Insurance Ratings and Crypto Custody: Lessons from AM Best’s Upgrade of Michigan Millers

Financial security after hacks and bankruptcies: why one insurer’s upgrade matters to crypto investors

Counterparty risk keeps getting louder: custodians promise safety, exchanges promise liquidity — but when the balance sheet or insurer behind them belongs to a weaker credit profile, a single shock can convert a technical loss into an unrecoverable one. In January 2026, AM Best upgraded Michigan Millers Mutual’s Financial Strength Rating to A+ (Superior) and its Long-Term Issuer Credit Rating to aa- (Superior). For crypto traders, tax filers and institutional investors, that shift is not just a press release — it changes how we evaluate custody insurance, counterparty risk and underwriting reliability.

In short: ratings are not marketing — they are proxies for claims-paying ability

Insurance ratings from AM Best and peers exist to help market participants assess an insurer’s ability to meet obligations to policyholders. When an insurer’s Financial Strength Rating (FSR) moves from A to A+, or an issuer credit rating goes from a to aa-, it typically reflects measurable improvements in capitalization, reinsurance support, and enterprise risk management. For investors buying or relying on crypto insurance, that translates into greater confidence that a valid claim — say, a large cold-wallet hack or a custodian insolvency — will actually be paid.

What AM Best said about Michigan Millers — the key points

On January 16, 2026 AM Best cited several drivers for the upgrade. Use these as a checklist when you evaluate any insurer tied to crypto custody:

• Balance sheet strength: AM Best called Michigan Millers’ balance sheet “strongest,” meaning excess capital relative to risk.
• Operating performance: Stable underwriting results and profitability are essential; an insurer that loses money on core lines can become unreliable quickly.
• Enterprise risk management: Proper risk controls and governance were specifically noted.
• Reinsurance and pooling: Michigan Millers joined the Western National Insurance Pool, giving it access to reinsurance and group support — a major factor in capacity and claims-paying ability.
• Regulatory approval and affiliation codes: AM Best assigned a “p” reinsurance affiliation code reflecting the pooling arrangement — a technical but important signal about third-party support available to policyholders.

Why this matters to crypto custody providers and policyholders

Insurance ratings influence custody ecosystems in three concrete ways:

1. Claims-paying credibility: High-rated insurers are more likely to honor large, complex claims and fund protracted recovery or litigation processes.
2. Capacity and pricing: Strong balance sheets and reinsurance links increase the underwriting capacity available for large custodians or for policies with high limits. That usually reduces the need to layer multiple insurers and can lower cost.
3. Underwriting stringency: Higher ratings often accompany disciplined underwriting — which in crypto today means insurers demand strict security controls. This reduces moral hazard but raises the bar for custody providers and their customers.

A note on reinsurance and pooling — why the “p” code and Western National matter

Reinsurance is how insurers transfer large tail risks to global markets. Michigan Millers’ participation in Western National’s pooling agreement and the assignment of a reinsurance affiliation code tell you two things: first, that claims beyond Michigan Millers’ standalone capacity can be supported by group resources; second, that the insurer can access broader underwriting expertise and capital. For crypto policies — where a single event (e.g., a multi-billion-dollar exchange hack) can generate outsized losses — reinsurance is a practical backstop. For guidance on structuring storage and access governance to reduce insurer friction, see the Zero‑Trust Storage Playbook.

2025–2026 trends shaping crypto insurance and underwriting

Several market dynamics that crystallized in late 2025 and continue into 2026 affect how insurers underwrite crypto risk:

• Tightened capacity and higher pricing: Insurers tightened crypto exposure after several large losses and regulatory complications in prior years. Capacity is returning but at higher rates and with tighter sublimits.
• Controls-driven underwriting: Carriers increasingly require multi-party controls such as MPC or multisig, on-chain and off-chain reconciliation, SOC 2/ISO 27001 audits, independent pen-tests and documented cold wallet procedures.
• More explicit policy language: Insurers now include detailed crypto definitions, per-asset sublimits, and clear exclusions for custodial negligence versus criminal acts.
• Insurer-specialist entrants and pools: New specialty insurers and cross-industry pools (like the Western National example) are increasing capacity but demand more robust governance and claims pathways.
• Regulatory scrutiny: Supervisory guidance in late 2025 and early 2026 emphasized clear custody standards and solvency disclosures — insurers must now demonstrate how they model crypto-specific tail risk.

