Entire Act

3. CONFIDENTIALITY

3.1. Protecting confidential information

3.1.1. Permitted disclosures

The AFSA may disclose confidential information where such disclosure:

  • (a) is permitted or required under these Regulations or under any other AIFC Regulations or Rules;
  • (b) is made to any of the authorities listed in subsection 2.2 for the purpose of assisting the exercise by any such authority of its regulatory functions; or
  • (c) is made in good faith for the purposes of the exercise of the functions and powers of the AFSA

3.1.2. Obligation to keep disclosed information confidential

If the AFSA is requested to disclose confidential information to an authority referred to in subsection 2.2, in circumstances other than those referred to in subsection 117(2) of the Framework Regulations, the AFSA shall:

  1. (a) ensure that the information must be used for the sole purpose of assisting the requesting authority in performing its regulatory functions; and
  2. (b) require the requesting authority:
  3. (i) to keep the information confidential; and
  4. (ii) not to disclose the information to any other Person without the written consent of the AFSA.

Guidance:

Obligation in subsection 117(2) of the Framework Regulations Under subsection 117(2) of the Framework Regulations, the AFSA must disclose an individual’s compelled testimony to a law enforcement agency for the purpose of criminal proceedings if:

  1. (i) the person consents to the disclosure; or
  2. (ii) the AFSA is required by law or court order to disclose the statement.

3.2. Requests to obtain information

3.2.1. Requests made under an MoU

The AFSA may obtain confidential information following a request made under a Memorandum of Understanding (MoU) or other information-sharing agreement with another Financial Services Regulator.

3.2.2. Requests by a Financial Services Regulator

The AFSA may, in accordance with the powers granted under section 114 of the Framework Regulations, conduct an investigation and obtain confidential information from Centre Participants at the request of a Financial Services Regulator.

3.2.3. Requests by an authority listed in subsection 2.2

The AFSA may exercise its powers under subsection 2.2 to obtain confidential information from Centre Participants at the request of an authority listed in subsection 2.2.

3.2.4. Scope of powers to obtain information

In order to respond to a request from an authority listed in subsection 2.2, the AFSA may require a Centre Participant to provide information, including but not limited to the following:

(a) information sufficient to reconstruct orders and transactions;

(b) information that identifies or traces funds or assets into which such funds are converted;

(c) auditing information, including audit work papers, communications and other information relating to audit or review of financial statements;

(d) subscriber records held or maintained by telephone service providers that identify subscribers (name and address), payment details and identification of phone numbers from which communications are made or received;

(e) subscriber records held or maintained by internet service providers and other electronic communications providers that identify subscribers (name and address), payment details, length of service, type of service utilised, network addresses, and session times/dates and durations; and/or

(f) recordings of telephone conversations or other electronic communications held or maintained by Centre Participants.

3.2.5. Confidentiality of requests for information

The existence and content of requests for assistance by an authority listed in subsection 2.2, and any communications between the AFSA and that authority, must not be disclosed by:

(a) the AFSA or by an officer, employee, delegate or agent of the AFSA; or

(b) any Person coming into possession of the information, without the consent of the other authority unless, and to the extent that, the AFSA is required by law or court order to disclose such information.

3.2.6. Applications to request confidential information

The AFSA may require that an application submitted by an authority listed in subsection 2.2 requesting confidential information shall:

(a) be in writing, except that an urgent request may be oral provided that it is confirmed in writing within ten business days;

(b) describe the confidential information requested and the purpose for which the requesting authority seeks the information;

(c) provide a brief description of the facts supporting the request and the relevant legal powers authorising the request;

(d) specify whether the purpose of the request is for actual or possible criminal, civil or administrative enforcement proceedings relating to a violation of the laws and regulations administered by the requesting authority;

(e) agree that it will not use the confidential information for any other purpose than that for which it was requested unless it has the express permission of the AFSA;

(f) indicate, if known, the identity of any Persons whose rights or interests may be adversely affected by the disclosure of confidential information;

(g) indicate whether obtaining the consent of, or giving notice to, the Person to whom the request for confidential information relates would jeopardise or prejudice the purpose for which the information is sought;

(h) specify whether any other authority, governmental or non-governmental, is co-operating with the requesting authority or seeking information from the confidential files of the requesting authority;

(i) specify whether onward disclosure of confidential information is likely to be necessary and the purpose such disclosure would serve;

(j) agree to revert to the AFSA in the event that it seeks to use the confidential information for any purposes other than those specified in the request;

(k) agree to keep requested confidential information confidential, including the fact that a request for confidential information was made, except as it conforms to these requirements or in response to a legally enforceable demand;

(l) agree, in the event of a legally enforceable demand, that it, the requesting authority, will notify the AFSA prior to complying with the demand, and will assert such appropriate legal exemptions or privileges with respect to such confidential information as may be available;

(m) agree that, prior to providing information to a self-regulatory organisation, the requesting authority will ensure that the self-regulatory organisation is able and will comply on an ongoing basis with the confidentiality provisions agreed to between the requesting authority and the AFSA; and

(n) agree to use its best efforts to protect the confidentiality of confidential information received from the AFSA.

