Employment in Financial Services

The main regulatory regime applicable to financial services employees is the Brazilian Labour Code (CLT). However, several rules created from collective bargaining have been formalised in the Collective Labour Contract. That contract established additional standards with a validity period determined by the contract.

Financial services industry employers and their employees are subject to a multi-layered legal framework, which varies depending on the business activity of the respective institution. In each case, it comprises a patchwork of overarching EU law, local law, and ordinances issued by the regulatory watchdog, the Federal Financial Supervisory Authority (BaFin). Employees are particularly affected by specific remuneration principles targeted at avoiding excessive risk-taking.

Banks and financial services

These providers are subject to the German Banking Act (KWG), with a few exceptions (eg, certain provisions do not apply to some institutions due to the nature of their business (section 2 KWG)). The KWG provides, inter alia, a slightly reduced level of dismissal protection for certain banking employees and sets out rules for an appropriate ratio between variable and fixed annual remuneration for employees and managing directors. Bonuses may not exceed the fixed salary, unless the institution’s shareholders approve an increase of up to twice the fixed salary by qualified majority vote. Further details are set out in the Remuneration Ordinance for Financial Institutions (IVV) issued by BaFin. In addition, banks and financial service providers are under certain prerequisites subject to the EU Capital Requirements Regulation (Regulation (EU) No. 575/2013 (CRR) as modified by Regulation (EU) No. 2019/876 of 20 May 2019).

Insurance providers

These are subject to the Commission Delegated Regulation (EU) 2015/35 (Solvency II Regulation), which applies directly and takes precedence over national law. The Insurance Regulation Act governs regulatory supervision and forms the basis for a BaFin-issued insurance compensation ordinance. Compared to banking’s IVV, this is much broader in scope and only applies when not overridden by rules set out in the Solvency II Regulation.

Investment funds

These are subject to the German Capital Investment Code (KAGB), which provides specific rules on remuneration for employees, as well as Annex II of Directive 2011/61/EU for alternative investment funds and articles 14a, 14b of Directive 2009/65/EC for undertakings for collective investments in transferable securities. There is no BaFin ordinance (comparable to IVV for banks) for this sector yet, although BaFin could be authorised to issue one. Section 37 paragraph 1 KAGB provides that investment funds should establish a remuneration system for certain employees, such as managers, that is consistent with and conducive to a sound and effective risk management system, that does not create incentives to take inappropriate risks, and does not prevent the investment fund from acting dutifully in the best interests of the investment assets.  

Investment firms

Finally, these are subject to a different regulatory regime depending on their size and impact. Larger investment firms are subject to the risk and remuneration regime for banks, while medium-sized investment firms (since June 2021) are subject to the new German Securities Act (WpIG). The Act implements the Investment Firm Directive (Directive (EU) 2019/2034) and is complemented by the Investment Firm Regulation (Regulation (EU) 2019/2033). Commission Delegated Regulations specify the standards to identify risk-takers, and Guidance by the European Securities and Markets Authority further detail the requirements for sound remuneration policies. In January, 2024, a new remuneration regime – the Investment Firm Remuneration Ordinance (WpI-VergV) – was introduced by BaFin after a multi-year consultation phase. Quite similar to the regime for banks and financial services, but with a few subtle differences, these rules must now be applied to the remuneration of medium-sized investment firms and especially their risk takers. Small investment firms are only subject to a low level of regulation. Further regulatory rules are set out, inter alia, in the German Securities Trading Act (WpHG) and the Financial Investment Mediation Ordinance, setting out behavioural standards for employees interacting with customers.

The primary regulatory regime applicable to financial services employees in Hong Kong are as follows:

• Under the Banking Ordinance (BO), the Hong Kong Monetary Authority (HKMA) is responsible for regulating all authorised institutions (banks, restricted-licence banks and deposit-taking companies). In particular, the HKMA needs to ensure that the chief executive, directors, controllers and executive officers of the authorised institutions are “fit and proper”.

• Under the Securities and Futures Ordinance (SFO), the Securities and Futures Commission (SFC) is responsible for regulating the securities and futures markets. Employees performing any regulated functions under the SFO must obtain the requisite licence from the SFC. Relevant individuals engaged by the authorised institutions who perform regulated functions (eg, bank staff working in the securities dealing department) are not required to be licensed or registered with the SFC but their names have to be entered in the register maintained by the HKMA.

• Under the Insurance Ordinance (IO), the Insurance Authority (IA) is responsible for regulating the insurance industry. Employees carrying on a regulated activity under the IO must obtain the requisite licence from the IA.

The UAE has four different regulators responsible for the authorisation and supervision of banks, insurers, and other financial institutions.

There are two regulators "on-shore" in the UAE, namely, (i) the UAE Central Bank, which is the state institution responsible for banking and insurance regulation, as well as monetary policy, and has authority over all licensed financial institutions in the UAE, including those in the financial free zones; and (ii) the Emirates Securities and Commodities Authorities (ESCA)  that regulates markets, listed companies, and securities brokers.

There are two financial free zones in the UAE, the Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM), who were established as special economic zones with independent jurisdictions through amendment to the UAE Constitution.  Within the free zones, the Dubai Financial Services Authority (DFSA) is the regulator of the DIFC and the Financial Services Regulatory Authority (FSRA) is the regulator of the ADGM.

As the DIFC and ADGM free zones have been established as special economic zones in which financial services are conducted, most of the applicable legislation in the UAE which governs financial services is found in the two free zones.  Therefore, unless expressly referenced, the responses for the UAE in this guide consider the position in the DIFC and ADGM only.

The Dubai Financial Services Authority is the financial regulatory body of financial services conducted in or from the DIFC.  The key legislation is the Regulatory Law of 2004, as amended, which is administered by the DFSA and is described as the cornerstone legislation of the regulatory regime.

The ADGM Financial Services Regulatory Authority is the financial regulatory body of financial services conducted in or from the ADGM.  The key legislation is the Financial Services and Markets Regulations (FSMR), which sets out the legislative and regulatory framework for financial services in the ADGM.  The FSMR was modelled on the UK’s Financial Services and Markets Act 2000 and other related legislation.

