1.1. What are the main barriers to international cooperation between regulators, and how can they best be overcome? This was the focus for discussion at the IMF Cross-Border Cooperation Conference held in Washington, D.C. on July 7 and 8, 2004.

1. Introduction

  • 1.1. What are the main barriers to international cooperation between regulators, and how can they best be overcome? This was the focus for discussion at the IMF Cross-Border Cooperation Conference held in Washington, D.C. on July 7 and 8, 2004.

  • 1.2. In this paper, we discuss the purposes of cooperation between financial service regulators, focusing on banking, securities business, insurance, and anti-money laundering (including combating the financing of terrorism (AML/CFT)). We then examine the multilateral instruments designed to encourage cooperation and the approaches to international cooperation of the international standard-setting bodies (SSBs) or recommendations in the four regulatory areas.1 We describe the most frequently experienced continuing barriers to cooperation and consider the reasons for them. We conclude by identifying some themes from this analysis and suggesting priority actions for the future.

  • 1.3. The paper is based on published reports and discussions with regulators. A survey of regulatory authorities was also conducted. An analysis of the findings was presented to the conference. This paper draws on those findings and on the discussions at the conference.

  • 1.4. Before discussing the specific issues covered by the paper, it is worth making one point at the outset that is clear from research and from the experience of regulators. Although there is no doubt that the existence of institutional or legal impediments to cooperation remain, the willingness of regulatory agencies to engage in cooperation can make a vital difference. On the one hand, in some financial centers, policymakers believe, rightly or wrongly, that their center’s comparative advantage lies in providing a safe location for those wishing to escape the attentions of law-enforcement and tax agencies elsewhere. In such a context, however extensive the cooperation powers and however widely drawn the gateways for information exchange, it is improbable that cooperation will be timely and effective. On the other hand, even where there are inadequacies in the cooperation legislation, which leave legal and other barriers to information exchange, a regulator who sees it as a duty and in the interests of the jurisdiction to be cooperative can frequently find ways of assisting foreign agencies within the constraints of that jurisdiction’s legislation.

  • 1.5. Therefore, although we focus, in this paper, on formal and informal barriers to cooperation and offer ways of overcoming them, we judge that there is nothing quite as effective as the continuing campaign by international standard-setting bodies, multilateral agencies, and individual countries to persuade regulatory agencies, through direct and indirect pressure, to adopt cooperative stances. Trust is enhanced by personal contact, but personal contact requires events and travel. Part of the assistance recommended in this paper is designed to assist in the promotion of events to develop personal contact and to provide support for the costs of travel.

  • 1.6. With respect to the organization of this paper, the main themes are discussed in Sections 1—5, and our conclusions and recommendations are set out in Section 6. Appendixes AE amplify the main themes (including some descriptions of cases). Appendix F analyzes the approaches of the different standard-setting bodies (and the Egmont Group) in their pronouncements regarding cooperation.

2. Purposes of Cooperation

  • 2.1. International cooperation assists financial services regulation in many ways. Specifically, it assists regulators when considering licensing applications, conducting ongoing regulation, and carrying out enforcement action.

  • 2.2. Regulators are inclined to focus on the way in which international cooperation affects their own performance as regulators and that of fellow regulators. International cooperation has a further and wider effect, however, in improving the understanding of the operation of the world’s financial system and thereby enhancing efforts to improve stability.

  • 2.3. Appendix A provides more detail about the kinds of information that is exchanged for licensing, for ongoing regulation, and for enforcement. This section identifies the key issues.


  • 2.4. Cooperation is frequently of value when regulators are dealing with new applications for licenses to conduct financial services business (FSBs). It will frequently be the case that a regulator, faced with an application from an FSB for a license, will be aware that the applicant itself, or a member of the same group, has a license to conduct financial services in another jurisdiction. In these circumstances, information about the regulatory track record, the financial soundness of the business, and the competence and integrity of the owners and controllers is of great value. (For a fuller description, see Appendix A.)

  • 2.5. For the most part, this form of cooperation presents few difficulties in practice. One major and increasing difficulty that inhibits cooperation in respect of licensing, however, is the extent to which a regulator can share confidential concerns about an FSB with another regulator.

  • 2.6. To be effective, cooperation in respect of license applications has to be open and comprehensive. Public information about the regulatory history of an FSB can readily be exchanged. Confidential information about formal actions by the regulator can also be exchanged where the legal powers exist. Regulators have considerable knowledge about an FSB, however, that is not necessarily a matter of public record and may not have been communicated to the FSB. Indeed, there will almost always be some information that is available to a regulator about an FSB that has not been communicated formally, either publicly or confidentially, to the FSB itself. If, in these circumstances, a regulator in Jurisdiction A passes on, confidentially, serious concerns about an FSB to a regulator in Jurisdiction B that are relevant to an application by that FSB (or a closely associated FSB) in Jurisdiction B, it may not be possible for the regulator in Jurisdiction B to reveal that the information was a reason for rejecting an application. On the one hand, it is unfair to the FSB, as a license applicant in Jurisdiction B, to have no opportunity to challenge information that may affect its livelihood. On the other hand, if the regulator in Jurisdiction A withholds information about those concerns, it is unfair to the regulator in Jurisdiction B to be left unaware of relevant information. The same issue applies to individuals about whom inquiries may be made.

  • 2.7. Precisely the same dilemma arises when a regulator receives confidential information from another agency in the same jurisdiction.

  • 2.8. As regulators have, quite properly, been required to be more transparent in their decision making, this dilemma has become more acute. In practice, regulators exercise their judgment about the kind of information that should be exchanged. That judgment clearly takes into account the strength of the concerns felt about an FSB and the relevance of the concerns to a new license application in another jurisdiction. The judgment will also be influenced by the trust and confidence that one regulator may have that another regulator will use information wisely and with discretion.

  • 2.9. In some cases, the only possible approach is for regulators to decline to transmit to another regulator concerns that do not have an objective basis and that have not been disclosed to the FSB itself, because of the difficulty that that could entail. Such an approach could, however, result in an FSB receiving a license when it would be in the interests of the jurisdiction and the public, and perhaps of the wider financial system, for it to be refused.

  • 2.10. One approach to resolving this dilemma is set out in the following (which applies equally, mutatis mutandis, to information passed to a regulator from another agency in the same jurisdiction and to information concerning key individuals):

    • 2.10.1. A regulator in Jurisdiction A should pass on concerns about an FSB to a regulator in Jurisdiction B where the FSB (or a closely related entity) is making a license application and where the concerns are relevant to the license application in Jurisdiction B;

    • 2.10.2. Wherever possible, those concerns should be expressed in a way that could be revealed to the FSB (for example, where they are matters of public record or where they have been passed on to the FSB already in Jurisdiction A);

    • 2.10.3. Where the concerns cannot be passed on to the FSB, the regulator in Jurisdiction A should so inform the regulator in Jurisdiction B;

    • 2.10.4. The regulator in Jurisdiction B should not turn down the application in Jurisdiction B purely on the basis of confidential information that cannot be revealed to the applicant;

    • 2.10.5. The regulator in Jurisdiction B can, however, either:

      • use the confidential information to make further inquiries of the applicant and perhaps to challenge information that the FSB has given in support of its application, or

      • (if the conditions attached to the disclosure of the information allow it) convey the information available to an applicant in order to allow the applicant the opportunity to contest it or to withdraw the application if the information conveyed has some merit.

    • 2.10.6. This approach may result in the identification of further information that could be used as a basis for a decision—either in favor of or against the applicant. It may be that even when adopting this approach, no objective information emerges, and the regulator in Jurisdiction B may have no choice but to approve such an application. Nevertheless, the regulator can at least ensure that the applicant is subject to enhanced surveillance until the regulator is satisfied by the FSB’s regulatory performance.

Ongoing Regulation

  • 2.11. Cooperation enhances ongoing regulation of multinational FSBs. It is, first, essential to establish the respective roles of home and host supervisors of multinational FSBs (usually, but not exclusively banks) and to provide for joint on-site inspections and better mutual understanding of their business (including, perhaps, coordinated requests for information from the FSB). Cooperation can cover particular concerns, such as the growth of exposure of an FSB as a whole to particular borrowers, countries, or markets; its capital adequacy; and any enforcement action and its impact on the assessment of the FSB’s integrity. Appendix A covers these points in more detail.

  • 2.12. In practice, host supervisors tend to provide much more information to home country supervisors than vice versa. A reason for this is the responsibility of the home-country supervisor for consolidated supervision. In countries where foreign FSBs account for a significant share of the market, and especially where a foreign institution is systemically significant, host-country supervisors should, however, be able to obtain information from the home-country supervisor on the condition of the parent institution.

  • 2.13. There is often a further asymmetry between home and host supervisors that arises primarily in banking and insurance supervision rather than in securities regulation. A home-country supervisor of a major multinational FSB will have information relevant to dozens of other supervisors and may feel it impractical to tell them all. Failure to share such information routinely with relevant host supervisors, however, may result in a lack of understanding by those host supervisors of the issues faced by the home supervisor in respect of that FSB. Such failure may also result in a lack of trust between the supervisors. This, in turn, may mean that a host supervisor fails to share information that would be critical to a home supervisor—perhaps because the host supervisor was unaware of the significance of that information to the home supervisor.

  • 2.14. In banking, this need has been explicitly recognized. A report by a working group comprised of members of the Basel Committee and the Offshore Group of Banking Supervisors in 19962 discussed the need for ensuring adequate provision of information from the home-country to the host-country supervisor. It recommended that home supervisors inform host supervisors at an early stage when the home supervisor learns of problems specific to the host country affiliate of an institution. With respect to material adverse changes in the global condition of a banking group with operations in a host jurisdiction, the report acknowledged the sensitive nature of disclosing such information, both as to substance and timing, and indicated that, in such instances, decisions on information sharing with host-country supervisors would have to be made on a case-by-case basis.

  • 2.15. An example of home/host-country supervisor cooperation that is perhaps unique is with respect to Nordic countries’ supervisors’ information sharing regarding the Nordea Group. The group has FSBs in three or four Nordic countries that account for a significant share of the local market, and Nordic country supervisors have an established mechanism for sharing information about the group.

  • 2.16. Host jurisdictions that have systemically significant institutions may request the inspection reports from the local institution or the home-country supervisor and ask the home-country supervisor to permit a host country supervisor to participate in inspections of the parent institution. At least one jurisdiction that has systemically significant affiliates of its banks abroad routinely sends inspection reports of the parent bank to foreign supervisors.

  • 2.17. Ongoing supervision frequently demands proactive disclosure by a regulator. In the case of licensing and enforcement cooperation, where information is requested, the failure of a regulator to respond is highly visible and, if repeated, can prompt complaints and corrective action. Because cooperation for ongoing supervision frequently relies upon a regulator proactively sharing information, however, it is not always immediately obvious where a regulator is failing to provide proper assistance. Moreover, in order to ensure that it has the ability to obtain information for proactive transmission, a regulator must have the infrastructure in terms of skill, resources, information technology (IT), and investigative skills.

  • 2.18. For any one regulator, it will frequently be the case that information relevant to a foreign regulator will become evident in circumstances where the foreign regulator is unaware of the existence of that information or of its significance.

  • 2.19. More generally, regulators will always face a dilemma about when to share growing concerns about an FSB—particularly where premature disclosure of such concerns could be very damaging to that FSB.

  • 2.20. A regulator wishing to cooperate effectively with another will need to have information on the counterparty’s regulatory system, personnel and style of regulation, legal structure, and scope of regulatory responsibilities, as well as information on specific firms. When carried out effectively, cooperation in respect of ongoing regulation can have a significant effect in raising standards. Regulators can gain a better understanding of the practices and methods of other regulators. Such information can be valuable in overcoming domestic resistance to raising standards.

  • 2.21. If regulators fail to pass on information relevant to ongoing regulation, whether because of inadequate legal gateways, inadequate ongoing regulation practices, caution, lack of trust that another regulator will properly safeguard sensitive information about a failing FSB, or simply a failure to realize the significance of information for other regulators, their inaction tends not to raise issues. This is because other regulators will often not be aware of the opportunities that have been missed. Similarly, where regulators fail to exchange information about their regulatory standards, the significance of this may be missed. Regulators may simply not be aware that they are failing to receive information about standards and practices developing elsewhere.

  • 2.22. The need for spontaneous information sharing about FSBs and regulatory standards more generally creates a greater need for memoranda of understanding (MoUs). An MoU can set out an agreed understanding of what information should be shared, with whom, and when. An MoU can also establish the respective duties of home and host supervisors when there is doubt (as is discussed in Appendix A). It then becomes critical for a regulator to ensure that it has a means of ensuring that it can meet the commitments for routine and spontaneous information sharing that it has entered into. As discussed in Section 3, multilateral MoUs (such as that introduced by IOSCO) can have a useful effect in raising standards.

  • 2.23. Ongoing regulation covers a wide range of topics, and it is important that the regulator have the powers to share information on these topics and to do so without waiting for a written request.

  • 2.24. It is especially important to find ways both of encouraging greater cooperation and of measuring the performance of individual regulators. There are a number of ways in which this can be achieved. Possibilities include

    • 2.24.1. continued assessments by international financial institutions (IFIs);

    • 2.24.2. greater use of MoUs, especially multilateral MoUs, with regular reviews of their effectiveness by signatories;

    • 2.24.3. increased guidance by regulators acting as home supervisors of multinational FSBs;

    • 2.24.4. technical assistance to assist in building up the infrastructure required for cooperation; and

    • 2.24.5. discussions by groups of regulators from smaller regulatory bodies (tending to be host regulators) on their common experiences and their needs for information and feedback from the major financial centers.

Enforcement Action

  • 2.25. The highest-profile and often most controversial aspect of cooperation is the provision of assistance for enforcement action.

  • 2.26. Increasingly, criminals are aware that their most effective modus operandi is to conduct their fraudulent activities in one jurisdiction, to keep the criminal funds in another, and to live in a third. Aware of the care taken by regulatory bodies before exchanging confidential information, they exploit the delays the normal due processes inevitably create. They are very well aware that most law-enforcement and regulatory agencies are primarily concerned with offenses that occur in their own jurisdictions and are not always inclined to give high priority to catching wrongdoers who have done no harm in their own jurisdictions. Although assistance in respect of terrorism, drugs, and violent crime is usually forthcoming, assistance in respect of financial crime of the kind investigated by regulatory agencies is often less easily forthcoming.

  • 2.27. The particular aspect of enforcement cooperation, in particular for securities and AML/CFT, is that it frequently involves information about the customers of FSBs as well as the FSBs themselves. Information may be exchanged in the context of investigations concerning criminal offenses such as insider dealing or other market offenses. Such cooperation, in turn, means that concerns of confidentiality and civil rights become much more significant. There are also likely to be greater demands on a regulator receiving a request for assistance to take positive action—whether to obtain information, to freeze assets, to deal with an FSB in default of obligations elsewhere, or to assist in other ways. In other cases, cooperation may take the form of guiding a foreign regulator through the legal and other processes necessary to achieve the desired result. Appendix A describes this in more detail.

  • 2.28. It follows that, in order to be able to assist in enforcement cases, regulators must have investigative powers, capability, and resources. In this sense, more extensive powers and more positive action are required in order for regulators to cooperate effectively in enforcement cases than in licensing and ongoing regulation. The key issue is achieving the correct balance between the need to assist in the detection and punishment of offenses in a timely way and the need to avoid damaging legitimate civil rights. This dilemma, which is discussed in Section 5, is what lies behind many of the barriers to cooperation.

Domestic Cooperation

  • 2.29. Many of the factors described above apply equally to domestic cooperation. Examples of the significance of domestic cooperation are also included in Appendix A. The significant point is that there is a need for appropriate powers and legal gateways between domestic regulators and other agencies, just as there is to facilitate international cooperation.

Effect of Cooperation on World Financial System

  • 2.30. Regulators will judge the effectiveness of cooperation on the basis of how it helps them do their jobs. However, cooperation has a number of wider benefits, given the global nature of financial services. Such benefits are a matter for discussion but would include the following:

    • 2.30.1. the sharing of information about regulatory methods can help increase expectations of regulators and regulatory standards worldwide;

    • 2.30.2. the ability of regulators to cooperate in order to exclude from the financial system those who may abuse it (whether deliberately or through incompetence) can improve the stability and effectiveness of financial service businesses to serve investors and the world economy; and

    • 2.30.3. similarly, effective cooperation between regulators in carrying out their ongoing regulation could prevent otherwise disruptive failures.

    • 2.30.4. Regulators have rightly been called upon to play their part in preventing the abuse of the financial system by money launderers, terrorists, and, indeed, other criminals, such as corrupt public officials.

    • 2.30.5. For developing and transition economies, financial scandals and money laundering can have devastating economic and social consequences, and therefore international cooperation is especially important in such contexts. Effective financial sector regulation can reinforce good state and corporate governance, which help foster economic development. Cooperation can spread understanding of good regulatory principles and deter the malpractice that leads to the types of effects described earlier and helps mitigate them when they do occur.

  • 2.31. These benefits arise naturally out of the cooperation that should, in any event, take place. More of the wider benefits arise from cooperation over ongoing regulation than licensing and enforcement. This needs to be taken into account when considering the need for assistance to smaller jurisdictions to help them cooperate effectively and is discussed further in the following subsections.

Setting Priorities

  • 2.32. All cooperation is important. Cooperation imposes a burden on jurisdictions, however, and this may sometimes demand the establishment of priorities. It may not be possible to set priorities in absolute terms, but it would be sensible for regulatory bodies to establish criteria for setting priorities. These might include

    • 2.32.1. the effect of delay (for example, there is little purpose in sending information on a license applicant after the application has been decided);

    • 2.32.2. the significance of the case (For example, the information may be the critical element in a major investigation or affect the national interest.);

    • 2.32.3. the materiality of the assistance that can be given to the case in question; and

    • 2.32.4. the willingness of the requesting jurisdiction to meet some of the cost.

