What do EIOPA’s own “supervisory principles on relocations” (SPoRs) plus a proposal for a “recovery and resolution plan” (RRP) regime mean for (re)insurers?

by Dentons


On July 11, 2017, the Frankfurt based European Insurance and Occupational Pensions Authority (EIOPA) released an “Opinion on supervisory convergence in light of the United Kingdom withdrawing from the EU” (the EIOPA Opinion).1 This legal instrument is addressed to national competent authorities (NCAs), in particular those within the EU-27, but also has a direct practical impact on relevant insurers and reinsurers. After a year of their entry into force, they remain as important as ever.

The EIOPA Opinion’s SPoRs have similar aims as those communicated during 2017 and updated in 2018 by EIOPA’s sister European Supervisory Authority (ESA), the European Securities and Markets Authority (ESMA). It also sets a similar tone and draws inspiration from the continuing statements on BREXIT from the European Central Bank (ECB), acting in its capacity within the Single Supervisory Mechanism (SSM) of the Eurozone’s Banking Union.

Part 1 of this Client Alert assesses the EIOPA Opinion, its SPoRs and how they compare to those SPoRs set by ESMA in its “General Opinion” from May 31, 2017 (the ESMA General Opinion)2  plus the statements from the ECB-SSM which are covered in a dedicated set of Client Alerts from our Eurozone Hub.

Part 2 of this Client Alert looks at the EIOPA’s “Opinion to Institutions of the European Union on the harmonization of Recovery and Resolution Frameworks for (re)insurers across the Member States” (the EIOPA RRP Opinion)3 published on July 5, 2017, which, if it advances from its conceptual infancy to legislative proposal as currently planned, will likely have a transformative effect for (re)insurers.  As with other recovery and resolution workstreams, the EIOPA RRP Opinion aims to make firms safe to fail. What the EIOPA RRP Opinion does not do, a least in its current form, is propose an equivalent to the EU’s ‘BRRD Regime’ and the Banking Union’s Single Resolution Mechanism (SRM), even if a number of conceptual parallels do exist.  Nevertheless, those (re)insurers that are likely to be caught in the scope of the proposals may want to begin scenario planning implications already and to interact or join the conversation with policymakers so as to shape the future RRP regime.

Part 1 - The EIOPA Opinion, its own SPoRs and how it compares to ESMA and SSM SPoRs

One of EIOPA’s key tasks is to build a common EU supervisory culture based upon consistent supervisory practices and approaches. This duty to promote supervisory convergence actively is echoed across the other ESAs as well as the SSM and SRM pillars of the Eurozone’s Banking Union. NCA’s that make-up the European System of Financial Supervision (ESFS) are equally tasked with making supervisory convergence a reality.

Scope of the EIOPA Opinion

EIOPA is responsible for the pensions as well as the (re)insurance sector. The SPoRs introduced in the EIOPA Opinion however only apply to those (re)insurance undertakings that are subject to the “Solvency II Regime.”4 It remains to be seen whether EIOPA will publish similar SPoRs for the breadth of pension funds and other institutions of occupational retirement provisions (IORPs) that fall within its regulatory and supervisory mandate. With the provisions of the EU’s IORP Directive requiring transposition by Member States, i.e. implementation into national legislative/regulatory regimes, by January 2019, it is possible that EIOPA might issue a standalone Opinion for IORPs /pension funds in particular, as the UK will, from an EU regulatory perspective, upon its exit become a “third-country.”

In any event, the EIOPA Opinion sets out its SPoRs in five headline “Principles.” These are likely to have different degrees of impacts on different types of (re)insurers even if they aim to apply largely to all (re)insurers regardless of size or complexity of their business model. Some of those businesses caught by the EIOPA Opinion may also be caught concurrently by the SPoRs communicated by other members of the ESFS across other sectors.

Those other relevant SPoRs include those issued by ESMA and the ECB-SSM as supplemented by further “Sector Specific Opinions” that were published on July 13, 2017 and which are covered in a separate Client Alert. All the various SPoRs issued by the various EU and national authorities in the ESFS are clear that the timing on obtaining regulatory approvals or variations of regulatory permissions is likely to be protracted.

Timelines might be an issue for those looking to relocate

The Solvency II Regime permits “passporting,” i.e. freedom of establishment and freedom to provide services from one EU Member State to another. Once the UK leaves the EU and becomes a third-country, absent a bespoke agreement, this right is lost. As with other parts of financial services, relocations will mean converting existing passported branches into subsidiaries or setting up new subsidiaries in the EU-27. A number of large insurance market participants have already begun this process.

As a result, the EIOPA Opinion applies to both those entities that have already begun to relocate in as much as those embarking on that journey. (Re)insurers are reminded that regulatory applications take time in their own right, but that due to BREXIT leading to more volumes of applications and the SPoRs requiring each application to be subjected to greater scrutiny, supervisory resources may be constrained and thus timelines might be protracted. Certain insurance supervisors, even where cross-border supervisory colleges exist, may be put under pressure, and this could also extend timelines further. In short, (re)insurers should plan to submit applications with a requisite degree of leeway.

