Annex 5.F Enforcement and the Exchange of Information
Securities regulators have a range of enforcement powers. According to the IOSCO core principles and the methodology, securities regulators must, in addition to their inspection and surveillance powers, be able to conduct investigations of possible violations of the securities laws. To conduct those investigations, a securities regulator needs to be able to “monitor the entities subject to its supervision, to collect information on a routine and ad hoc basis, and to take enforcement action to ensure that persons and entities comply with relevant securities laws” (IOSCO 2003a, 37). The methodology makes very clear that the principles envision a broad definition of enforcement in which regulators will be able to demonstrate effective and credible use of their enforcement powers, including taking effective actions to investigate and address misconduct or abuses. “An effective program, for example, could combine various means to identify, detect, deter, and sanction such misconduct. A wide range of possible sanctions could meet the standards according to the nature of the legal system assessed. The regulator, however, should be able to provide documentation that demonstrates that sanctions available (whatever their nature) are effective, proportionate, and dissuasive” (IOSCO 2003a, 37). In many countries, the criminal prosecutor is responsible for prosecuting securities violations, and the regulator will turn over its investigative file to the prosecutor for follow-up. In those situations, effective securities enforcement can be a challenge, particularly if the prosecutor has other priorities.
To implement those principles, a regulator needs to be able to obtain information from the organizations that it regulates, both on a routine and for-a-cause basis, when it believes that a breach may have occurred. The regulator needs also to be able to obtain both bank and brokerage records, even when banks may be subject to the supervision of a different government agency. Those records must include information relating to client identity so the regulator can conduct its investigation. In addition, the regulator must be able to require the production of information from third parties. If the regulator does not have such powers itself, it needs to be able to cooperate effectively with other
government regulators and to be able to obtain this information through the competent authority. The powers must be used effectively and credibly for an effective enforcement program to exist.
However, as the principles make clear, because securities transactions are often global in nature and can cross many geographic borders both easily and quickly and because proceeds of securities transactions similarly can be transferred elsewhere, securities enforcement is no longer a purely domestic matter. Rather, securities regulators have to cooperate with their foreign counterparts to conduct an effective domestic enforcement program. As the methodology states, “[Effective regulation can be compromised when necessary information is located in another jurisdiction and is not available or accessible” (IOSCO 2003a, 50).
Exchange of information for securities enforcement purposes is also unlike that which occurs for the purposes of banking supervision. Bank supervisors, of course, also operate in a global environment where the banks they supervise may have branches or subsidiaries in another country or, indeed, may be the branches or subsidiaries of banks that are themselves headquartered elsewhere. To ensure effective consolidated supervision, bank supervisors must cooperate with their foreign counterparts and must obtain information about the activities of banks in other countries that have a bearing on the operation of banks under their supervision. Information on safety and soundness is critical. Securities regulators cooperate in a similar fashion for regulatory oversight purposes and maintain similar cooperative regulatory relationships with their foreign counterparts. However, for purposes of enforcement, the type of cooperation and information exchange that takes place is of a different order.
First, for enforcement purposes, securities regulators often need detailed, client-specific information. A securities regulator may need to know what the name of an account holder is, how much money was in the account during a specified time period, where the funds came from, and where they were transferred to if they are no longer in the account. If the client withdrew the funds or securities from the account, the regulator will want to know when and how they were withdrawn and who signed on behalf of the client. Moreover, because of the speed with which evidence can disappear, the regulator may need to know this information overnight. Unlike most bank supervisors, the securities regulator may need this information to conduct a civil or criminal investigation or to support its request for an emergency court order to freeze funds or securities. In addition, unlike bank supervision, the regulator who is receiving the information request may or may not supervise any of the entities in question (neither the account holder nor the entity where the account is located). The target regulator may, in fact, have no interest in the matter whatsoever. Thus, although traditional safety and soundness concerns are important to both bank supervisors and securities regulators, information exchange for securities regulation extends well beyond those concerns.
