arranged privately and the details not made public. The practice caught the public's eye once again, however, when Credit Suisse sold its operational risk bonds for 220 million Swiss francs May last year.

Holders of the bond, issued in partnership with Zurich Insurance, were given generous coupons of more than 4%, but run the risk of losing their investment in the event that the bank is hit with losses related to employee malfeasance, cyberattack, or other issues.

Search and compare insurance product listings for Banks from specialty market providers here

Banks were “interested in de-risking their balance sheets by transferring a portion of their operational losses and so mitigating the impact on equity capital,” a Zurich spokesman told Reuters by email.

Domenico del Re, director at PwC, said that there is a danger that banks that offload some of their risks could become negligent about their own controls – a danger that insurers can help address by scrutinizing those firms' control closely.

“Insurers are getting more and more sophisticated as risk-management partners,” del Re told the news agency. “If you think of the parallel with fire risk, by helping companies getting advice on where sprinklers should located, the same is happening with cyber: where insurers are linking up with IT and cyber specialists.”

Insurers send experienced risk specialists to the financial institutions they cover to assess their practices, said Angelos Deftereos, senior underwriter for operational risks at XL Catlin.

Insurers said banks started to gain interest in operational risk insurance before the financial crisis struck a year ago – interest that has renewed in the past year, Reuters reported.

“The crisis is over, banks are getting back to fundamentals and now it’s back in focus,” said Mark Fellows, financial institutions manager at AIG.

This interest in operational risk insurance has increased in the aftermath of major cyberattacks “WannaCry” and “NotPetya,” with brokers and insurers seeing a rising demand from banks in Australia, Britain, continental Europe, and other developed countries, Reuters said.

Paul Search, financial institution practice leader at Willis Towers Watson, said that unlike the “siloed, risk type by risk type” traditional insurance, operational risk insurance “can cover a whole spectrum of operational losses incurred by the bank.”

Banks could typically buy the insurance to cover three different aspects of operational risk for a total cover of up to $1 billion, from a range of insurers, said Siobhan O'Brien, managing director, financial and professional practice at Marsh UK.

Providers of operational risk insurance include AIG, XL Catlin, and Zurich Insurance, the report said.


Related stories:
EIOPA gives warning to UK insurers
Partnership to improve risk professional’s education
Global cyber leader discusses industry evolution