Worldwide: Offshore Professional Risks - July 2017

Last Updated: 2 August 2017
Article by Sedgwick Chudleigh

Sedgwick's Offshore Professional Risks Newsletter

Professional trustees, directors, and corporate service providers in various offshore jurisdictions, such as Bermuda, the BVI, the Cayman Islands, and the Channel Islands, continue to deal with increasing levels of regulation and reporting, and associated costs of compliance, both locally and internationally.

At the same time, offshore professional service businesses face increasing levels of competition and consolidation (both within and across jurisdictions), and the inevitable management challenges associated with planning for the future, including recruitment, retention, and retirement of staff.

The regulatory burden imposed on offshore lawyers looks set to increase as well.

10 years after the global financial crisis, a number of offshore law firms have opened new offices in foreign jurisdictions in search of growth and diversification, with recent office openings being seen in Bermuda, the Cayman Islands, the BVI, and Hong Kong.

The Courts, politicians, and regulators of each offshore jurisdiction have now started to grapple with some of the regulatory issues that have arisen in the case of international offshore law firms, including on issues of foreign ownership and control, the recovery of legal costs, the practice of law by unauthorized persons, conflicts of interest, and the protection of local employees and local consumers.

Against this background, Sedgwick LLP and Sedgwick Chudleigh Ltd. are now pleased to make available the latest edition of their Offshore Professional Risks newsletter, which covers various legal and regulatory developments of interest to offshore professionals and their liability insurers.


Beware Regulators with Sharp Teeth: Insurance for Fines & Penalties

In the not-so-distant past, offshore financial centres ("OFCs") were perceived as having a very light touch when it came to taking enforcement action against regulated entities and individuals. "Deliberately toothless" was how one well-known commentator described offshore regulatory enforcement activity as recently as 2013, the implication being that OFCs avoided tough regulatory action for fear that it could drive business to competitor OFCs.  Even when regulatory enforcement action was taken, and sanctions were imposed, the target was often afforded anonymity by the regulator.

Offshore financial services regulators have been baring their teeth and threatening to 'Get Tough'. 

Increased regulatory activity, bigger fines

In the past year, OFCs, including the BVI, Cayman Islands, Bermuda and the Channel Islands have seen several well-publicized instances of regulatory sanctions, together with legislative amendments and pronouncements signaling a tough new approach to regulatory infractions, with "naming and shaming" part of the punishment.     
Driving the changed regulatory environment in OFCs, at least in part, is the increased attention paid by onshore governments, regulators, international bodies and the media to business practices in OFCs.  This includes measures recommended by the inter-governmental body, the Financial Action Task Force, to combat money laundering and terrorist financing with comprehensive external reviews of OFCs taking place over the next few years to determine their level of compliance. The consequences to OFCs of non-compliance will be severe, prompting regulators to take tough action to demonstrate the robustness of the jurisdiction's regulatory framework and their effectiveness in punishing regulatory breaches.
While the fines imposed can be severe, these are often matched or exceeded by the legal costs of contesting enforcement actions or negotiating with the regulator.  But even these costs can pale in comparison to the damage resulting from adverse publicity or the loss of a valuable business license, not to mention hundreds of management hours taken up in responding to a regulatory investigation or prosecution.

Increased regulatory muscle has led to an increased demand for insurance cover in respect of the consequences of regulatory action. Traditional professional indemnity, errors and omissions and directors' & officers' liability insurance policies responded to claims for "damages" sought by third parties and often did not provide any coverage for administrative actions.  While most such policies now include limited cover for administrative actions as part of the standard package, the scope of cover may be narrowly drawn and cover for fines and penalties is generally excluded.

As is often the case, you get what you pay for and broader regulatory cover is available in the insurance markets, but at a price.  

Scope of cover for fines and penalties

A standard insurance policy may provide cover for costs incurred by the "target" of a "formal" regulatory prosecution.  However, regulatory actions very often start in an informal manner and months of investigations, with consequent information and interview requests, may ensue before any formal proceedings are filed.  For example, it is not uncommon for enforcement actions by the United States Securities and Exchange Commission to be commenced on the same day that a settlement is consummated.  If an insured wants cover for informal, as well as formal, regulatory investigations it may need to negotiate a policy endorsement to obtain broader cover.