Finally, all employees in the private sector (excluding the two financial free zones) are subject to Federal Decree-law No. 33 of 2021, as amended (the Labour Law).  In the DIFC, employees are subject to DIFC Law No. 2 of 2019, as amended (the DIFC Employment Law) and in the ADGM, employees are subject to the ADGM Employment Regulations 2019 (the ADGM Employment Regulations).  In addition to the employment legislation described above, a number of other laws will be applicable to employees in the UAE, including Federal Decree-law No. 30 of 2021 containing the Penal Code.

The law does not require specific procedures or measures before hiring. However, depending on the activities the employee performs, specific certification may be necessary.

Different notification procedures exist before employees may take up their roles.

Investment firms may only entrust employees to provide investment advice if they are knowledgeable and have demonstrated the required reliability – as evidenced, inter alia, by not having a relevant and unspent prior criminal record. Furthermore, such employees’ identities must be disclosed to BaFin before they commence their activities. The active registration of employees is intended to impart upon employers the significance of employee selection and responsibility for their decisions.

Representatives of regulated entities of the financial services sector (typically, members of management) must be approved by BaFin before they can take up their role (colloquially known as BaFin’s “driver’s licence”). To obtain approval, a request must be filed with BaFin, showing the experience and suitability of the candidate for the role. Depending on the financial services delivered by the company, information that must be filed include the following:

• a CV (including information on professional training, career, and references);
• information on reliability (a form or summary to be completed by the manager, including, for example, mandatory declarations on prior criminal or administrative offences);
• a "certificate of good conduct for submission to an authority", a "European certificate of good conduct for submission to an authority", or "corresponding documents" from abroad (depending on the countries of residence in the last 10 years);
• an extract from the central commercial register;
• an overview of other mandates as a managing director or in administrative and supervisory bodies; and
• information about the manager’s ability to dedicate sufficient time to the role.

Non-management employees responsible for specific key functions at an insurance provider are subject to a similar notification process. Further, financial services employers must perform a risk analysis under the Anti-Money Laundering Act and take internal security measures, which also includes assessing the reliability of employees.

There are no particular pre-screening measures specified by the financial regulators in Hong Kong. Nevertheless, financial institutions would generally conduct background checks on prospective employees (especially those taking on senior positions) to ensure they comply with the “fit and proper” requirements of the financial regulators.

There is no particular form of regulator-specified reference to be provided by previous employers in the financial services industry. Nevertheless, the SFC has specified disclosure obligations for licensed corporations in respect of outgoing employees who were subject to internal investigations (see question 10).

In the DIFC, an individual who performs a “licensed function” must be approved in advance by the DFSA.   The roles which fall within the meaning of an authorised person for the DFSA includes someone appointed as:

• the Senior Executive Officer, who has ultimate responsibility for the day-to- day management, supervision and control of one or more (or all) of an authorised firm’s financial services carried on, in or from the DIFC;
• the Finance Officer;
• Compliance Officer;, and
• Money Laundering Reporting Officer. 

Where a firm proposes to appoint an authorised individual, an application to the DFSA must be made in advance; the DFSA will make an assessment of the  individual in order to satisfy itself that they are fit and proper to be an authorised individual. The Regulator will consider the individual’s integrity, competence and capability, financial soundness, their proposed role, and any other relevant matters.  That individual may not be considered as fit and proper where they have been declared bankrupt, convicted for a serious criminal offence, or incapable - through mental or physical incapacity - of managing their affairs.

In the ADGM, an individual who performs a “controlled function” must be approved in advance by the ADGM.  A controlled function includes someone appointed as the Senior Executive Officer, Finance Officer, Compliance Officer, and Money Laundering Reporting Officer.

Where a firm proposes to appoint someone in a controlled function, an application to the ADGM must be made in advance, The ADGM will make an assessment of  that individual in order to satisfy itself that they are fit and proper to be an approved individual.  The Regulator will consider the individual’s integrity, competence and capability, financial soundness, their proposed role and any other relevant matters.  That individual may not be considered as fit and proper where they have been declared bankrupt, convicted for a serious criminal offence, or incapable - through mental or physical incapacity - of managing their affairs.

There is no legal requirement for specific documents, and the CLT does not require a contract. However, contracts are a customary business practice in several sectors, including financial services.

German law does not treat financial services employees differently from employees of other industries, in that an employment agreement does not necessarily have to be in writing to come into existence. It is, however, common (best) practice and highly recommended for risk mitigation and transparency reasons that parties enter into a written employment agreement. For some provisions to be valid, such as a post-contractual non-compete or a fixed-term agreement, a qualified electronic or wet-ink signature is mandatory.

Further, employers must also provide employees with a wet-ink signed certification document summarising the essential conditions of employment under the German Evidence Act. Failure to provide such a document does not render the employment contract invalid, but a breach of the documentation requirement constitutes an administrative offence that may trigger fines. The German government has proposed an Act to modify the wet-ink signature requirement and also allow for electronic signatures, but has not provided a clear timeline for it coming into force yet.

Remuneration is typically governed under the employment contract and references a firm’s remuneration policy, which must be put in place for regular staff as well as identified risk-takers, with a dedicated set of rules varying per industry sub-sector.

Finally, depending on the case, certain documentation may need to be filed with BaFin before an employee can take up their tasks (see question 2).

In addition to an employment contract, there are additional documentation requirements in connection with the application or transfer of the employee’s licence with the financial regulators.

Employees must be provided with an employment contract across the different jurisdictions in the UAE.  This applies to all employees, regardless of whether they work in the financial services industry.

In the DIFC, the DIFC Employment Law requires employers to provide their employees with a written contract that must specify the following:

• the parties’ names;
• the start date;
• the salary and any allowances to be provided to the employee;
• the applicable pay period;
• hours and days of work;
• vacation leave and pay;
• notice to be given by either party to terminate employment; 
• the employee’s job title;
• confirmation as to whether the contract is for an indefinite period or for a fixed term;
• the place of work;
• applicable disciplinary rules and grievances procedures;
• the probation period;
• a reference to any applicable policies and procedures (including any codes of conduct) and where these can be accessed; and
• any other matter that may be prescribed in any regulations issued under the DIFC Employment Law.