Equally, as in the banking sector, the race for relocating firms to secure local talent across markets may also prove an issue for (re)insurers. This will notably pose an issue for those areas where the EIOPA Opinion requires a relocating firm to retain suitable amounts of “local staff” on the ground to fill key positions. Competition for talent is already heating up as some businesses move positions as opposed to persons to the EU-27.

Common concepts and objectives yet differences in the SPoRs

The ESMA General Opinion and the EIOPA Opinion share a number of common objectives and concepts. One crucial difference is that the EIOPA Opinion is (currently) worded specifically with the UK in mind. In contrast, the ESMA and ECB-SSM SPoRs are ‘jurisdiction agnostic,’ i.e. they apply to situations and relocations of firms moving from the UK as well as those that are “third-country entities” (TCEs) moving from non-EU jurisdictions to the EU-27.

The ESMA SPoRs and its specific headline Principles were limited to nine,5 and in contrast EIOPA’s SPoRs and the relevant headlines Principles are limited to the five items discussed below. Those five items are in turn comprised of 28 paragraphs often aggregating concepts and SPoRs in the ESMA General Opinion into one headline EIOPA Principle that contains multiple SPoRs. Conceptually, there is a large degree of overlap between the core supervisory objectives of the ESMA General Opinion and the EIOPA Opinion. These Principles of the EIOPA Opinion are assessed in turn below:

Principle 1 - Authorizations and approvals

This Principle 1 is split between three themes that largely echo those stated in Principles 1 and 2 of the ESMA General Opinion. By comparison however, the EIOPA Opinion’s approach on own funds and internal models (see below) is more pronounced than the SPoRs introduced by ESMA. In the EIOPA Opinion these themes are addressed in Principle 1 as follows:

  • No automatic recognition of existing authorizations: is foreseen, and the supervisory expectation in this EIOPA Principle compared to the ESMA SPoR is much more pronounced in that each application must be reviewed on its own merits.
  • Authorizations and approvals: EU-27 Member States should ensure that they, i.e. the relevant NCAs, have a “sound authorization process” in place. This means NCAs should have processes that are risk-based, adequately resourced so as to deal appropriately with the complexity of any new authorization and on-going supervision. This also includes adequate resourcing to conduct inspections and evaluate additional information. Authorization and supervisory teams are encouraged to interact to ensure effective supervision. Individual supervisory authorities are encouraged to exchange information on approvals or authorizations with another where permitted.
  • Own funds and use of internal models: The recognition of own funds or the use of an internal model, even if previously approved, should be subjected to a new approval process before use. This ties-in with the concept of no automatic recognition described above. The EIOPA Opinion reminds market participants that a change in the risk profile, risk management system or use of an internal model would equally trigger a formal assessment by the relevant NCA. This internal model approval process extends to existing subsidiaries in the EU-27 or any other “new venture” irrespective of the legal form.

Principle 2 - Governance and risk management

The contents of EIOPA Principle 2 correspond to those set out in Principles 6 and 7 in the ESMA General Opinion and set out that:

  • Mind and matter: NCAs must scrutinize whether the applicant’s governance arrangements ensure that effective decision-taking and risk management takes place in the EU Member State of authorization and allows for proper supervision. Again, this is more prescriptive than the concepts in the ESMA General Opinion. The prohibition on “empty shell” entities are also addressed in this EIOPA Principle.
  • Sufficient and proportionate substance: Applicants must demonstrate an appropriate level of corporate substance, proportionate to the nature, scale and complexity of the planned business. This extends to the appropriate presence of administrative, management or supervisory board members as well as those "key function holders" who must be able to dedicate sufficient time to their responsibilities. This is a concept that already exists in EU financial services regulatory law, but the prominence it receives in this EIOPA Principle is noteworthy.
  • Sufficient local market knowledge and staffing: In strong contrast to the ESMA General Opinion, the EIOPA Opinion requires that the applicants maintain an appropriate level of “local staff” employed within the relevant entity. The appropriate level of “local staff” must be commensurate to the nature and amount of business being run from that relevant entity. A similar concept exists in respect of the NCA needing to be satisfied that an applicant’s senior management has sufficient and proper knowledge of local market specifics, products and risks. We assume that NCAs will consider whether the “local staff” requirement is fulfilled by looking at the citizenships held, the length of relevant service within the jurisdiction and the educational and professional background of the staff and whether they actually reside in that Member State. We anticipate that this might lead to some discussions with some NCAs on the nexus between citizenship of staff and the jurisdiction of the relevant (re)insurance entity as well as residence. We would anticipate that certain such as Luxembourg might focus less on residence given the number of financial services workers that live/work cross-border but that other NCAs might use residence as a more determining factor. In any event this requirement may put pressure on securing appropriately qualified resources in certain jurisdictions.
  • Sufficient supervisory scrutiny and control in applicants’ transferring risk to participating undertakings or other entities: similar to the prohibitions on certain booking models and letter box entities, Principle 2 of the EIOPA Opinion tasks NCAs with the assessment and scrutiny of the relevant business model and risk management capacity of relevant undertakings. This also includes assessing the effectiveness of risk transfer arrangements and the related risks. Consequently, EIOPA Principle 2 aims to limit the “disproportionate” reinsuring of risk to TCEs outside of the EU-27. Relevant entities within the EU-27 are required to maintain a minimum retention level of risks written by the EU-27 authorized entity. The EIOPA Opinion states that this minimum retention ratio could be 10 percent of the business written. This limits the ability to transfer or otherwise book risks fully to a TCE. The EIOPA Opinion reserves its right to issue further “supervisory expectations” that amend this minimum threshold. Moreover, NCAs are required to challenge the risk transfer by requiring an assessment of:
    • Impact of the risk transfer on the undertaking’s counterparty risk and currency risk
    • The impact on asset composition
    • The extent to which the reinsurance recoverable will be collateralized and the strength of the (re)insurer and the capital proposed to be held by the undertaking Member State of authorization