Often, the target of a regulatory investigation or proceeding will be a current or former employee or director of the regulated entity. However, the entity may be required, or compelled, to provide extensive assistance to the regulator in terms of providing documents, computer files or employees for interviews. The company may also need to retain the services of forensic accountants to compile information for the regulator and external counsel to interface with the regulator and to represent testifying witnesses.  Potentially, these costs can run into several millions of dollars yet may fall outside the scope of a standard insurance policy as the entity itself is not a target of the enforcement action. Again, if an insured is looking for this type of broad cover it may need to purchase an appropriate extension to its policy.

Insurability of fines and penalties

Traditionally, fines and penalties were expressly excluded from the scope of insurance policies, consistent with the view that criminal fines and penalties are uninsurable in most jurisdictions as a matter of public policy. However, the increased prevalence of administrative fines and penalties, which are not always regarded as objectionable in public policy terms, has resulted in the re-writing of many insurance policies to provide cover for fines and penalties "where insurable".

The question as to whether administrative fines and penalties are "insurable" as a matter of public policy is a classic legal "grey area" and determining insurability will require an analysis of the particular sanction imposed and the underlying conduct giving rise to it. In the English Court of Appeal decision in Safeway v Twigger (2010) the court found that "morally reprehensible" acts are uninsurable. The court did not give much guidance as to what amounts to "morally reprehensible" but clearly it captures conduct that falls short of "intentional illegality". In that case, the court also found that the regulatory fine in question was uninsurable as a matter of English law even though the regulated company's liability was vicarious (i.e. not direct) by reason of its liability for the acts of its employees. 

The Safeway decision is not applicable to insurance policies that are governed by systems of law other than English law. Nor is the decision binding on the courts of OFCs, which may, for example, choose to take a more liberal approach to insurability such as that of the first instance judge in Safeway, who held that public policy did not bar insurance coverage for the vicarious liability of the sanctioned corporation.  
Another bar to the insurance of regulatory fines and penalties may lie within the statute giving rise to the sanction, which may expressly prohibit indemnification including through insurance. Some regulators have also been known to insist, as a condition of the settlement of enforcement proceedings, that the sanctioned entity or individual agree not to seek an insurance recovery for the fine or penalty.
Coverage for "disgorgement"

A very recent development that could give rise to additional coverage questions in this area arises from a U.S. Supreme Court decision, Kokesh v SEC (June 2017), which found, at least for the purposes of limitation, that an order for an investment advisor to make "disgorgement" of $35 million (in addition to paying a civil penalty of $2.3 million) amounted to a "penalty".  While the availability of insurance cover for "disgorgement" payments is another complicated area (again engaging issues of public policy), this decision may bring disgorgement payments at the behest of the SEC within the scope of a "fines and penalties" exclusion when hitherto such payments might have been be regarded as a covered civil liability.

While difficult questions arise in the context of insurance claims involving regulatory fines and penalties, it seems clear that claims activity will remain strong in relation to regulated insureds in OFCs and those insureds would be wise to review their policies with their insurance broker to ensure they understand the options available.

The Regulation of Offshore Lawyers: Recent Developments

Since lawyers' professional liability to their clients, and potentially to third parties, often needs to be assessed in the context of the specific regulatory environment in which they operate, it is quite important for London market and international insurers to understand the nuances of each particular offshore jurisdiction's regulatory framework. 

