Employment in Financial Services

The primary regulatory regime applicable to financial services employees in Hong Kong are as follows:

• Under the Banking Ordinance (BO), the Hong Kong Monetary Authority (HKMA) is responsible for regulating all authorised institutions (banks, restricted-licence banks and deposit-taking companies). In particular, the HKMA needs to ensure that the chief executive, directors, controllers and executive officers of the authorised institutions are “fit and proper”.

• Under the Securities and Futures Ordinance (SFO), the Securities and Futures Commission (SFC) is responsible for regulating the securities and futures markets. Employees performing any regulated functions under the SFO must obtain the requisite licence from the SFC. Relevant individuals engaged by the authorised institutions who perform regulated functions (eg, bank staff working in the securities dealing department) are not required to be licensed or registered with the SFC but their names have to be entered in the register maintained by the HKMA.

• Under the Insurance Ordinance (IO), the Insurance Authority (IA) is responsible for regulating the insurance industry. Employees carrying on a regulated activity under the IO must obtain the requisite licence from the IA.

The Central Bank of Ireland (CBI) is responsible for the authorisation and supervision of regulated financial service providers (RFSPs) in Ireland. RFSPs can include credit institutions, credit unions, brokers/retail intermediaries; and other RFSPs such as electronic money institutions, insurance and reinsurance undertakings, investment firms and payment institutions. The regulatory regime applies in a bespoke way to each sector and its employees and tailored legal advice should be taken for a specific situation. The general principles of the regulatory framework are set out below.

Fitness and Probity

The primary regulatory regime applicable to employees of RFSPs is the Fitness & Probity ("F&P") framework under the CBI Reform Act 2010 (2010 Act) as amended. Its function is to assess and monitor the suitability of individuals for certain key positions, known as Controlled Functions (CFs), including Pre-approved Controlled Functions (PCFs). The general rule is that an RFSP cannot permit a person to perform a controlled function unless the RFSP is satisfied on reasonable grounds that the person complies with the F&P Standards prescribed under the 2010 Act and further set out in the regulations and Guidance prescribed by the CBI. A link to resources governing the F&P Standards is here.

Fitness relates to an individual's competency, experience, qualifications and capacity to perform the role (including time commitments and being free from conflicts of interest).

Probity relates to an individual's honesty, diligence, independence, ethics and integrity in performing their role.

Employers are required to perform due diligence to confirm that individuals they propose placing in CF roles are fit and proper. Employers are also required to hold a certificate of compliance in respect of each in scope employee, certifying that the employee complies with the F&P Standards. Employees of RFSPs must agree in writing to comply with the F&P Standards.

A breach of an individual's F&P obligations can result in criminal and administrative sanctions for the RFSP and suspension and disqualification for the individual from holding a controlled function.

Minimum Competency Requirements

The CBI also operates a minimum competency regime under the Minimum Competency Code 2017 and the CBI (Supervision and Enforcement) Act 2013 (section 48(1)) Minimum Competency Regulations 2017, which set out professional standards and competencies, and continuing professional development (CPD) requirements, for persons providing certain financial services and products across certain sectors e.g., credit union and insurance services.  The aim is to protect consumers by ensuring a minimum acceptable level of competence from individuals acting for or on behalf of RFSPs providing advice and information and associated activities (such as dealing with insurance claims or complaints), in connection with in-scope financial products.

The Individual Accountability Framework

The CBI (Individual Accountability) Act 2023 (the "2023 Act") was signed into law on 9 March 2023. The 2023 Act introduced a new Individual Accountability Framework ("IAF"):

• An enhanced Fitness and Probity Framework;
• New Common Conduct Standards, including Additional Conduct Standards for PCFs, applicable to employees and officers of RFSPs as well as Business Conduct Standards;
• The Senior Executive Accountability Regime ("SEAR"); and
• Administrative Sanctions Procedures ("ASP") which empowers the CBI to investigate and sanction individuals for breaches of their obligations under the IAF including the Conduct Standards and their F&P obligations.

The IAF commenced in Ireland from 29 December 2023. The F&P Framework and the application of the new Conduct Standards became effective from this date. Other parts of the IAF will be effective later in 2024.