In the ADGM, the ADGM Employment Regulations requires employers to provide their employees with a written contract that must specify the following:

• the parties’ names;
• the start date;
• remuneration;
• the applicable pay period;
• hours and days of work; and
• any terms and conditions relating to:
  • vacation leave and pay, national holiday entitlement and pay;
  • sick leave and sick pay;
  • the notice period that either party is required to give to the other in order to terminate employment;
  • the employee’s job title;
  • whether the employment is for an indefinite or fixed term;
  • the place of work;
  • any disciplinary rules or grievance procedures applicable to the employee; and

any other matter that may be prescribed by the employer.

Yes, special certification is required for financial services employers to undertake their duties.

The CPA-10 (ANBIMA Series 10 Professional Certification) is designed for professionals who distribute investment products for retail in bank branches or service platforms.

The CPA-20 (ANBIMA Series 20 Professional Certification) is for professionals who distribute investment products to clients in the high-income retail, private, corporate, and institutional investor segments in bank branches or on service platforms.

The CEA (ANBIMA Certification of Investment Specialists) is a certification that qualifies financial market professionals to act as investment specialists. These specialists can recommend investment products to clients in different segments and advise account managers.

The CFG (ANBIMA Certification of Fundamentals in Management) is for certified professionals who know the sector's technical basis, which is an advantage for occupying various positions in asset-management companies.

The CGA (ANBIMA Manager Certification) qualifies professionals to work with the management of third-party resources in fixed-income investment funds, shares, foreign exchange, multimarket, managed portfolios, and index funds.

The CGE (ANBIMA Manager Certification for Structured Funds) qualifies professionals to work with third-party resource management in the structured products industry.

Taking on certain tasks requires prior proof of competence, which varies depending on the financial services sector and the role. As an example, investment services must notify BaFin of investment advisors, sales representatives, and compliance officers, who in each case must be knowledgeable and reliable, and whose expertise must be reviewed at least annually (section 87, WpHG and the corresponding Employee Notification Ordinance). Institutions must deliver proof of professional suitability (ie, sufficient theoretical and practical knowledge of the relevant business and management experience) and reliability for certain key employees, managing directors, and members of the supervisory or administrative board (sections 25c paragraph 1 and 25d paragraph 1 KWG, sections 20 and 21 WpIG).

SFC

The “Guidelines on Competence” published by the SFC lists the necessary qualifications for employees carrying on regulated activities. For academic qualifications, employees should attain at least Level 2 in either English or Chinese as well as in Mathematics in the Hong Kong Diploma of Secondary Education or equivalent. In addition, employees are expected to obtain recognised industry qualifications and pass the local regulatory framework paper. For responsible officers (ROs), the SFC requires higher levels of educational qualifications and experience.

IA

The “Guideline on ‘Fit and Proper’ Criteria for Licensed Insurance Intermediaries Under the Insurance Ordinance” published by the IA sets out the education requirements for licenced employees under the IO. Higher levels of educational qualifications are required for responsible officers.

As noted in question 2 -, employees undertaking certain regulated roles must obtain the pre-approval of the relevant regulatory authority.  The regulators in each case will assess the fitness and propriety of the relevant individual.
 

Responsibility differs based on the complexity and responsibility of the tasks assigned to the employee and defined by the employer. However, all companies in the sector must comply with financial market institutions, which may imply that employees have a responsibility towards different entities. We summarise the institutions of the Brazilian financial market as follows:

The Securities and Exchange Commission (CVM)

This was created to monitor, regulate, discipline, and develop the Brazilian securities market. It is responsible for creating rules for the market and supervising its functioning. The CVM is part of the government and is linked to the Treasury Department, but it has administrative independence.

The Brazilian National Central Bank

This is a federal agency linked to the Treasury Department but with administrative independence, which aims to guarantee the stability of the currency's purchasing power and maintain a solid and efficient financial system. It controls monetary, exchange rate, credit, and financial relations policies abroad, in addition to regulating the National Financial System. The national central bank also supervises financial market institutions.

B3 (Stock Exchange)

This was created in 2017 from the merger of BM&FBOVESPA and Cetip, two crucial financial market players. The new company began accumulating services that serve the market and its investors for fixed and variable income transactions, among other duties.

The Credit Guarantee Fund

This is a non-profit civil association that aims to provide credit guarantees to customers of institutions participating in the fund.

The Private Insurance Superintendence

This controls and supervises the insurance, open private pension, capitalisation, and reinsurance markets.

The Brazilian Association of Financial and Capital Market Entities (ANBIMA)

This has represented the market for over four decades and is responsible for more than 300 institutions. The entity's activities are organised around four commitments: represent, self-regulate, inform and educate. Its main objective is to strengthen the sector's representation and support the evolution of a capital market capable of financing local economic and social development and influencing the global market.

Employees who qualify as risk-takers have enhanced responsibilities due to their influence on an institution’s risk profile, including documentation requirements. Investment brokers advising private clients are also subject to strict rules and extensive documentation requirements, inter alia, on the investment advice provided and how the investment was tailored to the preferences, investment objectives, and other characteristics of the investor.

Under the SFO, ROs have enhanced responsibilities. They assume primary responsibility for compliance at a licensed corporation and are involved in supervising the regulated activities. A licensed corporation is required to appoint no less than two ROs to directly supervise the conduct of each regulated activity. Similarly, under the BO, registered institutions are required to appoint no less than two executive officers to be responsible for directly supervising the conduct of each regulated activity under the SFO. For each regulated activity, at least one RO must be available at all times to supervise the business and must be an executive director.

Under the IO, an RO of a licensed insurance agency or licensed insurance broker company has enhanced responsibilities. Responsible officers must use their best endeavours to ensure the agency or broker has established and maintains proper controls and procedures for securing compliance with the conduct requirements under the IO.

There are no provisions that lay down enhanced responsibilities for a particular category of employees in the financial services sector.
 

There are no specific financial agencies that require registration from employees. For activities that require certification, an assessment controlled by ANBIMA needs to be submitted. The Brazilian Association of Financial and Capital Market Entities (ANBIMA) has represented the market for over four decades. It is responsible for more than 300 institutions, whose objective is to strengthen the sector's representation and support the evolution of a capital market capable of financing local economic and social development.

Yes. Investment firms must disclose the identities of employees providing investment advice, as well as sales representatives and compliance officers, to BaFin, which maintains a non-public database of registered employees (section 87 WpHG).