The regulation of offshore lawyers continues to generate some controversial talking-points in an evolving regulatory landscape, as the following examples indicate:  

  • the Court of Appeal for Bermuda has recently handed down an important judgment in which it has concluded that the Bermuda Bar Council was legally entitled to refuse a Certificate of Recognition to Walkers (Bermuda) Limited, on the basis of its conclusion that the Bermuda office of Walkers Global appeared to be controlled, in practical terms, by foreigners, rather than Bermudian lawyers (in apparent breach of the local control requirements of Bermuda's Companies Act 1981);
  • both the BVI Courts and the Bermuda Courts have recently handed down judgments which restrict, to some extent, the ability of a successful litigant to recover, on a costs taxation or assessment, the costs of instructing 'foreign' or 'international' lawyers (i.e. UK solicitors or US attorneys) if they are unnecessarily involved in local court proceedings;
  • the Supreme Court of Gibraltar has recently handed down a judgment finding Jyske Bank (Gibraltar) Ltd liable for dishonestly assisting the Gibraltar law firm, Marrache & Co, to steal GBP 28 million from its client account. In the course of his judgment, Mr. Justice Jack made some important observations about the provisions of section 85 of the UK's Solicitors Act 1974, the Solicitors' Accounts Rules 1998, and the SRA Accounts Rules 2011, and Gibraltar's analogous statutory provisions; 
  • the Cayman Islands' Legislative Assembly was unable to enact a modern Legal Practitioners' Bill in its March 2017 session, due to political divisions on certain reform proposals, although it has now taken steps to enact a Limited Liability Partnership law, and it is likely that it will seek to re-introduce the Legal Practitioners' Bill in the September 2017 session (the first Assembly session after a recent election and change in Government). Legislative reform in this respect is perceived to be essential to ensure that the Cayman Islands receives an acceptable score from the Caribbean Financial Action Task Force in its next review of the jurisdiction; and
  • a prominent English QC has been generally admitted to the Singapore Bar, and while this has been described as a 'one-off' event, it is perhaps a sign that the Singaporean legal profession has become more receptive to international lawyers practicing in the jurisdiction, particularly in the context of international commercial arbitration. In a similarly novel development, a well-known Hong Kong silk was called to the Bermuda Bar for the purpose of appearing before the Bermuda courts on a corporate shareholder dispute involving a Bermuda company listed on the Singapore Stock Exchange.  

Third Party Claims Against Trustees: Resolving Competing Claims Over Trust Assets