  • 2.33. These criteria are likely to result in priority being given to enforcement and licensing. Ongoing regulation is likely to be afforded a lower priority. It is a matter for discussion as to whether this is the appropriate outcome. Such an outcome may, however, underplay the wider benefits to the world’s financial system that arise from cooperation and, in particular, from cooperation concerning ongoing regulation. This is a matter that the IFIs need to consider when providing technical assistance and determining the focus of their assessments.

Summary of Themes

  • 2.34. The discussion here and the further material in Appendix A raise a number of themes:

    • 2.34.1. cooperation in respect of licensing requires a regulator to be open and frank with fellow regulators but demands a proper mechanism for dealing with confidential information when assessing an FSB’s application;

    • 2.34.2. cooperation in respect of ongoing regulation demands a proactive stance from a regulator (with particular care being taken where home supervisors have responsibility for FSBs with operations in a large number of other jurisdictions) and a means of assessing the effectiveness of a regulator in providing spontaneous information about FSBs and regulatory standards;

    • 2.34.3. cooperation in respect of licensing also requires a clear division of responsibilities between host and home supervisors and information flows that are appropriate, taking account of the size and systemic significance of FSBs;

    • 2.34.4. cooperation in respect of enforcement often involves individuals and businesses that are not regulated FSBs, and this raises the issue of the protection of civil rights;

    • 2.34.5. cooperation requires the development of trust between regulators, which is enhanced by regular contact bilaterally and at multilateral conferences;

    • 2.34.6. the wider benefits of cooperation to the world financial system need to be taken into account when considering technical assistance and setting priorities;

    • 2.34.7. although most of the difficult issues raised concern the exchange of confidential information, the value of public information should not be ignored; and

    • 2.34.8. all forms of cooperation can be assisted by ensuring that powers, resources, and capabilities are adequate; that regulators adopt a proactive and creative stance; that priorities are set for the use of resources; and that MoUs set out a full understanding of what is expected.

3. Multilateral and Bilateral Instruments for Regulatory Cooperation

  • 3.1. In the past twenty years, and especially in the last ten, there have been numerous initiatives by international organizations that establish principles to promote financial sector soundness and the combating of money laundering and the financing of terrorism. These conventions, principles, and recommendations include provisions that advocate or require broad cooperation among financial sector regulators, financial intelligence units (FIUs), and law-enforcement authorities in all countries. Some of these instruments will be discussed in more detail below, but the voluntary versus obligatory nature of these instruments deserves consideration.

  • 3.2. Under the auspices of the United Nations, three international conventions have been concluded: the Convention against Illicit Traffic in Narcotic Drugs and Psychotropic Substances (1988) (Vienna Convention); the International Convention against Transnational Organized Crime (2000) (Palermo Convention); and the International Convention for the Suppression of the Financing of Terrorism (1999) (CSFT). The Vienna Convention is concerned essentially with crimes connected with narcotics and money laundering and the CSFT with combating terrorism and money laundering. The Palermo Convention has the broadest potential for promoting international cooperation in combating crimes affecting the financial sector. It covers conspiracy broadly defined, money laundering, corruption, and obstruction of justice. Conventions create obligatory rules. Yet an impediment to their effectiveness for some countries, including in fostering international cooperation, may be their obscure nature, lack of specific implementation modalities or designation of responsible national authorities, or ambiguity as to their sufficiency or validity.

  • 3.3. For example, there is ambiguity in the Vienna and Palermo conventions concerning whether the provisions in those conventions on mutual legal assistance are consistent with treaties on mutual legal assistance that are in effect between particular parties. Instead, those conventions could have adopted the solution in the CSFT: its Article 11(5) provides that provisions of all extradition treaties and arrangements between state parties with respect to the offenses covered by the convention “shall be deemed to be modified as between states parties to the extent that they are incompatible with this Convention.” Thus, the rules that prevail are those of the CSFT regardless of other treaties or arrangements on the same subject matter. The rules are clear.

  • 3.4. Regarding sufficiency of the conventions, the Palermo Convention, in Article 13(9), provides that “States Parties shall consider concluding bilateral or multilateral treaties, agreements or arrangements to enhance the effectiveness of international cooperation undertaken [for confiscation of instruments or proceeds of crime].” Yet the article contains comprehensive procedures for cooperation in confiscation, and the convention is replete with commitments for cooperation that are relevant to confiscation. Article 5(4) (g) of the Vienna Convention is to the same effect. Article 13(6) of the Palermo Convention states that a state party may elect to make the actions of identifying and seizing proceeds of crime and requesting competent authorities to issue an order of confiscation conditional on the existence of a relevant treaty, but in such a case that convention shall constitute the treaty. Why the clear commitments under the convention could or should be made conditional on the very convention is not obvious.

  • 3.5. Although international conventions should be enforceable against parties that have ratified the agreements, as a practical matter, if a state does not fulfill its obligations under a convention, there is little that can be done. If a somewhat informal complaint does not result in satisfactory action, an aggrieved state would send a diplomatic note complaining of the violation. If that does not produce compliance, a country could attempt to submit its dispute to the International Court of Justice (ICJ), which has jurisdiction, under Article 36 of its statute, over any breach of an international obligation. The only remedy, however, is damages, which are not apparent or substantial in the case of a failure to cooperate within the terms of one of the cited conventions. The ICJ does not issue injunctions to compel compliance with obligations. The ICJ issues advisory opinions that could perhaps embarrass a country that fails to fulfill an obligation to cooperate under a convention; but in financial sector regulation and AML/CFT, there are more practical instruments.

  • 3.6. The Vienna Convention, Palermo Convention, and CSFT all include articles on the settlement of disputes whereby a dispute concerning the application of the convention shall be settled by negotiation or arbitration. If the parties are unable to agree on organizing arbitration, one party may submit the dispute to the ICJ. Many countries have reservations about this provision, however, as they believe that one state should not be able to subject another state to adjudication. As indicated above, however, the outcome of an ICJ submission is problematic in the case of cross-border cooperation and information sharing in the financial sector regulatory and AML/CFT contexts.

  • 3.7. Instruments of standard-setting bodies, described more fully in Section 4 and Appendix B, are, by their nature, voluntary, yet there is strong encouragement by the international community to make such instruments “soft” law. The pressure exerted by such standard-setting bodies is reinforced by the Financial Sector Assessment Program (FSAP) of the World Bank and the IMF and related Reports on Observance of Standards and Codes (ROSCs). Under this program, countries are evaluated with regard to their compliance with the principles and recommendations of the standard-setting bodies, including those related to international cooperation. Moral suasion, national pride, peer pressure, and, in the case of Financial Action Task Force (FATF) recommendations, the risk of countermeasures combine to induce countries to improve laws, policies, and practices that are not in conformity with the SSBs’ dictates. Furthermore, shortcomings noted in the ROSCs often become elements for reform of IFI-supported financial programs. IFIs also provide technical assistance to enable countries to attain SSB standards.

Legal Nature of MoUs

  • 3.8. Some MoUs are binding instruments, where regulatory authorities agree to provide information and undertake other actions that are described in the agreement. They provide that on the request of one regulator, the other will provide the information or take the agreed action. If one party were in breach of its obligations, it is questionable whether the other party could compel production of the information or other action provided for in the agreement, but nevertheless clear commitments between responsible institutions are established.

  • 3.9. The IOSCO Multilateral Memorandum of Understanding concerning Consultation and Cooperation and the Exchange of Information of May 2002, whose stated purpose is to provide securities regulatory authorities with “the fullest mutual assistance possible to facilitate the performance of the functions with which they are entrusted,” provides, in paragraph 6(a), that“the provisions of this Memorandum of Understanding are not intended to create legally binding obligations or supersede domestic laws.” This approach is very common in bilateral MoUs between regulatory bodies. In the case of the IOSCO multilateral MoU, however, the agreement establishing the MoU also creates a mechanism for monitoring and enforcing compliance. Under this agreement, as set out in Section III of Appendix B of the MoU, the signatories to the MoU form themselves into a monitoring group that is able to discuss a range of issues, including noncompliance by a signatory. In that event, the monitoring group can propose sanctions including providing a period of time for the signatory to comply; full peer review of a signatory that may not be in compliance; public notice of noncompliance; suspension of a signatory from MoU participation; or termination from MoU participation as provided in the MoU.

  • 3.10. In many countries, it is not possible for a body other than the government to negotiate binding legal instruments; and, in such countries, the parliament must approve what would, in effect, once agreed to, be law. Regulatory bodies, while capable of implementing binding regulations themselves, can do so only within the context of underlying legislation and could not impose financial services rules that overrode other rights enshrined in law. In such countries, the process of getting the necessary approvals to a legally binding agreement on cooperation would be too high an obstacle. Pragmatically, it makes sense to adopt a non-legally binding instrument and rely on informal pressure to ensure compliance. This is especially so, since, as the preceding analysis demonstrates, the actual enforceability of legally binding instruments may be more apparent than real.

  • 3.11. Cross-border financial regulatory activities and efforts to combat money laundering and the financing of terrorism that have cross-border attributes have been developing rapidly over only the past several years. Thus, whether or not particular bilateral or multilateral agreements for mutual assistance in financial sector regulatory and criminal matters are considered to be legally binding, their wide use and effectiveness is what matters.

  • 3.12. Bilateral MoUs have the advantage that they can be tailored to the precise needs of the signatories. This may be the case, for example, where there are a large number of common institutions, or where two jurisdictions share similar characteristics and problems. They can be drafted in a way that speeds up the processing of requests for information and to ensure that spontaneous transmitting of information occurs appropriately. They can overcome the difficulty that arises when a regulator does not know who to contact in a jurisdiction and how to make a request. When two jurisdictions prepare to sign an MoU, they will generally conduct due diligence on each other’s laws and regulatory systems. This can be helpful in increasing understanding of each other’s standards.

  • 3.13. Some jurisdictions prefer not to enter into MoUs because of the amount of time and resources involved in negotiation of an MoU. It is not clear why this is or should be so. The nature and basic subject matter of MoUs are well known. For example, the recommendations for the content of MoUs by the Basel Committee and the model MoU of the IAIS provide for this. Sometimes jurisdictions do not have the requisite legal authority to commit to share confidential information or take evidence on behalf of a foreign authority, so an MoU that would provide for this cannot be entered into before enabling legislative changes are made. Sometimes the counterparty’s analysis of the legislation of the other party reveals this. Such situations should not, however, be considered as necessitating arduous negotiation to reach agreement on an MoU.

  • 3.14. Instead, the parties should understand that certain basic conditions must exist for conclusion of an MoU between regulatory agencies or FIUs for cross-border cooperation and information sharing. A jurisdiction that takes the initiative for conclusion of an MoU should have a “term sheet,” an outline of its basic requirements for an MoU. If the counterparty realizes that it does not have the legal authority or that it would be contrary to policy to establish an MoU with such elements, negotiations would not begin and further time would not be unnecessarily expended.

  • 3.15. Due diligence by one party concerning the legislation of the other party is problematic. Regulators or lawyers of one country often are not capable of adequately analyzing foreign legislation, regulations, and practices. Instead, a regulatory agency should engage local counsel in the other jurisdiction for this purpose. A less adequate alternative, because it may be self-serving, is for a regulatory authority to obtain a legal opinion concerning its capacity for cooperation and information sharing in the financial regulatory and AML/CFT context that can be provided to foreign authorities “off the shelf.”

  • 3.16. Thus, the process of negotiating an MoU can be made more efficient if the procedure is rationalized. Model MoUs can also contribute considerably to this endeavor.

  • 3.17. Some model MoUs (and this is true, for example, of the IAIS model MoU discussed in Appendix B) provide for specific information to be passed by the requesting authority to the requested authority to justify the request. This is usually included because of the provisions in the legislation of many countries to the effect that a regulatory authority must satisfy itself that a request is for a proper purpose, and that information will be used and protected appropriately, before that regulatory authority can pass information. The authority must therefore have enough information to make this judgment.

  • 3.18. An alternative approach—which is taken, to a large degree, in the IOSCO multilateral MoU—is to provide that the MoU itself contain provisions that commit the requesting authority to the proper use of the information, to appropriate confidentiality, the avoidance of “fishing,” and so on. Given the degree of trust that must exist between regulators to allow for the signing of an MoU in the first place, it would be preferable, and would streamline the process, if MoUs took this form and allowed requested authorities to take on trust that a request from a fellow MoU signatory was for a proper purpose and that the information received would be used appropriately, without having to satisfy itself on these scores on each occasion.

Summary of Themes

  • 3.19. The themes that arise from this analysis are the following:

    • 3.19.1. multilateral instruments are an essential part of the infrastructure of international cooperation;

    • 3.19.2. bilateral MoUs are valuable in establishing a proper understanding of the roles and expectations of the signatories, as well as speeding up the process of cooperation in specific cases;

    • 3.19.3. multilateral MoUs are useful in establishing standards and applying peer pressure on all regulators to meet those standards;

    • 3.19.4. MoUs can be burdensome to negotiate, but this need not be so if models are used;

    • 3.19.5. MoUs. can sometimes include burdensome requirements on the authority requesting information, but, with appropriate drafting, this can be avoided; and

    • 3.19.6. treaties are valuable in achieving international credibility for standards and providing a formal legal basis for cooperation (even if, in practice, enforcement of such treaty obligations is problematic).

4. Approaches Taken by Different Sector Regulators

  • 4.1. A detailed description of the standards set by each of the standard-setting bodies is in Appendix B. This section discusses the main differences and similarities.

  • 4.2. The differences in approaches reflect the nature of regulation and regulatory priorities of the different sectors. Traditionally, the focus of banking and insurance supervision has been on the safety and soundness of the sectors as a whole and specific FSBs. Commercial banking laws are designed primarily to promote the solvency of institutions and are not concerned explicitly with relations of banks with customers. In the case of banking and insurance, however, the first priority for the protection of the customer may be the continuing financial stability of the FSB. By contrast, the focus of securities regulators has been on the conduct of business by an FSB, the obligations of an issuer of securities (such as the timeliness, adequacy, and accuracy of information disclosed to investors and the market), and the fairness and stability of securities markets. The customer’s interests depend less on the continued solvency of the supplier of investment products and more on the way products are sold, managed, and traded. Moreover, securities regulators are often responsible for the investigation of criminal offenses by people who are not involved in regulated businesses when they are engaged in offenses involving market abuse and securities fraud. For this reason, they need to exchange information on customers’ records as well as information about FSBs. The FATF is, of course, essentially focused on the activities of customers who may be money launderers or terrorists.

  • 4.3. The differences in approach to cooperation reflect the disparities of regulators from each sector:

    • 4.3.1. IOSCO and the FATF place more emphasis on enforcement and cooperation than the other bodies, and cooperation requirements are more extensive and feature more prominently in the objectives and principles;

    • 4.3.2. IOSCO, the IAIS, and the FATF refer explicitly to the need for regulatory authorities to be able to carry out investigations to collect information for foreign regulators;

    • 4.3.3. the Basel Committee focuses on the use of information for supervisory purposes, whereas IOSCO, the IAIS, and the FATF discuss the need to use information sharing as a means of preventing and detecting wrongdoing of various kinds by the users of FSBs.;

    • 4.3.4. the Basel Committee and the IAIS focus primarily on the need to share information about FSBs themselves, whereas the FATF and IOSCO insist that there should be information sharing about customers of financial institutions;

    • 4.3.5. the Basel Committee and the IAIS discuss the importance of home and host supervisory roles, whereas this matter does not figure explicitly in IOSCO and FATF standards; and

    • 4.3.6. standard setters focus, for obvious reasons, on the kind of information most relevant to their own specific financial services sector, and therefore their descriptions of the kind of information that should be shared differ.

  • 4.4. These variations should not be regarded as reflecting contrasting atttudes, but simply differences in the nature of regulation or in the priorities of regulators from each sector. Any differences in practice have become less evident in recent years. The growing number of regulators with responsibility for all aspects of financial sector regulation has meant that there are more regulators who will seek to apply common standards across different financial services sectors. In addition, the recommendations of the FATF have had the effect of increasing the role of the financial regulator in the fight against crime—particularly money laundering and the financing of terrorism but also, through the extension of predicate offenses, other forms of crime. All regulators of all sectors have therefore increasingly been under pressure to cooperate in matters affecting the customers of FSBs as well as those affecting the FSBs themselves.

  • 4.5. As a result of these trends, there are a substantial number of common themes among the standard-setting bodies.

    • 4.5.1. As a matter of principle, they all require that domestic secrecy or confidentiality laws not prevent sufficient information exchange to allow for the proper performance of the regulatory function. Where there is a danger of this occurring, the standard setters urge regulatory authorities to seek changes in the legislation.

    • 4.5.2. All the standard setters emphasize the need for proactive sharing of information as well as the need to provide information on request.

    • 4.5.3. All the standard setters require that information passed from one regulator to another should be subject to adequate confidentiality protection and accept that the authority providing information is entitled to impose conditions in this respect.

    • 4.5.4. All the standard setters also provide, however, that confidentiality conditions should not defeat the purpose for which the information is requested. Thus, information requested for the purpose of civil or criminal proceedings is bound to be disclosed at some point as part of those proceedings. Moreover, all the standard setters provide that confidentiality conditions will have to be overridden by court order or legislative requirement in some cases and that they cannot prevent a regulator from disclosing information to the appropriate law-enforcement authority when the information reveals criminal activity.

  • 4.6. Appendix F contains a table comparing the pronouncements of the standard-setting bodies for the four sectors in regard to their approach to cross-border cooperation and information sharing.