It can be challenging for assessors to attain a comprehensive and realistic understanding of the effectiveness of a regulator’s securities enforcement program because there are few concrete standards of measurement and there is a great diversity in approaches. Bringing a large number of enforcement actions does not necessarily mean that enforcement is effective. Assessors should consider the full range of enforcement powers that the regulator possesses and how it uses those powers to pursue enforcement actions. The
assessor should evaluate how the regulator obtains information, from whom it gets information, and what kind of information it can obtain. The assessor must then consider how the regulator then uses this information to build an enforcement case. Can and does the regulator bring enforcement actions that are based on the investigation it has conducted? If not, does the regulator turn this information over to another domestic authority who can bring an enforcement case? Does that authority bring the case? The assessor also must consider whether there are barriers to domestic information exchange and whether there are gateways for information exchange with foreign counterparts. In particular, the assessor must consider whether there are blocking, bank-secrecy, or other types of privacy laws that could interfere with information exchange. The assessor must determine (a) whether the securities regulator can and does obtain information, including client identifying information, on behalf of a foreign counterpart even if it has no underlying interest in the matter; (b) on what conditions, if any, this information is obtained; and (c) how long it will take.
11. For more detailed guidance on how to perform a self-assessment, see the Basel Committee document (http://www. bis. org/publ/bcbs81.htm) Conducting a Supervisory Self-Assessment—Practical Application (Basel 2001).
12. For each core principle, the assessment methodology requires a categorization of practices according to the degree of compliance. Four categories are envisaged: “compliant,” “largely compliant,” “materially noncompliant,” and “noncompliant.” Whether or not efforts to achieve full compliance are under way is also noted.
13. 
In countries with significant cross-border financial services, it is important to meet with supervisory authorities of home countries of major financial institutions to discuss supervisory cooperation, information sharing, and related issues in consolidated supervision.
14. This section is based on IMF and World Bank (2002a) and the IMF (2004a) paper “Financial Sector Regulation—Issues and Gaps.”
15. See also World Bank (2001).
16. This section is based on Miles (2002).
17. Another term for an LCFI is financial conglomerate (a formal definition of which is being adopted in EU legislation) or, in the United States, Large Complex Banking Organizations (LCBOs).
18. For example, for EU member states, a host regulator of a branch of a bank incorporated in another member state has very limited supervisory powers. However, the branch may be a very large player, in both the domestic banking system and capital markets, as well as in international financial market activity conducted from the host country.
19. Technical risk is the risk of a shortfall of an insurance company’s technical provisions held against its policy liabilities. The assessment of provisions will take into account the size and timing of expected payments on the policy, future premium receipts, and future investment income.
20. This section is based on Sundararajan and Errico (2002).
21. The earlier version that was adopted in October 2000 consisted of only 17 principles.
22. In the insurance context, portfolio transfers can be particularly relevant because they enable the transfer of obligations through means other than the change of control of the insurer, in effect, changing the control over the policyholder interests without sale of shares in the company. Thus, it is important that the supervisory assessment of change of control also be extended to the processes for portfolio transfer.
23. A quantitative analysis of the market could include, for example, the development in financial markets generally; the number of insurers and reinsurers subdivided by ownership structure, whether a branch, domestic, or foreign; the number of insurers and reinsurers entering and exiting the market; the market indicators such as premiums, balance-sheet totals, and profitability; the investment structure; the new product developments and market share; the distribution channels; and the use of reinsurance (IAIS 2003a, 23).
24. See Essential Criteria C—the last of 7 bullets (IAIS 2003a).
25. For example, see IAIS 2002 on capital adequacy. Also, in the EU, the solvency II project is working toward the development of a harmonized, risk-based, three-pillar approach (similar to Basel II) for use throughout the EU. This effort is part of a broader
initiative of supervisory and multijurisdictional organizations to strengthen capital adequacy and solvency frameworks. For example, the IAIS and the International Actuarial Association are working on a global framework for insurers’ insolvency assessment.
26. 
The IAIS approved the following supervisory guidelines or issues papers in October 2003: “Quantifying and Assessing Insurance Liabilities” (IAIS 2003d), “Stress Testing by Insurers” (IAIS 2003c), “Nonlife Insurance Securitization” (IAIS 2003e), and “Solvency Control Levels” (IAIS 2003b). A guidance paper on investment risk management was issued in October 2004 (IAIS 2004a). The IAIS also prepared “Principles on the Supervision of Insurance Activities on the Internet” (IAIS 2004b), and “Standard on Disclosures Concerning Technical Performance and Risks of Nonlife Insurers and Reinsurers”(IAIS 2004c) was issued in October 2004.