For professional trustees and their insurers, the ability to obtain an indemnity from trust assets in the face of a claim against a trustee by a third party is obviously of critical importance, insulating the trustee from personal liability and the insurer from having to expend its policy limits.  Ultimately, if the value of any judgment and costs award exceeds the value of trust assets, the trustee could face personal liability (and the insurer an indemnity obligation) for the excess amount. However, being able to draw upon trust assets to fund defence costs as incurred is obviously attractive from a funding perspective and may provide leverage in settlement negotiations with the third party if the target trust assets are being eroded. 
Although a trustee is not obligated to obtain the court's permission to defend a third party claim, or to seek an indemnity from the trust assets, it is a well-established principle in England and in most commonwealth jurisdictions that, where a trustee is ultimately unsuccessful, a retrospective indemnity will only be granted in exceptional circumstances (see Re Beddoe [1893] 1 Ch 547). To mitigate the risk of personal liability, therefore, a prudent trustee is well-advised to apply to the court in advance of pursuing or defending any claim on behalf of a trust, an application known as a "Beddoe application".
Frequently, the amount claimed by the third party will exceed the available trust assets putting the trustee's indemnity claim in potential conflict with the third party's claim. This was the position in X (as Trustee of the A Trust) v Y (as Beneficiary of the A Trust) (unreported) 15 March 2017, where the Grand Court of Cayman, per Smellie CJ, granted Beddoe relief to a Cayman trustee to defend an English third party claim which, if successful, could exhaust the assets of the trust.
The Trustee of the A Trust (the "Trustee") was joined as a defendant in English proceedings arising out of a sale and purchase agreement (the "English Proceedings"). The plaintiffs in the English Proceedings ("Z") were claiming in contract for breach of warranty and for damages in tort for deceit. In the proceedings, Z also sought to preserve the only realizable asset of the A Trust as a means to enforce any potential judgment, the sum of which could exhaust the assets of the Trust.
Faced with this claim, the Trustee brought an application in the Grand Court of Cayman seeking (1) directions to defend the English Proceedings, (2) permission to borrow funds from another trust, the C Trust, to discharge the costs of the defence, and (3) indemnity for any costs and expenses properly incurred to be reimbursed from the assets of the A Trust.
Beddoe relief
In Cayman, the Grand Court has a statutory power (section 48 of the Trusts Law (2011 revision)) as well as powers under its inherent jurisdiction to give directions with regard to the participation in litigation and the trustee's right to be indemnified by the trust, which are then binding on those interested under a trust, even if the trustee is ultimately unsuccessful in the litigation.
The Court made clear that the test for obtaining an indemnity from a trust fund in respect of third-party litigation "turns upon the issue whether or not [the trustee] will act properly in bringing or defending the claim". A trustee will not be protected merely because he/she acts on legal advice. A Beddoe application, therefore, involves a review of the merits of the claim sought to be defended and a trustee is obligated to make full disclosure of the strengths and weaknesses of their case.
Parties to a Beddoe application
Given that a decision to grant a trustee an indemnity from a trust's assets will directly affect the beneficiaries of that trust, the beneficiaries are necessary parties to a Beddoe application. In this case, the primary beneficiary consented to the application and the Attorney General (representing a charity's interests) did not object.
One of the questions that arose for consideration, however, was whether the third party, namely Z, had a right to participate in the Beddoe application. Z contended that it should be given formal notice of the proceedings to allow it to make written submissions on whether the trustee would be acting properly in defending the claim.
The Court dismissed Z's claim that it should be entitled to formal notice or that it should be entitled to make submissions. In dismissing the claim the Court distinguished between the three kinds of litigation in which trustees might become involved (as stated in Alsop Wilkinson v Neary [1996] 1 WLR 1220), being: (1) 'a trust dispute'; (2) a 'beneficiaries dispute'; and (3) a 'third party dispute'. Z's claim in the English Proceedings was held to fall squarely within the 'third party dispute' category given that Z was not claiming any proprietary interest in the trust assets.
Despite this finding, Z was still given the opportunity to make representations to the Court by way of a letter, sent as a response to the informal notice given to Z by the Trustee.
Burden of costs
Z further sought to argue that what was being claimed in the Beddoe proceedings in Cayman was a "pre-emptive costs order", which would predetermine the incidence of costs as between Z and the Trustee in the English Proceedings. As the Judge made clear, however, the application was clearly not a pre-emptive costs application given that the application was made in proceedings separate from the English Proceedings. Furthermore, the Grand Court of Cayman was clearly concerned with an issue between the Trustee and the beneficiaries of the A Trust and any decision of the Court would not impede the discretion as to costs of the judge dealing with the English Proceedings.
Smellie CJ did acknowledge, however, that Z would be adversely affected by the Trustee's Beddoe application, if granted, given that the trust assets available to meet any costs order in Z's favour in the English Proceedings (if successful) would be reduced by the costs of the defence incurred by the Trustee. But he went on to state that the fact that Z may be adversely affected was no basis for denying the Trustee Beddoe relief. In particular, the Judge relied on the fact that Z was not asserting a proprietary interest in the A Trust assets in the English Proceedings, and therefore must "[take] the trust assets as it finds them at the time of judgment".

English Court Rejects Jersey Company Directors' Limitation Defence

Although the Jersey Courts have never ruled definitively on the limitation period applicable under Jersey law to claims against directors and officers of Jersey companies, the English High Court has recently held in the case of O'Keefe & Anor (In Their Capacity As Joint Liquidators of Level One Residential (Jersey) Ltd and Special Opportunity Holdings Ltd) v Caner & Ors [2017] EWHC 1105 (Ch) (taking into account expert opinion evidence from various Jersey advocates), that the limitation period applicable to claims against directors under Article 74(1) of the Companies (Jersey) Law 1991 is 10 years from the date of breach (rather than the 3 year period applicable to claims in tort).

This judgment, if it is followed more generally by the Courts in Jersey and elsewhere, exposes Jersey company directors to significant longtail liabilities (and puts them at a relative disadvantage compared to other professionals, and directors of companies in other offshore jurisdictions).

What is the Value of Pain and Suffering in the Offshore Jurisdictions?

Anyone who has ever been to a supermarket in an offshore jurisdiction like Bermuda or the Cayman Islands could be forgiven for making the assumption that the cost of living offshore is much higher than it is in England and Wales (if one overlooks, for the time being, the different systems and rates of personal and corporate taxation in the offshore jurisdictions).