This may cause some issues for arrangements where backstops supporting the new or converted EU-27 undertaking are based in third-countries and thus the UK.

Principle 3 - Outsourcing of critical and important activities

The contents of EIOPA Principle 3 follow the prohibitions and stipulations in the ESMA General Opinion and specifically Principles 4 and 5 therein. The SPoRs therein can be grouped into the following themes:

  • Regulatory outsourcing and delegation to third-countries: should be limited and not detract from sufficient control and supervision by the EU-27 entity in respect of the outsourced/delegated services provider. Outsourcing/delegation to TCEs should also not limit NCAs ability to effectively supervise the business of the EU-27 entity.
  • Regulatory outsourcing and delegation of “critical, important or key functions or activities” is only permitted (in keeping with much existing EU requirements) where it does not:
    • Materially impair the quality of the system of governance
    • Unduly increase operational risk
    • Impair NCAs’ ability to monitor compliance
    • Undermine continuous and satisfactory service to policyholders
  • Outsourcing requires a designated oversight function for outsourcing key functions and preventing conflicts of interest: in keeping with EIOPA Guidelines on systems of governance and other national and EU regulated outsourcing requirements.
  • Critical or important functions in an insurance undertaking: such as the design and pricing of insurance products, investment of assets or portfolio management, claims handling, compliance function, internal audit, accounting, risk management or actuarial support, provision of data storage or the provision of on-going systems maintenance or support are highlighted as requiring specific attention by the NCA when it is notified of the intended outsourcing.

Undertakings with “simple risk profiles” or “smaller insurance business” may outsource a significant part of their key functions. However, those that are assessed as having “complex risk-profiles” or a “large scale of business” may not do so. This marks quite the departure from and tightening via the SPoRs of existing rules on outsourcing and delegation.

Principle 4 - On going supervision

The SPoRs stipulated in EIOPA Principle 4 are very much similar to those contained in Principle 8 of the ESMA General Opinion. In summary these stipulate that NCAs should be able to have sufficient access to and resources to review and evaluate the (re)insurance undertakings’ strategies and processes. NCAs are required to ensure that initial conditions set at authorization are met on a continuous basis, including those relating to outsourcing. EIOPA Principle 4 also reiterates that NCAs should be empowered with the necessary powers to remedy weaknesses or deficiencies in relation to a regulated person’s compliance obligations.

In addition to ad-hoc supervisory powers, EIOPA Principle 4 is unequivocally clear and follows requirements set out in the Solvency II Regime that individual NCAs or supervisory colleges of NCAs should:

“Where needed to ensure proper on-going supervision, NCAs may consider whether the establishment of an EU holding company would promote and facilitate the coordination of group supervision at the European level.”

In contrast to the ESMA General Opinion, EIOPA Principle 4 is clear that NCAs should exercise a specific supervisory review “…in the first years following authorization to review the consistency with the initial business model, its underlying assumptions and financial projects in order to assess whether the conditions of authorization are being continuously met.” In contrast to the banking sector, the NCAs responsible for supervising the EU insurance sector have yet to publish common principles/rules relating to on-site inspections and thematic reviews.

Principle 5 - Monitoring by EIOPA

As with ESMA General Opinion Principle 9, EIOPA Principle 5 aims to empower EIOPA to deliver on its mandate to promote convergence. EIOPA’s tools in delivering this objective include the monitoring and application of a risk-based approach so as to direct future convergence efforts. These efforts can take the shape of different policy tools, and the EIOPA Opinion refers to the use of bilateral engagements, further legal instruments including opinions and commencing investigations. Unlike the ESMA General Opinion, EIOPA Principle 5 does not require it to establish specific new tools or fora such as the Supervisory Coordination Network that ESMA is required to run.

Part 2 - The EIOPA RRP Opinion – the first real step to an EU “Insurance Union”?