27. The essential and advanced criteria for assessment purposes are integrated with the ICPs into one single document (Takahiro 2003), with the procedural and benchmarking aspects of the assessment process presented in annex 2 of the same document.
28. For a discussion of issues in analyzing soundness and structure of insurance sector, including suggestions on indicators to analyze, see Das, Davies, and Podpiera (2003).
29. See paragraph 1.7. of the explanatory note to ICP 1 (Takahiro 2003).
30. This section is based mainly on a survey conducted in 2002 of assessment experiences of 42 jurisdictions, which were assessed using the ICPs adopted in October 2000. See International Monetary Fund and World Bank (2001), “Experience with Insurance Core Principles—Assessment under the Financial Sector Assessment Program.” For an update of information on insurance assessment, see IMF (2004a), “Financial Sector Regulation—Issues and Gaps—Background Paper.”
31. For a detailed principle-by-principle listing of typical issues that arise to reach full compliance, see the IMF background paper (IMF 2004a) “Financial Sector Regulation—Issues and Gaps—Background Paper.”
32. Insurance company counterparts do not, because of the nature of the product, have the opportunity to diversify credit risk and may often be in situations of hardship in the absence of the insurance claim proceeds in any event.
33. IOSCO was established in 1983 to bring together securities regulators from around the world in an effort to ensure better regulation of securities markets. It was created from its predecessor organization, the Inter-American Regional Association of Securities Regulations that was established in 1974. IOSCO has grown considerably since its inception and currently has more than 180 members. The core principles are presented in IOSCO public document 125 “Objectives and Principles of Securities Regulation,” originally issued in September 1998 and last updated in May 2003 (IOSCO 2003b).
34. The assessment of Principle 30 is intended to be supplemented by reference to the IOSCO-CPSS Recommendations for Securities Settlement Systems and the associated assessment methodology.
35. See, for example, Schinasi (2003) and Dalla (2003).
36. See chapter 4 for a discussion of the scope of analysis of securities markets and their structure and functioning as part of the development assessment. See also chapter 2 for a discussion of indicators of structure and performance of securities markets.
37. For a detailed principle-by-principle listing of typical issues that arise to reach full compliance, see IMF (2004a).
38. See, IOSCO (2001) and Carson (2003) for a discussion.
39. This subject of integrated supervision is discussed in greater detail in appendix F of this Handbook. See also De Luna Martinez and Rose (2003).
40. The IMF Code of Good Practices on Transparency of Monetary and Financial Policies (IMF 2000) should serve in this context as an important vehicle in promoting good regulatory governance.
41. 
Even then, however, it would be impermissible for the authority responsible for the official administration or liquidation of the bank to divulge legally protected information relating to the affairs of particular clients. And in the context of bank restructuring, the need to protect the bank’s commercial interests could preclude the publication of detailed transactional or operational information.
42.In jurisdictions where bank insolvency proceedings are court-based, the insolvency courts should have exclusive jurisdiction to determine all relevant disputes. Accordingly, the actions of the supervisory authority relating to its participation in the insolvency proceedings—including its decision to commence such proceedings—should not be subject to judicial review by the administrative courts. Allowing parties to challenge the authority’s actions by way of judicial review would be unnecessary because the authority cannot make fully determined decisions on the issues but, instead, needs the approval of the insolvency court. Moreover, the possibility of parallel proceedings in insolvency and administrative law could produce conflicts and serious disruption of the insolvency process.
43. Coordination with the Ministry of Finance is also key, especially in those cases that may involve the actual or potential use of public funds.
Barth, James R., Gerard Caprio, and Ross Levine. 2004. Rethinking Bank Regulation and Supervision: Till Angels Govern. Cambridge: Cambridge University Press.
Basel Committee on Banking Supervision. 2004. “International Convergence of Capital Measurement and Capital Standards—A Revised Framework.” June, Bank for International Settlements, Basel, Switzerland.