What insurance ratings don’t guarantee

Ratings are necessary but not sufficient. A high-rated carrier still may sell a policy with narrow crypto wording, low limits for specific tokens, or exclusions for particular attack vectors. Ratings tell you the insurer’s financial strength — not the scope of your coverage. Always pair rating checks with detailed policy review and underwriting due diligence.

Actionable due diligence checklist for investors and custodians

Before relying on any custody insurance or choosing a custody provider because they advertise “fully insured” protection, run this checklist. Use it during procurement, renewal or internal risk assessment.

Insurer-level checks

• Verify ratings: Check AM Best (and S&P, Moody’s, where applicable) for both FSR and issuer credit ratings, and note the date and outlook (stable/positive/negative).
• Ask about reinsurance: Request the reinsurance structure, names of reinsurers, and whether the insurer participates in a pool. Confirm any affiliation codes and their implications.
• Review claims history: Ask for anonymized examples of crypto claims paid in the last 3–5 years and how they were handled.
• Examine solvency metrics: Request capital adequacy and surplus figures; look for metrics like RBC ratios or other regulatory measures where available.
• Confirm regulatory standing: Verify licensing in the relevant jurisdictions and any regulatory actions or public statements about crypto lines.

Policy-level checks

• Get the full policy word-for-word: Don’t rely on summaries. Review definitions of “cryptoasset,” “theft,” “custodial negligence,” and “insolvency.”
• Check triggers and scope: Is coverage triggered by direct loss, first-party theft, third-party failure, or insolvency? Are business interruption or legal defense costs covered?
• Identify sublimits and per-asset caps: Policies often set separate caps for hot wallets, cold storage, stablecoins, NFTs, and Layer-2 assets. Verify whether limits meet your exposure.
• Exclusions and waiting periods: Look for exclusions for social engineering, employee collusion, unauthorized transfers due to consent, or regulatory seizure. Note any waiting periods for claims.
• Retroactive and discovery dates: Confirm whether the policy covers historical acts or only losses occurring after a retroactive date.
• Valuation clauses: How are lost assets valued — spot price at discovery, at settlement, or some other metric?

Custodian-specific validation

• Ask about the custody insurance contract: Does the custodian buy insurance for itself, for customers, or both? Is coverage transferable to clients?
• Independent audits and controls: Confirm SOC 2, ISO 27001, or equivalent attestations; review recent penetration tests and remediation timelines. Operational observability and cost-control playbooks can help teams show auditors the discipline you need — see resources on observability & cost control.
• Key-management architecture: Review details on MPC, multisig, HSMs, and offline key generation. Look for split-control with third-party oversight.
• Segregation and reconciliations: Are customer assets segregated on-chain and off-chain? How frequently are reconciliations performed and independently verified? Proof-of-reserves practices are increasingly important — read industry summaries on digital-asset marketplaces and custody at digital asset marketplaces.
• Recovery and response playbooks: Request the incident response plan, legal counsel relationships, and sample vendor insurance coordination documents. For contract and vendor playbook ideas, lean on marketplace and onboarding playbooks such as seller onboarding case studies.

Contract and legal safeguards

• Insurance representation in the custody agreement: Include explicit representations and warranties about coverage (limits, insurer names, policy numbers).
• Indemnities and subrogation: Clarify subrogation rights and how they affect customer recovery.
• Choice of law and dispute resolution: Confirm jurisdictions and arbitration clauses that could affect claim recovery timing.

Practical red flags to watch for

Not all “insured” claims are equal. Watch out for:

• Unnamed or unverified reinsurers: If the insurer can’t or won’t name reinsurers, your effective protection may be weaker than the fronting insurer’s rating suggests.
• Broad marketing claims but narrow policy wording: Phrases like “comprehensive coverage” without policy copies are suspect.
• Low disclosure on claim settlement timelines: Some carriers require protracted investigations or litigation before paying complex crypto claims.
• Policies excluding insolvency: Many custodial failures involve insolvency; a policy that excludes insolvency-related loss will leave customers exposed.
• Limits concentrated in hot wallets: If your exposure is in cold storage but sublimits favor hot wallet coverage, you may still be critically exposed.

How to structure custody risk using insurance (sample strategies)

Insurance should be part of a layered risk-management approach, not a substitute for controls:

1. Primary + excess layering: Use a strong-rated primary carrier and supplement with excess reinsurance or a second carrier to cover tail risk.
2. Control-based pricing: Invest in controls that lower premiums and reduce sublimits (MPC, proof-of-reserves, regular audits).
3. Asset-class segmentation: Segregate assets by risk profile (stablecoins vs alt tokens) and insure according to exposure.
4. Legal alignment: Ensure custody agreements require the custodian to maintain minimum rating and coverage levels with notice and cure rights.