The EIOPA RRP Opinion calls upon the institutions of the EU to establish a minimum harmonized yet comprehensive RRP framework for (re)insurers (the RRP Minimum Framework). The body of the EIOPA RRP Opinion provides the rationale for a solution. The bulk of the proposed measures are set out in Annex III to the EIOPA RRP Opinion and could, if it continues on its current legislative path, have transformative effects for (re)insurers but also the counterparties and clients with whom they engage. Further endorsement was provided by EIOPA in its most recent set of policy papers on how to improve the Solvency II regime and macroprudential supervision of insurers. This third paper6 was published on July 31, 2018 (together with the other papers in the series, the 2018 EIOPA Papers) and places RRP as a pre-emptive planning measure and earmarks further policy actions to develop an RRP regime.  The 2018 EIOPA Papers make for some interesting policy discussion, and the direction of travel for any future Insurance Union and are discussed in detail in a dedicated Eurozone Hub Client Alert.

The supervisory rationale for an RRP regime specific to (re)insurers is clear: National frameworks are either fragmented or they do not exist. EIOPA states that any RRP Minimum Framework would serve to strengthen protection for policyholders and maintain financial stability of the EU. The EIOPA RRP Opinion thus proposes that any RRP Minimum Framework creates a common “blueprint” of what an RRP regime for (re)insurers should look like. Since this (current proposed) approach adopts a “minimum harmonization” proposal, Member States would still be left with requisite flexibility to introduce additional measures that fit with and are driven by the needs of national markets. In many ways this suggests that EIOPA is approaching the situation in a much more tempered manner than national and EU policymakers did in the aftermath of the start of the GFC.

A comparison of the scope (including gaps) of the current Solvency II Regime powers as compared to proposed RRP Minimum Framework is set out in a comprehensive table in Annex V to the EIOPA RRP Opinion. Going forward, one might expect that Annex V might be expanded to benchmark actual versus the proposed scope of measures as well as the gaps flagged therein and how these compare with the EU’s BRRD Framework.

The approach set out in the RRP Minimum Framework builds upon feedback from 29 stakeholders7 obtained during a public consultation process as well as progress at the international level. Details of the consultation feedback are contained in Annex IV to the EIOPA RRP Opinion. Input from the international level primarily stems from the relevant workstreams of the Financial Stability Board as well as the work of the International Association of Insurance Supervisors in relation to identification, mitigation and management of risks relevant to Globally Systemically Important Insurers (G-SIIs). The EIOPA RRP Opinion however proposes that any RRP Minimum Framework would apply to all relevant (re)insurance undertakings and not just those that are categorized as G-SIIs.

What the EIOPA RRP Opinion does not at present do is call for a full equivalent to the BRRD Regime and the SRM. Rather it earmarks future follow-up work for EIOPA, the as quasi architect of the RRP “blueprint” for (re)insurers to tackle harmonization efforts. At present this seems a quick win solution as, in order to get to a BRRD and SRM equivalent, both EIOPA and the Solvency II Regime would need a number of legislative and institutional changes to form an “Insurance Union” that could complement the “Banking Union” for the Eurozone-19 and possibly complement the integration efforts of the EU-27 in respect of the Capital Markets Union project that is still scheduled to be completed in 2019.

Instead, the EIOPA RRP Opinion aims to adopt a proportional approach and suggests that RRP Minimum Framework should enshrine the following “building blocks.” The following table, taken from the EIOPA RRP Opinion, sets this out in further detail:

The RRP Minimum Framework "Building Blocks"

Preparation and planning

1. Pre-emptive recovery planning

 2. Pre-emptive resolution

 3. Resolvability assessment

Early interventions

4. Early interverntion conditions

5. Early intervention powers


Solvency II Regime - ladder of
intervention - out of scope


 6. Resolution authority

 7. Objectives

 8. Conditions

 9. Powers

10. Safeguards

Cross-border cooperation and coordination

11. Cross-border cooperation and
coordination arrangements


What the EIOPA RRP Opinion however does do quite well is make the case, with reinvigorated force, on the benefits stemming from the potential harmonization and improvements of resolution funding as well as the need for improvements to insurance guarantee schemes. These are both concepts that the EU regrettably tabled in 2012 and which have remained stuck in the sidelines.

This delay in approving the EU policies creating a framework for insurance guarantee schemes or to taking measures to improve the compensation levels set in the Investor Compensation Schemes Directive8 stems from a redirection of political efforts during 2012 to improve deposit guarantee scheme funding and coverage. That redirect was seen, at the time, as a necessary step for building the Banking Union. The plan to harmonize EU depositor guarantee schemes therefore remains a work in progress. In its most recent iteration, this has been advocated in the form of a proposal for a possible Pillar III for Banking Union in the form of the European Deposit Insurance Scheme (EDIS) as a bolt-on to the Banking Union’s Pillar II, the SRB.9 As a result, the EIOPA RRP Opinion somewhat flips the order taken on Banking Union, and thus aims to get the financing of insurance guarantee schemes and resolution funding agreed and in place prior to focusing on any institutional solutions in a possible Insurance Union.

Our Eurozone Hub will continue to monitor this development as it progresses and EIOPA’s wider crisis-prevention set of existing but also proposed10  tools, but would suggest that affected (re)insurers also begin to discuss, through appropriate channels, involving internal and external project teams and advisers, what these proposed changes could mean in any of the following conceivable options:


RRP Minimum framework is introduced as per...