    • 4.6.1. With respect to pronouncements on information sharing, standard-setting bodies for all four sectors agree that information should be shared with like regulators; the regulatory system should provide for sharing information with foreign regulators; a request for information should be justified; information received should be used only for the stated purposes; confidential information should be shared, but the law may require disclosure of confidential information that has been obtained; and shared information should be protected. Three of the four sectors have stated that information concerning customers should be provided (except the IAIS); a parent authority should inform a host authority on major matters affecting a related host-based FSB, and information regarding material developments in an FSB should be provided in either direction (except the FATF); investigations should be undertaken for counterpart authorities (except the Basel Committee); and information should be exchanged with noncounterparts (except the Basel Committee). The FATF exceptions are understandable, given the focus of AML/CFT efforts on customers of FSBs rather than FSBs themselves, but information regarding a major institutional concern, like the Riggs National Bank case, could be useful to foreign banking supervisors, enabling them to investigate transactions of entities in their jurisdiction with the institution in question. Only the FATF has stated that transactions relating to fiscal matters should not be an obstacle to cross-border cooperation.

    • 4.6.2. With respect to pronouncements of the standard-setting bodies on cooperation in cross-border regulation, all except the FATF (for obvious reasons) have stated that FSBs abroad must be permitted to provide information to their home-country regulator. The Basel Committee and the IAIS have emphasized the need for cooperation in consolidated supervision, and the Basel Committee alone has advocated the authority of a parent FSB supervisor to inspect a related host country entity at the discretion of the home-country supervisor.

    • 4.6.3. With respect to pronouncements on mutual legal assistance (MLA), only the FATF has stated that regulators should facilitate MLA; MLA should not be refused on the basis of bank secrecy or the need for dual criminality; there should be cooperation in the freezing and seizing of assets; and foreign authorities should ratify international conventions for cooperation. Since numerous countries have ratified international conventions, described in Subsection 3.2, that include provisions for MLA, this perhaps explains why other standard-setting bodies have not felt the need to articulate elements of MLA cooperation. For the FATF, MLA is often crucial for identifying targets and assets for AML/CFT investigations.

    • 4.6.4. With respect to pronouncements on MoUs, all are clear that MoUs should not be a precondition for exchange of information. On the one hand, IOSCO has emphasized the advantages of MoUs (and this is consistent with its initiative to develop a multilateral MoU and the importance placed upon its use). The IAIS has also published a model MoU. On the other hand, the FATF has not promoted MoUs, though they are used in practice by many AML/CFT authorities. This is perhaps because the Egmont Group has not encouraged the use of MoUs. As to the provisions to be included in MoUs, both IOSCO and the IAIS have indicated that a requester should provide a detailed justification for a request for information or other cooperation; documents from third parties should be included in the scope of information provided; confidential treatment should be accorded for information provided; and requests may be denied in the public interest of the requested authority. IOSCO has made explicit that provision of specific transaction and account information should be included in requests. Both the Basel Committee and IOSCO have indicated that information regarding beneficial ownership of accounts should be within the purview of information provided.

  • 4.7. One factor that is evident from the experience of regulators and was emphasized at the Washington conference, was the difficulties that can arise with respect to “diagonal” information exchange—namely information that needs to be passed from a banking supervisor to a securities regulator or from a regulatory authority to an FIU. In some cases, this can be overcome by using a two-stage information exchange (passing information from, say, a banking supervisor in one jurisdiction to a banking supervisor in another, and then from a banking supervisor in one jurisdiction to a securities regulator in the same jurisdiction). The problem is becoming less evident with the integration of regulatory authorities and as gateways are reviewed. Nevertheless, it is a matter that deserves attention. It is referred to in the IOSCO Objectives and Principles3 but not explicitly in other standards.

Summary of Themes

  • 4.8. The themes that arise from this discussion are the following:

    • 4.8.1. there are some differences in the emphasis placed by the sector-based standard setters on particular aspects of cooperation;

    • 4.8.2. these differences arise from the traditional focus of different sector regulators, with banking and insurance supervisors having a greater focus on FSBs themselves, and IOSCO and FATF focusing more on the relationship between FSBs and customers;

    • 4.8.3. these differences are becoming less evident in practice, however, as a result of the increasing incidence of regulators with responsibility across the entire financial sector and the influence of the FATF in raising awareness of the role of the regulator in fighting financial crime and terrorism;

    • 4.8.4. difficulties with diagonal information exchange remain; and

    • 4.8.5. it follows that all regulators in all sectors need to ensure that their information-gathering powers and the legal gateways for cooperation are sufficient to allow all forms of cooperation and that confidentiality restrictions neither defeat the purpose of the information exchange nor prevent the receiving authority from responding to lawful requirements or disclosing information about criminal activity.

5. Barriers to Cooperation

  • 5.1. Appendix C discusses barriers to cooperation that may arise because of inadequate domestic cooperation; inadequate legal powers; bank secrecy; legal, constitutional, cultural, and political factors; and inadequate resources. This section discusses the key issues.

Reasons for Barriers

  • 5.2. Certain barriers to cooperation have arisen in the past because some jurisdictions have found it helpful to promote their financial services partly by emphasizing that they provide confidentiality. More recently, persons providing company incorporation services have promoted jurisdictions on the basis that the true identities of the owners of such companies can be concealed. Certain financial centers have also been characterized by promotion of their secrecy legislation. Although such jurisdictions have not intended to attract those who wish to escape from proper law-enforcement and other official agencies, the fact is that the offer of confidentiality is an attraction to people with intentions of evading the law. Over time, some FSBs in such countries have come to believe that, for whatever reason, their customers value privacy. Accordingly, these FSBs have lobbied for the reinforcement of that privacy through bank secrecy laws and explicit barriers to information exchange. In jurisdictions like these, there has been resistance to the removal of barriers to the exchange of information.

  • 5.3. Barriers to cooperation also arise for other reasons. On the one hand, it is an uncomfortable fact of life for regulators that there is increasing public frustration at the existence of legal and other barriers that hinder the work of law-enforcement authorities when investigating crime, punishing criminals, and returning stolen property to its rightful owners. On the other hand, there is increasing public demand for protection of personal data and increasing attention paid to the rights of individuals, so that investigations into their private affairs have to be conducted according to set procedures with appropriate safeguards provided for civil rights. Laudable though these objectives are, the fact remains that the measures designed for data protection and civil rights can be barriers to cooperation.

  • 5.4. The concerns that lead to such barriers are by no means unreasonable. A more detailed discussion of the legitimate reasons for protecting confidentiality is set out in Appendix D. In summary, these include

    • 5.4.1. the protection of commercially confidential information of FSBs, for competitive reasons;

    • 5.4.2. the protection of individuals from improper harassment by the state (or by a foreign state);

    • 5.4.3. the protection of the right of the individual to due process and civil rights; and

    • 5.4.4. the protection of the source of information.

  • 5.5. It would be wrong to assume that these legitimate concerns could simply be ignored. The key to improving cooperation is to apply the necessary pressure to overcome the demand for secrecy, which arises for the reasons set out in subsection 5.2 above, while maintaining respect for the more legitimate reasons for protecting the confidentiality of personal data. Decisions on whether to cooperate in particular cases will not always be easy. Nevertheless, in practice, most requests for information come from jurisdictions that understand the need for proper confidentiality and have proper regard for the civil rights of those under investigation. Most such requests can therefore properly be accepted.

Nonlegal Barriers

  • 5.6. As Appendix C describes, there can be substantial cultural and political barriers to cooperation. These barriers often arise because FSBs in a jurisdiction believe that the maintenance of strict secrecy provisions is necessary to their continuing commercial success. They argue that the efforts by the IFIs and certain countries to remove barriers to cooperation are simply attempts to gain an unfair competitive advantage. Such an argument has, from time to time, been taken up by governments of some (often smaller) jurisdictions.

  • 5.7. This view, held by certain jurisdictions, is given credibility by the obvious fact that most money laundering, financial crime, and tax evasion occurs in the larger jurisdictions with mature financial centers and by the fact that such countries also have some barriers to cooperation and some weaknesses in their own legal capacity to exchange information or freeze and seize assets. Larger jurisdictions that focus exclusively on the role of smaller countries in assisting financial crime play into the hands of those who resist the breaking down of barriers, by ignoring the weaknesses in their own jurisdictions. This gives smaller jurisdictions scope to argue that the larger countries should reform their own procedures before applying pressure on others.

  • 5.8. In addition to the political and cultural barriers described above, smaller jurisdictions may lack the financial resources or the skilled staff to carry out investigations and information collection for other jurisdictions. Although it is fair to say that a jurisdiction that does not have the resources to regulate its financial sector properly should not be in the business of providing financial services (at least not for export to other jurisdictions), it is another matter to claim that a smaller jurisdiction should pay the cost of investigations conducted primarily for other, larger, and richer jurisdictions.

  • 5.9. Inadequate domestic cooperation also limits the ability of regulators and FIUs to cooperate internationally. In many jurisdictions, governmental agencies do not liaise well with one another. For example, a bank supervisor may not be able to obtain information from a securities regulator that is sought by a foreign bank supervisor, or an FIU may not be able to obtain information from local law-enforcement authorities that is requested by a foreign FIU. Some FIUs have found that the secondment of customs or police officials to an FIU facilitates liaison domestically.

  • 5.10. Even where the law does not create an obstacle by requiring, as it does in some jurisdictions, that assistance be provided by a regulatory authority or FIU only to counterpart authorities, in practice cooperation is easier in many cases between counterparts.

  • 5.11. Requests from abroad for information that is in the possession of the requested authority is easier to obtain than information that the requested authority must obtain by use of compulsory powers. Information to be used for administrative or civil matters is often easier to obtain than information to be used for criminal proceedings.

Overcoming Nonlegal Barriers

  • 5.12. Ultimately, only the governments and regulators in each jurisdiction can overcome domestic cultural and political barriers. They are being encouraged to do so. There is no doubt that the program of evaluation of regulatory standards has had continuing success in reducing barriers to cooperation. The imminence of an assessment and the prospect of an adverse published report are effective spurs to reform. Their effectiveness rests on the perception that the adverse effect on a jurisdiction of a critical report by an IFI is more important than any advantage its FSBs may get from excessive secrecy. To ensure that this remains so, and to avoid the risks of making room for arguments such as those described in subsection 5.6, it is important that IFIs continue to

    • 5.12.1. recognize that weaknesses in cooperation exist in all countries and not simply smaller ones and to apply standards equally to all jurisdictions;

    • 5.12.2. recognize the legitimate reasons for confidentiality (in ways discussed further later on); and

    • 5.12.3. encourage all jurisdictions to understand that their continued prosperity relies on access to the world’s financial markets and that such access can only be enhanced if they are seen to meet international standards of regulation, including cooperation.

  • 5.13. In the past, special actions taken against selected jurisdictions (such as the first FATF NCCT (non-cooperative countries and territories) evaluation, which concentrated purely on offshore centers) have not always operated on this basis. More recently, however, the application of the NCCT exercise to a wider group and the use of the same evaluation methodology by the IFIs for all jurisdictions have resulted in the principles set out previously being applied.

  • 5.14. There is clearly scope for providing financial and other technical assistance to assist with the resource constraints that may constitute barriers. Asset sharing can be of considerable significance—but not all investigations result in the confiscation of assets that can be shared. Assistance in dealing with a request can be provided on a case-by-case, bilateral basis.

  • 5.15. There may be a case for mentoring or twinning arrangements between larger and smaller jurisdictions. This could take the form of financial assistance, staff secondments, and training. In this way, the interests of the smaller jurisdictions in achieving good regulation, and of the larger jurisdictions in securing maximum cooperation, can be served.

Inadequate Knowledge of Capacity and Mechanisms for Cooperation

  • 5.16. An important barrier, in practice, to efficient provision of cross-border assistance is the difficulty frequently encountered by regulatory authorities and FIUs in knowing to whom to send requests for assistance. For example, for large, unitary regulatory agencies, knowing to whom one should address a specific type of request could make the difference between receiving a timely and useful or an untimely and useless response.

  • 5.17. Therefore, each regulatory authority and FIU should publish on its website the name and contact details for sending requests of different types; for example, for different sectors for unitary regulators, or for requests for taking evidence as distinguished from requests for information contained in a database.

  • 5.18. Equally important is the failure to recognize the capability of foreign financial centers to cooperate. It is evident that there remains a view that certain “offshore centers,”however defined, are unwilling, as a group, to cooperate. Moreover, a number of coutries will have had experiences where one or more such jurisdictions have failed to cooperate in advance. They may, perhaps understandably, extrapolate that experience to all such centers. As a result, they may then cease to ask for information, remaining of the view that all such centers should be written off as partners. By ceasing to seek information, however, countries that take this view may not notice the changes that are taking place there or may fail to notice the different practices of different centers. It follows that all financial centers should continue to press all fellow regulators to exchange information whenever they have reason to seek information. It would also be helpful if all regulatory authorities could publish (preferably on a website) the precise details of their ability to cooperate, the conditions that have to be fulfilled, and the information they need from others to support a request.

  • 5.19. A further helpful step is for financial centers, or groups of centers, to hold seminars to explain their procedures for information exchange, so that they can be questioned on their practice by those who hold the view that cooperation is inadequate. Where weaknesses are identified, they can be addressed.

  • 5.20. Monitoring groups (such as that set up by IOSCO under the multilateral MoU) could also be useful in identifying specific weaknesses in specific jurisdictions and in providing a forum for them to be discussed and pressure for improvement to be applied. Similar arrangements could be established, by IOSCO in respect of nonsignatories and by other standard-setting bodies or the IFIs. As a starting point, the IFIs could establish a database of practices based on the experience with FSAP and offshore financial center (OFC) assessments.

Legal and Constitutional Barriers to Cooperation

  • 5.21. Appendix C describes a range of legal and constitutional barriers to cooperation. Although they include many examples of barriers, both domestic and international, there are two key factors:

    • 5.21.1. inadequate legal gateways for sharing information; and

    • 5.21.2. inability of regulators to collect information or to carry out investigations within their jurisdictions.

  • 5.22. Because of the legitimate reasons for protecting the confidentiality of information held by regulators about FSBs and their customers, all jurisdictions have a general provision that such information should be held confidential by both FSBs and the regulators. Such provisions are normal and wholly right and proper. They are required by the international standard-setting bodies. To counterbalance them, jurisdictions need to establish legal gateways through, or exceptions to, the basic confidentiality restriction. Such gateways are also required by standard-setting bodies.

  • 5.23. When criticisms are made that specific jurisdictions have bank secrecy legislation that prevents cooperation, such criticisms are too general to be of any constructive value. As noted previously, all jurisdictions have some general confidentiality or secrecy provisions. The criticism, where it is valid, is that, in some instances, the legal gateways through those secrecy or confidentiality provisions are inadequate—either in a particular case or more generally. The key is to make sure that gateways are expressed in terms that allow proper information sharing and that are interpreted flexibly.

  • 5.24. As Appendix C demonstrates, gateways can be inadequate in many ways. The most important inadequacies are the following:

    • 5.24.1. The gateways set conditions for information exchange that require an analysis of the legal and constitutional arrangements of the counterparties, often requiring that they should be comparable or equivalent to those of the requested authority. This analysis can take time, and when legal and constitutional arrangements are very different, it may frustrate information exchange.

    • 5.24.2. The gateways may restrict information exchange to a regulatory body with similar functions. In practice, different jurisdictions vary in their distribution of powers, and this may prevent cooperation. This could be a particular problem where an area of business is not subject to regulation in one jurisdiction but is regulated in another.

    • 5.24.3. Gateways may restrict information exchange to offenses that are equivalent to those in their own jurisdiction (dual criminality) or even to offenses that have involved an illegal act in the requested jurisdiction (dual illegality). Where these conditions are not satisfied, perhaps because offenses are described in different ways, then information cannot be exchanged.

    • 5.24.4. Gateways may restrict information exchange to countries with which there are MoUs or more formal bilateral treaties.

    • 5.24.5. Gateways may require guarantees of confidentiality that cannot easily or reasonably be satisfied. For example, a requirement that confidentiality protection should be to an extent equivalent to that in the requested jurisdiction, while not unreasonable in principle, does impose an obligation for research and due diligence that may not be worthwhile in a particular case. Alternatively, a requirement for an absolute guarantee that a receiving authority will never pass information to another person without the permission of the requested authority could not be signed by a regulator that could be under an obligation to disclose it if there were a court order, or who could be under a legal obligation to disclose any suspicion of criminal activity.

  • 5.25. Appendix E describes the most common forms of confidentiality requirements with appropriate gateways. These provisions are designed to strike the proper balance between the legitimate demands for data protection and the protection of civil rights, on the one hand, and the need to cooperate for regulatory and law-enforcement purposes, on the other hand. The gateways are designed to protect against the kinds of concerns described previously in subsection 5.2 and also in Appendix D.

Overcoming Legal and Constitutional Barriers

  • 5.26. Jurisdictions with different legal traditions and constitutions will wish to express their gateways in different ways. It would be helpful for them, however, to have a model against which to test their effectiveness. The nature of such a model would have to be consistent with the requirements of the standard-setting bodies. The following model is consistent, and could be helpful in assisting jurisdictions to comply, with international standards.

    • 5.26.1. There should be a general confidentiality provision that applies to FSBs and to regulators and FIUs.

    • 5.26.2. There should be gateways that allow exceptions to a general confidentiality provision where confidential information is passed to another regulator or law-enforcement body for the purposes of regulation of FSBs or the investigations of civil or criminal offenses. This gateway should give the regulator the discretion, but not the obligation, to refuse assistance if, having taken account of the following specified factors, and using a preponderance of the evidence test, there was reason to believe that it would be wrong to pass on the confidential information:

      • whether the information was being used for a regulatory purpose or a specific investigation (not for fishing expeditions);

      • whether the information would be afforded reasonable confidentiality (accepting that, in all jurisdictions, there will be legal disclosure requirements that are seldom used but cannot be completely ruled out; that a receiving authority must be able to pass on, to a proper law-enforcement authority, any evidence of criminal activity in its jurisdiction that may be received as a result of information exchange and that, in some cases, where the information is required for administrative enforcement action, a restriction on further disclosure would negate the point of transferring the information in the first place);

      • whether the provision of information for proceedings in another jurisdiction would unreasonably interfere with proceedings in respect of the same offense by the same person or might create a danger of double jeopardy;

      • whether the assistance would impose an unreasonable cost on the requested jurisdiction and the requesting jurisdiction was not prepared to assist;

      • whether there would be reciprocal assistance in corresponding instances; and

      • whether it was generally in the public interest to provide the information.