As a first step of the registration process, companies need to register on the MVP notification and publication platform. After successful registration, they can apply for admission to the employee and complaints register. Different notification procedures are available, depending on whether employees are notified for the first time or amendments are being made.

The HKMA, SFC and IA each have a register for licensed employees to be listed on to undertake regulated activities:

• HKMA – the register of securities staff of authorised institutions is available on the HKMA’s website[1]. For registration, the names and particulars of the relevant individuals are required to be submitted to the HKMA for inclusion on the HKMA Register.

• SFC – the register of licensed persons is available on the SFC’s website[2]. For registration, individual applicants would need to submit an electronic application to the SFC through its online platform. When there is a change of employment, the licensed representative may apply for a transfer of accreditation through SFC’s online platform within 180 days after the cessation of the previous employment. It takes approximately seven business days to process an application for transfer of accreditation to carry on the same types of regulated activity for which the licensed representative was licensed immediately before the cessation.

• IA – the register of licensed insurance intermediaries is available on the IA’s website[3]. For registration, applicants can submit their licence applications to the IA by paper submission or electronic submission via an online portal.

There is no public register of authorised individuals.

The Collective Labour Agreement establishes several rules for employees in the sector.

There is a determination, through collective negotiation, of:

• percentage of salary increase;
• minimum wage for employees who begin their activities in the sector;
• minimum wage for employees after 90 days’ tenure;
• additional pay for length of service;
• additional overtime;
• night additional pay;
• additional pay for unhealthy or dangerous work;
• function bonus;
• cash bonus;
• gratuity for check clearing;
• meal assistance;
• food assistance;
• daycare and nanny assistance;
• funeral assistance;
• transportation vouchers; and
• assistance with night-time travel.

Yes, there are specific sets of rules on remuneration in the financial services sector, varying in detail per sub-sector. Rules are particularly strict for material risk-takers of significant institutions in light of the increased risk profile of their activities for the entire organisation.

Variable and fixed remuneration must have an appropriate ratio to each other. For financial institutions, the ratio is appropriate if the variable remuneration both complies with an upper limit of 100% of the fixed remuneration (up to 200% maximum based on a shareholders’ resolution) and provides an effective behavioural incentive. Further, variable remuneration may need to be spread over deferral periods. Depending on the sector, remuneration may have to be made subject to malus, holdback or clawback provisions in case specific risks materialise or the employee is found guilty of misconduct. Further, certain remuneration elements must be granted in instruments instead of cash payments, with restrictions around this element again varying by sub-sector.

There are no specific mandatory rules relating to compensation payable to financial services employees in Hong Kong.

The HKMA has issued a Supervisory Policy Manual CG-5 “Guideline on a Sound Remuneration System”. This focuses on providing a broad idea and introducing basic principles of how remuneration policies should be designed and implemented in the authorised institution, to encourage employee behaviour that supports the risk management framework, corporate values and long-term financial soundness of the authorised institution.

Under the Guideline, the elements of a sound remuneration system are as follows:

Governance

• Remuneration policy should be in line with objectives, business strategies and the long-term goals of the authorised institution.
• The remuneration arrangement for employees whose activities could have a material impact on the authorised institution’s risk profile and financial soundness should support, but not undermine, the overall risk management approach.
• The Board of an authorised institution is ultimately responsible for overseeing the formulation and implementation of the remuneration policy.
• The establishment of a Board remuneration committee would assist the Board in discharging its responsibility for the design and operation of the authorised institution’s remuneration system.
• Risk control personnel should have appropriate authority and involvement in the process of design and implementation of the authorised institution’s remuneration policy.

Structure of remuneration

• Balance of fixed and variable remuneration should be determined with regard to the seniority, role, responsibilities and activities of their employees and the need to promote behaviour among employees that support the authorised institution’s risk-management framework and long-term financial soundness.
• Variable remuneration should be paid in such a manner as to align an employee’s incentive awards with long-term value creation and the time horizons of risk.
• Guaranteed minimum bonus to senior management or key personnel should be subject to the approval of the Board (or the Board’s remuneration committee with the necessary delegated authority).

Measurement of performance for variable remuneration

• The award of variable remuneration should depend on the fulfilment of certain pre-determined and assessable performance criteria, which include both financial and non-financial factors.
• Size and allocation of variable remuneration should take into account the current and potential risks associated with the activities of employees, as well as the performance (overall performance of the relevant business units and the authorised institution as a whole as well as the contribution of individual employees to such performance).
• Judgement and common sense may be required during the process to arrive at a fair and appropriate remuneration decision. The rationale for the exercise of judgment and the outcomes should be recorded in writing.

Alignment of remuneration pay-outs to the time horizon of risks

• Deferment of variable remuneration is appropriate when the risks taken by the employee in question are harder to measure or will be realised over a longer timeframe.
• The award of deferred remuneration should be subject to a minimum vesting period and pre-defined vesting conditions in respect of future performance.
• Authorised institutions should seek undertakings from employees not to engage in personal hedging strategies or remuneration and liability-related insurance to hedge their exposures in respect of the unvested portion of their deferred remuneration.

Remuneration disclosure

• Authorised institutions should make remuneration disclosures at least annually. The disclosure should include the qualitative and quantitative information that the HKMA has set out in its annual remuneration disclosure.

Both the DFSA General Rulebook and FSRA General Rulebook contain Best Practice Guidance for remuneration structure and strategies of authorised entities. In particular, the guidance identifies that the governing body of an authorised entity ought to consider the risk to which the firm could be exposed to as a result of the conduct or behaviour of its employees, and to consider the ratio and balance between fixed and variable remuneration components, the nature of the duties and functions performed by the relevant employees, the assessment criteria against which performance based components of remuneration are to be awarded, and the integrity and objectivity of any performance assessment against that criteria.

No uniform training is required by law, except for activities that require certification.

Qualification requirements exist for specific roles (eg, traders), and employers must ensure they comply with them by only contracting employees with the required skills, certifications and experience. The expertise of employees providing investment advice, sales representation, and compliance advice must also be continuously maintained and regularly updated.

SFC

Persons engaging in regulated activities are required to continuously update their knowledge and skills through continuous professional training (CPT). The “Guidelines on Continuous Professional Training” published by the SFC provides for the following CPT requirements:

• a minimum of 10 CPT hours a year for licensed representatives and relevant individuals; and
• a minimum of 12 CPT hours a year for responsible officers and executive officers (including 2 CPT hours on topics relating to regulatory compliance).