Case study: lessons from industry losses and the return of capacity

After the major market shocks of 2022–2024, insurers pulled back. That retreat forced custodians and clients to accept narrower terms or self-insure. By late 2025, stronger capital positions, pools and specialist entrants (and upgrades like Michigan Millers’) began to restore capacity — but with new underwriting discipline. The practical outcome: better-rated insurers are again willing to underwrite custody risks, but only if custodians consistently demonstrate mature controls and transparent incident history. When capacity returns, it’s also an opportunity to simplify administrative complexity and consolidate layered cover where appropriate.

“Strong ratings combined with explicit, auditable controls are now the baseline for credible custody insurance.”

When a ratings change should trigger action

Monitor insurer ratings continuously. An upgrade (like Michigan Millers’) should prompt you to:

• Revisit your insurer list and renegotiate pricing or limits if better-rated options become available.
• Request clearer policy language or expanded sublimits where capacity has increased.
• Consider consolidating layered coverage to reduce administrative complexity if a single, higher-rated insurer can offer sufficient limits.

Conversely, a downgrade or negative outlook is a red alert: demand immediate disclosure, contingency plans and try to secure alternative cover before your renewal.

Practical Q&A: What to ask insurers and custodians right now

• To the insurer: What is your AM Best rating and outlook? Who are your reinsurers? Can you provide recent claims examples for crypto policies?
• To the custodian: Which insurer(s) underwrite your program, what are the per-client recoverable limits, and can you provide a copy of the policy?
• To counsel and auditors: How does subrogation work between the custodian and policyholder? Are on-chain proofs admissible in the event of a claim?

Key takeaways

• AM Best upgrades matter: They signal improved capital and reinsurance support — tangible factors for claims-paying ability.
• Ratings don’t replace wording: Always pair insurer ratings with a detailed policy review; a strong balance sheet can’t fix a narrow or excluded risk.
• Underwriting is stricter in 2026: Expect controls, audits and higher proof standards as prerequisites for coverage.
• Due diligence is actionable: Verify ratings, reinsurance, policy language, sublimits, and custodian controls before you rely on coverage.

Next steps — a simple 5-point action plan

1. Obtain and store the full insurance policy for any custodian you use.
2. Verify the insurer’s AM Best rating and review any recent rating actions.
3. Ask the custodian for independent audit reports and recent penetration-test summaries.
4. Negotiate contractual clauses that require minimum insurer ratings and immediate notice of rating changes.
5. Diversify: don’t rely on a single insurance promise — combine controls, legal protections and layered insurance.

Closing: how to convert rating news into investor protection

News that AM Best upgraded Michigan Millers in January 2026 is not just industry copy — it’s a signal that capacity and financial strength are returning to specialty lines. But the upgrade is only a piece of the puzzle. Smart investors will convert that signal into concrete actions: request policy copies, verify reinsurance, confirm custody controls, and fix language in contracts so “insured” really means recoverable in practice.

Insurance ratings are a leading indicator of systemic resilience. Use them to separate vendors who can actually pay claims from those making marketing promises. Paired with rigorous due diligence, a strong-rated insurer can be the difference between a mitigated loss and a total write-off.

Call to action

Need a ready-to-use custody-insurance due diligence pack? Download our 2026 Custody Insurance RFP + Policy Checklist and get a free 30-minute consultation with our insurance and custody analyst team. Protect assets — don’t just insure them. Visit cryptos.live/security to get the pack and set up your consultation today.

Related Reading

• Tool Review: TitanVault Hardware Wallet — Is It Right for Community Fundraisers?
• How to Run a Validator Node: Economics, Risks, and Rewards
• The Zero‑Trust Storage Playbook for 2026: Homomorphic Encryption, Provenance & Access Governance
• Observability & Cost Control for Content Platforms: A 2026 Playbook
• Announcing a Paywall-Free Community Launch: Lessons from Digg’s Public Beta
• Create and Sell Custom 3D‑Printed Merchandise From Smartphone Scans
• Prefab vs Traditional Homes: Which Saves You More — and Where to Find the Best Builder Discounts
• Meet the Garden of Eden: 10 Rare Citruses to Put on Your Menu
• Custom Insoles, Seats and Placebo: Do 3D‑Scanned Footbeds Really Improve Scooter Comfort?