---- . 2001. “Conducting Supervisory Self-Assessment, Practical Application. Bank for
International Settlements, Basel, Switzerland.
---- . 1999. Core Principles Methodology. Basel, Switzerland: Basel Committee on
Banking Supervision. Available at http://www. bis. org/publ/bcbs61.pdf.
Beck, Thorsten. 2003. “The Incentive Compatible Design of Deposit Insurance and Bank Failure Resolution—Concepts and Country Studies.” World Bank Policy Research Working Paper 3043, World Bank, Washington, DC.
Carson, John W. 2003. “Conflicts of Interest in Self-Regulation: Can Demutualized Exchanges Successfully Manage Them?” Policy Research Working Paper 3183, World Bank, Washington, DC.
Cull, Robert, W. Senbet Lemma, and Sorge Marco. 2001. “Deposit Insurance and Financial Development.” World Bank Policy Research Paper 2682, World Bank, Washington, DC.
Dalla, Ismail. 2003. “Harmonization of Bond Market Rules and Regulations in Selected APEC Economies.” Manila, Philippines: Asian Development Bank.
Das Udaibir, Nigel Davies, and Richard Podpiera. 2003. “Insurance and Issues in Financial Soundness.” IMF Working Paper 03/138, International Monetary Fund, Washington, DC.
de Luna Martinez, Jose, and Thomas A. Rose. 2003. “International Survey of Integrated Financial Sector Supervision.” Policy Research Working Paper 3096, World Bank, Washington, DC.
Demirguc-Kunt, A., and Enrica Detragiache. 2002. “Does Deposit Insurance Increase Banking System Stability?” Journal of Monetary Economics 49 (7): 1373-406.
Dong, He. 2000. “Emergency Liquidity Support Facilities.” IMF Working Paper 00/79, International Monetary Fund, Washington, DC.
Garcia, Gillian G. H. 1999. “Deposit Insurance: A Survey of Actual and Best Practices.” Working Paper WP/99/54, International Monetary Fund, Washington, DC. Available at http://www. imf. org/external/pubs/ft/wp/1999/wp9954.pdf.
---- . 2000. “Deposit Insurance and Crisis Management.” Working Paper WP/00/57,
International Monetary Fund, Washington, DC. Available at http://www. imf. org/ external/pubs/ft/wp/2000/wp0057.pdf.
---- . 2001. “Deposit Insurance: Actual and Good Practices.” Occasional Paper
197,,International Monetary Fund, Washington, DC. Available at http://www. imf. org/external/pubs/nft/op/197/index. htm.
Hoelscher, David S., and Marc Quintyn. 2003. “Managing Systemic Banking Crises.” Occasional Paper 224, International Monetary Fund, Washington, DC.
International Association of Insurance Supervisors (IAIS). 2000. Insurance Core Principles. Basel, Switzerland: IAIS
--- . 2002. Principles on Capital Adequacy and Solvency. Basel, Switzerland: IAIS.
--- . 2003a. Insurance Core Principles and Methodology. Basel, Switzerland: IAIS.
---- . 2003b. “Solvency Control Levels.” Guidance Paper 6, IAIS, Basel, Switzerland.
---- . 2003c. “Stress Testing by Insurers.” Guidance Paper 8, IAIS, Basel, Switzerland.
---- . 2003d. “Quantifying and Assessing Insurance Liabilities.” Discussion Paper,
IAIS, Basel, Switzerland.
---- . 2003e. “Nonlife Insurance Securitization.” Issues Paper, IAIS, Basel,
Switzerland.
---- . 2004a. “Investment Risk Management.” Guidance Paper 9, IAIS, Basel,
Switzerland.
---- . 2004b. “Principles on the Supervision of Insurance Activities on the Internet.”
Principle No. 4, IAIS, Basel, Switzerland.
---- . 2004c. “Standard on Disclosures Concerning Technical Performance and Risks
of Nonlife Insurers and Reinsurers.” Standard No. 9, IAIS, Basel, Switzerland.
International Monetary Fund (IMF). 2000. IMF Code of Good Practices on Transparency in Monetary and Financial Policies. Washington, DC: IMF.