In addition, an individual should attend at least five CPT hours a year (out of the 10 hours for licensed representatives and relevant individuals and 12 hours for responsible officers and executive officers) on topics directly relevant to the regulated activities for which he or she is licensed at the time the CPT hours are undertaken.

HKMA

The HKMA has implemented the “Enhanced Competency Framework”(ECF) for banking practitioners. While the ECF is not a mandatory regime, banks are strongly encouraged to adopt it as the benchmark for enhancing the level of core competence and ongoing professional development of banking practitioners.

IA

Under the “Guideline on Continuing Professional Development for Licensed Insurance Intermediaries”, licensed insurance intermediaries who are individuals are required to receive training through CPD to preserve their professional competence and standards in providing service to policyholders and potential policyholders.

The minimum number of CPD hours for individual licensees is 15 CPD hours for each assessment period, including a minimum of three compulsory CPD hours on “Ethics or Regulations” courses.

Financial services employees are also required to receive training on anti-money laundering and counter-financing of terrorism. New staff should be required to attend initial training as soon as possible after being hired or appointed. Apart from the initial training, refresher training should be provided regularly to ensure that staff are reminded of their responsibilities and are kept informed of new developments.

The DFSA General Rulebook requires authorised entities to ensure that the Senior Executive Officer, Compliance Officers, and Money Laundering Reporting Officer, must complete a minimum of 15 hours of continuing professional development in each calendar year.  This continuing professional development must be relevant to the employee’s role and professional skill and knowledge, and consist of structured activities, such as courses, seminars, lectures, conferences, workshops, web-based seminars or e-learning, which require a commitment of 30 minutes or more.  The employee must also ensure that they maintain adequate records to be able to demonstrate that these requirements have been met.

The FSRA General Rulebook requires an authorised entity to ensure that its directors and senior managers are fit and proper and its guidance suggests that whether any training has been untaken or is required should be considered.  In addition, an authorised entity should satisfy itself that an employee continues to be competent and capable of performing the role, has kept abreast of market, product, technology, legislative and regulatory developments that are relevant to the role, through training or other means, and is able to apply this knowledge.

There is no general code defined by law or regulation.

Each company can adopt its standard of behaviour as a rule.

Certain activities require specific protocols for the Prevention of Money Laundering and Combating the Financing of Terrorism:

• the capture, intermediation, and investment of financial resources from third parties in national or foreign currency;

• the purchase and sale of foreign currency or gold as a financial asset or exchange instrument; and

• the custody, issuance, distribution, settlement, negotiation, intermediation, or securities administration.

Within the scope of the Brazilian System for Preventing and Combating Money Laundering and the Financing of Terrorism, it is up to institutions and their employees to adequately comply with Central Bank regulations. Also, institutions must promote the effectiveness of the apparatus to combat and prevent money laundering, carry out risk management with the implementation of effective policies, procedures, and controls, and help the Brazilian state locate suspicious financial operations so that they can be investigated.

Employees must conduct themselves in line with their respective roles and responsibilities, which in client-facing roles indirectly leads to them being subject to specific behavioural obligations (such as having to adhere to certain procedures and documentation obligations before selling a service or product to a client). In addition, company policies required by the regulator (eg, on sustainability or equal treatment) often include behavioural standards.

In addition, there are voluntary standards adopted by various professional associations, such as the Code of Conduct of the Federal Association of Financial Services, which apply to their respective members.

SFC

Under the SFO, licensed representatives and ROs are required to be “a fit and proper person” to carry on the regulated activities and must adhere to the standards of behaviour set out in the “Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission”. Other relevant guidelines regarding standards of behaviour include:

• “Fit and Proper Guidelines”, which set out the general expectations of the SFC of what is necessary to satisfy the licensing or registration requirements that a person is fit and proper.
• “Guidelines on Competence”, which set out the competence requirements and its objective to ensure a person is equipped with the necessary technical skills and professional expertise to be “fit”, and is aware of the relevant ethical standards and regulatory knowledge to be “proper” in carrying on any regulated activities.

HKMA

Under the BO, employees of an authorised institution that carry on regulated activities under the SFO are required to be fit and proper. In addition, the HKMA needs to be satisfied that the chief executive, directors, controllers and executive officers of the authorised institutions are fit and proper. Other relevant guidelines regarding standards of behaviour include:

• “Code of Banking Practice”, which is to be observed by authorised institutions in dealing with and providing services to their customers.
• Supervisory Policy Manual CG – 2 “Systems of Control for Appointment of Managers”, which sets out the system of control that authorised institutions should have for ensuring the fitness and propriety of individuals appointed as managers.

IA

The conduct requirements for licensed insurance agents and brokers are set out in Division 4 of the IO. Other relevant codes and guidelines include:

• “Code of Conduct for Licensed Insurance Agents”, which sets out the fundamental principles of professional conduct that buyers of insurance are entitled to expect in their dealings with licensed insurance agents.
• “Code of Conduct for Licensed Insurance Brokers”, which sets out the fundamental principles of professional conduct that buyers of insurance are entitled to expect in their dealings with licensed insurance brokers.
• “Guideline on ‘Fit and Proper’ Criteria under the Insurance Ordinance”

In the DIFC, the DFSA General Rulebook provides that authorised individuals must adhere to six principles, as follows:

• Principle 1 – Integrity
• Principle 2 – Due skill, care and diligence
• Principle 3 – Market conduct
• Principle 4 – Relations with the DFSA
• Principle 5 – Management, systems and control
• Principle 6 – Compliance
   

In the ADGM, the FSRA General Rulebook provides that authorized individuals must adhere to eleven principles, as follows:

• Principle 1 – Integrity
• Principle 2 – Due skill, care and diligence
• Principle 3 – Management, systems and control
• Principle 4 – Resources
• Principle 5 – Market conduct
• Principle 6 – Information and interests
• Principle 7 – Conflicts of Interest
• Principle 8 – Suitability
• Principle 9 – Customer assets and money
• Principle 10 – Relations with regulators
• Principle 11 – Compliance with high standards of corporate governance

From a labour perspective, there are no circumstances in which notifications relating to the employee or their conduct must be made to local or international regulators.

