The Qatar Financial Centre (QFC) Regulatory Authority (QFCRA) recently announced that it is a signatory to the International Association of Insurance Supervisors (IAIS) Multilateral Memorandum of Understanding (MMoU). The IAIS represents insurance regulators and supervisors from 190 jurisdictions and issues global insurance principles, standards and guidance papers for supervisors on insurance supervision. Becoming a signatory to the MMoU is a significant development for the QFCRA, as it will enable the QFCRA to exchange supervisory information globally with other insurance supervisors potentially strengthening its already considerable governance and enforcement structures.
Pursuant to the terms of the MMoU, the QFCRA will have a formal basis for cooperation and information exchange with other "Signatory Authorities" in relation to the supervision of insurance companies where cross-border issues arise (the term "Signatory Authorities" is defined as "any insurance industry supervisor who is an IAIS member or is represented by an IAIS member"). The scope of the MMoU extends to not only issues relating to the supervision of insurance companies (such as licensing, ongoing supervision, and winding-up procedures), but also includes the supervision of insurance intermediaries and AML / CFT matters.
Although the MMoU clarifies that it is not intended to create legally binding obligations or to modify or supersede any jurisdictional law, nor to affect any provisions under multilateral or bilateral agreements, the Signatory Authorities are expected to provide one another with the "fullest" assistance possible (consistent with their regulatory functions).
Confidentiality
One concern in respect of any information sharing arrangement is the way in which confidential information is handled. Any information shared between Signatory Authorities is subject to a strict confidentiality regime as set out in the MMoU. Where a "Requesting Authority" (a Signatory Authority requesting information from another Signatory Authority) requests information of a confidential nature, the Requested Authority (the Signatory Authority from whom the information is being sought) has the discretion to determine on a case-by-case basis whether to disclose such information.
Interestingly, Signatory Authorities may only make information requests where they have a legitimate interest in the information they are seeking. The implementation of confidentiality in respect of information, and the prerequisite of having a legitimate interest in the information being sought assists in eliminating "fishing expeditions" by Signatory Authorities seeking information in other jurisdictions, and ensures that sensitive information relating to insurance companies is not made available for wider dissemination.
If as a requirement of local, federal, or international law the Requesting Authority is required to share the confidential information of a Requested Authority with third parties, the Requesting Authority will be required to first notify the Requested Authority, obtain consent from that authority, and ensure that each recipient agrees to maintain the confidential status of the information provided that it has the legal authority to do so. If consent from the Regulated Authority is not given, the Requesting Authority is required to use all reasonable legal means to "resist" the demand to disclose the confidential information.
Procedures
Requests for information must be made in writing using the request form attached as Annex D of the MMoU. An information request must address the following elements:
(a) identify the Signatory Authorities involved, the field of supervision and the purpose for which the information is sought;
(b) provide details of the request comprising information on the person or entity concerned, specific questions to be answered, and an indication of the sensitivity issues;
(c) provide a statement as to whether details provided by the Requesting Authority should be confirmed or verified; and
(d) provide a statement as to whether confidential information is likely to be passed on to third parties.
The Requested Authority will confirm the receipt of the request. It may require further details in accordance with its domestic Applicable Law.
The Requested Authority will assess each request on a case-by-case basis, taking into account the following:
(a) whether the request conforms with the MMoU;
(b) whether compliance with the request would be so burdensome as to disrupt the proper performance of the Requested Authority's functions;
(c) whether it would be otherwise contrary to the essential interest of the Requested Authority's jurisdiction to provide the information requested;
(d) any other matters specified by the domestic applicable law of the Requested Authority's jurisdiction (in particular those relating to confidentiality and professional secrecy, data protection and privacy, and procedural fairness); and
(e) whether complying with the request may otherwise be prejudicial to the performance by the Requested Authority of its functions.
Where the Requested Authority cannot entirely fulfil the request it will cooperate with and assist the Requesting Authority to the extent possible, and in the event of an urgent requirement a request can be presented orally subject to written confirmation within 10 business days.
The model of the QFC (and more specifically the QFCRA) has been designed generally to reflect the UK Financial Services Authority (FSA) and other similarly regulated environments. As a signatory to the IAIS MMoU, the QFCRA has direct information sharing access to not only the FSA, but regulators in Australia, Hong Kong, Singapore, the UAE and DIFC, and many others thereby ensuring that the QFCRA keeps abreast of significant developments in other jurisdictions which may impact its supervisory capacity in the QFC.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