 In the following jurisdictions


(current) EIOPA RRP Opinion

 across whole of EU-27


(current) EIOPA RRP Opinion

 but only in limited Member States of the EU-27 willing to do so


(current) EIOPA RRP Opinion

 but only in Member States participating in the Banking Union (currently Eurozone 19)


 RRP Minimum Framework yields to more BRRD Regime style equivalent

 that is applicable to whole of EU-27


 RRP Minimum Framework yields to more BRRD Regime style equivalent

 that is applicable only in selected Member States of the EU-27


 RRP Minimum Framework yields to more BRRD Regime style

 that is applicable only in Member States participating in the Banking Union (currently Eurozone 19)


the roll-out by national legislators of their own RRP framework for insurers building upon the terms of the (current) EIOPA RRP Opinion

 Selected EU-27 Member States irrespective of whether they are in the Banking Union or not


Recent financial crises and systemic stresses have evidenced that (re)insurers can get in trouble. Given the current fragmented nature of the tools in this area, EIOPA’s proposal in this area aims to equip supervisors but also firms with greater tools. Recent reviews by the European Central Bank, acting in its supervisory capacity, on how to “operationalize” an RRP plan11 along with other reports by national resolution authorities may shape the future evolution of this proposal.

In summary, EIOPAs proposals, regardless of whether in respect of the two EIOPA Opinions or the 2018 EIOPA Papers could, if they get political support, fundamentally change how firms view and have to plan for compliance.  Getting to that new normal would however require insurance supervision capabilities at rule makers and supervisors receiving more resources. Supervisors are pushing ORSA – own risk and solvency assessments as a key supervisory tool in their supervisory review process (SRP). In conjunction with the publication of the 2018 EIOPA Papers, the topic of improvements to funding of guarantee schemes was put to consultation which closes October 26, 2018.12

Despite familiarities in the debates and comparable compliance obligations with their banking and investment management cousins, both in the EU and at a global level, technical and conceptual differences do apply in core compliance pillars. This includes say, ICAAP for capital adequacy and ILAAP for solvency and liquidity, which in turn form part of supervisory dialogue as part of the supervisory review and evaluation process (SREP) used in the EU and, as tailored, within the Banking Union.

Yet it is not all about rules being readied to be put into the pipeline or for those that are in place for those to be rolled out to a broader choir of firms needing to comply. Resources are still strained. 10 years following the Great Financial Crisis that put the banking and investment management sectors but also the pension and insurance sectors through its paces, staffing enterprise-wide risk management and compliance obligations requires trained people, tailored policies and processes along with planning and patience. EIOPA has certainly in the 2018 Policy Papers set marching orders over the near and much longer term, even if it has yet to obtain a more developed mandate and set of powers.

Next possible steps for (re)insurance firms

The EIOPA SPoRs have set a new and more clearly mapped route on how (re)insurance firms and undertakings will need to structure themselves when relocating to the EU and/or Eurozone as a result of BREXIT or otherwise. In practical terms, this has a number of implications for firms, internal project teams as well as their retained consultants and professional advisers.

As a result, the impact of these two EIOPA Opinions affected firms will need to:

  • Review existing and pending BREXIT-proofing and relocation plans, some of which might need to be revisited to make sure they comply with the SPoRs.
  • Allocate sufficient time and resources needed in order to take account of potentially more invasive supervisory touchpoints along each of the levels of the ESFS. This also applies to the greater supervisory scrutiny of fitness and propriety of individuals, governance and control functions as well as the written policies and procedures underpinning those systems and controls. This might mean retaining appropriate legal and regulatory specialists, both within internal and external project teams that can draft, implement and ensure compliance with EU, Eurozone, respective national levels as well as third-country regimes. Whilst needing to be interoperable with license application and relocation workstreams, this ought to be run separately so as to have a sufficient degree of independence and an ability to challenge assumptions made by those advising on the relocation in particular as the SPoRs have caused a number of plans to be redrawn.
  • Provide for longer supervisory processing timelines and greater detail in relation to supervisors dealing with reviews and approvals and/or supervisory inspections. For some firms this might also mean taking appropriate advice as to how their business model might be affected by the supervisory priorities of the relevant components of the ESFS, whether there are any quick wins and how to document and embed processes and policies that evidence compliance with the supervisory expectations and the SPoRs.
  • Lastly, the EIOPA RRP Opinion is thus both welcome inasmuch as it is timely. The value in an RRP regime for (re)insurers will arise provided such regime recognizes the differences in types of (re)insurers and the risk classes and markets they operate in as well as the differences to RRPs designed for the banking sector. Consequently, (re)insurers, even who those doubt the benefits or need of an RRP regime, ought to get involved proactively in shaping the debate on those RRP standards that will ultimately be imposed upon them at the risk of being left out and having firm or sector specific items overlooked.