Conduct Standards

Under the 2010 Act, both CFs and PCFs must take any step that is reasonable in the circumstances in the performance of their role, to ensure that they meet the requirements of the Common Conduct Standards. The Common Conduct Standards are explained in Guidance published by the CBI here. The Conduct Standards include the requirement to act with honesty and integrity, due skill and care, co-operate in good faith with the CBI, act in the best interests of customers and comply with applicable rules governing market conduct and trading as applicable to the relevant RFSP's sector. The F&P Standards set a standard that CFs and PCFs must meet to ensure that they are sufficiently skilled and have the competence and capability to perform their roles. Whereas the Common Conduct Standards impose positive, enforceable legal obligations on individuals in those roles, governing their conduct and requiring them to act in accordance with a single set of standards of expected behaviour. Employers must train their employees on the applicable Conduct Standards. Employees are required to attend at that training and to fully understand and comply with the Conduct Standards. Additional Conduct Standards apply to PCFs.

Senior Executive Accountability Regime

SEAR which applies to senior managers/officers holding PCF and CF1 roles, will be applicable from 1 July 2024. SEAR will come into force in respect of Non Executive Directors (NEDs) and Independent Non Executive Directors (INEDs) with effect from 1 July 2025.

In terms of the scope of application, SEAR will be introduced on a phased basis and will initially apply from 1 July 2024 to credit institutions, insurance undertakings (excluding reinsurance undertakings, captive (re)insurance undertakings and insurance special purpose vehicles) and investment firms that underwrite on a firm commitment basis, deal on own account, or are authorised to hold client monies or assets; and third-country branches of the above.

However, the CBI has noted in its Consultation Paper 153 (CP153) that "there is much in the spirit of the SEAR that firms not initially failing within scope should consider as aligned with good quality governance". RFSPs which are not in Phase 1 of SEAR should therefore consider the presence of the new regime and whether it may be appropriate to comply with the spirit of SEAR by ensuring that individual responsibilities for senior managers are mapped and clearly allocated across the firm's senior management. This is to ensure that it is very clear who is individually accountable for what and in order to ensure that the business and its risks are being properly managed.

Business Standards

The 2023 Act provides for the ability of the CBI of Ireland (CBI) to prescribe the "Business Standards" for the purposes of ensuring that in the conduct of its affairs a firm:

1. acts in the best interests of customers and of the integrity of the market;
2. acts honestly, fairly and professionally; and
3. acts with due skill, care and diligence.

The Business Standards are obligations which apply to the RFSP.

Protected Disclosures Legislation – Whistleblowing

The Protected Disclosures Act 2014 as amended provides that all employers (with 50 or more employees) and most RFSPs regardless of head count (including MiFID firms, UCITS management companies, AIFMs, externally managed UCITS and externally managed AIFs)  have and maintain secure, confidential and effective internal reporting channels and investigation procedures that comply with its requirements. Employees and other workers, including INEDS and NEDS as well as contractors have significant anti retaliation protection in connection with making a protected disclosure. Employers are required to appoint a designated person to acknowledge a report within 7 days, make diligent inquiries and to follow up with the reporter within three months in relation to the progress/outcome of the investigation. The Central Bank (Supervision and Enforcement) Act, 2013 as well as the European Union (Market Abuse) Regulations, 2016 set out whistleblowing requirements for in scope employees and anti retaliation protection.

The UAE has four different regulators responsible for the authorisation and supervision of banks, insurers, and other financial institutions.

There are two regulators "on-shore" in the UAE, namely, (i) the UAE Central Bank, which is the state institution responsible for banking and insurance regulation, as well as monetary policy, and has authority over all licensed financial institutions in the UAE, including those in the financial free zones; and (ii) the Emirates Securities and Commodities Authorities (ESCA)  that regulates markets, listed companies, and securities brokers.

There are two financial free zones in the UAE, the Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM), who were established as special economic zones with independent jurisdictions through amendment to the UAE Constitution.  Within the free zones, the Dubai Financial Services Authority (DFSA) is the regulator of the DIFC and the Financial Services Regulatory Authority (FSRA) is the regulator of the ADGM.

As the DIFC and ADGM free zones have been established as special economic zones in which financial services are conducted, most of the applicable legislation in the UAE which governs financial services is found in the two free zones.  Therefore, unless expressly referenced, the responses for the UAE in this guide consider the position in the DIFC and ADGM only.

The Dubai Financial Services Authority is the financial regulatory body of financial services conducted in or from the DIFC.  The key legislation is the Regulatory Law of 2004, as amended, which is administered by the DFSA and is described as the cornerstone legislation of the regulatory regime.

The ADGM Financial Services Regulatory Authority is the financial regulatory body of financial services conducted in or from the ADGM.  The key legislation is the Financial Services and Markets Regulations (FSMR), which sets out the legislative and regulatory framework for financial services in the ADGM.  The FSMR was modelled on the UK’s Financial Services and Markets Act 2000 and other related legislation.