Considering that the National Financial System is extremely regulated, there may be cases in which a mistake by an employee results in a duty to report to the authorities (information security breach, prevention of money laundering, and prevention of terrorist financing, among others, which could not be exhaustively included in this questionnaire).

There is no general code defined by law or regulation.

Each company can adopt its standard of behaviour, as a rule.

Some activities require specific protocols for the prevention of money laundering and combating the financing of terrorism:

• the capture, intermediation, and investment of financial resources from third parties in national or foreign currency;

• the purchase and sale of foreign currency or gold as a financial asset or exchange instrument; and

• the custody, issuance, distribution, settlement, negotiation, intermediation, or securities administration.

Within the scope of the system for preventing and combating money laundering and the financing of terrorism, it is up to institutions and their employees to adequately comply with Central Bank regulations; promote the effectiveness of the apparatus to combat and prevent money laundering; carry out risk management with the implementation of effective policies, procedures, and controls; and help the Brazilian state to locate which financial operations are suspicious so that they can be investigated.

Yes. Under section 87 WpHG, investment firms must notify BaFin of any changes regarding employees providing investment advice, sales representation, and compliance advice. This includes, for example, personal data or a change of the responsible sales representative, but also the termination of the activity. Changes must be communicated to BaFin within one month.

Further, investment firms must notify BaFin as soon as a substantial customer complaint is made against one or more employees based on his or her activities in connection with investment advice. This applies, for example, to allegations of incorrect investment advice. The notification to BaFin must be submitted within six weeks of receipt of the complaint. Details on the content of the notification are governed by section 8 paragraph 4 of the Securities Trading Act Employee Notification Ordinance.

There are further notification obligations if there are doubts about an employee‘s reliability under the relevant statutory rules. For example, in their initial declaration of reliability under section 24 paragraph 1 No. 1 KWG and section 5b Ordinance on Notifications and Submission of Documents under the KWG, future managing directors and persons acting as sole representatives of credit institutions and financial services institutions must immediately report to BaFin in writing any subsequent changes that may be relevant to their reliability. This applies to all facts that were also relevant for the initial reliability assessment (eg, because an employee was convicted of certain financial crimes). In addition, BaFin must also receive notifications of preliminary proceedings, indictments and convictions of certain financial sector employees according to the Order on Notifications in Criminal Matters.

SFC – Self-reporting obligation

An SFC-licensed intermediary is subject to the self-reporting obligation under paragraph 12.5 of the “Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission”. A licensed or registered person should report to the SFC immediately upon the occurrence of any material breach, infringement or non-compliance with any laws, rules regulations, and codes administered or issued by the SFC, exchange or clearing house of which it is a member or participant of, and the requirement of any regulatory authority applicable to that intermediary. This encompasses both actual and suspected breaches, infringements or non-compliance. In the report, the particulars of the actual or suspected breach, infringement or non-compliance, and relevant information and documents must be included to fulfil the obligation.

The same is to be reported by the registered institutions to the HKMA. The HKMA also requires authorised institutions to submit an incident report on the same day of discovering the incident.

SFC - Internal investigation disclosure obligation

In addition, a licensed corporation is required to provide the SFC with information about whether a licensed individual who ceases to be accredited to it (outgoing employee) was under any investigation commenced by the licensed corporation within six months preceding his or her cessation of accreditation. If the internal investigation commences after the notification of cessation of accreditation, the licensed corporation should also notify the SFC as soon as practicable. In addition, even if a firm has completed its investigation and made no negative findings against an outgoing employee, the firm will still be required to notify the SFC of the investigation.

The SFC expects licensed corporations to proactively disclose information about all investigative actions and the following is a non-exhaustive list of examples of investigations involving an outgoing employee that a licensed corporation should disclose to the SFC:

• investigations about a suspected breach or breach of applicable laws, rules and regulations;
• investigations about a suspected breach or breach of the licensed corporation's internal policies or procedures;
• investigations about misconduct that are likely to give rise to concerns about the fitness and properness of the outgoing employee;
• investigations about any matter that may have an adverse market or client impact; and
• investigations about any matter potentially involving fraud, dishonesty and misfeasance.

HKMA – Reporting incidents to HKMA

According to the “Incident Response and Management Procedures” published by the HKMA, once an authorised institution has become aware that a significant incident has occurred, the authorised institution concerned should notify the HKMA immediately and provide it with whatever information is available at the time. An authorised institution should not wait until it has rectified the problem before reporting the incident to the HKMA.

According to the Supervisory Policy Manual SB-1 “Supervision of Regulated Activities of SFC-Registered Authorized Institutions”, to be in line with the reporting requirements imposed by the SFC on licensed representatives, authorised institutions will be required to notify the HKMA in writing within seven business days upon knowledge of the occurrence of certain information (including any subsequent changes) of the relevant individuals. The required information is on whether or not the person is or has been:

• convicted of or charged with any criminal offence (other than a minor offence) in Hong Kong or elsewhere;
• subject to any disciplinary action, or investigation by a regulatory body or criminal investigatory body (as the case may be) in Hong Kong or elsewhere;
• subject to, or involved in the management of a corporation or business that has been or is subject to, any investigation by a criminal investigatory body or any regulatory body in Hong Kong or elsewhere concerning offences involving fraud or dishonesty;
• engaged in any judicial or other proceedings, whether in Hong Kong or elsewhere, that is material or relevant to the fitness and propriety of the individual; or
• bankrupt or aware of the existence of any matters that might render him insolvent or lead to the appointment of a receiver of his property under the Bankruptcy Ordinance.

HKMA – Guidance Note on Cooperation with HKMA Investigations

Under the “Guidance Note on Cooperation with the HKMA in Investigations and Enforcement Proceedings”, the HKMA encourages and recognises the cooperation of authorised institutions, banks and their staff in investigations and enforcement proceedings. Under this Guidance Note, cooperation includes early and voluntary reporting of any suspected breach or misconduct, taking a proactive approach to assist the HKMA’s investigation, and making timely arrangements to provide evidence and information.