This perception may have been the reason why various trial judges in jurisdictions like Bermuda, the Cayman Islands, and the Bahamas have been persuaded, periodically, to apply a percentage uplift to the English JSB Guidelines when assessing general damages awards in personal injury cases, to reflect the higher cost of living offshore.

However, in Scott v The Attorney General [2017] UKPC 15, on appeal from the Bahamas, the Privy Council has recently held that general damages (for pain, suffering, and loss of amenity) should be assessed by local Courts, applying local judgments, local standards, local values, and local expectations, but not by making random 'cost of living' adjustments on a 'finger in the air' basis.

While the level of awards made in other common law jurisdictions, and the English JSB Guidelines, may offer some assistance and guidance in the common law world, they are not to be followed slavishly, and there is no general rule of law (or procedure) that the English guideline figures should be adopted elsewhere, and then made the subject of a currency conversion and 'cost of living' uplift.

The Privy Council's judgment illustrates the importance of London market and international insurers (whether dealing with personal injury claims, medical negligence claims, or solicitors' negligence claims relating to lost personal injury litigation) taking local jurisdictional legal advice when seeking to assess the quantum of a general damages claim, and collating, so far as possible, comparative evidence of prevailing damages awards in different jurisdictions.

Litigation Funding in Ireland: Still Champertous in the 21st Century

On 23 May 2017, the Supreme Court of Ireland handed down an important judgment in the case of Persona Digital Telephony Ltd and Sigma Wireless Networks Ltd v The Minister for Public Enterprise, Ireland and the Attorney General [2017] IESC 27, concluding that, as a matter of Irish common law, a third party litigation funding agreement was champertous, and therefore illegal.

In reaching this conclusion on a leapfrog appeal from the High Court, the Irish Supreme Court declined to develop Ireland's common law in line with developments in common law jurisdictions such as Bermuda and the Cayman Islands, which have demonstrated an increasing tolerance for litigation funding agreements. The Irish High Court preferred instead to leave any legal reform in this area to the Irish legislature, the Oireachtas, after proper consultation and debate.

It will be interesting to see whether the Irish Supreme Court's decision provokes any legislative reform in Ireland, or whether it encourages the Courts of other common law jurisdictions to revisit their own analysis of the common law principles of maintenance and champerty.

The Irish Supreme Court's judgment has subsequently drawn criticism from certain quarters for failing to facilitate access to justice for impecunious claimants in accordance with the Irish Constitution and the European Convention on Human Rights. Some commentators have also noted that it may have undermined Dublin's hopes of becoming a post-Brexit litigation hub, as a potential alternative to London.

Sedgwick Chudleigh ICLG Guide to Corporate Recovery & Insolvency 2017 - Bermuda Chapter

As a leading offshore financial centre, Bermuda continues to be the jurisdictional choice for a variety of international businesses, both publicly listed and privately owned, as well as the home for a wide range of local companies and business enterprises, ranging from tourism and hospitality to banking and professional services.
As the 35th America's Cup sailing event draws to a successful conclusion in Bermuda (with Emirates Team New Zealand defeating the defending champion, Oracle Team USA), Bermuda's economy appears to be ripe for growth, with a General Election now scheduled for 18 July 2017.
The risk of corporate insolvency still remains a stark reality, however, with numerous Bermuda companies and international corporate groups exploring debt restructuring solutions, both locally and internationally, as debts fall due for payment (often in contentious circumstances).
Bermuda's Commercial Court has recently demonstrated its experience of supervising and assisting cross-border restructurings and liquidations, being the first offshore court to adopt and implement, in March 2017, the Judicial Insolvency Network's Guidelines on Communication and Cooperation between Courts in Cross-Border Insolvency Cases.
Sedgwick Chudleigh is pleased to share the Bermuda Chapter of the International Comparative Legal Guide to Corporate Recovery & Insolvency 2017, which provides a helpful summary of Bermuda law on all aspects of corporate restructuring and insolvency. A copy of the Bermuda Chapter is now available.

