ICP 3 Information Sharing and Confidentiality Requirements

The supervisor obtains information from, and shares information with, relevant supervisors and authorities subject to confidentiality, purpose and use requirements


3.1

The supervisor requests information, including non-public information, from relevant supervisors and authorities with respect to insurers.  



3.1.1    
Information requested by a supervisor from a relevant supervisor or authority may include:
  • information on strategy, business activities and business models including prospective and recent acquisitions or disposals of insurance business;
  • financial data relating to an insurer;
  • organisational structure, both legal and management structure;
  • information on the management and operational systems and controls used by insurers;
  • information on individuals holding positions of responsibility in insurers  such as Board Members, Senior Management, Key Persons in Control Functions and Significant Owners;
  • information on individuals or insurers involved, or suspected of being involved, in criminal activities;
  • information on any failures to comply with supervisory requirements, regulatory investigations and reviews, and on any restrictions imposed on the business activities of insurers;
  • information concerning regulated entities related to the insurance group, whether undertaking insurance business or other financial business which is subject to regulation, and information concerning non-regulated entities related to the insurance group such as service companies or holding companies;
  • specific information requested and gathered from a regulated entity; and
  • reporting information within groups to meet group supervisory requirements, including subsidiaries and non-regulated holding companies.

3.1.2    
Relevant supervisors and authorities, whether in the same or a different jurisdiction, may include:
  • other insurance supervisors;
  • supervisors responsible for banks and other credit institutions;
  • supervisors responsible for investments, securities, pensions, financial markets and other sectors;
  • authorities responsible for the recovery or resolution of insurers;
  • authorities responsible for anti-money laundering or combating the financing of terrorism; and
  • law enforcement agencies.

3.2

The supervisor shares information, including non-public information, with relevant supervisors and authorities at its sole discretion and subject to appropriate safeguards.



3.3

The supervisor requesting confidential information (the requesting supervisor) has a legitimate interest and valid supervisory purpose related to the fulfilment of its supervisory functions in seeking information from another relevant supervisor or authority.


3.3.1    
A legitimate interest is derived from the powers and responsibilities the requesting supervisor has in relation to the subject matter of the request. For example:
  • if the requesting supervisor only has the power and responsibility to supervise intermediaries and not insurers, it may not have a legitimate interest in requesting information relating to an insurer; or
  • if the requesting supervisor requests information relating to an insurer that has no current or planned operations or other connections to the requesting supervisor’s jurisdiction, it may not have a legitimate interest in requesting such information.  

3.3.2    
A valid supervisory purpose is relevant to the requesting authority’s performance of a supervisory task. Valid supervisory purposes may include information requested for the purposes of:
  • licensing;
  • suitability criteria;
  • intra-group transactions such as loans and extensions of credit, parental guarantees, management agreements, service contracts, cost-sharing arrangements, reinsurance agreements, dividends and distributions;
  • prevention of financial crime, such as fraud, anti-money laundering or combating the financing of terrorism;
  • ongoing supervision, including preventive and corrective  measures and sanctions; and
  • exit from the market and resolution.

3.3.3    
A supervisor may voluntarily provide information to other relevant supervisors so as to better enable the supervisors’ fulfilment of their supervisory functions. In such cases, the supervisor providing information should adhere to the same requirements as though the information had been requested by a requesting supervisor.

3.4
The supervisor that has received a request for confidential information (the requested supervisor) from another relevant supervisor or authority:
  • assesses each request for information on a case-by-case basis; and
  • responds to requests in a timely and comprehensive manner.


3.5

The requesting supervisor uses confidential information received from the requested supervisor or authority only for the purposes specified when the information was requested. Unless otherwise agreed, before using the information for another purpose or passing it on to others, the requesting supervisor obtains agreement of the requested supervisor or authority.


3.6
In the event the requesting supervisor has received notice of proceedings, which may legally compel it to disclose confidential information which it has received from the requested supervisor, the requesting supervisor:
  • to the extent permitted by law, promptly notifies the requested supervisor; and
  • where consent to disclosure is not given, uses all reasonable means to resist the demand and to protect the confidentiality of the information.


3.6.1    

Where allowed by the laws and practices of the jurisdiction, a requesting supervisor required to disclose confidential information by legal compulsion should place, or seek to place, protections from disclosure on that information. Such protections could include:

  • a protective order placing restrictions on use or further distribution of the confidential information; or
  • limitations on the means and location of the disclosure of the confidential information.