---- . 02002. “The Financial Market Activities of Insurance and Reinsurance
Companies.” In Global Financial Stability Report, ed. International Capital Market Department of the IMF, 30-47. Washington, DC: International Monetary Fund.
---- . 2004a. “Financial Sector Regulations—Issues and Gaps—Background Paper.”
International Monetary Fund, Washington, DC. Available at www. imf. org/external/ np/mfd/2004/eng/081704.htm.
---- . 2004b. “Risk Transfer and the Insurance Industry.” In Global Financial
Stability Report, ed. International Capital Markets Department of the IMF, 77-110. Washington, DC: International Monetary Fund.
International Monetary Fund (IMF) and World Bank. 2001. “Experience with the Insurance Core Principles Assessments under the Financial Sector Assessment Program.” IMF, Washington, DC.
---- . 2002a. “Experience with the Assessments of the IOSCO Objectives and
Principles of Securities Regulation under the Financial Sector Assessment Program.” International Monetary Fund, Washington, DC.
---- . 2002b. “Implementation of the Basel Core Principles for Effective Banking
Supervision: Experiences, Influences, and Perspectives.” International Monetary Fund, Washington, DC. Available at http://www. imf. org/external/np/mae/bcore/2002/092302. pdf.
---- . 2004. Global Bank Insolvency Initiative. Draft report by IMF and World Bank staff,
World Bank, Washington, DC.
International Organization of Securities Commissions (IOSCO). 2001. “Issues Paper on Exchange Demutualization.” Technical Committee, IOSCO, Madrid, Spain.
--- . 2003a. Methodology for Assessing Implementation of the IOSCO Objectives and
Principles of Securities Regulation. Madrid, Spain: IOSCO.
--- . 2003b. Objectives and Principles of Securities Regulation. Madrid, Spain: IOSCO.
Available at http://www. iosco. org/pubdocs/pdf/IOSCOPD154.pdf.
Lindgren, Carl-Johan, Tomas J. T. Balino, Charles Enoch, Anne-Marie Gulde, Marc Quintyn, and Leslie Teo. 2000. “Financial Sector Crisis and Restructuring: Lessons from Asia.” Occasional Paper 188, International Monetary Fund, Washington, DC. Available at http://www. imf. org/external/pubs/ft/op/opfinsec/op188.pdf.
Miles, Colin. 2002. “Large and Complex Financial Institutions (LCFIs): Issues to Be Considered in the Financial Sector Assessment Program.” MAE Operational Paper 02/3, Monetary and Exchange Affairs Department, International Monetary Fund, Washington, DC.
Schinasi, Gary J. 2003. “The Development of Effective Securities Markets.” Paper presented November 2003 at the First Annual Asian Bond Forum, Hong Kong.
Sundararajan, Venkataraman, and Luca Erric. 2002. “Islamic Financial Institutions and Products in the Global Financial System: Key Issues in Risk Management and Challenges Ahead.” IMF Working Paper WP/02/192, International Monetary Fund, Washington, DC. Available at http://www. imf. org/external/pubs/ft/wp/2002/wp02192. pdf.
Sundararajan, Venkataraman, David Marston, and Ritu Basu. 2001. “Financial System Standards and Financial Stability: The Case of the Basel Core Principles.” IMF
Working Paper WP/01/62, International Monetary Fund, Washington, DC. Available at http://www. imf. org/external/pubs/ft/wp/2001/wp0162.pdf.
Takahiro, Yasui. 2001. “Policyholder Protection Funds: Rationale and Structure.” In Insurance and Private Pensions Compendium for Emerging Economies, Book 1, ed. Insurance and Private Pensions Unit; Financial Affairs Division; Directorate for Financial, Fiscal, and Enterprise Affairs, Part 1:2, 1-20. Paris: Organisation for Economic Co-operation and Development (OECD).
Taylor, Michael, and Alex Fleming. 1999. “Integrated Financial Supervision: Lessons of Northern European Experience.” Policy Research Working Paper 2223, World Bank, Washington, DC.
World Bank. 2001. “Principles and Guidelines for Effective Insolvency and Creditor Rights Systems.” World Bank, Washington, DC. Available at http://www. worldbank. org/ifa/ipg_eng. pdf.