1. Available: https://eiopa.europa.eu/Publications/Opinions/EIOPA-BOS-17-141%20Opinion_Supervisory_Convergence.pdf
2. Available: https://www.esma.europa.eu/sites/default/files/library/esma42-110-433_general_principles_to_support_supervisory_convergence_in_the_context_of_the_uk_withdrawing_fro

3. Available: https://eiopa.europa.eu/Publications/Opinions/EIOPA-BoS-17-148_Opinion_on_recovery_and_resolution_for_%28re%29insurers.pdf
4.   Comprised of:

  • Directive 2009/138/EC of 25 November 2009 of the European Parliament and of the Council on the taking up and pursuit of the business of Insurance and Reinsurance (Solvency II) (OJ L 335, 17.12.2009, p. 1–155); and
  • Commission Delegated Regulation (EU) 2015/35 of 10 October 2014 supplementing Directive 2009/138/EC of the European Parliament and of the Council on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) (OJ L 12, 17.01.2015, p. 1).

5. The Principles, which are explored in further detail in our separate Eurozone Hub Client Alert on the matter, include:

  • No automatic recognition of existing authorizations;
  • Authorizations granted by EU-27 NCAs should be rigorous and efficient;
  • NCAs should be able to verify the objective reasons for relocation;
  • Special attention should be granted to avoid letter-box entities in the EU-27;
  • Outsourcing and delegation to third-countries is only possible under strict conditions;
  • NCAs should ensure that substance requirements are met;
  • NCAs should ensure sound governance of EU entities;
  • NCAs must be in a position to effectively supervise and enforce EU law; and
  • Coordination needs to be implemented to ensure effective monitoring by ESMA.

6. See: https://eiopa.europa.eu/Publications/Reports/EIOPA%20Other%20potential%20macroprudential%20tools.pdf 
7. 14 responses from associations and stakeholder groups (including EIOPA’s Insurance and Reinsurance Stakeholders Group (IRSG)), six responses from the industry, three responses from ministries, three responses from others, and two responses from NSAs, one response from an EU organization.
8. See: Directive 97/9/EC of the European Parliament and of the Council of 3 March 1997 on investor compensation schemes OJ L 084, 26/03/1997 P. 0022-0031.
9. For a more in-depth discussion of EDIS, the state of play for investor compensation schemes and insurance guarantee schemes that were tabled in favor of some but not comprehensive improvements to depositor guarantee schemes, please see Huertas in "EDIS - The Third Pillar of the EU's Banking Union: Big, bold but can it be beautiful?" which first appeared in 2016 in Volume 31 - Issue 11 of the Journal of International Banking Law & Regulation.
10. See: https://eiopa.europa.eu/Pages/Financial-stability-and-crisis-prevention/Crisis-prevention.aspx
11. See: https://www.dentons.com/en/insights/articles/2018/august/10/the-ecb-ssm-discloses-the-supervisory-practices-related-to-recovery-planning
12. See: https://eiopa.europa.eu/Publications/Consultations/EIOPA-CP-18-003_Discussion_paper_on_resolution_funding%20and.pdf



Written by:


Dentons on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide

JD Supra Privacy Policy

Updated: May 25, 2018:

JD Supra is a legal publishing service that connects experts and their content with broader audiences of professionals, journalists and associations.

This Privacy Policy describes how JD Supra, LLC ("JD Supra" or "we," "us," or "our") collects, uses and shares personal data collected from visitors to our website (located at www.jdsupra.com) (our "Website") who view only publicly-available content as well as subscribers to our services (such as our email digests or author tools)(our "Services"). By using our Website and registering for one of our Services, you are agreeing to the terms of this Privacy Policy.

Please note that if you subscribe to one of our Services, you can make choices about how we collect, use and share your information through our Privacy Center under the "My Account" dashboard (available if you are logged into your JD Supra account).

Collection of Information

Registration Information. When you register with JD Supra for our Website and Services, either as an author or as a subscriber, you will be asked to provide identifying information to create your JD Supra account ("Registration Data"), such as your:

  • Email
  • First Name
  • Last Name
  • Company Name
  • Company Industry
  • Title
  • Country

Other Information: We also collect other information you may voluntarily provide. This may include content you provide for publication. We may also receive your communications with others through our Website and Services (such as contacting an author through our Website) or communications directly with us (such as through email, feedback or other forms or social media). If you are a subscribed user, we will also collect your user preferences, such as the types of articles you would like to read.

Information from third parties (such as, from your employer or LinkedIn): We may also receive information about you from third party sources. For example, your employer may provide your information to us, such as in connection with an article submitted by your employer for publication. If you choose to use LinkedIn to subscribe to our Website and Services, we also collect information related to your LinkedIn account and profile.

Your interactions with our Website and Services: As is true of most websites, we gather certain information automatically. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information to analyze trends, to administer the Website and our Services, to improve the content and performance of our Website and Services, and to track users' movements around the site. We may also link this automatically-collected data to personal information, for example, to inform authors about who has read their articles. Some of this data is collected through information sent by your web browser. We also use cookies and other tracking technologies to collect this information. To learn more about cookies and other tracking technologies that JD Supra may use on our Website and Services please see our "Cookies Guide" page.

How do we use this information?