Read more here.  

The Duties of Hong Kong Company Directors and Valuers:The SFC Issues a Warning

Nearly half of the market capitalization of the Hong Kong Stock Exchange is represented by companies incorporated in either Bermuda or the Cayman Islands.

Directors, officers, and insurers of such companies need to keep abreast, therefore, of both Hong Kong law, as well as the laws of Bermuda and the Cayman Islands.

On 15 May 2017, Hong Kong's Securities and Futures Commission ('the SFC') published an important Guidance Note on Directors' Duties in the Context of Valuations in Corporate Transactions.

The SFC explains that it has issued the Guidance Note because it has become increasingly concerned that, in some transactions (both as regards asset acquisitions and asset disposals), Hong Kong listed companies either do not obtain a valuation at all, or their directors place an unreasonable, or unquestioning, degree of reliance on a suspect valuation.

As a result, there have been a number of transactions reported to the SFC in which assets have been acquired at unreasonably high prices, or assets sold at substantial undervalues, to the potential prejudice of shareholders or creditors.

The Guidance Note applies to all directors of a listed issuer of the Main Board or GEM of the Stock Exchange of Hong Kong Limited, and it is based on the obligations that directors are already subject to, as a matter of Hong Kong, Bermuda and Cayman Islands law.

On the same day, the SFC published a separate Statement on the Liability of Valuers for Disclosure or False or Misleading Information.

In publishing these Guidance Notes and Statement, the SFC has issued a stark warning to listed company directors and valuers to be mindful of their responsibilities, or run the risk of enforcement action by the SFC, as well as claims by shareholders and creditors.

Under section 214 of the Securities and Futures Ordinance ('the SFO'), the SFC is able to bring proceedings in the High Court of Hong Kong to seek redress for misconduct or other wrongdoing towards a listed corporation or its members by any person responsible for the conduct of the business or affairs of the listed corporation.

Under sections 277 or 298 of the SFO, a valuer may be liable if it has authorised or was concerned in a listed company's disclosure of false and misleading information that is likely to induce investment decisions or have a material price effect and the valuer knows that, or is reckless or negligent as to whether, the information is false or misleading.

The SFC may bring proceedings under section 213 of the SFO for remedial orders and, if a valuation is included in a prospectus, the valuer may be civilly liable to pay compensation to investors.

Similar proceedings may also be asserted against directors, officers and service providers in the jurisdiction of incorporation, whether Bermuda or the Cayman Islands, and whether by regulatory authorities, liquidators, creditors or shareholders.

Bermuda Personal Information Protection Act 2016

On 2 December 2016, the administrative provisions of Bermuda's Personal Information Protection Act 2016 came into force establishing the office and powers of the Privacy Commissioner and providing for the method of appointment of the Privacy Commissioner.

The Act applies to every organisation that uses personal information in Bermuda where the personal information:

  • is used wholly or partly by automated means; or
  • forms, or is intended to form, part of a structured filing system.

Personal information' is information about an identified or identifiable individual.

The Act received Royal Assent on 27 July 2016, but its substantive provisions will not come into force until 2018.

When the substantive provisions come into force, organisations must not use personal information unless one or more of the conditions of section 6 of the Act are met. 

'Using' personal information 'means carrying out any operation on personal information, including collecting, obtaining, recording, holding, storing, organising, adapting, altering, retrieving, transferring, consulting, disclosing, disseminating or otherwise making available, combining, blocking, erasing or destroying it'.

There are some exclusions from the regulation of the use of 'personal information', such as the 'use of business contact information for the purpose of contacting an individual in his capacity as an employee or official of an organisation'. However, whether all personal information used about an individual is 'business contact information' is likely to be hard to determine in some cases.

In practice, organisations are likely to seek to premise their lawful use of personal information predominantly on the satisfaction of condition (1)(a) of Section 6 of the Act, which requires obtaining the knowing consent of the individual. This is because compliance with the condition can be tested objectively.

Other conditions of use may also be of practicable assistance to organisations, for example, where use is necessary for the performance of a contract to which the individual is a party, or is pursuant to a provision of law that authorises it, or is in relation to publicly available information. But assessing compliance with these conditions will involve a greater degree of judgment than testing for consent.