  • 5.27. None of these factors should be matters that automatically lead to a refusal to provide information. They should simply be factors to be taken into account. Each jurisdiction would need to decide who would have the authority to exercise such discretion. To enhance the prospects for effective cooperation, it would be better if the regulator took the decision—subject to administrative review, if challenged, and, ultimately, to judicial review. Some jurisdictions might consider it preferable to give such discretion to the courts. That is likely, however, to result in unacceptable delays.

  • 5.28. Giving such discretion to the regulator would allow an uncooperative regulator much scope for interpreting them strictly. The fact is, however, that the experience of most regulators is that the majority of requests for information from most regulatory authorities can be met, having taken account of the factors described in paragraph 5.26. This is because, in practice, most requests come from regulatory authorities in jurisdictions that respect confidentiality, offer appropriate civil rights, and follow a proper process. If a regulatory body interpreted them in such a way as to refuse such requests on more than a trivial number of occasions, it would soon become apparent. There may be advantage in pressing regulatory bodies to publish data on the extent to which they had received and accepted or rejected requests for information. This would allow comparisons to be made between different jurisdictions.

  • 5.29. Regulatory bodies would be wise to adopt internal procedures demonstrating that they had taken account of the specified factors.

  • 5.30. The use of bilateral and multilateral MoUs could assist the process of taking account of the specified factors. As discussed in subsection 3.18, if the factors were built into an MoU (either explicitly or implicitly), then it would only be necessary for a signatory to state that a request was within the terms of the MoU and the requested authority could regard itself as satisfied that the relevant factors had been properly considered, unless there was manifest evidence to the contrary. If it became apparent that a signatory was abusing the provisions of an MoU (and it would become clear very quickly if this were so), then that regulatory body should no longer be allowed to continue as a signatory to the MoU.

Inadequate Information-Gathering Powers

  • 5.31. As Appendix D demonstrates, the absence of effective information-gathering powers and the determination to use them can be a serious barrier to cooperation. The need for proper information-gathering powers is established by the standard-setting bodies in greater or lesser detail and certainly includes the need for the regulator to

    • 5.31.1. have the power to insist on certain records being maintained by FSBs, including customer due diligence information and proper records of transactions, for at least five years;

    • 5.31.2. insist, in particular, that records on customers should include details of beneficial ownership where the account holder is a nominee or a company whose shares are held by nominees or are in bearer form, and of beneficiaries and other interested persons where the account holder is a trustee;

    • 5.31.3. have powers to obtain that information from any person (and not just regulated FSBs) for the purposes of information exchange—when the regulator decides it is appropriate;

    • 5.31.4. have general powers to obtain information from FSBs; and

    • 5.31.5. have powers to prohibit FSBs that do not have their mind and management in the jurisdiction and are unwilling or unable to provide information or that are shell banks. Both the Basel Committee and the FATF recommend that shell banks be prohibited.

  • 5.32. A regulator clearly cannot exchange information if there are inadequate powers to obtain it in the first place.

Technical Barriers to Information Exchange

  • 5.33. Technical barriers to information exchange arise when information technology is not compatible. For example, if the word-processing software through which an inquiry regarding targets of investigation is transmitted cannot be readily used in the requested regulator’s information databases, valuable time may be lost in pursing misfeasance.

Summary of Themes

  • 5.34. The themes that arise from this discussion are the following:

    • 5.34.1. Barriers to cooperation arise both from a perception that secrecy is a valuable asset for commercial reasons and from inadequate resources, as well as to protect legitimate commercial and civil rights concerns. Education and international pressure can minimize the effect of the commercial barriers, and technical assistance can alleviate financial resource constraints. It would be wrong to ignore the legitimate reasons for legal barriers, even though there are useful steps that can be taken to lower these barriers.

    • 5.34.2. International pressure from specific countries, IFIs, and standard-setting bodies is more effective in reducing commercial or cultural opposition to information exchange if it is seen to be evenhanded between larger and smaller jurisdictions.

    • 5.34.3. Asset sharing, bilateral assistance, and twinning or mentoring arrangements can be used to overcome a scarcity of resources.

    • 5.34.4. Although all countries have some confidentiality requirements, coupled with a set of legal gateways, in some cases those gateways are hedged with too many and too burdensome prior restrictions.

    • 5.34.5. A useful model to follow, consistent with the standards issued by the standard-setting bodies, would be to establish gateways that could be used after certain factors had been taken into account but with no one factor acting as an absolute precondition.

    • 5.34.6. Preferably, the judgment on the factors to be taken into account should be made by the regulator, subject to administrative or judicial review if challenged.

    • 5.34.7. There are technical barriers and inadequate transparency that can also inhibit cooperation.

    • 5.34.8. Cooperation can be unnecessarily inhibited if the perception that information cannot and will not be shared by a particular jurisdiction is not consistent with that jurisdiction—s current stance.

    • 5.34.9. MoUs can help regulators by explicitly covering the factors to be taken into account so that the judgment is easier to make in respect of any request from an MoU signatory. There would be a general presumption that a request was for a proper purpose and that the requested authority should honor it.

    • 5.34.10. Regulators must have adequate information-gathering and investigative powers.

6. Findings and Recommendations

  • 6.1. The analysis in this paper and the factual material in the appendixes lead to a number of findings:

    • 6.1.1. A regulator with enthusiasm for cooperation can achieve a significant degree of cooperation even when legal powers and gate-ways are not fully developed. There is therefore a strong case for continuing education and encouragement to achieve cooperation.

    • 6.1.2. Cooperation is also enhanced by the development of personal trust between regulators, achieved through personal contact at conferences and other meetings.

    • 6.1.3. Cooperation is necessary for judging licensing applications from FSBs with a presence in more than one jurisdiction, for ongoing regulation, and for enforcement. Especially in the case of ongoing regulation, but to some degree in the other areas, it is necessary to ensure that regulators exchange information spontaneously as well as on request.

    • 6.1.4. It is particularly important to define the roles of home and host supervisors and to take account of the difficulties that arise when a home supervisor has responsibility for multinational FSBs with operations in many jurisdictions, all of which are host supervisors to the same home supervisor that has responsibility for consolidated supervision.

    • 6.1.5. There is a need for criteria to establish which forms of cooperation should be given priority. These criteria should take account of the wider benefits of cooperation to the world’s financial system as well as the benefits to specific regulators.

    • 6.1.6. It is necessary to have adequate information-gathering and investigative powers in order to achieve all forms of cooperation. These powers should, in general terms, cover the elements detailed in subsection 5.31.

    • 6.1.7. Cooperation should cover public as well as confidential information and should encompass other matters such as freezing, seizing, and confiscating assets.

    • 6.1.8. MoUs, both bilateral and multilateral, can be effective in assisting cooperation, although their existence should not be a prerequisite for that cooperation. The drafting process for MoUs need not be as cumbersome as is sometimes feared. MoUs can be drafted in a way that streamlines information flows and obviates the need for requested authorities to satisfy themselves, in each case, that requests are for a proper purpose and that information will be appropriately protected and used.

    • 6.1.9. In addition, multilateral MoUs are an effective form of peer pressure to raise standards.

    • 6.1.10. Treaties are valuable in establishing basic legal commitments for cooperation but raise issues as to their sufficiency.

    • 6.1.11. Differences between the approach of various regulators for different sectors, whether banking, securities, insurance, or AML/CFT, are less significant than they might once have been and no longer need prevent proper cooperation.

    • 6.1.12. Similarities between regulators from different sectors are more important and emphasize the need for proper information sharing to allow regulators to function effectively and to provide that confidentiality requirements, while important, must leave room for the proper use of the information where this involves public proceedings as well as for regulators to pass information as a result of legal requirements or a general public duty to disclose criminal activity.

    • 6.1.13. There are barriers to “diagonal” cooperation between regulators of different sectors.

    • 6.1.14. Political and cultural barriers to cooperation can be overcome by a process of international encouragement, provided it is seen to be fair and evenhanded.

    • 6.1.15. The protection of civil rights can be achieved in a manner consistent with effective cooperation, provided that legal gateways through confidentiality provisions are properly and flexibly drafted and the appropriate body is given the discretion to identify the rare occasions when cooperation is infringing these rights. One model is that described in subsection 5.26.

    • 6.1.16. The proper exercise of that discretion can be encouraged by publishing data on the number of requests for assistance that have been received and accepted or rejected.

    • 6.1.17. Cooperation has a wider benefit to the world’s financial system as well as a benefit in terms of improved regulation of FSBs.

  • 6.2. These findings suggest for discussion the following as recommendations for governments, regulators, standard-setting bodies, and IFIs:

    • 6.2.1. the IFIs and standard-setting bodies should facilitate further conferences for both education and networking, so as to enhance the degree of personal trust necessary for information exchange;

    • 6.2.2. all jurisdictions should assess their confidentiality provisions and legal gateways against the provisions set by international standards, supplemented by the model set out in subsection 5.26;

    • 6.2.3. all jurisdictions should review their information-gathering powers against the provisions established by the standard-setting bodies summarized in subsection 5.31;

    • 6.2.4. all jurisdictions should publish information on whom to contact within regulatory agencies and FIUs for specific types of requests for assistance;

    • 6.2.5. all jurisdictions should publish their record in accepting or rejecting information requests;

    • 6.2.6. all jurisdictions should publish details of the powers and ability to share information, the conditions that apply, and the information that a requesting authority should supply in order successfully to gain assistance;

    • 6.2.7. all jurisdictions should review their practices in dealing with information requests in respect of licensing, ongoing regulation, and enforcement against the approaches described in this paper;

    • 6.2.8. all jurisdictions should set criteria for determining their cooperation priorities;

    • 6.2.9. consideration should be given, by all standard-setting bodies, to drafting multilateral MoUs on the lines agreed by IOSCO;

    • 6.2.10. the standard-setting bodies that have not done so should consider drawing up multilateral or model MoUs and should keep them up to date;

    • 6.2.11. MoUs should, where possible, contain within themselves commitments by the parties to making proper requests in the terms of the standard-setting bodies, with appropriate confidentiality protections, so that a requested authority can take on trust that information is being properly requested and will be properly used by an MoU partner, without having to satisfy itself on that score in each case;

    • 6.2.12. consideration should be given to increased asset sharing and bilateral assistance, and to twinning or mentoring arrangements that could help smaller jurisdictions to cooperate to the fullest extent;

    • 6.2.13. the standard-setting bodies should encourage members to harmonize their information technology software to facilitate rapid communications;

    • 6.2.14. the program of evaluation and education by the IFIs and the standard-setting bodies should continue, with the results published to the fullest extent;

    • 6.2.15. the standard-setting bodies or the IFIs should step up the process of monitoring information exchange in practice and establish forums at which the jurisdictions can be identified and the problems discussed;

    • 6.2.16. the IFIs should facilitate the development of twinning and mentoring between jurisdictions, and those involved in such twinning arrangements should consider whether financial assistance to cover the costs of cooperation (where these create a burden on smaller jurisdictions) could be covered; and

    • 6.2.17. the IFIs should provide technical assistance to member countries that specifically focuses on the removal of barriers to cooperation that are inappropriate.

Appendix A Benefits of Domestic and International Cooperation

  • A.1. Section 2 of the paper describes the purposes of domestic and international cooperation in terms of license applications, ongoing regulation, and enforcement. This appendix gives examples of the kinds of information that should be exchanged in order to gain those benefits.


  • A.2. A regulator faced with an application from a financial services business (FSB) that is a branch or subsidiary of an FSB that is regulated elsewhere is likely to want information about

    1. the regulatory track record of the applicant’s parent company—its compliance culture, its openness with the regulator, and its adherence to the rules;

    2. its capital status (particularly for banks), its solvency (for insurance), and its financial resources (for all sectors);

    3. its record with respect to carrying out due diligence on its customers, which is particularly important in anti-money laundering (AML) efforts and measures to combat the financing of terrorism (CFT);

    4. any material enforcement action that might have been taken;

    5. the risks posed by the FSB’s business to the objectives of its home regulator—such information is helpful for the regulator faced with a new application by enabling it to build a risk profile of the business for the purposes of risk-based regulation;

    6. the owners and controllers of the group as a whole—in order to determine whether they are fit and proper and in order to meet the specification of Financial Action Task Force (FATF) Recommendation 23 that there be “legal or regulatory measures to prevent criminals or their associates from holding or being the beneficial owner of a significant or controlling interest or holding a management function in a financial institution”; and

    7. the ability of the applicant to manage the new investment that is involved in the new license application—whether they have the financial capacity, the management competence, and the technical skills to cope with a new venture.

  • A.3. Information on these matters will assist a regulator to make appropriate decisions on new license applications.

Ongoing Regulation

  • A.4. A key requirement for effective ongoing regulation of multinational FSBs is the appropriate division of duties between home and host supervisors. In principle, these divisions of duties are well established, with the home-state supervisor responsible for prudential matters across a group as a whole and the host-state supervisors focusing on conduct of business by the entity physically located within its jurisdiction. Nevertheless, divisions of responsibility are never clear cut, and there are frequently unique features of an FSB that make the position less obvious.

    1. Most host-state supervisors will expect to monitor the extent to which an FSB conducts due diligence of its customers for AML/CFT defenses. Host-state regulators will frequently expect to set their own standards and requirements so as to achieve a level playing field among different FSBs in their own jurisdictions. FATF Recommendation 22, however, requires a regulatory body to make sure that its standards are exported to all branches and subsidiaries of their FSBs that exist outside its jurisdiction. Cooperation between home and host supervisors to compare standards and to establish the precise roles of both regulators in respect of AML/CFT standards is essential for effective regulation.

      Many large multinational FSBs have complex structures that require several layers of home- and host-state responsibility. A banking group based in Country A could have branches and subsidiaries in Countries B and C and branches in Country D. Subsidiaries in Countries B and C could also have branches in Country D. Supervisors in Countries B and C would be host supervisors for branches and subsidiaries in their own countries and home supervisors for the branches in Country D. The supervisor in Country D would look to the supervisors in Countries B and C to be home-state supervisors for some branches and to Country A to be home-state supervisor for others. Clearly, in such circumstances, the potential for gaps is substantial. Formal agreements, to establish respective roles, should be reached wherever possible.

    2. For all structures, whether complex or not, regulators need to know the general approach of both home and host regulators when considering the application of international standards and the implications of changes in those standards for regulated institutions, including the risk profile of the business or the application to banks of the new Basel Accord.

  • A.5. A further manifestation of cooperation for ongoing regulation is the extent and nature of on-site inspections by a home supervisor of a branch or subsidiary in another jurisdiction. In addition, cooperation can also take the form of joint on-site inspections. Such inspections frequently require formal agreements to ensure that all parties understand their respective roles and have established ground rules for dealing with confidentiality protection. Joint on-site inspections can result in new information being obtained by both home and host regulators, not only about the FSB being examined but also about the respective processes of the regulators. As such, they can be highly effective and valuable forms of cooperation.

  • A.6. Routine ongoing regulation of multinational groups requires a flow of information on regulatory developments concerning an FSB. The consolidated supervisor needs to know if there are factors in branches and subsidiaries in other jurisdictions that might pose risks. Such factors might include the following:

    1. the growing exposure of a bank to connected borrowers in different jurisdictions;

    2. matters that might prompt enforcement action;

    3. concerns about the capital or solvency position of a multinational FSB;

      One example of this relates to the Australian insurance company HIH, in 2001. The Royal Commission investigating the collapse observed that the Australian prudential supervisor, the Australian Prudential Regulation Authority (APRA), was aware of a number of warning signs that HIH was heading toward statutory and commercial insolvency, one of which was an approach by representatives of the U.K. Financial Services Agency (FSA) and a subsequent meeting in the margins of an International Association of Insurance Supervisors (IAIS) meeting in Kuala Lumpur. At that meeting, the FSA informed APRA of the FSA’s concerns about the U.K. branch;4

    4. information about local conditions in either home or host country that may not be apparent from banks’ books of account or financial statements; and

    5. routine findings that provide comfort as well as concern can be exchanged.

      In each of these cases, information flows need to be open and spontaneous and should flow in both directions between home and host supervisors.

  • A.7. Information on legal and regulatory developments in each jurisdiction and their implications for future cooperation is useful to home and host supervisors.

  • A.8. Cooperation between regulators can avoid regulatory arbitrage. Most FSBs in most countries claim, at some time, that they are suffering from unfair treatment, in that regulations are being applied more harshly in their jurisdictions than elsewhere, and will point to one or two examples to prove the point. Some regulatory bodies have been taken in by such claims and have repeated the argument that they, uniquely, are expected to apply international rules to an extent not followed elsewhere. In practice, research into the examples given by FSBs that make such claims tends to show that even where one element of a regulatory regime is biting more harshly on them, there are other countervailing factors. Cooperation between regulators helps them avoid being picked off by individual FSBs or lobbying groups in this way.

Enforcement Cooperation

  • A.9. Enforcement cooperation can take many forms:

    1. the provision of public and nonpublic information about an FSB—including prudential matters concerning its solvency or capital;

    2. the provision of public and nonpublic information about customers that is relevant to the responsibilities of a regulator—such as information on brokerage records to assist in a market abuse investigation, or information on customers to assess the willingness of all members of a group to follow appropriate due-diligence information, or information on specified customers’ accounts to determine the extent of exposure of a group to connected persons;

    3. the use of investigative powers to take statements or compel the production of documents;

    4. freezing, seizing, and confiscating assets where this is within the responsibility of a regulator;

    5. assistance with referrals to prosecutors and with court processes where these are necessary; and

    6. the use of direct-sanction powers, such as a company windup, a cease and desist order, or a revocation of a license.