Finally, all employees in the private sector (excluding the two financial free zones) are subject to Federal Decree-law No. 33 of 2021, as amended (the Labour Law).  In the DIFC, employees are subject to DIFC Law No. 2 of 2019, as amended (the DIFC Employment Law) and in the ADGM, employees are subject to the ADGM Employment Regulations 2019 (the ADGM Employment Regulations).  In addition to the employment legislation described above, a number of other laws will be applicable to employees in the UAE, including Federal Decree-law No. 30 of 2021 containing the Penal Code.

In the United States, there are different regulatory environments, depending on the nature of the employer.

• The Securities and Exchange Commission (SEC) regulates the offer and sale of securities, the various obligations of public companies, and the registration and conduct of broker-dealers. The SEC also regulates investment advisers.
• Every state has its own securities laws, known as Blue Sky Laws. These laws vary from state to state, but most, including New York and California, impose registration requirements on broker-dealers. State laws also require employees of brokers and dealers engaged in securities transactions to register as agents or salespersons.
  • The California Corporate Securities Law of 1968 covers securities offerings in the state of California.
  • The New York General Business Law and the New York Compilations of Codes, Rules and Regulations cover securities offerings in the state of New York.
• The Financial Industry Regulatory Authority (FINRA) is a private self-regulatory organisation that oversees exchange markets and brokerage firms and regulates the conduct of broker-dealer member firms.
• The Commodity Futures Trading Commission (CFTC) regulates commodities or future brokers and exchanges under the Commodity Exchange Act (CEA).
• Banks are regulated by both federal and state regulators, including the Federal Reserve Board, the Office of the Comptroller of the Currency, the Consumer Financial Protection Bureau, and the Federal Deposit Insurance Corporation.
• Commodities or future brokers or exchanges are covered by the CEA and are regulated by the CFTC.
• The Protocol for Broker Recruiting is an agreement signed by more than 2,000 broker-dealers. This Protocol specifically places limits on the restrictions a signatory firm can place on representatives who move to another signatory firm.

Most states have their own financial regulatory regimes. For example:

• The New York Department of Financial Services has regulatory authority over banks and certain other financial services entities within the state of New York.
• The California Department of Financial Protection and Innovation has regulatory authority over financial services entities within the state of California.

There are no particular pre-screening measures specified by the financial regulators in Hong Kong. Nevertheless, financial institutions would generally conduct background checks on prospective employees (especially those taking on senior positions) to ensure they comply with the “fit and proper” requirements of the financial regulators.

There is no particular form of regulator-specified reference to be provided by previous employers in the financial services industry. Nevertheless, the SFC has specified disclosure obligations for licensed corporations in respect of outgoing employees who were subject to internal investigations (see question 10).

RFSPs must satisfy themselves that all CF and PCF candidates or employees comply with the F&P Standards. Pre-employment due diligence must be performed, including asking the candidate to certify they will comply with the F&P Standards and notify the RFSP immediately of any change in circumstance that may mean they no longer comply. Employers must continue to ensure that in scope employees comply with the F&P Standards and must complete an annual declaration to this effect. This means that due diligence must continue throughout the employment relationship and not just at the recruitment stage.

Candidates for PCF roles must complete an online individual questionnaire, which is submitted to the CBI in advance of appointment to the role through the Central Bank portal. The CBI must grant its approval for the PCF appointment before a candidate can take up the role. Any PCF offer of employment must be conditional on that approval being obtained. The CBI may request applicants attend an interview as part of the approval process.

Employers should take all reasonable steps to secure references from previous employers in order to due diligence the candidate's compliance with the F&P Standards and their suitability for the role. However, an employer is not obliged to issue a reference in respect of a former employee which means that a prospective employer may not be able to secure a reference from a previous employer.  The CBI does not oblige employers to either issue or obtain a reference as part of screening checks, however employers must make good efforts to do so.

There are material obstacles from a data privacy and practical perspective to employers conducting criminal background checks in relation to prospective employees. Data relating to criminal convictions is special category data under the GDPR. Employers would need to satisfy both Article 6 and Article 9 requirements under the GDPR to justify the processing of this data. In terms of Article 9, this means employers would need to show reasons of substantial public interest or that they are carrying out their legal obligations in processing the data.  In terms of Article 6 the employer will need to show that the processing is necessary to comply with a legal obligation to which the employer is subject or the processing is necessary for the employer's legitimate interests for example to ensure the suitability and honesty of its employees and to protect its reputation. Employers are also prevented from asking candidates about "spent convictions" which are usually minor criminal offences dating back over seven years.

