• information on strategy, business activities and business models including prospective and recent acquisitions or disposals of insurance business;
• financial data relating to an insurer;
• organisational structure, both legal and management structure;
• information on the management and operational systems and controls used by insurers;
• information on individuals holding positions of responsibility in insurers  such as Board Members, Senior Management, Key Persons in Control Functions and Significant Owners;
• information on individuals or insurers involved, or suspected of being involved, in criminal activities;
• information on any failures to comply with supervisory requirements, regulatory investigations and reviews, and on any restrictions imposed on the business activities of insurers;
• information concerning regulated entities related to the insurance group, whether undertaking insurance business or other financial business which is subject to regulation, and information concerning non-regulated entities related to the insurance group such as service companies or holding companies;
• specific information requested and gathered from a regulated entity; and
• reporting information within groups to meet group supervisory requirements, including subsidiaries and non-regulated holding companies.

• other insurance supervisors;
• supervisors responsible for banks and other credit institutions;
• supervisors responsible for investments, securities, pensions, financial markets and other sectors;
• authorities responsible for the recovery or resolution of insurers;
• authorities responsible for anti-money laundering or combating the financing of terrorism; and
• law enforcement agencies.

The supervisor should use bilateral or multilateral agreements to facilitate information sharing because they provide the basis for a two-way flow of information and the basis for confidential treatment of the information shared. The IAIS MMoU is an example of a multilateral memorandum of understanding for cooperation and exchange of information between supervisors related to the supervision of insurance legal entities and insurance groups. All signatories to the IAIS MMoU undergo a validation of their laws and regulations to demonstrate compliance with the MMoU’s strict confidentiality regime. For this reason, if all relevant parties are signatories to the IAIS MMoU, it is the preferred framework for multilateral information exchange.

Supervisory colleges can provide a framework for supervisory cooperation and crisis management in which information sharing between involved supervisors occurs on an ongoing basis.

Information sharing is particularly important for the operation of a supervisory college. For a supervisory college to be effective there needs to be mutual trust and confidence among supervisors, particularly in relation to exchange and protection of confidential information.

Each member of the college should take measures necessary to avoid the unintentional divulgence of information or the unauthorised release of confidential information. It is important that appropriate information exchange agreements or other arrangements are in place between the members of the supervisory college to ensure that information can be exchanged in a secure environment.

Where confidential information exchanged within a supervisory college is communicated to relevant supervisors or authorities who are not involved in the college, supervisors should:

• have a formal mechanism in place between the group-wide supervisor and the other supervisors or authorities to ensure the protection of the confidential information. Such mechanisms could be included in the relevant information sharing agreements; and
• obtain the prior consent of the supervisor having provided such information.

A valid supervisory purpose is relevant to the requesting authority’s performance of a supervisory task. Valid supervisory purposes may include information requested for the purposes of:

• licensing;
• suitability criteria;
• intra-group transactions such as loans and extensions of credit, parental guarantees, management agreements, service contracts, cost-sharing arrangements, reinsurance agreements, dividends and distributions;
• prevention of financial crime, such as fraud, anti-money laundering or combating the financing of terrorism;
• ongoing supervision, including preventive and corrective  measures and sanctions; and
• exit from the market and resolution.

• if the requesting supervisor only has the power and responsibility to supervise intermediaries and not insurers, it may not have a legitimate interest in requesting information relating to an insurer; or
• if the requesting supervisor requests information relating to an insurer that has no current or planned operations or other connections to the requesting supervisor’s jurisdiction, it may not have a legitimate interest in requesting such information.  

A supervisor may voluntarily provide information to other relevant supervisors so as to better enable the supervisors’ fulfilment of their supervisory functions. In such cases, the supervisor providing information should adhere to the same requirements as though the information had been requested by a requesting supervisor.

In deciding whether and to what extent to fulfil a request for information, the requested supervisor may take into account matters including:

• the nature of the information to be provided;
• the purpose for which the information will be used;
• the ability of the requesting supervisor or authority to maintain the confidentiality of any information received, taking account of the IAIS MMoU or other existing agreements in each jurisdiction;
• whether, in the context of supervisory college or otherwise, the request is covered by a coordination agreement;
• whether it would be contrary to the interest of the jurisdiction of the requested supervisor; and
• relevant laws and regulations in each jurisdiction (in particular those relating to confidentiality and professional secrecy, data protection and privacy, and procedural fairness).

In principle, the requested supervisor is expected to share information with a requesting supervisor with a legitimate interest and for a valid supervisory purpose

While requests for information should normally be made in writing, the requested supervisor should not insist on written requests in an emergency situation, and should not unreasonably delay a response to an oral request for information made for a valid supervisory purpose by a requesting supervisor.

The requested supervisor may receive a request for information which is not already in their possession. In such circumstances, the requested supervisor should, if it considers it reasonable, obtain that information from the insurer or other entities from which it has the power to obtain information.

If the requested supervisor denies a request, it should explain its reason for the denial to the requesting supervisor or authority.

Lack of strict reciprocity should not be used by the requested supervisor as the reason for not sharing information that would otherwise be appropriate to share, particularly in an emergency or other crisis situation. Strict reciprocity in terms of the level, format and detailed characteristics of information requested is not required.

The requesting supervisor should specify the intended purposes of the information sought. Additionally, MoUs may address purposes for which the requested information may be used by the requesting supervisor.

The requesting supervisor first obtains agreement with the requested supervisor or authority before passing on requested information. Supervisors and authorities are encouraged to request information directly from the requested supervisor, rather than from the requesting supervisor, to provide an opportunity for direct dialogue and further consultation. Requesting supervisors should ensure that appropriate confidentiality requirements are in place and the information is only passed on to another relevant supervisor or authority with a legitimate interest and – in case of a supervisory authority – for valid supervisory purposes.

• other IAIS MMoU signatories in the fulfilment of their supervisory functions; and
• other relevant domestic financial sector bodies such as central banks, law enforcement agencies, relevant courts and other authorities (see Annex B of the IAIS MMoU).

Conditions imposed by the requested supervisor on the passing on of information to third parties should not prevent the requesting supervisor or authority from being able to use the information for its own valid supervisory purposes.

Where allowed by the laws and practices of the jurisdiction, a requesting supervisor required to disclose confidential information by legal compulsion should place, or seek to place, protections from disclosure on that information. Such protections could include:

• a protective order placing restrictions on use or further distribution of the confidential information; or
• limitations on the means and location of the disclosure of the confidential information.