Cooperation for Regulatory Policy Development

  • A.10. Besides cooperation for more routine matters in financial sector supervision and regulation, cooperation over development of regulatory policy for sectors as a whole can be important, especially where there are significant cross-border implications. For example, in June 2004, the U.S. Securities and Exchange Commission (SEC) and the Committee of European Securities Regulators (CESR) announced plans to increase their cooperation. The primary objectives of such joint efforts are to

    • i. identify emerging risks in U.S. and European Union (EU) securities markets for the purpose of improving our ability to address potential regulatory problems at an early stage; and

    • ii. engage in early discussion of potential regulatory projects in the interest of facilitating converged, or at least compatible, ways of addressing common issues.

      The SEC and CESR will also share their experiences regarding enforcement matters in transatlantic and European cross-border cases. Key areas for discussion are market structure issues, future mutual fund regulation, development of an effective infrastructure to support the use of international financial reporting standards, and credit-rating agencies. By discussing emerging problems at an early stage and working to facilitate convergence of regulatory approaches, the SEC and CESR hope to be able to avoid unnecessary administrative barriers to cross-border capital market activities.5

Domestic Cooperation

  • A.11. Regulators need to cooperate with a financial intelligence unit (FIU) and with other regulators and law-enforcement agencies. For jurisdictions with multiple regulators, cooperation between fellow regulators is especially important. Where regulators are split along financial services sector lines (banks, insurance, and securities), the sector-based regulators have to ensure they are dealing consistently with complex groups. Cross-cutting issues like corporate governance, the approach to fitness and properness, and the implementation of AML/CFT rules must be consistent.

    • For example, in the United States, the financial services regulators have both formal and informal arrangements to share information. The arrangements are numerous because of the several federal financial sector regulators, including the Federal Reserve System, the Office of Comptroller of the Currency (OCC), the SEC, the Commodities Futures Trading Commission (CFTC), and the Federal Deposit Insurance Corporation (FDIC) and 50 individual state insurance and banking supervisors. The cooperation includes identifying emerging issues in the financial institutions industry; coordinating regulatory activities; and the sharing of financial and enforcement information, including prior notification regarding enforcement action taken against a commonly regulated entity. There are shared databases that include restricted information on suspected illegal conduct as well as a separate database for suspicious activity reports (SARs) in relation to bank fraud, theft, and money laundering. In addition to financial institutions and regulatory agencies, law-enforcement authorities also have access to this SAR database.6

    • Cooperation in regulatory policy development takes place in other multilateral forums in addition to the example given.

  • A.12. Some jurisdictions have split responsibilities for conduct of business and prudential supervision between separate regulators. In both Australia and the Netherlands, which have adopted that model, the FSBs have been aware of a striking difference in approach between the two authorities. Prudential supervisors have approached their task in more informal ways, preferring to operate by developing consensus with the regulated entity and through persuasion on a confidential basis, whereas business regulators have been more ready to take enforcement action and to go public with their findings. To a great extent, these differences reflect the different kinds of issues with which the respective authorities are dealing.

  • A.13. Under AML/CFT regulations, FSBs are expected to make suspicious transaction reports (STRs) and, in some jurisdictions, cash transaction reports (CTRs). Cooperation between the regulator and the FIU can identify trends in compliance. This can establish which FSBs or which categories of FSB are reporting properly and which are not. It can identify whether there are trends that need to be reinforced or checked.

    • For example, one offshore jurisdiction established that, at one point, a large proportion of STRs were filed by a small group of banks serving the local population (whereas most banks had offshore clients). The banks, when questioned, stated that their policy was to monitor local newspapers for reports of convictions of drug dealers and, where they established that these involved one of their customers, they would report the last 10 cash withdrawals. Clearly, such STRs were useless, and consequently the jurisdiction was able to mount a campaign to improve reporting standards.7

  • A.14. Cooperation with FIUs can also identify institutions that are themselves most likely to be attracting suspicious customers, and this, in turn, may prompt a review of their due-diligence procedures as well as of the integrity of the owners or controllers of the businesses.

  • A.15. More widely, cooperation can ensure that regulators and law-enforcement agencies can cooperate when action needs to be taken against criminal institutions. The regulator has wide powers that can complement those of the prosecutors and police. It can close down or wind up FSBs or remove specific individuals who may be responsible for wrongdoing.

    • For example, in one jurisdiction, the police suspected that a particular firm, regulated in the business of trust and company administration, was engaged in serial money laundering. In a coordinated action, the police seized the files and computers and sealed the office, while the regulator was able to suspend the license and instruct the banks to refuse to take instructions from the suspect.8

Public and Nonpublic Information

  • A.16. A great deal of effective cooperation, even in enforcement cases, does not require the controversial use of investigative powers or the exchange of nonpublic information.

    There is frequently considerable public information about companies in the form of annual returns and published accounts or of names of directors and owners. Even where these are fraudulent and false, that fact alone is of value. Such forms of assistance can be given without any legal gateways.

Appendix B International Standards for Cooperation

  • B.1. This appendix describes the approach taken by the international standard setters to international cooperation.

Banking: Basel Core Principles and EU Requirements

  • B.2. The need for cross-border cooperation and information exchange is well established among bank supervisors, as is the commitment and practice. The Basel Core Principles (BCP) for Effective Banking Supervision issued by the Basel Committee on Banking Supervision, as amended in 1997, provide the bank supervisory framework for all member countries of the IMF. Core Principle 1 provides that a bank supervisor should have

    • arrangements for sharing information between supervisors and protecting the confidentiality of such information.

  • B.3. Part IV on Cross-Border Banking, which includes principles 23—25, establishes policies and practices for cooperation and information sharing between foreign bank supervisory authorities mainly in the context of consolidated supervision of different branches or subsidiaries of the same bank. The provisions are quoted in the following:

    • 23. Banking supervisors must practice global consolidated supervision over their internationally-active banking organizations, adequately monitoring and applying appropriate prudential norms to all aspects of the business conducted by these banking organizations worldwide, primarily at their foreign branches, joint ventures and subsidiaries.

    • 24. A key component of consolidated supervision is establishing contact and information exchange with the various other supervisors involved, primarily host country supervisory authorities.

    • 25. Banking supervisors must require the local operations of foreign banks to be conducted to the same high standards as are required of domestic institutions and must have powers to share information needed by the home country supervisors of those banks for the purpose of carrying out consolidated supervision.

  • B.4. The Basel Committee also published a paper on The Supervision of Cross-Border Banking in October 1996. This paper derived from an examination of impediments to information flows. It emphasized the need for adequate information flows to allow home and host supervisors to carry out their duties in full. Its 29 recommendations covered a wide range of matters. It drew attention to the importance of unfettered access by the home supervisor to all information related to safety and soundness in the host jurisdiction. The paper stated that although this would not always include information on depositors and customers, there would be circumstances where this would be necessary. Its recommendations also made clear that although it was important that information passed from one supervisor to a foreign supervisor for prudential purposes be used only for that purpose and not be passed to a third country without the prior permission of the supervisor providing the information, it would be necessary to allow for the possibility that, in some cases, a supervisor could be subject to court action to disclose information and that it must always be possible for a supervisor who becomes aware of criminal activity within its jurisdiction to be able to pass information about that activity to the appropriate authority.

  • B.5. In 2001, the Working Group on Cross-Border Banking of the Basel Committee published a note on Essential Elements of a Statement of Mutual Cooperation that provides a reference for memoranda of understanding (MoUs) between bank supervisory authorities or between bank supervisors and other financial sector regulators. MoUs should provide a basis for mutual trust and willingness to share information. MoUs are widely employed by bank and other financial institution supervisors. The note covers three basic elements of MoUs: sharing of information, on-site inspections, and protection of information.

  • B.6. With respect to protection of information, the note states that a supervisor receiving information “must provide the assurance that all possible steps will be taken to preserve the confidentiality of the information received.” If the recipient of information wishes to transmit it to a third party, that supervisor should receive agreement from the supervisors that provided the information. The note recognizes that, in some jurisdictions, a bank supervisor may be legally compelled to release information in its possession to prosecutorial authorities or by virtue of a judicial or parliamentary subpoena, for example. Thus, supervisors should inform those supervisors providing confidential information whether there are circumstances under which they cannot guarantee the confidentiality of information they receive.

  • B.7. The Basel Committee published a paper in August 2003 entitled High Level Principles for the Cross-Border Implementation of the New Accord. This drew attention to the implications of the new Basel Capital Accord for cross-border cooperation, emphasizing the need for clear definition of responsibility between home and host supervisors and enhanced cooperation. This cooperation is particularly necessary to recognize the needs of the home and host supervisors and to avoid duplication of burdens on businesses resulting from redundant or uncoordinated approval and validation work.

  • B.8. Similarly, other papers by the Basel Committee have drawn attention to the implications for cross-border cooperation of other developments such as electronic banking.9

  • B.9. Although the main focus of cross-border cooperation relates to safety and soundness issues, the Basel Committee has also noted the increasing need for supervisory cooperation between banks in relation to specific assets and liabilities—for example, in the context of the abuse of the financial system by politically exposed persons (PEPs) engaged in corruption and by terrorists.10 The committee emphasized that cooperation using mutual legal assistance treaties (MLATs) and via financial intelligence units (FIUs) was usually the most appropriate method but also noted that banking supervisors should play a part. In particular, if a host supervisor were to become aware that a branch of a bank was being used by terrorists, it should inform the home supervisor.

  • B.10. In the European Union, the use of bilateral arrangements for sharing information between banking supervisors is widespread. This is appropriate in view of the liberal right of banks in one European Union (EU) country to establish branches in other EU countries. The EU directives contain rules for the coordination of laws, regulations, and administraive provisions relating to credit institutions. Prudential supervision of a credit institution, including the activities it carries on in other member states, is the responsibility of the home-country supervisor. There is also a requirement for consultation when a subsidiary of a credit institution in one member state seeks a license in another member state and when there is a proposed change in control of an institution that has a subsidiary in another member state. Thus, supervisors need to coordinate with their counterparts in other member states.

Securities Business: IOSCO Principles

  • B.11. Cross-border cooperation is central to the standards set by IOSCO, the International Organization of Securities Commissions. The preamble to the IOSCO by-laws states the following:

    • Securities authorities resolve to cooperate together to ensure a better regulation of the markets, on the domestic as well as on the international level, in order to maintain just, efficient and sound markets:

      • to exchange information on their respective experiences in order to promote the development of domestic markets;

      • to unite their efforts to establish standards and an effective surveillance of international securities transactions;

      • to provide mutual assistance to ensure the integrity of the markets by a vigorous application of the standards and by effective enforcement against offences.

  • B.12. The IOSCO Objectives and Principles of Securities Regulation (updated in May 2003) contain a section on cooperation. The principles highlight first the importance of domestic cooperation in the discussion of Principle 1: “The responsibilities of the regulator should be clear and objectively stated.” IOSCO emphasizes the need for

    • strong cooperation among responsible authorities, through appropriate channels,

    • observing that the responsible authorities are domestic agencies in this context.

  • B.13. Principles 11 through 13 deal with international cooperation as follows:

    • 11. The regulator should have authority to share both public and non-public information with domestic and foreign counterparts.

    • 12. Regulators should establish information sharing mechanisms that set out when and how they will share both public and non-public information with their domestic and foreign counterparts.

    • 13. The regulatory system should allow for assistance to be provided to foreign regulators who need to make inquiries in the discharge of their functions and exercise of their powers.

  • B.14. In the discussion on international cooperation in the Objectives and Principles and in its methodology designed to assess compliance with the principles, IOSCO emphasizes the following points:

    • i. International cooperation should not be inhibited by domestic secrecy or blocking law. Violators of securities laws route transactions through foreign jurisdictions to disguise identity of parties, flow of funds, or beneficial ownership. There is therefore a need to be able to make such information available to a foreign regulator.

    • ii. The potential scope of assistance should encompass a wide variety of assistance needs.

    • iii. MoUs and other arrangements are helpful and should identify circumstances in which assistance can be provided, the types of information to be provided, confidentiality requirements, and permitted uses. An MoU should determine who can give assistance to whom and what procedures should be followed.

    • iv. Although it is important that the confidentiality of nonpublic information be maintained, this should only be done to an extent consistent with the purposes of the release of the information. IOSCO emphasizes that a requested authority may impose conditions ensuring appropriate use of the information and ensuring the confidentiality of the information except pursuant to the uses permitted, such as in a public enforcement action for which use the information was requested.11

    • v. IOSCO urges all jurisdictions to remove any requirements for dual illegality (the need for an illegal act to have taken place in the requested authority’s jurisdiction) and for dual criminality (the requirement that an illegal act under investigation in a foreign jurisdiction would also have to have been an offense if it had occurred in the requested authority’s jurisdiction).

    • vi. IOSCO makes clear that all regulatory authorities should be able to get information about a license holder and its customers, including bank and brokerage records. These should include the name of the account holder, the beneficial owners of bank accounts and of companies, and the beneficiaries of trusts where this information is held in the jurisdiction. They should provide for voluntary cooperation from subjects of an enquiry. They must also be able to get information under compulsory powers and be able to take statements under oath.

  • B.15. In respect of information about conglomerates, regulators should be able to share information about the structure and capital of, and investments in, connected and linked companies; exposures within and outside the group; and internal controls and systems.

  • B.16. IOSCO has taken a further step in developing standards of cooperation by adopting a multilateral MoU.12 The purpose of the MoU is to offer a vehicle, available to all IOSCO members, for information exchange. It is based on the Objectives and Principles. Any IOSCO member can apply to sign it. Whereas in the case of bilateral MoUs, each party has the opportunity to undertake due diligence on their counterparty, this is not possible for a multilateral MoU, where a signatory has no influence over who the other signatories might be. To substitute for bilateral due diligence, IOSCO has created a screening process whereby groups of IOSCO members review the legislation of an applicant country so as to ensure that it has the legal capacity to undertake its commitments. This screening process is rigorous and involves a decision-making and appeal process within the senior councils of IOSCO.

  • B.17. Signatories to the MoU affirm that no domestic secrecy or blocking laws or regulations should prevent the collection or provision of the information requested within the scope of the MoU, by the requesting authority. The MoU also provides that information can be denied under the following circumstances:

    • i. where the request would require the Requested Authority to act in a manner that would violate domestic law;

    • ii. where a criminal proceeding has already been initiated in the jurisdiction of the Requested Authority based upon the same facts and against the same Persons, or the same Persons have already been the subject of final punitive sanctions on the same charges by the competent authorities of the jurisdiction of the Requested Authority, unless the Requesting Authority can demonstrate that the relief or sanctions sought in any proceedings initiated by the Requesting Authority would not be of the same nature or duplicative of any relief or sanctions obtained in the jurisdiction of the Requested Authority;

    • iii. where the request is not made in accordance with the provisions of this Memorandum of Understanding; or

    • iv. on grounds of public interest or essential national interest.

  • B.18. There is no right of refusal on grounds of confidentiality. Within the terms of the MoU, however, the requesting authority undertakes to keep information confidential except where disclosure is necessary to fulfill the purpose for which the information was requested—which includes enforcement proceedings and criminal prosecution—or in response to a legally enforceable demand.

  • B.19. The MoU reinforces the IOSCO stance on dual criminality by stating that

    Assistance will not be denied based on the fact that the type of conduct under investigation would not be a violation of the laws and regulations of the Requested Authority.

  • B.20. The IOSCO President’s Committee has passed a resolution encouraging all members to sign. Moreover, by publishing a list of the members that can sign, IOSCO is putting pressure on all members to amend their legislation so as to be able to sign. It is therefore an effective means of persuading IOSCO’s members to raise their standards.

  • B.21. Within the European Union, the regulatory bodies for securities business have become the Committee of European Securities Regulators (CESR). CESR has devised a common MoU, which draws on the cooperation provisions of the Investment Services Directive (ISD). The ISD provides for requirements of professional secrecy, along with gateways where appropriate, but also requires that

    Member States may conclude cooperation agreements providing for the exchange of information with the competent authorities of third countries or with third country authorities or bodies whose responsibilities are analogous to those of the bodies referred to in points (i) and (ii) of Article 54(3)(a) and points (a) and (b) of the first subparagraph of Article 54(4) only if the information disclosed is subject to guarantees of professional secrecy at least equivalent to those required under Article 50.

  • B.22. This provision imposes a severe test in that it could be argued that it requires a cooperation agreement to be in place before information is exchanged and sufficient research to be done to satisfy the test that confidentiality provisions should be equivalent to those in the EU. Such a provision, if interpreted literally, could prevent a positive response to an ad hoc request. Securities regulators have not all interpreted this provision so narrowly, however, and many exchanges of information take place without a formal MoU. A similar clause is included in the updated ISD currently being finalized.

  • B.23. IOSCO maintains a record of all other MoUs signed between its members, and these show a widespread network of information-sharing agreements. The content varies enormously. The need for such bilateral agreements may begin to fade as more securities regulators sign the multilateral MoU.

Insurance Supervision

  • B.24. The International Association of Insurance Supervisors (IAIS) core principles require that

    • 5. The supervisory authority cooperates and shares information with other relevant supervisors subject to confidentiality requirements.

  • B.25. The IAIS specifically refers to the need to share information to counter fraud, money laundering, and terrorist financing. Otherwise, the key points emphasized by IAIS are the following:

    • i. the need to protect the confidentiality of the information;

    • ii. although information-sharing agreements are useful, they should not be a prerequisite for information sharing;

    • iii. information should be shared concerning supervised institutions and individuals in key positions; and

    • iv. information should be shared on key characteristics of the supervisor’s regime and on any action taken or (preferably) contemplated against a supervised entity.

  • B.26. In December 1999, the IAIS issued a paper on principles applicable to the supervision of international insurers.13 This spells out the information needs of home and host supervisors. The paper emphasizes the need for a check, where necessary, by the host supervisor on information provided by the insurer—although the paper (unlike the Basel Core Principles) does not require that joint on-site visits be permitted. The importance of proactive disclosure by both home and host supervisors is also emphasized in the paper.

  • B.27. The paper suggests that those supervisors whose confidentiality requirements prevent or constrain the sharing of information should review their requirements in consideration of the following conditions:

    • i. Information received should only be used for purposes related to the supervision of financial institutions.