Personal information may also be used (except sensitive personal information) where a reasonable person giving due weight to the sensitivity of the personal information would consider that the individual would not reasonably be expected to request that the use of his personal information should not begin or cease and the use does not prejudice the rights of the individual. 

Since it will be very difficult for organisations to anticipate in any given case whether this condition is fulfilled, it is likely that it will be used more as a last resort in connection with uses that would otherwise have been unlawful rather than relied on by organisations as a general rule for ensuring their compliance with the Act.

When the substantive provisions of the Act come into force, an organisation will be required to:

  • safeguard personal information;
  • only use it in a lawful and fair manner;
  • provide individuals with privacy notices, which the organisation must take reasonably practicable steps to ensure are provided either before or at the time of collection of personal information,  about the organisation's practices and policies with respect of personal information;
  • except with the consent of the individual, or where necessary to provide a service or product that is required by the individual, or in certain other circumstances, use personal information only for the specific purpose stated in the privacy notice;
  • ensure that any personal information used is accurate and kept up to date to the extent necessary for the purposes of use and kept no longer than is necessary for that use; and
  • not transfer personal information to an overseas third party unless it reasonably believes the personal information will be subject to a level of protection comparable to that required by the Act. 

There are penalties under the Act for certain breaches and for financial loss and emotional distress:

  • on summary conviction, in the case of an individual, to a fine of up to $25,000 or up to two years of imprisonment or to both; and
  • on conviction on indictment, in the case of a person other than an individual, to a fine of up to $250,000.

The office of the Privacy Commissioner has been accorded a wide range of powers which, when exercised, will, it is hoped, be of considerable practical assistance to organisations in confirming what they must do to comply, including the powers to:

  • comment on the implications for protection of personal information in relation to an organisation's existing or proposed programmes;
  • approve binding corporate rules for transfers of personal information to an overseas third party when the Commissioner considers the binding corporate rules provide a comparable level of protection for personal information as the protection required by this Act;
  • give guidance and recommendations of general application to an organisation on matters relating to its rights or obligations under this Act;
  • permit an organisation to transfer personal information to an overseas third party where the organisation has reasonably demonstrated that it is unable to assess the level of protection provided by the overseas third party for that personal information provided the transfer does not undermine the rights of the individual; and
  • establish certification mechanisms that can demonstrate compliance with the Act and delegate the operation of such mechanisms to an independent body.

In addition, the Minister with responsibility for the Act may publish codes of practice.

One objective of Parliament in passing the Personal Information and Protection Bill last year was to put in train the process by which Bermuda may seek a data protection adequacy determination from the European Commission.  An adequacy determination will be of considerable assistance to Bermuda reinsurers, for example, who need to import personal data from Europe for underwriting and claims-related purposes. 

The resolution of the European Parliament last May regarding on-going negotiations of the EU-US Privacy Shield, an arrangement intended to replace the now defunct 'safe harbour' decision, has emphasised the importance to a successful adequacy application by a non-EU country that the holder of the office responsible for the administration and enforcement of domestic personal information protection legislation should be independent from government. This fact was explicitly acknowledged by the Minister for Economic Development in his ministerial statement on 3 February 2017 announcing the commencement of the administrative provisions of the Act on 2 December 2016. The Minister said 'the creation, staffing and operations of the Commissioner's office will be done in a manner to ensure full compliance with those requirements'.

Insurers, in common with all organisations, will need to adopt suitable measures and policies to give effect to their obligations and to the rights of individuals set out in the Act. They should therefore be familiarising themselves with the Act's substantive provisions now. However, it will be difficult to craft measures and policies to ensure compliance until the Privacy Commissioner has published guidance or the Minister a code of conduct.

Consequential amendments to other legislation necessary to implement the Act are expected to be tabled later this year.


Mark Chudleigh, Alex Potts, Nick Miles, Edward Smerdon, Eric Scheiner, Neil Thomson and Caitlin Conyers.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at and we will use commercially reasonable efforts to determine and correct the problem promptly.