We use the information and data we collect principally in order to provide our Website and Services. More specifically, we may use your personal information to:

  • Operate our Website and Services and publish content;
  • Distribute content to you in accordance with your preferences as well as to provide other notifications to you (for example, updates about our policies and terms);
  • Measure readership and usage of the Website and Services;
  • Communicate with you regarding your questions and requests;
  • Authenticate users and to provide for the safety and security of our Website and Services;
  • Conduct research and similar activities to improve our Website and Services; and
  • Comply with our legal and regulatory responsibilities and to enforce our rights.

How is your information shared?

  • Content and other public information (such as an author profile) is shared on our Website and Services, including via email digests and social media feeds, and is accessible to the general public.
  • If you choose to use our Website and Services to communicate directly with a company or individual, such communication may be shared accordingly.
  • Readership information is provided to publishing law firms and authors of content to give them insight into their readership and to help them to improve their content.
  • Our Website may offer you the opportunity to share information through our Website, such as through Facebook's "Like" or Twitter's "Tweet" button. We offer this functionality to help generate interest in our Website and content and to permit you to recommend content to your contacts. You should be aware that sharing through such functionality may result in information being collected by the applicable social media network and possibly being made publicly available (for example, through a search engine). Any such information collection would be subject to such third party social media network's privacy policy.
  • Your information may also be shared to parties who support our business, such as professional advisors as well as web-hosting providers, analytics providers and other information technology providers.
  • Any court, governmental authority, law enforcement agency or other third party where we believe disclosure is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals' personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
  • To our affiliated entities and in connection with the sale, assignment or other transfer of our company or our business.

How We Protect Your Information

JD Supra takes reasonable and appropriate precautions to insure that user information is protected from loss, misuse and unauthorized access, disclosure, alteration and destruction. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. You should keep in mind that no Internet transmission is ever 100% secure or error-free. Where you use log-in credentials (usernames, passwords) on our Website, please remember that it is your responsibility to safeguard them. If you believe that your log-in credentials have been compromised, please contact us at privacy@jdsupra.com.

Children's Information

Our Website and Services are not directed at children under the age of 16 and we do not knowingly collect personal information from children under the age of 16 through our Website and/or Services. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

Links to Other Websites

Our Website and Services may contain links to other websites. The operators of such other websites may collect information about you, including through cookies or other technologies. If you are using our Website or Services and click a link to another site, you will leave our Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We are not responsible for the data collection and use practices of such other sites. This Policy applies solely to the information collected in connection with your use of our Website and Services and does not apply to any practices conducted offline or in connection with any other websites.

Information for EU and Swiss Residents

JD Supra's principal place of business is in the United States. By subscribing to our website, you expressly consent to your information being processed in the United States.

  • Our Legal Basis for Processing: Generally, we rely on our legitimate interests in order to process your personal information. For example, we rely on this legal ground if we use your personal information to manage your Registration Data and administer our relationship with you; to deliver our Website and Services; understand and improve our Website and Services; report reader analytics to our authors; to personalize your experience on our Website and Services; and where necessary to protect or defend our or another's rights or property, or to detect, prevent, or otherwise address fraud, security, safety or privacy issues. Please see Article 6(1)(f) of the E.U. General Data Protection Regulation ("GDPR") In addition, there may be other situations where other grounds for processing may exist, such as where processing is a result of legal requirements (GDPR Article 6(1)(c)) or for reasons of public interest (GDPR Article 6(1)(e)). Please see the "Your Rights" section of this Privacy Policy immediately below for more information about how you may request that we limit or refrain from processing your personal information.
  • Your Rights
    • Right of Access/Portability: You can ask to review details about the information we hold about you and how that information has been used and disclosed. Note that we may request to verify your identification before fulfilling your request. You can also request that your personal information is provided to you in a commonly used electronic format so that you can share it with other organizations.
    • Right to Correct Information: You may ask that we make corrections to any information we hold, if you believe such correction to be necessary.
    • Right to Restrict Our Processing or Erasure of Information: You also have the right in certain circumstances to ask us to restrict processing of your personal information or to erase your personal information. Where you have consented to our use of your personal information, you can withdraw your consent at any time.

You can make a request to exercise any of these rights by emailing us at privacy@jdsupra.com or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

You can also manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard.

We will make all practical efforts to respect your wishes. There may be times, however, where we are not able to fulfill your request, for example, if applicable law prohibits our compliance. Please note that JD Supra does not use "automatic decision making" or "profiling" as those terms are defined in the GDPR.

  • Timeframe for retaining your personal information: We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. For example, if you are an author, your personal information may continue to be published in connection with your article indefinitely. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
  • Onward Transfer to Third Parties: As noted in the "How We Share Your Data" Section above, JD Supra may share your information with third parties. When JD Supra discloses your personal information to third parties, we have ensured that such third parties have either certified under the EU-U.S. or Swiss Privacy Shield Framework and will process all personal data received from EU member states/Switzerland in reliance on the applicable Privacy Shield Framework or that they have been subjected to strict contractual provisions in their contract with us to guarantee an adequate level of data protection for your data.