    • ii. Information-sharing arrangements should allow for a two-way flow of information, but strict reciprocity in respect of the format and detailed characteristics of the information should not be demanded.

    • iii. The confidentiality of information transmitted should be legally protected, except in the event of criminal prosecution. All insurance supervisors should, of course, be subject to professional secrecy constraints in respect of information obtained in the course of their activities, including during the conduct of on-site inspections.

    • iv. The recipient should undertake, where possible, to consult with the supervisor providing the information if the former proposes to take action on the evidence of the information received.

  • B.28. The IAIS principles in respect of cooperation are spelled out more fully in the Model Memorandum of Understanding issued as a Guidance Paper by the IAIS in 1997.14 It is comprehensive, containing provisions on all important matters that are relevant to cross-border cooperation and information sharing in the context of insurance supervision, including: (i) the supervisory purposes for which assistance is to be provided; (ii) the types of assistance that may be provided; (iii) the information to be conveyed by the requesting authority in a request for assistance; (iv) considerations of the requested authority in determining whether to accept a request; (v) procedures for taking testimony and conducting inspections; (vi) permissible uses of information supplied and confidentiality; and (vii) onward transmission of information received.

  • B.29. With respect to information to be conveyed by the requesting authority in a request for assistance, paragraph 15 of the IAIS Model MoU provides that the following should be specified by the requesting authority:

    • i. the purpose for which the information or assistance is sought (including in appropriate cases details of the law, regulation or requirement of the requesting authority which is suspected to have been breached);

    • ii. a description of any particular conduct or suspected conduct which has given rise to the request and its connection with the jurisdiction of the requesting authority;

    • iii. the link between any suspected breach of law, regulation or requirement and the regulatory functions of the requesting authority;

    • iv. the relevance of the requested information or assistance to any suspected breach of law, regulation or requirement of the requesting authority.

  • B.30. Paragraph 15 also states that “the requested information must be reasonably relevant to securing compliance with the law, regulation or requirement specified in the request.”

  • B.31. Requested jurisdictions wish to know what use is to be made of the information requested of them, especially to ensure that appropriate confidential treatment is accorded such information. Paragraph 24 of the IAIS model MoU includes the following provisions on permissible uses of information:

    • The information supplied will be used solely for the purpose of

    • i. securing compliance with or enforcement of the law, regulation or requirement specified in the request by initiating or assisting in criminal prosecution arising out of the breach of such law;

    • ii. conducting or assisting in civil proceedings arising out of the breach of the law, regulation or requirement specified in the request and brought by the Authorities or other law enforcement or regulatory bodies within the jurisdictions.

  • B.32. Paragraphs 25 and 26 of the IAIS Model MoU contain illustrative provisions with respect to confidentiality.

    • 25. Each authority will keep confidential to the extent permitted by law:

    • any request for information made under the [MoU] and any matters arising in the course of its operation, unless such disclosure is necessary to carry out the request, or the requested Authority specifically waives such confidentiality; any information passed under the [MoU] unless it is disclosed in furtherance of the purpose for which it was requested.

    • 26. Unless the request provides otherwise, the confidentiality provisions of the [MoU] shall not prevent the Authorities from informing other law enforcement or regulatory bodies within [their] jurisdictions . . . of the request or of passing information received pursuant to a request to such bodies, provided that

      • a. such agencies or bodies have responsibility for prosecuting, regulating or enforcing laws, regulations and requirements [relating to supervision and regulation of insurance];

      • b. the purpose of passing such information to such an agency or body [relates to supervision and regulation of insurance]; and

      • c. the requesting Authority has provided any such undertaking in relation to the information requested which is required by . . . the requested Authority.

    • B.33. Paragraph 26 and subparagraphs (a) and (b) appropriately provide that information received by a requesting authority may be transmitted to law-enforcement or supervisory bodies in its jurisdiction if this is done pursuant to supervision and regulation of insurance. Subparagraph 26(c) may, in some cases, place undue restrictions on onward transmittal of information if a requested jurisdiction does not allow onward transmittal, although such a condition would appear to be inconsistent with subparagraphs (a) and (b). As indicated previously, in most jurisdictions, onward transmittal to criminal-law-enforcement authorities cannot be prevented.

    • B.34. If a supervisory authority does not wish to provide general authority for the use of information it provides, it can attach general conditions: for example, it may specify that the information be used only for supervisory purposes, including for enforcement of law or regulations by the requesting authority or other authorities in its jurisdiction for civil, administrative, or criminal proceedings.

    • B.35. The European Union’s Third Life Directive also includes the provision referred to previously in the context of the Investment Services Directive. In the context of insurance, however, it is widely regarded as meaning that there should be no information sharing without a cooperation agreement (thus breaching an IAIS principle). Particularly in the context of the United States, there is rarely sufficient need to justify the expense of assessing the legal position of any one of the U.S. states in order to enter into an information-sharing agreement with it.

Money Laundering and the Financing of Terrorism: FATF

  • B.36. International cooperation and information exchange is critical for anti-money laundering/combating the financing of terrorism (AML/CFT) activities because of the multinational nature of money laundering and terrorism financing. The layering stage of money laundering often involves transfer of assets from a financial institution in one country to a financial institution in another country in order to conceal the assets or their ownership from law-enforcement authorities. Cross-border cooperation and information exchange for AML/CFT purposes is usually between FIUs that have been established by governments especially for this purpose. They may be independent entities or departments of governmental agencies like ministries of finance, ministries of justice, prosecutors’ offices, or police departments.

  • B.37. The Vienna Convention (1988) provided the basic definition of money laundering that is widely used in other multilateral instruments and laws. It states that

    • The conversion or transfer of property, knowing that such property is derived from any offence [of production, delivery or sale of narcotics], or from an act of participation in such offence or offences, for the purpose of concealing or disguising the illicit origin of the property or of assisting any person who is involved in the commission of such an offence or offences to evade the legal consequences of his actions.

  • B.38. Since narcotics offenses are one of the principal bases of money laundering, the provisions on international cooperation and information sharing in the convention are important for AML.

  • B.39. Article 7(2) provides that parties to the convention shall afford mutual legal assistance to one another for purposes including taking evidence or statements from persons; effecting service of judicial documents; executing searches and seizures; examining objects and sites; providing information and evidentiary items; providing relevant documents and records, including bank, financial, or business records; and identifying or tracing proceeds, property, or instrumentalities for evidentiary purposes. The convention also covers confiscation of assets and extradition of persons. Thus parties to the convention have general authority to cooperate and exchange information on relevant bases for AML. Article 7(15) of the convention provides, however, that mutual legal assistance may be refused for reasons including that the requested party believes the request is likely to prejudice its sovereignty, security, or other essential interests or if the authorities of the requested party would be prohibited by domestic law from carrying out the action requested with regard to any similar local offense.

  • B.40. The Convention for the Suppression of the Financing of Terrorism (CSFT) establishes as an offense, inter alia, collecting or providing funds knowing that they will be used to cause serious injury to civilians, to intimidate a population, government, or international organization to act or refrain from acting as they otherwise would. Article 2 provides that parties to the convention shall afford one another “the greatest measure of assistance in connection with criminal investigations or extradition proceedings” in respect of the offenses covered by the convention, “. . . including assistance in obtaining evidence in their possession necessary for the proceedings.” Whether “in their possession” is a significant limitation is not clear. If this means providing to requesting authorities only information in government agency files rather than undertaking conscientious investigative efforts to establish new files, it would be a limitation. This article also provides that parties may not refuse a request for mutual legal assistance on the grounds of bank secrecy, or involvement of fiscal or political offenses.

  • B.41. The Financial Action Task Force (FATF) Forty Recommendations (FF) contain comprehensive provisions for AML/CFT. Recommendations 35–40 relate to international cooperation and include the need for countries to ratify and implement the Vienna, Palermo, and CSFT conventions and recommendations for countries rapidly and effectively to provide “the widest possible range of mutual legal assistance,” including in investigations, in the absence of dual criminality, and in seizing and confiscating laundered assets or instrumentalities used in relevant offenses. They also urge that money laundering be an extraditable offense and that there be simplified procedures for direct transmission of extradition requests and extraditions based on warrants for arrest.

  • B.42. Recommendation 40 seeks to overcome factors that have been impediments to international cooperation. It says

    • Countries should ensure that their competent authorities provide the widest possible range of international cooperation to their foreign counterparts. There should be clear and effective gateways to facilitate the prompt and constructive exchange directly between counterparts, either spontaneously or upon request, of information relating to both money laundering and the underlying predicate offences. Exchanges should be permitted without unduly restrictive conditions. In particular:

    • Competent authorities should not refuse a request for assistance on the sole ground that the request is also considered to involve fiscal matters.

    • Countries should not invoke laws that require financial institutions to maintain secrecy or confidentiality as a ground for refusing to provide cooperation.

    • Competent authorities should be able to conduct inquiries; and where possible, investigations, on behalf of foreign counterparts.

    • Where the ability to obtain information sought by a foreign competent authority is not within the mandate of its counterpart, countries are also encouraged to permit a prompt and constructive exchange of information with non-counterparts. Cooperation with foreign authorities other than counterparts could occur directly or indirectly. When uncertain about the appropriate avenue to follow, competent authorities should first contact their foreign counterparts for assistance.

    • Countries should establish controls and safeguards to ensure that information exchanged by competent authorities is used only in an authorized manner, consistent with their obligations concerning privacy and data protection.

    • B.43. The FATF Interpretative Note to Recommendation 40 emphasizes the importance of conscientious inquiries by FIUs on behalf of counterparts. It says

      • FIUs should be able to make inquiries on behalf of foreign counterparts where this could be relevant to an analysis of financial transactions. At a minimum, inquiries should include: searching its own databases, which would include information related to suspicious transaction reports and searching other databases to which it may have direct or indirect access, including law enforcement databases, public databases, administrative databases and commercially available databases. Where permitted to do so, FIUs should also contact other competent authorities and financial institutions in order to obtain relevant information.

    • B.44. For CFT, the FATF also has Eight Special Recommendations (SRs) on Terrorist Financing. SR V. on International Cooperation provides that countries, on the basis of a treaty, arrangement, or other mechanism for mutual legal assistance or information exchange, should give one another

      • . . . the greatest possible measure of assistance in connection with criminal, civil enforcement, and administrative investigations, inquiries and proceedings relating to the financing of terrorism, terrorist acts and terrorist organizations.

    • B.45. The FATF Best International Practices paper on Freezing Terrorist Assets emphasizes the importance of international cooperation in CFT. It notes that “the global nature of terrorist financing networks . . . requires unprecedented levels of communication, cooperation and collaboration. . . .”

    • B.46. Best practices to improve international cooperation in CFT by sharing information relating to the freezing of terrorist-related assets includes developing a system for mutual, early, and rapid prenotification of pending designations, so that assets can be frozen simultaneously across jurisdictions. Jurisdictions should also have a system for consultation with other jurisdictions for gathering and verifying identifier information for designated persons and organizations.

    • B.47. Most cross-border communications regarding AML/CFT are with respect to particular suspicious transactions of organizations or individuals, often where the AML/CFT activities take place substantially in the requesting jurisdiction. However, jurisdictions should be encouraged to spontaneously inform foreign authorities of significant AML/CFT risks that authorities in one jurisdiction have become aware of regarding certain businesses or individuals that have activities in other jurisdictions. These could be risks involving certain financial products of financial services businesses (FSBs) or other businesses subject to AML/CFT scrutiny or control risks of particular businesses, including in cases where the suspect activities take place mainly in another jurisdiction.

    • B.48. The basic activities of FIUs are to receive, analyze, and disseminate information related to transactions that may constitute money laundering. While some FIUs—for example, those that are part of police departments—may undertake investigations, FIUs generally provide pre-investigative analysis of transactions for referral to law-enforcement authorities. FIUs exchange information internationally, often using bilateral MoUs, since many AML laws require that FIUs’ cross-border exchanges of information be on the basis of a formal agreement with a foreign authority.

    • B.49. AML laws usually provide that information that is proprietary to FIUs may be exchanged at the discretion of the FIU. This would be mainly information from suspicious transaction reports (STRs) and cash transaction reports (CTRs) in the FIU’s database and information that FIUs can obtain from commercial databases. When information sought by foreign FIUs is not possessed by an FIU but rather by financial institution regulators or by banks, bank secrecy requirements have sometimes been an impediment to exchange of information. As blanket bank secrecy provisions have become less prevalent, there have remained jurisdictions where gateways have been defined too narrowly or interpreted in too restricted a fashion to allow proper cooperation.

    • B.50. The Egmont Group, which has 101 member FIUs [as of June 14, 2006], has issued pronouncements to its members on cross-border cooperation. Although there is a comprehensive procedure for admitting members to the Egmont Group that includes assuring that “they are legally capable and willing to cooperate on the basis of the Egmont Principles of Information Exchange,” those principles are somewhat restrictive in their recommended procedures for information sharing.

    • B.51. The Egmont Principles (of June 2001) advocate sharing of information spontaneously, as well as on request, yet in requesting information, an FIU is recommended to disclose “the reason for the request, the purpose for which the information will be used and enough information to enable the receiving FIU to determine whether the request complies with its domestic law.” Given the vetting of Egmont members and the general purpose of all requests to FIUs, it would seem that requiring all such specific information for each request could have been dispensed with.

    • B.52. Regarding permitted uses of information conveyed to a requesting FIU, the Egmont Principles state that a “requesting FIU may not transfer information shared by a disclosing FIU to a third party, nor make use of the information in an administrative, investigative, prosecutorial, or judicial purpose without the prior consent of the FIU that disclosed the information.” Since the most important use of information obtained by an FIU is to disseminate it for combating money laundering, which usually involves investigative, prosecutorial, or judicial proceedings, requiring specific consent for such uses of information conveyed is questionable. It appears that mutual trust among at least some Egmont members may have a way to go.

Cooperation Regarding Financial Conglomerates

  • B.53. The Joint Forum on Financial Conglomerates issued recommendations in 1999 that are not addressed especially to cross-border cooperation but are quite relevant in view of the multinational presence of financial conglomerates. The forum recognizes the need for regulators to understand how a financial group is managed and risk is controlled—by entity or product line and for coordination among separate regulators to ensure that a conglomerate is adequately regulated.

  • B.54. Thus, there is a need for exchange of information among regulators, both within their own sectors and among regulators of different sectors, and of cross-border exchange of information for conglomerates with activities in different jurisdictions. There is also a need to enhance regulatory coordination, including by designating and defining the responsibilities of a coordinating regulator.

Appendix C Barriers to Effective Cooperation

  • C.1. Although there is much scope for cooperation that does not involve the exchange of confidential information, for the most part, the barriers to cooperation affect information exchange. Much of what follows in this appendix focuses on the barriers to the exchange between regulators of confidential information.

Inadequate Domestic Information-Gathering Powers

  • C.2. Information cannot be exchanged if it is not obtainable by the requested regulator in the first place. Regulators need information about the business of regulated entities and of their customers. For example, bank supervisors need access to information about depositors to ensure that they understand whether there is a risk of concentrated lending risk. Securities regulators need access to information about investors (or depositors of banks) when investigating market-related offenses or following the funds derived from such activities. Insurance supervisors need customer information to meet their obligations under the Basel Core Principles to tackle insurance fraud.

  • C.3. The findings of IMF reports on specific jurisdictions are that, in a number of cases, there are gaps in the requirements placed on financial services businesses (FSBs) in respect of the information they must obtain and hold. Typical examples of this are

    1. the beneficial ownership of FSBs themselves, beneficial ownership of accounts, and beneficial ownership of companies and beneficiaries of trusts where companies and trustees hold accounts with banks;

    2. inadequate provision for the preparation of financial statements, so that basic financial information is not available to the regulator; and

    3. bearer shares, which permit the owners to conceal their identities, without requiring imposition of alternative measures, such as immobilization or an overriding disclosure requirement.

  • C.4. Where jurisdictions allow shell banks to receive licenses, it is very difficult to obtain any information about them. Shell banks are defined for this purpose as banks that have no physical presence anywhere. Licenses are offered to entities with a legal presence in one jurisdiction but with the mind and management elsewhere. That management is not, itself, subject to any regulatory supervision. In such cases, it is highly problematic to obtain any useful information. This is why the Basel Committee and the Financial Action Task Force (FATF) recommend that shell banks not be licensed. This stance by Basel and the FATF has been effective, as indicated by the apparent decline in the incidence of shell banks.

  • C.5. Even where a bank is not a shell, the absence of a physical presence in a jurisdiction where a license is held creates problems in obtaining information where the bank is reluctant to transmit information from one jurisdiction to another—either because of alleged legal restrictions (which sometimes exist) or because of other internal policy reasons. In some cases, it is possible to obtain information through a memorandum of understanding (MoU) with the jurisdiction in which the bank does have a presence. However, MoUs are not always a sufficient substitute for direct access to information by a regulator, and there may be circumstances in which such exchange of information is not possible. It is always better for a regulator to insist that records necessary for it to undertake its tasks are held within its jurisdiction.

  • C.6. Where information is available within a jurisdiction, it is sometimes the case that the regulator has limited access to it:

    1. in some jurisdictions, the regulator is not allowed access to information about customers or depositors, for example, or can only gain such information with a court order; or

    2. in other cases, the regulator does not have explicit powers to monitor the performance of FSBs or to insist on obtaining whatever information is necessary for the fulfillment of its objectives.

  • C.7. Where powers are available, some regulators have been found by the international financial institutions (IFIs) to have inadequate resources to monitor the operation of regulated FSBs properly. A frequent comment made in IMF Reports on Standards and Codes (ROSCs) concerns the absence of a program of effective on-site visits and, sometimes, the absence of sufficient resources to conduct desk-based regulation adequately. Where this is so, such regulators cannot give useful information in response to overseas enquiries, and still less spontaneously, on such matters as the risks posed by these kinds of institutions, any developing regulatory concerns, or the compliance culture.