IA – Self-reporting obligation

Under “the Code of Conduct for Licensed Insurance Agents/Brokers”, there is a self-reporting obligation by licensed insurance agencies or brokerages to the IA. A licensed insurance agency or brokerage is required to have proper controls and procedures to ensure the following incidents are reported to the IA as soon as is reasonably practicable:

• a disciplinary action taken by the HKMA, the SFC or the Mandatory Provident Fund Schemes Authority;
• a criminal conviction (other than a minor offence) by any court in Hong Kong or elsewhere;
• any material breaches of requirements under the IO or any rules, regulations, codes or guidelines administered or issued by the IA; and
• any material incidents which happen to the agency or brokerage.

Both the DFSA General Rulebook and FSRA General Rulebook provide that where an authorised firm requests the withdrawal of an authorised individual, they must provide to the regulator details of any circumstances in which they consider the individual is no longer fit and proper.  Where the individual is to be dismissed or has requested to resign, the firm must provide to the regulator a statement of the reason, or reasons, for the dismissal or resignation.

In addition, the DFSA and FSRA General Rulebooks contain broad obligations on any authorised firm to report to the regulator if it becomes aware of a range of occurrences, including any matter which could have a significant adverse effect on the authorised firm’s reputation, or a matter in relation the authorised firm which could result in serious adverse financial consequences to the financial system or to other firms, or a significant breach of a rule by the authorised firm or its employees.

No specific law determines what employers should implement to prevent wrongdoing. However, implementing reporting channels and policies to prevent and combat harassment is based on general corporate governance rules.

Employers are generally required under German law, regardless of their industry, to exercise a duty of protection regarding their employees. If they become aware of allegations of employee harassment, the employer must investigate and take appropriate steps to either dispel the suspicion (and protect the employee incorrectly accused of harassment) or sanction the perpetrator. As such, many employers have a process or policy in place governing this.

From July 2023, employers must observe the mandatory regulations of the Whistleblower Protection Act, implementing the EU Whistleblower Directive. This regulation applies automatically to many institutions in the financial sector, and beyond that to others based on their number of employees (starting with a headcount of over 50) or by virtue of belonging to the public sector. In corporate groups, multiple employers can set up a joint office to receive reports and conduct further investigations. Public sector employers must, in principle, establish an internal reporting office regardless of the number of employees. In addition, employees will also have the option to report breaches externally. The purpose of the new legislation is to strengthen the protection of whistleblowers and ensure that they do not face any disadvantages within the framework of the legal requirements – including, inter alia, where the whistleblowing concerns matters such as breaches of European law concerning financial services, financial products and financial markets, as well as the prevention of money laundering and terrorist financing.

An office at the Federal Ministry of Justice will be established as the governing body for the new law. In addition, the Federal Antitrust Office and BaFin will be responsible for sanctioning certain breaches under their respective remit (antitrust and financial services, respectively).

Anti-money laundering and counter-financing of terrorism

Financial services employees are required to receive training on anti-money laundering and counter-financing of terrorism. New staff should be required to attend initial training as soon as possible after being hired or appointed. Apart from the initial training, refresher training should be provided regularly to ensure that staff are reminded of their responsibilities and are kept informed of new developments (see question 8).

Whistleblowing

There is no single comprehensive whistleblowing legislation to protect whistleblowers in Hong Kong. However, piecemeal provisions in various ordinances may protect specific whistleblowers for the reporting of specific offences. For example, the Employment Ordinance provides that an employer shall not terminate (or threaten to terminate) the employment of, or in any way discriminate against, an employee because the employee has given evidence or information in any proceedings or inquiry in connection with the enforcement of the Employment Ordinance, work accidents or breach of work safety legislation.

While it is not legally required, as good practice, employers should consider implementing a whistleblowing policy to set out, among others, the type of incidents that should be reported and the procedures for filing the report.

Workplace harassment

Under the Sex Discrimination Ordinance, Disability Discrimination Ordinance and Race Discrimination Ordinance, any harassment in the workplace based on sex, pregnancy, disability and race (which includes colour, descent, ethnic or national origins) is unlawful.

As employers are vicariously liable for the wrongful acts of their employees (whether or not the act was done with the employer’s knowledge or approval), one of the statutory defences is for employers to establish that they took “reasonably practicable steps” to prevent the wrongful act in the workplace. Employers should therefore put in place anti-harassment policies and procedures to prevent harassment from happening in the workplace and to provide complaint or reporting procedures to handle such incidents.

Whistleblowing

In the DIFC, whistleblowing is addressed both by the DFSA, who introduced its regulatory regime for whistleblowing in 2022 through amendment to its Regulatory Law 2004, as well as the more general obligations contained in the Operating Law of the DIFC Authority.

Under the Regulatory Law, any person who makes a qualifying disclosure to a specified person is entitled to protection under the law.  Similar provisions are contained in the Operating Law.

The disclosure may be made internally within the company, for example, to a director, officer or any person in a management position of the relevant company, or any person designated by that company to receive the disclosure of such information; or externally, for example, to the Registrar, Financial Services Regulator, Office of Data Protection, or criminal law enforcement agency in the UAE.

The qualifying disclosure must relate to the disclosure of information made in good faith, that relates to a reasonable suspicion that a regulated entity, or any of its employees or officers, has or may have, contravened a provision of legislation administered by the DFSA, or has engaged in money laundering, fraud, or other financial crime.

A person making a protected disclosure shall not be subject to any civil or contractual liability for making the disclosure, nor shall they be dismissed or otherwise suffer a detriment or disadvantage in connection with making the disclosure. 

The corresponding DFSA module sets out the DFSA’s expectations that companies should implement appropriate written policies in order to facilitate the reporting of any regulatory concerns by whistleblowers, and to assess, and, where appropriate, escalate regulatory concerns reported to it. 

The ADGM published Guiding Principles on Whistleblowing in December 2022, which whilst non-binding, were designed to assist entities and individuals in the ADGM in establishing whistleblowing frameworks and ensure that potential whistleblowers were encouraged to speak up and were fairly treated when they did so.  In March 2024, the ADGM announced a public consultation on proposals for a whistleblowing framework, which will lead to the introduction of Whistleblower Protections Regulations and amendments to the Employment Regulations.

Harassment

Harassment is not dealt with in the regulatory framework outlined above, but is contained in the applicable employment legislation.