California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, our customers who are California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

You can make a request for this information by emailing us at privacy@jdsupra.com or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

Some browsers have incorporated a Do Not Track (DNT) feature. These features, when turned on, send a signal that you prefer that the website you are visiting not collect and use data regarding your online searching and browsing activities. As there is not yet a common understanding on how to interpret the DNT signal, we currently do not respond to DNT signals on our site.

Access/Correct/Update/Delete Personal Information

For non-EU/Swiss residents, if you would like to know what personal information we have about you, you can send an e-mail to privacy@jdsupra.com. We will be in contact with you (by mail or otherwise) to verify your identity and provide you the information you request. We will respond within 30 days to your request for access to your personal information. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. If you would like to correct or update your personal information, you can manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard. If you would like to delete your account or remove your information from our Website and Services, send an e-mail to privacy@jdsupra.com.

Changes in Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our Privacy Policy will become effective upon posting of the revised policy on the Website. By continuing to use our Website and Services following such changes, you will be deemed to have agreed to such changes.

Contacting JD Supra

If you have any questions about this Privacy Policy, the practices of this site, your dealings with our Website or Services, or if you would like to change any of the information you have provided to us, please contact us at: privacy@jdsupra.com.

JD Supra Cookie Guide

As with many websites, JD Supra's website (located at www.jdsupra.com) (our "Website") and our services (such as our email article digests)(our "Services") use a standard technology called a "cookie" and other similar technologies (such as, pixels and web beacons), which are small data files that are transferred to your computer when you use our Website and Services. These technologies automatically identify your browser whenever you interact with our Website and Services.

How We Use Cookies and Other Tracking Technologies

We use cookies and other tracking technologies to:

  1. Improve the user experience on our Website and Services;
  2. Store the authorization token that users receive when they login to the private areas of our Website. This token is specific to a user's login session and requires a valid username and password to obtain. It is required to access the user's profile information, subscriptions, and analytics;
  3. Track anonymous site usage; and
  4. Permit connectivity with social media networks to permit content sharing.

There are different types of cookies and other technologies used our Website, notably:

  • "Session cookies" - These cookies only last as long as your online session, and disappear from your computer or device when you close your browser (like Internet Explorer, Google Chrome or Safari).
  • "Persistent cookies" - These cookies stay on your computer or device after your browser has been closed and last for a time specified in the cookie. We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.
  • "Web Beacons/Pixels" - Some of our web pages and emails may also contain small electronic images known as web beacons, clear GIFs or single-pixel GIFs. These images are placed on a web page or email and typically work in conjunction with cookies to collect data. We use these images to identify our users and user behavior, such as counting the number of users who have visited a web page or acted upon one of our email digests.

JD Supra Cookies. We place our own cookies on your computer to track certain information about you while you are using our Website and Services. For example, we place a session cookie on your computer each time you visit our Website. We use these cookies to allow you to log-in to your subscriber account. In addition, through these cookies we are able to collect information about how you use the Website, including what browser you may be using, your IP address, and the URL address you came from upon visiting our Website and the URL you next visit (even if those URLs are not on our Website). We also utilize email web beacons to monitor whether our emails are being delivered and read. We also use these tools to help deliver reader analytics to our authors to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

Analytics/Performance Cookies. JD Supra also uses the following analytic tools to help us analyze the performance of our Website and Services as well as how visitors use our Website and Services:

  • HubSpot - For more information about HubSpot cookies, please visit legal.hubspot.com/privacy-policy.
  • New Relic - For more information on New Relic cookies, please visit www.newrelic.com/privacy.
  • Google Analytics - For more information on Google Analytics cookies, visit www.google.com/policies. To opt-out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout. This will allow you to download and install a Google Analytics cookie-free web browser.

Facebook, Twitter and other Social Network Cookies. Our content pages allow you to share content appearing on our Website and Services to your social media accounts through the "Like," "Tweet," or similar buttons displayed on such pages. To accomplish this Service, we embed code that such third party social networks provide and that we do not control. These buttons know that you are logged in to your social network account and therefore such social networks could also know that you are viewing the JD Supra Website.

Controlling and Deleting Cookies

If you would like to change how a browser uses cookies, including blocking or deleting cookies from the JD Supra Website and Services you can do so by changing the settings in your web browser. To control cookies, most browsers allow you to either accept or reject all cookies, only accept certain types of cookies, or prompt you every time a site wishes to save a cookie. It's also easy to delete cookies that are already saved on your device by a browser.

The processes for controlling and deleting cookies vary depending on which browser you use. To find out how to do so with a particular browser, you can use your browser's "Help" function or alternatively, you can visit http://www.aboutcookies.org which explains, step-by-step, how to control and delete cookies in most browsers.

Updates to This Policy

We may update this cookie policy and our Privacy Policy from time-to-time, particularly as technology changes. You can always check this page for the latest version. We may also notify you of changes to our privacy policy by email.

Contacting JD Supra

If you have any questions about how we use cookies and other tracking technologies, please contact us at: privacy@jdsupra.com.

- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.