  • C.8. The ability of a regulator to obtain information even where powers are available can be constrained by excessive political or commercial interests.

    In one jurisdiction evaluated by the IMF, the powers of the regulator to obtain confidential information from FSBs were simply ignored in practice.15

  • C.9. Equally important can be the presence of those with an interest in the regulator’s decisions on the regulatory supervisory board. It can be of value to obtain the expertise and experience of FSB practitioners on a regulatory supervisory board. Where those practitioners are currently subject to regulation, however, conflicts of interest can arise. Even if individuals withdraw from discussions about institutions in which they are themselves interested, they may have a general approach—for example, on the disclosure of information by an FSB to a regulator—that can inhibit a regulatory agency from performing its proper duties. The IMF identified one jurisdiction in particular where this was the case.

  • C.10. Regulatory standards set for all three sectors demand that a regulator should have immunity from actions taken against the body and its staff in respect of their regulatory decisions, provided that the decisions are taken in good faith. The absence of such immunity can inhibit a regulator from acting aggressively to obtain the necessary information.

  • C.11. Finally, a regulator may be inhibited from obtaining the information necessary to do its own job or to assist others because of inadequate domestic cooperation with other agencies in the same jurisdiction

    1. between different regulators, where regulatory responsibility is split;

    2. between statutory regulators and self-regulationg organizations (SROs); or

    3. between regulators and law-enforcement agencies, at least in the context of developing trends but especially as a means of alerting different agencies to concerns about specific institutions and individuals.

  • C.12. In each of these cases, the limitations on cooperation may be exacerbated by inadequate legal gateways between agencies or even by reluctance on the part of staff within one agency to look beyond that agency—s interests to the interests of law enforcement in the jurisdiction as a whole.

Overcoming Barriers to Domestic Cooperation

  • C.13. Such barriers to domestic information gathering and sharing can be overcome. In practice, some jurisdictions set up formal bodies designed to bring the various authorities together to discuss trends and specific cases:

    One jurisdiction, for example, has instituted a domestic information sharing body encompassing all agencies with a law enforcement interest, including the Attorney General, the regulatory authority, the FIU, the tax authorities and others. While such a body cannot remove legal impediments to information sharing, it can be used to build confidence and to discuss matters not constrained by law. It can also create the basis for recommendations for legislative change.16

  • C.14. The domestic barriers to cooperation may be erected because of the understandable concern to protect sensitive information about financial institutions and their customers and the need to avoid taking action that might jeopardize future information flows or even prejudice the rights of a suspect under investigation. It is important that the arrangements described here not be undertaken in a way that jeopardizes those rights.

Political Barriers to Cooperation

  • C.15. Determination to be of assistance to a fellow regulator can produce a creative frame of mind when seeking ways to help a fellow regulator within the terms of the existing legislation. Conversely, a reluctance to cooperate can render inoperative legislation that provides for gateways for exchange of information—for example, where the regulator narrowly interprets the powers to cooperate or interprets very broadly the tests that have to be passed before assistance can be given.

  • C.16. The ROSCs have observed, with respect to some jurisdictions, an assumption by the local financial services industry that secrecy is the key asset providing a competitive advantage for the jurisdiction. It is also apparent from the refusal of certain European Union (EU) member states to exchange tax information routinely, as part of the EU Savings Tax Directive, unless Switzerland, the Crown Dependencies, and other third countries do the same, that they have this view.

  • C.17. Where such a culture dominates the financial services industry in a jurisdiction, it is likely to inhibit an open and cooperative approach by the regulator.

  • C.18. Cultural factors are intangible. They are affected by legal and commecial imperatives, but they can also affect the degree of cooperation that can be achieved for any given set of laws and information gateways.

Overcoming Political Barriers

  • C.19. Information-sharing and confidence-building meetings within and between jurisdictions can help break down these cultural barriers. The work of international institutions, such as the FATF, the World Bank, and the IMF, is already encouraging greater cooperation.

  • C.20. Although controversial, the extraterritorial pressure placed on other jurisdictions by U.S. legislation can be effective in prompting reform. The USA Patriot Act gives draconian powers to the U.S. Treasury Secretary if, in his opinion, an institution or jurisdiction is of primary money laundering concern. There is no doubt that these powers have been effective in encouraging greater cooperation.

  • C.21. Peer pressure could also be increased by encouraging all regulatory bodies to publish statistics on the number of requests for information received; the number dealt with and those refused or delayed, with reasons; and the timeliness of responses. Such transparency would be helpful in identifying barriers while also encouraging jurisdictions to maintain a good response rate to information requests.

  • C.22. Pressure from multilateral institutions and from economically more powerful countries, while effective, can be argued to infringe the sovereignty of those jurisdictions under pressure. It is necessary to consider carefully the balance of advantages and disadvantages in applying external pressure in this way.

Bank Secrecy

  • C.23. Laws, usually commercial banking laws, often provide that present and past bank officers, employees, and agents are not permitted to use information for personal gain or gain by any person or entity other than the bank that they serve or have served. Such laws also protect a customer’s right to privacy by insisting on a ban on disclosure of nonpublic information that the officers, employees, or agents obtained in the course of their service to a bank. Contracts between banks and their officers, employees, and agents often contain similar provisions. Such laws and contractual provisions are sometimes obstacles to effective cross-border cooperation and information exchange among financial sector regulators and financial intelligence units (FIUs), especially when there are no explicit appropriate exceptions to the general rule.

  • C.24. Most bank secrecy laws contain exceptions that permit disclosure to, for example, local financial institutions’ regulatory authorities and their agents, external auditors of a bank, judicial authorities, foreign bank regulatory authorities, authorities responsible for combating money laundering, and in instances when the protection of the bank’s interest in legal proceedings requires disclosure. In many cases (except where such a restriction would defeat the purpose of information exchange), the gateways place confidentiality restrictions on the recipients of such disclosed information. Sometimes disclosure is permitted by virtue of laws other than the commercial banking law, such as international conventions, and when the relationship between the commercial banking law and the other laws is not clear. Some countries do not have well-developed rules for conflicts of law.

  • C.25. The pressure from international standard-setting bodies has, to a great extent, removed blanket bank secrecy legislation; there is evidence from evaluations of specific countries that some provisions remain, however. Even where gateways have been introduced, they may not necessarily overcome long-held assumptions about the role of secrecy. In its report on one jurisdiction, the IMF noted

    From discussions with the regulators and the industry, it was apparent that the authority of the regulators to have access to [confidential] information was being ignored or challenged. In some cases, this appeared to be based on a belief that the provisions of the [gateways in banking and other legislation] in this regard did not override the specific secrecy provisions contained in the Companies Act. In other cases, there was a general belief that some unspecified, but universal secrecy laws must, almost by definition, exist to prevent such access.17

  • C.26. Even where there are no overriding secrecy provisions, the protection of confidential information is frequently one of the key tests that must be passed before a regulatory authority can pass on information.

    1. The most common test is that the requesting authority must protect confidentiality to the same degree as the requested authority. This provision occurs in EU legislation. On the face of it, this is an understandable provision, but it can cause difficulties:

      For example, an insurance regulator in an EU member state might require assistance from an insurance supervisor in the United States. Insurance in the United States is regulated at the state level, and each state has different provisions in respect of freedom of information and the ability of the legislature to demand information. The EU supervisor may not consider that the case justifies the time and expense necessary to undertake the legal research necessary to satisfy himself as to the equivalence of the confidentiality protection and may find it necessary to drop the case.

    2. A similar test may require the requesting authority to sign an unqualified undertaking that confidentiality will be protected. In practice, very few jurisdictions could, in fact, sign such an undertaking, since there could be circumstances when a prosecutor, court, parliament, or other regulator could demand disclosure according to other legal provisions. The demand for an unqualified undertaking of confidentiality may thus be a barrier in practice.

    3. Other jurisdictions require an undertaking that information will not be passed to another authority without their written permission. While a requirement for prior notification is important, a strict requirement for prior permissions can effectively be another barrier to cooperation, since in many jurisdictions a regulatory body would be bound to pass any evidence obtained of illegal activity to the relevant authority. The demand for an unqualified assurance that no information would be passed to another authority may itself be a barrier.

      The IMF report on one country noted that information could be shared with foreign regulators only if the information provided were used within the scope of regulatory duties, as described in the request of the foreign authority. Within the foreign authority, access to the information provided had to be granted only to persons who were subject to official secrecy provisions. The information had to be kept strictly confidential and could be used only in accordance with the agreed regulatory purpose. Any further disclosure of the information, whether to other national authorities or to other foreign authorities, was not allowed. In the case where, according to the foreign legislation, the information provided by the [regulatory body] had to be forwarded to other authorities, the regular mutual assistance procedure had to be duly complied with.18

    4. In some jurisdictions, information can be passed to another jurisdiction only with the consent of the attorney general or of a court. This can be a barrier to cooperation, if the tests imposed by an attorney general or the court have been designed to protect the rights of those charged with criminal offenses rather than to facilitate cross-border cooperation between regulators.

Overcoming Bank Secrecy Barriers

  • C.27. Barriers based on the existence of secrecy legislation or a culture of secrecy can be overcome only by the repeal of that legislation and a change in culture. In practice, the most restrictive kinds of bank secrecy legislation have now been removed in most countries. Most jurisdictions have confidentiality provisions with gateways for passing confidential information in specified circumstances. It is now necessary to overcome the remaining secrecy culture and to ensure that gateways are designed in a way that facilitates information sharing.

  • C.28. It is essential that FSBs trust a regulator to treat confidential information appropriately. In its evaluation report on one country, the IMF stated19 that there was a suspicion that the regulator could not be trusted with information. The establishment of a track record creating trust is therefore an essential prerequisite to overcoming the concerns that support bank secrecy.

Legal and Constitutional Barriers to Cooperation

  • C.29. In general, cross-border cooperation and information exchange among financial sector regulators and FIUs need not, in principle, be impeded by differences between common-law and civil-law jurisdictions, although, in practice, the different legal traditions and practices can create barriers. In the context of anti-money laundering (AML), for example, the United Nations Office on Drugs and Crime (UNODC) promulgated separate model laws for AML in respect of civil-law and of common-law jurisdictions that contained essentially the same definition of the offense of money laundering, powers for law-enforcement authorities, and provisions for mutual legal assistance.20 In civil-law jurisdictions, however, it is sometimes easier to seize assets in a peremptory manner on the basis of ex parte requests by law-enforcement authorities to a court. Common law is more concerned with representation of all adversaries and providing an opportunity for a hearing before seizure of property is permitted.

  • C.30. Constitutional provisions have not been a significant impediment to internal cooperation. Some constitutions, however, restrict the scope for administrative sanctions that can be important in providing incentives for financial institutions to provide information or for officials of financial regulatory institutions to perform their responsibilities. Some constitutions, including many in transition economies, provide that a person may not be deprived of property without a decision by a court. Administrative fines, for example, can be considered inconsistent with this constitutional requirement. The burden of proof on a defendant in a money-laundering prosecution to establish the legality of monies obtained is sometimes considered inconsistent with the rights of an accused and could impede an extradition.

  • C.31. Cooperation is easiest when a request comes from a jurisdiction with a similar legal system to that of the requested authority. The fact is, however, that there are significant differences between jurisdictions and, unless legislation providing for cooperation is drafted flexibly, it can be a barrier to cooperation.

  • C.32. Although, as noted previously, there is no need for the difference between civil- and common-law systems to prevent cooperation, in practice it can do so. The concept of an investigating magistrate is common in civil-law systems and unknown in common-law systems. Many regulators in civil-law jurisdictions pass the investigation of regulatory offenses, such as insider dealing or companies law violations, to an investigating magistrate. Many common-law jurisdictions give some of these investigating powers to the regulator. Most legislation providing for gateways on information sharing requires that a regulator pass confidential information only to a body that has functions similar to its own. It is unlikely that an investigating magistrate could be so regarded.

    In one case, a regulator in a common-law jurisdiction was investigating a potential insider dealing and market manipulation offense, where much of the activity under investigation took place in another, civil-law jurisdiction. The common-law regulator asked the civil-law regulator for assistance with the investigation. The civil-law regulator agreed to investigate and handed the case to the investigating magistrate. The magistrate operated under a condition of confidentiality and stated that he was unable to tell the civil-law regulator, still less the foreign common-law regulator, what progress was made with the investigation. Since no information had been received for several years, the common-law regulator had to abandon the case.21

  • C.33. Different common-law countries share regulatory, investigating, and prosecuting functions differently. The same is true of civil-law countries. Where this is the case, the frequently used provision that a regulatory body can only exchange information with a body that has functions similar to its own can create a barrier if interpreted narrowly.

    In one case, a jurisdiction passed all responsibility for investigating insider dealing and other regulator offenses to the attorney general. The regulator received a request for assistance with an insider dealing investigation from a regulatory body. The regulator passed the request to the attorney general, who carried out the investigation and obtained the information. The attorney general was able to pass the information only to another prosecuting authority. Neither the regulator in the requested jurisdiction nor the requesting jurisdiction qualified. The requesting regulator refused to accept that information should be routed through the prosecutor in its jurisdiction and a stalemate ensued. (The requested jurisdiction eventually changed its legislation to allow for information to be passed more easily to a nonprosecuting authority).22

  • C.34. Barriers can similarly be erected when the scope of the regulatory authority varies from one jurisdiction to another. In its report on one jurisdiction, the IMF reported:

    There may be some limitation in those powers, arising from the language used in [the legislation] and the statutory definition of financial services legislation, when the inquiring regulatory body is discharging a regulatory function in an area of financial services regulation that is not presently regulated by the [requested jurisdiction]. For example, if the foreign regulator is looking for information about the activities of a market intermediary, which functions are not yet regulated in the [requested jurisdiction], the provisions of [the legislation] may not extend to allow the FSC [Financial Services Commission] to provide the information.

  • C.35. One frequently occurring example of this relates to the regulation of trust and company service providers. This is usually the subject of regulation in offshore centers, but rarely so in onshore centers. The revised FATF Recommendations require that countries ensure that there is adequate, accurate, and timely information on express trusts, including information on the settlor, trustee, and beneficiaries, that can be obtained or accessed in a timely fashion by competent authorities. Requests for assistance in respect of such bodies cannot be met by requested authorities in jurisdictions where such activity is not formally regulated.

  • C.36. Barriers can be created when jurisdictions insist on dual-criminality or even dual-illegality provisions.

    In one case, an investigation was taking place into a “pump and dump” scheme, whereby the publisher of an investment newsletter promoted securities in order to drive the price up and then sold the securities he owned at the artificially inflated price. The money was transferred to a company incorporated offshore. The regulator sought assistance. The requested authority determined that its legislation provided it with the scope to provide assistance but that the drafting in fact only allowed assistance when the act in question took place within its own jurisdiction. The requested authority changed its legislation to remove the impediment.23

  • C.37. Much of the value from cooperation in respect of ongoing regulation arises from the sharing of judgments and tentative concerns about developments in an institution. It is natural that a regulator should not wish to damage the reputation of an institution by sharing a concern that may turn out to be unfounded. Equally, a regulator is unlikely to want to share concerns about an institution if there is a danger of that opinion becoming public in a way that would undermine confidence and precipitate the very crisis it is the regulator’s duty to avoid. These concerns are very sensitive and cannot simply be legislated away. They can constitute a barrier.

  • C.38. The need for an MoU or other formal agreement can also be a barrier if a jurisdiction chooses to make it so. If a jurisdiction requires such an agreement and then prolongs the process of negotiation or makes impossible demands, it can effectively prevent cooperation in practice. Even with goodwill, MoUs can frequently take a considerable time to negotiate.

  • C.39. Finally, the existence of specific legislative provisions requiring that certain factors be taken into account can provide scope for challenge by those objecting to the exchange of confidential information, to the effect that the regulator has failed to follow the legislative provisions as to the matters that must be taken into account.

    In one case, a regulatory body was the subject of judicial review by an FSB seeking to prevent the transfer of information to a foreign regulator. During the course of the case, the internal papers of the regulator were disclosed to the court. The court noted that in an internal memorandum, the regulator had said that there was no reason why assistance should not be granted. He was therefore taken to have started from the assumption that assistance should be given and had failed to satisfy himself that the transmission of information was necessary in the light of the factors stated in the law to be material. The court ruled that the regulator could not disclose the information without giving proper consideration to the factors set out in the law. However, the court accepted that, if the regulator were to give proper consideration to such factors and were to judge that exchange of information was necessary, the information could be disclosed.24

    It is important, therefore, that the regulator does not allow cooperation to be frustrated by failing to follow the proper procedures.

Overcoming Legal and Constitutional Barriers

  • C.40. Legal and constitutional barriers can be overcome by drafting appropriate legal provisions. Although it is not right simply to ignore the protections and safeguards for civil rights that underlie some of the barriers, there are some points that can usefully be borne in mind when drafting legislative gateways:

    1. Some jurisdictions have legislation that explicitly allows for different regulatory and legislative arrangements in different jurisdictions and therefore allows information to be passed to bodies that have some similar functions to a regulator but which are not identical.

    2. Such legal gateways do not require specific stages in an investigation to be reached in the requesting jurisdiction, since different jurisdictions may well conduct their investigations in different ways.

    3. Gateways should not demand dual criminality or dual illegality.

      The U.S. SEC, for example, provides a useful model in allowing the SEC, if it thinks fit, to collect information and pass it to a foreign regulator even if it was in respect of an activity that was not an offense in

      the United States and for which the U.S. SEC would not have investigative powers in the United States.

  • C.41. Many jurisdictions allow their regulators to enter into MoUs but do not require them as a prerequisite for information sharing. The Basel and International Association of Insurance Supervisors (IAIS) standards are explicit that MoUs should not be a prerequisite.

