IFSA IFSA - International Financial Services Authority
Home Regulated Brokers Who Needs Us Contact Us About Us
Broker login Register

Privacy Policy

1. Introduction

The International Financial Services Authority (“IFSA”, “the Authority”, “we”, “our”, or “us”) is an independent regulatory body responsible for licensing, supervising, and regulating financial services firms operating under its jurisdiction.

As part of our statutory mandate, we collect and process personal data and corporate information to ensure the integrity, transparency, and stability of the financial services sector. The protection of personal information is fundamental to maintaining public trust in the regulatory system.

This Privacy Policy describes in detail how we collect, use, store, disclose, and safeguard personal data when individuals and organizations interact with the Authority, including through licensing applications, regulatory supervision, enforcement activities, and use of our website and digital platforms.

By submitting information to the Authority or accessing our website, you acknowledge that you have read and understood this Privacy Policy.


2. Scope of This Policy

This Privacy Policy applies to:

  • Applicants seeking regulatory authorization
  • Licensed and regulated entities
  • Directors, shareholders, and Ultimate Beneficial Owners (UBOs)
  • Compliance officers and key personnel
  • Individuals submitting complaints
  • Website users
  • Service providers and consultants

This Policy does not apply to third-party websites linked from our platform.


3. Information We Collect

In order to fulfill our regulatory responsibilities, we may collect and process a broad range of personal and corporate data, including but not limited to:

3.1 Personal Identification Information

We may collect identifying information such as full legal name, nationality, date and place of birth, passport or government-issued identification numbers, residential address, contact details, and professional background information.

3.2 Corporate and Business Information

For corporate applicants and regulated entities, we may collect certificates of incorporation, constitutional documents, business plans, ownership structures, shareholder registers, board composition details, and Ultimate Beneficial Owner declarations.

3.3 Financial and Operational Information

We may request audited financial statements, capital adequacy documentation, banking references, source of funds declarations, liquidity reports, internal control documentation, and risk management frameworks.

3.4 Compliance and Regulatory Information

This includes fit and proper declarations, criminal background disclosures, regulatory history records, anti-money laundering (AML) policies, counter-terrorism financing (CFT) controls, suspicious transaction reports, and internal audit reports.

3.5 Technical and Usage Information

When accessing our website, certain technical information may automatically be collected, including IP address, browser type, device information, access timestamps, referring URLs, and website navigation behavior.


4. Purpose of Data Processing

The Authority processes information strictly for lawful regulatory purposes. These purposes include:

  • Evaluating applications for licenses and approvals
  • Determining eligibility under fit and proper standards
  • Conducting risk-based supervision and inspections
  • Monitoring ongoing compliance with financial regulations
  • Investigating regulatory breaches
  • Enforcing applicable laws and sanctions
  • Maintaining and publishing public registers
  • Cooperating with domestic and international regulators
  • Preventing fraud, money laundering, and financial crime
  • Responding to complaints and public inquiries
  • Enhancing website functionality and cybersecurity protections

We do not use personal information for commercial marketing purposes and we do not sell data to third parties.


5. Legal Basis for Processing

Personal data is processed under one or more of the following legal grounds:

  • Compliance with statutory and regulatory obligations
  • Exercise of official authority vested in the Authority
  • Performance of public interest duties
  • Legal enforcement proceedings
  • Consent, where applicable
  • Legitimate regulatory interests necessary to safeguard financial stability


6. Disclosure of Information

Information collected by the Authority may be disclosed where legally required or permitted. This may include disclosure to:

  • Domestic supervisory authorities
  • Foreign financial regulators
  • Financial intelligence units
  • Law enforcement agencies
  • Judicial bodies
  • Government ministries
  • Authorized third-party service providers operating under confidentiality agreements

Certain information regarding licensed entities may be published in the public interest, including licensing status, sanctions, or enforcement actions.


7. International Transfers

Given the global nature of financial services, information may be transferred across jurisdictions for supervisory cooperation and enforcement purposes.

Where cross-border transfers occur, the Authority implements appropriate safeguards to ensure the continued protection of personal data consistent with international standards.


8. Data Retention

The Authority retains data for as long as necessary to fulfill regulatory obligations. Retention periods may extend beyond the termination of a license in order to:

  • Preserve regulatory records
  • Maintain enforcement history
  • Comply with statutory record-keeping requirements
  • Protect public interest

When data is no longer required, it is securely archived or permanently deleted in accordance with established retention schedules.


9. Data Security Measures

We implement robust administrative, technical, and physical safeguards to protect information from unauthorized access, alteration, disclosure, or destruction.

Security measures include encrypted data transmission, restricted system access, secure data centers, periodic cybersecurity audits, employee confidentiality obligations, and incident response protocols.

While we strive to ensure the highest level of security, no digital system can guarantee absolute protection.


10. Rights of Individuals

Subject to applicable law, individuals may have rights that include:

  • Requesting access to their personal data
  • Requesting correction of inaccurate information
  • Requesting restriction of processing in certain circumstances
  • Objecting to certain forms of processing
  • Requesting data portability where applicable
  • Filing complaints with the relevant supervisory authority

Requests must be submitted formally in writing and may be subject to identity verification procedures.


11. Cookies and Website Analytics

Our website may use cookies and analytics tools to enhance user experience, monitor website performance, and improve digital services. Users may adjust browser settings to disable cookies; however, certain functionalities may be affected.


12. Amendments to This Privacy Policy

The Authority reserves the right to update this Privacy Policy at any time to reflect legal, operational, or regulatory changes. Updated versions will be published on our website with the revised effective date clearly indicated.