3.2.7. Procedures for handling disclosure of confidential information

The AFSA must implement appropriate procedures for assessing and approving the disclosure of confidential information provided by a Financial Services Regulator under an MoU or other informationsharing arrangement to an authority listed in subsection 2.2, which shall take into account these Rules.

Guidance: Appropriate procedures for handling disclosure The procedures for assessing whether or not to disclose confidential information should include the following:

(a) the receiving party must be notified of the protected status of the confidential information;

(b) the providing Financial Services Regulator must be approached to request written approval for the disclosure of the confidential information to the receiving party;

(c) if a providing Financial Services Regulator does not approve the release of the confidential information, the AFSA must take all reasonable efforts, including any legal steps, to protect the information from disclosure;

(d) if the AFSA’s efforts to protect the confidential information from disclosure are unsuccessful, the AFSA must:

  1. (i) inform the providing Financial Services Regulator; and
  2. (ii) request that the receiving party does not make the confidential information public or disclose it to a third party.

3.2.8. Notice of disclosure

If the AFSA intends to disclose confidential information to any of the Persons specified in subsection

2.2.1(b), the AFSA may give notice to the Person(s) to whom the disclosure relates in the following circumstances:

(a) the disclosure relates to a Person’s compelled testimony to a law enforcement

(b) agency for the purpose of criminal proceedings against that Person;

(c) the disclosure relates to private civil litigation, in order that the Person may challenge the request according to the Rules of the AIFC Court; or

(d) there are serious and legitimate concerns about the appropriateness of the disclosure, including where the body requesting the confidential information does not perform a financial services related regulatory function.

Guidance: Factors in determining not to give notice of disclosure The AFSA will not normally give notice of disclosure to the person that is the subject of disclosure if giving notice may:

(a) prejudice an ongoing or pending investigation, whether carried out by the AFSA or another Financial Services Regulator or supervisory agency, or prejudice actions which the AFSA or the Financial Services Regulator or supervisory agency may want to take as a result of an investigation, including freezing assets;

(b) reveal the identity of persons who have made reports in accordance with the provisions on whistleblowing under Part 17 (Whistleblowing) of the Companies Regulations;

(c) prejudice or jeopardise the AFSA’s ability to effectively discharge its monitoring and other regulatory functions;

(d) result in disclosure of information that is not adverse to the person concerned;

(e) undermine other Financial Services Regulators' fitness and propriety tests; or

(f) seriously prejudice the AFSA’s relations with Financial Services Regulators, taking into account the AFSA’s bilateral and international obligations and the need for effective mutual cooperation and information sharing.

3.3. Where information is subject to a legally enforceable demand

If the AFSA receives a legally enforceable demand requiring the disclosure of confidential information obtained from a Financial Services Regulator under a MoU or similar information-sharing arrangement, the AFSA will:

  • (a) notify the providing Financial Services Regulator; and
  • (b) seek to enforce any legal rights, exemptions or privileges to protect such confidential information that are legally available to it, which may include but are not limited to an objection on the grounds of public interest or legal privilege, or a claim for injunctive relief.

Guidance: Examples of legally enforceable demands

Examples of legally enforceable demands (such as a subpoena, notice or court order) may include:

(a) An order from the AIFC Court requiring the AFSA to disclose confidential information. The Constitutional Statute provides the AIFC Court with jurisdiction in proceedings other than criminal and administrative proceedings in the AIFC and over AIFC bodies including the AFSA.

(b) A legally enforceable order from a competent authority responsible for administering the criminal laws in the Republic of Kazakhstan. The criminal laws of the Republic of Kazakhstan apply in the AIFC, requiring the AFSA to comply with any legally enforceable order.

3.4. Public interest objections

Where appropriate, including where the AFSA has received a legally enforceable demand requiring the disclosure of confidential information obtained from a Financial Services Regulator under a MoU or similar arrangement, the AFSA may apply to the AIFC Court in accordance with Rule 17.15 of the AIFC Court Rules for an order permitting the AFSA to withhold production of a document on the ground that production would damage the public interest.

Guidance: Public interest objections

The AFSA considers that an application to the AIFC Court to withhold information would be appropriate where disclosure of confidential information would:

(a) prejudice the AFSA's ability to perform its functions; or

(b) jeopardise the AFSA's ability to receive information in the future from certain sources, including Financial Services Regulators.