Pre-employment medical checks must also have a clear legal basis justifying the processing of an employee's medical and health information.

In the DIFC, an individual who performs a “licensed function” must be approved in advance by the DFSA.   The roles which fall within the meaning of an authorised person for the DFSA includes someone appointed as:

• the Senior Executive Officer, who has ultimate responsibility for the day-to- day management, supervision and control of one or more (or all) of an authorised firm’s financial services carried on, in or from the DIFC;
• the Finance Officer;
• Compliance Officer;, and
• Money Laundering Reporting Officer. 

Where a firm proposes to appoint an authorised individual, an application to the DFSA must be made in advance; the DFSA will make an assessment of the  individual in order to satisfy itself that they are fit and proper to be an authorised individual. The Regulator will consider the individual’s integrity, competence and capability, financial soundness, their proposed role, and any other relevant matters.  That individual may not be considered as fit and proper where they have been declared bankrupt, convicted for a serious criminal offence, or incapable - through mental or physical incapacity - of managing their affairs.

In the ADGM, an individual who performs a “controlled function” must be approved in advance by the ADGM.  A controlled function includes someone appointed as the Senior Executive Officer, Finance Officer, Compliance Officer, and Money Laundering Reporting Officer.

Where a firm proposes to appoint someone in a controlled function, an application to the ADGM must be made in advance, The ADGM will make an assessment of  that individual in order to satisfy itself that they are fit and proper to be an approved individual.  The Regulator will consider the individual’s integrity, competence and capability, financial soundness, their proposed role and any other relevant matters.  That individual may not be considered as fit and proper where they have been declared bankrupt, convicted for a serious criminal offence, or incapable - through mental or physical incapacity - of managing their affairs.

In addition to the standard hiring measures that must be taken when engaging an employee, several additional steps must be taken when engaging financial services employees in the United States. Generally, financial services employees must pass certain screening and disclosure steps, including:

• background checks;
• criminal background disclosures; and
• fingerprinting.

Broker-dealers and investment advisors must register with FINRA (see below).

Background checks

FINRA-regulated entities must investigate each person they plan to register with FINRA to ensure that they meet FINRA Form U4 requirements regarding that person’s history of formal charges and indictments.

If the applicant has previously registered with FINRA, broker-dealers must also review an applicant’s most recent Form U5 or be able to demonstrate to FINRA that it has made reasonable efforts to review Form U5 but has been unable to do so. If the applicant has previously registered with a CFTC-registered firm, the broker-dealer must review CFTC Form 8-T.

Bank employees must undergo a background check. Certain criminal conduct may statutorily disqualify an applicant from employment. For example, federal law prohibits any person convicted of a criminal offence involving dishonesty or breach of trust (or who has entered into a pre-trial diversion or similar programme regarding such an offence) from serving as a director, officer, or employee of an FDIC-insured bank without the FDIC's consent. Banks must conduct reasonable inquiries into an applicant’s background to avoid hiring persons barred from employment by this law. Banks may be protected from claims of disparate impact (under state “ban-the-box” laws) when terminating or withdrawing offers from disqualified employees under this law. Both California and New York explicitly provide such carve-outs. However, these are position-specific rather than employer-specific, and employees with positions not subject to FINRA or other statutorily required background checks or disqualifiers based on criminal history may still be subject to state or local “fair chance” or ban-the-box laws. Therefore, as a best practice, non-bank financial services employers should avoid relying on these exceptions for all of their employees. Relatedly, the FDIC does not consider “de minimus” criminal violations disqualifying, including minor offences by young adults, bad cheques for less than $1,000 and simple theft of less than $500.

Fingerprinting

Entities covered by the SEC are also subject to fingerprinting requirements. Every member of a national securities exchange, broker, dealer, registered transfer agent, registered clearing agency, registered securities information processor, national securities exchange, and national securities association must ensure that each of its partners, directors, officers, and employees are fingerprinted and must submit such fingerprints, or cause the same to be submitted, to the Attorney General of the United States for identification and appropriate processing. Employees who will not be selling, keeping, or handling securities or supervising those who do are exempt from this requirement.

While New York generally prohibits fingerprinting, there is an exception where, as here, fingerprinting is statutorily required.

California Financing Law requires fingerprinting for certain individuals seeking to license in California.