  • C.42. Many jurisdictions draft their legal gateways for information sharing in a way that recognizes that there may be circumstances where a requesting regulator could not guarantee, as a matter of law, that information received from a foreign regulator would be held confidential, nor could they undertake, as a matter of law, not to use the information for a prosecution. Jurisdictions unable to give cast-iron guarantees, however, can frequently give certain undertakings to resist attempts to obtain the information in question and to consult the requested regulator if an irresistible demand for information is received. This has been achieved in many jurisdictions by drafting legislation that requires a regulator to take account of specific matters before exchanging information but does not necessarily demand that the regulator refuse assistance. Typical of the kind of considerations that a regulator will expect to have to take into account are the following:

    1. that the request is for a regulatory purpose from a body with regulatory functions;

    2. that the information provided will be afforded proper (but not absolute) confidentiality;

    3. where the information is for an investigation, that there is reasonable cause for believing that an offense has been committed;

    4. that the information is for a purpose that would be regarded as legitimate in the requested jurisdiction;

    5. that there is likely to be reciprocal assistance; and

    6. that there is no overriding public policy concern, including the cost of complying with a request, that would justify refusing it.

  • C.43. These tests require discretion by the regulatory bodies. In exercising that discretion, jurisdictions need to be in a position to distinguish between cases where civil rights are not at risk and cases where there is likelihood that they would be threatened. It is also possible to build up trust in specific jurisdictions as a result of practice in successive cases, where the legislation allows the regulator to take account of experience when making a judgment.

  • C.44. One approach, adopted by many regulators, is to work on the assumption that where they have an MoU, they should accept that any request made by the signatory to that MoU is for a proper regulatory purpose unless there are obvious grounds for doubting it. Jurisdictions can undertake due diligence on the countries with whom they have an MoU, so as to satisfy themselves of the existence of proper protections. Thus, where there is an MoU, it is reasonable to take the view that the very fact that a regulatory body is investigating and seeking assistance is itself sufficient to satisfy the test that there is reasonable cause for believing that an offense has been committed.

  • C.45. For regulatory agencies not subject to an MoU, it may be necessary to be more proactive in ensuring that the requested authority is aware of the reasons for any information request, where it involves commercially sensitive information.

  • C.46. Whether or not there is an MoU, cooperation works best when regulators know and trust each other. Regular attendance at international conferences and other meetings of larger and smaller groups can be very effective in establishing that trust.

  • C.47. The measures designed to overcome legal and constitutional barriers place much reliance on the discretion of the regulator. It is essential that the regulator puts in place proper procedures to make sure that full account is taken of the relevant factors and that accountability and judicial review arrangements are sufficient to ensure that this discretion is properly exercised in practice.

  • C.48. Overall, it is perfectly possible for regulators to have regard to the legitimate concerns raised by the need to protect civil rights but to do so in a way that does not inhibit proper cooperation.

Inadequate Resources

  • C.49. Exchanging information already in the possession of a regulator is a relatively cost-free matter. Undertaking investigations on behalf of another regulator, however, can be a major burden on a jurisdiction. For smaller offshore centers, the number of requests for assistance can amount to a substantial burden.

  • C.50. Aside from the financial cost, a smaller jurisdiction may simply not have the investigative skills or a sufficient number of staff to mount an investigation, take statements, demand and analyze documents, and prepare a report on behalf of another regulator. These constraints can amount to a real barrier to cooperation.

Overcoming Resource Constraints

  • C.51. Resource constraints cannot easily be removed. Extensive use of asset sharing can be of assistance—especially if such asset sharing can extend beyond those authorities with seizing powers (often the police or public prosecutor) to regulatory bodies that contribute to the same objectives.

  • C.52. Priorities can be established for responding to requests. For example, where the purpose of a request clearly indicates its importance or urgency, such a request could also be accorded expeditious treatment. The key is to establish criteria. These might be on the following lines:

    1. the effect of delay—for example, there is little purpose in sending information on a license applicant after the application has been decided;

    2. the significance of the case;

    3. the materiality of the assistance that can be given to the case in question; and

    4. the willingness of the requesting jurisdiction to meet some of the cost.

  • C.53. Investigative skills can be bought from forensic specialists. They are costly, and this underlines the need for asset sharing to help meet the cost.

  • C.54. Technical assistance can be given by multilateral institutions and bilaterally by other jurisdictions.

Appendix D Legitimate Reasons for Protecting Confidentiality

  • D.1. What follows relates solely to the exchange of nonpublic information. Other forms of assistance and cooperation are not subject to the same constraints.

Protecting Commercial Secrets

  • D.2. Financial services businesses (FSBs) are innovative entrepreneurial enterprises. They devise financial products and methods of delivering services to their customers that may well be unique to them. In order properly to regulate such institutions, a regulator must have access to such information. An FSB is not entitled to refuse to provide such information to its regulator but it is entitled to assume that the regulator will not disclose that information in ways that would benefit a competitor.

  • D.3. FSBs may also engage in acquisitions from time to time, restructure their businesses (perhaps involving redundancies), move into new markets, or make other key strategic business decisions. They are entitled to expect that they should be in a position to judge the timing of their announcements of such matters to suit their own commercial advantage—provided that they are not thereby misleading the market.

  • D.4. Regulators should respect such sensitivities, even though commercial secrets of these kinds tend not to remain secret for very long. Moreover, the need for FSBs to be transparent in their dealings with their customers and the financial services market more generally means that there is a limit to the extent to which they can legitimately hold commercial matters confidential. Within those limits, however, the regulator should respect the need for privacy.

Protecting Individuals from Harassment by the State and Others

  • D.5. Bank secrecy traditions have often developed in countries to which businesses and individuals have turned in order to escape arbitrary actions by the state. Switzerland, partly because of its tradition of neutrality and its reputation for adherence to bank secrecy, has long been regarded as an example of a haven for such purposes—even though it currently has an excellent record of responding to requests for confidential information.

  • D.6. There remain many parts of the world where kidnapping for the purpose of extortion remains a real threat for wealthy people and businesses. Such people find safety in concealing the nature and location of their assets. These concerns are real and reasonable.

  • D.7. When governmental officials are not competent or are subject to undue influence, different considerations arise regarding the sharing of information. In some countries, for example, corrupt officials seek information on bank customers for purposes of extortion. When this motive is suspected by a regulator when asked for assistance, it is natural that there should be greater caution. In countries where the rule of law generally prevails, however, legitimate exceptions to bank secrecy that facilitate cross-border cooperation and information exchange among financial sector regulators and financial intelligence units (FIUs) should be explicit so as to ensure that cooperation is not inhibited.

Protecting Operation of Due Process

  • D.8. Regulators have wide powers. They are able to require FSBs and sometimes others to give them information. Frequently, and in many countries, there is no (or a very limited) right of the individual or business to refuse to comply on the grounds of self-incrimination.

  • D.9. These powers frequently apply to FSBs and, in some cases, to their customers. In the case of FSBs, it is clear that they have chosen to work in the financial services sector on the understanding that the advantages given to an FSB when it receives a license (i.e., the ability to provide a well-remunerated service in respect of financial services) demand corresponding obligations.

  • D.10. Customers of an FSB have not made this choice, however. They may reasonably take the view that they have certain civil and human rights, including the right to due process and protection of personal data. There are no reasons why the legal provisions that encapsulate those rights should not apply simply because of special powers held by regulators over FSBs with whom they, as customers, do business.

  • D.11. The upshot of this is that in most countries that have compulsory information-gathering powers over FSBs, it is not permitted to use a statement so acquired to secure a criminal conviction. The European Court of Justice has concluded that using a statement made by a person under compulsory powers in a criminal prosecution of that person is an infringement of the right not to incriminate oneself under Article 6 of the European Convention on Human Rights.25

  • D.12. Because different countries have different arrangements in this respect, there is a natural concern that information might be passed from one country (where there is a ban on the use of compulsorily required information for criminal prosecutions) to another (where there is no such ban). This is less of a problem in the European Union (where all countries are subject to the protections of the European Convention on Human Rights) or the United States (as a result of the protections in the U.S. Constitution). Nevertheless, outside these countries, protections, while they frequently exist, vary in their form. It is clearly right that cooperation between regulators respects the requirements in the country where action is likely to be taken in respect of any business or individual.

  • D.13. As is true of state harassment, this is a legitimate concern but one that should not be allowed to hinder proper cooperation between regulatory bodies.

Data Protection

  • D.14. Increasingly and very properly, individuals are being afforded greater rights concerning the protection of data held by official and private bodies about their affairs. Rights are given to the individual to have access to, and be able to check, the information held about them by any body that can collect data. Individuals are also given rights to object to the passing of information from one agency to another.

  • D.15. In many cases, financial services regulators are exempt from certain provisions of data-protection laws. Nevertheless, some of the provisions do apply, and it is incumbent on regulators to ensure that they use their powers and their ability to cooperate in such a way as to abide by the principles of such data-protection provisions.

Protecting Information Sources

  • D.16. The examples already given reflect the proper concerns for the protection of the rights of the citizen. There is a further concern of practical significance to the authorities in many jurisdictions. Many authorities with specific responsibilities need information from the subjects of their responsibilities in order to fulfill those responsibilities. This is particularly true of revenue-collection agencies and regulators. In both cases, the authorities have been willing to undertake to keep information received from businesses and individuals confidential—even from other domestic authorities—in order to encourage the businesses and individuals to be open with them. There is a fear that if a tax authority were known routinely to pass information to another authority (whether regulatory or law enforcement), then it would receive less information and be less able to perform its duties efficiently.

  • D.17. It is easy to be cynical about these kinds of arrangements. If an individual is engaged in conduct that would be of interest to the police, he or she cannot be expected enthusiastically to pass the information to the tax authorities that they need to raise additional taxes. Nevertheless, there is a degree to which authorities can ensure greater openness from FSBs by offering confidentiality protection to information so disclosed, even from other authorities. Individuals and businesses may be acting legally but may not want to have the expense and disruption of a tax investigation to demonstrate that this is so. An assurance of confidentiality can be effective in encouraging a greater degree of openness.

Appendix E Common Confidentiality Provisions with Associated Gateways

  • E.1. Article 18(8) of the Palermo Convention states that “States Parties shall not decline to render mutual legal assistance . . . on the ground of bank secrecy.” Article 7(5) of the Vienna Convention and Article 12(2) of the CSFT contain identical wording. The principle is well established, and it is now rare for a jurisdiction to rely solely on a bank-secrecy provision as a reason for refusing assistance. This does not mean that there are no refusals or that refusals on other grounds may not be a cover for the protection of secrecy. There remains a need for continued vigilance on the part of international standard-setting bodies to promote greater cooperation and limit the effects of secrecy provisions, while recognizing the concerns that have led to some of the confidentiality provisions.

  • E.2. As always, it is necessary to strike a balance between these considerations and the need to ensure proper regulations of FSBs and proper cooperation with law enforcement.

  • E.3. The balance is reflected in the operation of the law governing confidentiality in different jurisdictions. In the United Kingdom, for example, the confidentiality obligations of FSBs are governed by the Tournier principles (named after a landmark case Tournier v. National Provincial and Union Bank of England 1924). This states that a bank (or an FSB) does have a duty of confidentiality but that the duty is overridden

    1. where the customer gives consent;

    2. where the bank is required by law to disclose;

    3. where it is in the interests of the bank to disclose; or

    4. where it is in the interests of the public to disclose.

  • E.4. This principle is reflected in most other jurisdictions. In some cases, this common-law precedent applies directly. In others, it is reflected directly in legislation. The report on bank secrecy published by the European Banking Federation in April 2004 lists the legal provisions in European countries. In most cases, they follow this prescription with some variations.

  • E.5. Clearly, the principle leaves it open to an individual jurisdiction to determine in which cases the exceptions will override the duty of confidentiality. It is a requirement of the FATF, for example, that the obligation to report suspicions should override confidentiality provisions. The obligation to provide information to regulators also frequently overrides the confidentiality provisions. It is essential to ensure that this is clear.

  • E.6. Where the law does require disclosure to a regulator, however, it will also impose corresponding duties of confidentiality on a regulator to keep information confidential except where there is a specific gateway in specified circumstances. As noted previously, in the discussion of barriers in Appendix D, it is all too often the case that the gateways are inadequate or the tests to be passed before they can be used are too burdensome.

Appendix F Cross-Border Cooperation and Information Exchange: Comparison of Pronouncements of Standard-Setting Bodies

article image
Notes: I: Included in a standard-setting body (SSB) pronouncement more or less explicitly.Pronouncements means rules or recommendations contained in documents styled as standards, recommendations, interpretative commentaries, best-practice papers, model memoranda of understanding, assessment methodologies, and other declarations of standard-setting bodies.The SSBs are the Basel Committee on Banking Supervision (Basel), the International Organization of Securities Commissions (IOSCO), the International Association of Insurance Supervisors (IAIS), and the Financial Action Task Force (FATF). Since it is the financial intelligence unit (FIU) grouping to stimulate international cooperation, the Egmont Group’s principles are also referenced. AML/CFT denotes anti-money laundering/combating the financing of terrorism.

BCP 1(6), 24.

IAIS Principle (2000) 16.

IOSCO Principle 11.

FATF Recommendation 40.

Basel Committee paper, Information Flows between Banking Supervisory Authorities (1990).

IAIS Principle 5.

IOSCO Principle 11.

FATF Recommendation 40(b).

BCP 1(6).

IAIS Principle (2000) 17; ICP 5.

IOSCO Objectives and Principles, Paragraph 9.4.

FATF Recommendation 40; Egmont Principle 13.

IAIS Model MoU paragraph 15.

IOSCO Multilateral Memorandum of Understanding concerning Consultation and Cooperation and the Exchange of Information (hereinafter referred to as “IOSCO MoUs”) Article 8b.

Egmont Principle 10.

BCP Methodology 1(6) (EC 3).

IAIS Insurance Concordat 4.3 a.

IOSCO Multilateral MoU Article 10.

Egmont Principle 11.

Basel Committee paper, The Supervision of Cross-Border Banking, II (1) (vi), IIIB (9).

IOSCO Objectives and Principles 9.4.

FATF Recommendation 40.

Basel Committee paper, Essential Elements of a Statement of Mutual Cooperation (2001) p. 2; Basel Committee paper, Information Flows between Banking Supervisory Authorities (1990) B (ii).

IAIS Insurance Concordat 20 b.

IOSCO Multilateral MoU Article 13.

Basel Committee paper, Information Flows between Banking Supervisory Authorities (1990) C; Basel Committee paper, The Supervision of Cross-Border Banking (1996), II(2), III(e)28.

IAIS Concordat 22 c.

IOSCO Multilateral MoU Article 13.

IAIS Methodology ICP 5 EC (b).

IOSCO Objectives and Principles 12.

FATF Special Recommendation V.

BCP 1(6).

ICP 5.

IOSCO Objectives and Principles 13.

Egmont Principle 9.

IAIS Model Memorandum of Understanding (1997) (hereinafter referred to as “IAIS MoU”) 21.

IOSCO Objectives and Principles 9.4.

FATF Recommendation 40(c).

IAIS Model MoU 2.7.

IOSCO Objectives and Principles 9.5.

FATF Recommendation 40.

Basel Committee paper, The Supervision of Cross-Border Banking (1996), Paragraph 11.

IAIS Principle (2000) 17.

IOSCO Multilateral MoU Article 11.

Egmont Principle 7.

FATF Recommendation 40 (a).

Egmont Principle 12.

BCP 23.

ICP 17.

Basel Committee paper, Essential Elements of a Statement of Mutual Cooperation (2001) p. 2; Basel Committee paper, The Supervision of Cross-Border Banking (1996), II(1)(x), III(c)18.

BCP 25.

ICP Methodology—ICP 6 EC (b).

IOSCO Methodology Principle 21 KQ 5.

FATF Recommendation 36(a).

FATF Recommendation 36(d).

FATF Recommendation 37.

FATF Recommendation 38.

FATF Special Recommendation I.

Basel Committee paper, Supervision of Cross-Border Banking, Recommendation iii, paragraph 5.

IOSCO MoU 6(b).

FATF Recommendation 40.

IAIS MoU 15.


IAIS MoU 10, 19.

IOSCO MoU 6(e) (iv).

Basel Committee paper, Essential Elements of a Statement of Mutual Cooperation (2001), p. 3.

IAIS MoU 25.


Basel Committee paper, Customer Due Diligence for Banks, October 2001.

IOSCO MoU 7(b) (ii).

IOSCO MoU 7(b) (ii).

IAIS MoU 9(c).

IOSCO MoU 9(b) and (c).

IAIS MoU 9(b).

IOSCO MoU 7(b) (iii).

IAIS MoU 24.

IOSCO MoU 10(a) (ii).


The Basel Committee on Banking Supervision (Basel Committee); the International Organization of Securities Commissions (IOSCO); the International Association of Insurance Supervisors (IAIS), and the Financial Action Task Force (FATF).


Basel Committee, 1996, “The Supervision of Cross Border Banking” (Basel).


Section 9.5 of the IOSCO Objectives and Principles.


Report of the HIH Royal Commission, Commonwealth of Australia, 2001, 24.1.11 and 24.1.13.


SEC Press Release No. 2004–75, June 4, 2004.


Information based on an interview with the U.S. Financial Crimes Enforcement Network (FinCEN).


Example is based on an interview with a regulator.


Example is based on an interview with a regulator.


Basel Committee on Banking Supervision, Management and Supervision of Cross-Border Electronic Banking Activities, July 2003.


“Sharing of financial records between jurisdictions in connection with the fight against terrorist financing”—April 2002.


IOSCO Methodology for Assessing Adherence to the Objectives and Principles, October 2003, Explanatory Note to Principle 11.


IOSCO Multilateral Memorandum of Understanding, May 2002.


IAIS, Technical Committee, Revised Insurance Concordat, December 1999.


IAIS Guidance Paper No. 2, September 1997.




Example based on an interview with a regulator.








The model law for civil-law countries is being revised and is intended to become a joint United Nations/IMF/World Bank model law.


Interview with the regulator.


Interview with the regulator.


Interview with the regulator.


Interview with the regulator.


Saunders v. The United Kingdom (19187/91) [1996] ECHR 65 (17 December 1996).

Improving Regulatory Cooperation and Information Exchange