As a legal requirement, it is necessary to issue the term of termination of the employment contract. This document specifies the amounts paid at that time (there is a difference between terminations for just cause and without cause).

For workers in the sector, general rules apply, as no specific rules are created by law or a collective instrument.

Employment relationships with risk-takers of significant institutions whose annual fixed remuneration exceeds three times the contribution assessment ceiling for general pension insurance can be terminated more easily, in return for a severance payment, even if a unilateral dismissal is not socially justified. For this purpose, the institution needs to file a motion to the labour court to terminate the employment relationship during an ongoing dismissal protection dispute. The court will then terminate the employment relationship and award a severance payment of up to 12 months‘ salary.

Where employers wish to amicably terminate an employment relationship, they will usually offer a termination agreement that provides for a severance payment as consideration for the job loss. Severance payments offered by institutions under the German Banking Act are, in principle, treated as variable remuneration from a regulatory perspective. Unless certain exceptions and privileges apply, this means that severance payments are subject to the regulatory remuneration rules that apply to variable remuneration, meaning that, for example, the bonus cap and ex-post risk adjustment mechanisms of IVV apply (section 5 paragraph 6 sentence 1 IVV). Exceptions are permissible, inter alia, if severance payments are granted in line with the company’s general policy on severance payments, payments to which there is a legal entitlement, and severance payments to be made based on a final judgment or court settlement.

There are no particular rules or protocols that apply when terminating the employment of an employee in the financial services sector. The termination procedures will follow the requirements under the Employment Ordinance and the contractual terms of the employment contract. In certain cases (eg, termination of senior executives), the parties may enter into a mutual release and settlement agreement.

The licensed corporations should notify the regulators of any changes, including cessation of appointment of the licensed representative and responsible officer or managers-in-charge of core functions, within seven business days. In the case of registered institutions, the notification should be made to both the SFC and the HKMA.

Under section 64R of the IO, within 14 days after the day on which an authorised insurer, a licensed insurance agency or a licensed insurance broker company (collectively, “Appointing Principal”) terminates the appointment of a licensed insurance agency, a licensed individual insurance agent, a licensed technical representative (agent), a licensed technical representative (broker) or a responsible officer (as the case may be), then the Appointing Principal should notify the IA in writing of the termination.

As noted in question 7, the DFSA General Rulebook and FSRA General Rulebook contain Best Practice Guidance for remuneration structure and strategies of authorised persons.  In this regard, both sets of guidance provide that where an authorised entity provides discretionary payouts on termination of employment (either by way of severance payments, or other payments, such as “golden parachutes”), these should be subject to appropriate limits or shareholder approval.  In addition, they should be aligned with the firm’s overall financial status and performance.

Yes, restrictive covenants are possible for financial service employees. However, restrictions on work in other companies in the sector (non-competition) must be paid for less than 24 months. These criteria are not provided for by law, but were constructed by Brazilian courts when adjudicating on this issue.

Post-contractual non-compete obligations will typically only be binding when a severance payment is agreed upon that amounts to at least 50% of the pro-rated annual remuneration that the employee received before the obligation comes into force). It is advisable to regularly review for which roles such arrangements are agreed upon as they can be costly, and a unilateral waiver does not automatically eliminate the obligation to pay compensation, only if sufficient advance notice is given.

In the financial services sector, the severance payment for non-competition covenants is considered variable remuneration and subject to the same regulatory compensation rules (for example, section 5 paragraph 6 sentence 1 IVV, section 6 paragraph 4 No. 2 Investment Firm Remuneration Ordinance). However, severance payments do not have to be factored into the ratio of variable to fixed remuneration according to section 25a paragraph 5 sentences 2 to 5 KWG if, subject to section 74 paragraph 2 of the German Commercial Code, the payments do not exceed the total fixed remuneration originally owed.

There are no particular rules that apply concerning the use of post-termination restrictive covenants for employees in the financial services sector. The rules concerning post-termination restrictive covenants are governed by common law principles in which they will only be enforced if the restriction is necessary for the protection of the employer’s legitimate business interest and is reasonable in scope and duration.

The DFSA and FSRA Rulebooks do not regulate the use of post-termination restrictive covenants. It is fairly typical for financial services firms in both free zones to include non-dealing, non-solicitation, non-compete and similar restrictive covenants in their employment contracts. These are subject to the same common law rules on interpretation and enforceability as in any other sector.  In addition, whilst the courts in both the DIFC and ADGM will award injunctive relief, there is no similar right in the federal courts.  This means that the enforceability of an injunctive order outside of the geographic scope of the two free zones is uncertain.

Yes, non-disclosure agreements (NDAs) are potentially lawful in Brazil. The applicable rules are the same as for any legal transaction: expression of will, legality of the object, and compliance with the law.

As a rule, NDAs are a consequence of professional activity and do not require specific consideration.

Protected information is specific to the contractor (employer) and shared with the employee during the execution of the contract (strategies, customers, commercial secrets, etc).       

General information belonging to the employee due to his or her academic training and previous professional experience is not included in NDAs.

Under German law, it is permissible to enter into non-disclosure and confidentiality agreements. In practice, NDAs are usually agreed upon in written or text form, although this is not legally required. If drafted for use in multiple cases, NDAs are subject to a particularly strict test to be effective: they must be transparent and may not unduly burden the employee under General Terms and Conditions legislation. NDAs should, therefore, only relate to very limited and specific information.

In practice, NDAs are difficult to enforce as it is the employer who must prove a culpable breach of contract, as well as damages resulting from such a breach. Employers should, therefore, also use other means to ensure data protection and confidentiality, such as properly defining and protecting business secrets under the Business Secrets Act; and implementing technical and organisational measures to limit access to certain information, which may include sharing information only on a need-to-know basis.

Non-disclosure agreements are legally enforceable in Hong Kong. They follow the contract law rules and there is no other particular form or rules. To be enforceable, a non-disclosure agreement must protect information that is both confidential and valuable. There are common exceptions where confidentiality will not apply to certain information, including information available in the public domain, information lawfully received from a third party without proprietary or confidentiality limitations, information known to the employee before first receipt of same from the employer, and information disclosed in circumstances required by law or regulatory requirement.

Non-disclosure agreements may be used in the UAE (including DIFC and ADGM free zones).  There are no particular requirements regarding the form or rules for those NDAs.