Please note, during the COVID-19 epidemic, the SEC temporarily paused the fingerprinting requirements. This pause was lifted in September 2022.

In addition to an employment contract, there are additional documentation requirements in connection with the application or transfer of the employee’s licence with the financial regulators.

The following documents should be in place:

• written statement of terms of employment e.g., a written contract of employment that complies with the Terms of Employment (Information) Act 1994-2014 and the European Union (Transparent and Predictable Working Conditions) Regulations 2022;
• grievance and disciplinary policy;
• protected disclosures policy;
• dignity at work policy (anti-harassment and bullying prevention);
• safety statement; and
• where possible, an employee handbook that details all the statutory leave policies and other bespoke policies of the RFSP.

Employees must be provided with an employment contract across the different jurisdictions in the UAE.  This applies to all employees, regardless of whether they work in the financial services industry.

In the DIFC, the DIFC Employment Law requires employers to provide their employees with a written contract that must specify the following:

• the parties’ names;
• the start date;
• the salary and any allowances to be provided to the employee;
• the applicable pay period;
• hours and days of work;
• vacation leave and pay;
• notice to be given by either party to terminate employment; 
• the employee’s job title;
• confirmation as to whether the contract is for an indefinite period or for a fixed term;
• the place of work;
• applicable disciplinary rules and grievances procedures;
• the probation period;
• a reference to any applicable policies and procedures (including any codes of conduct) and where these can be accessed; and
• any other matter that may be prescribed in any regulations issued under the DIFC Employment Law.

In the ADGM, the ADGM Employment Regulations requires employers to provide their employees with a written contract that must specify the following:

• the parties’ names;
• the start date;
• remuneration;
• the applicable pay period;
• hours and days of work; and
• any terms and conditions relating to:
  • vacation leave and pay, national holiday entitlement and pay;
  • sick leave and sick pay;
  • the notice period that either party is required to give to the other in order to terminate employment;
  • the employee’s job title;
  • whether the employment is for an indefinite or fixed term;
  • the place of work;
  • any disciplinary rules or grievance procedures applicable to the employee; and

any other matter that may be prescribed by the employer.

FINRA

Broker-dealers and investment advisors regulated by FINRA must electronically file FINRA’s Form U4 when registering “associated persons” with FINRA or transferring their registration to another broker-dealer. Broker-dealers must also create and implement written procedures to verify the facts disclosed by prospective employees on the U4.

• “Associated persons” include employees of all levels involved with investment and securities operations.
• The U4 form requires disclosure of the associated person’s background history, including any criminal convictions or civil actions, regulatory proceedings or sanctions, administrative proceedings, financial disclosures (such as bankruptcy), customer complaints, or arbitration awards.

Form U4 also contains an agreement requiring employees to submit to arbitration “any dispute, claim or controversy that may arise between [them and their] firm, or a customer, or any other person…”

Member firms must provide registered employees with an arbitration disclosure when asked to sign a U4.

SEC

SEC-regulated entities require every prospective employee to complete a questionnaire disclosing their identifying information, employment history, and record of any disciplinary actions, denial or suspension of membership of registration, criminal record, or any record of civil action against that employee. FINRA form U4, if completed, fulfils the requirements of this Rule.

California

California employees must be provided with:

• A notice of workers’ compensation rights;
• notice of disability insurance and paid family leave insurance benefits;
• sexual harassment information under the Fair Employment and Housing Act;
• notice of pay information (if applicable);
• commission contract (if applicable);
• notice of rights for victims of crime or abuse; and
• lactation accommodation policy

New York

New York employees must be provided with:

• notice of pay rate and pay days;
• commissions Agreement (if applicable);
• New York Health and Essential Rights Act;
• notice of electronic monitoring;
• New York State Workers’ Compensation Board Statement of Rights – Disability Benefits Law;
• New York State Paid Family Leave Statement of Rights;
• New York City Earned Safe and Sick Time Act (City only);
• New York City Stop Sexual Harassment Act fact sheet (City only); and
• New York City Pregnancy Accommodations at Work fact sheet (City only).

SFC

The “Guidelines on Competence” published by the SFC lists the necessary qualifications for employees carrying on regulated activities. For academic qualifications, employees should attain at least Level 2 in either English or Chinese as well as in Mathematics in the Hong Kong Diploma of Secondary Education or equivalent. In addition, employees are expected to obtain recognised industry qualifications and pass the local regulatory framework paper. For responsible officers (ROs), the SFC requires higher levels of educational qualifications and experience.

IA

The “Guideline on ‘Fit and Proper’ Criteria for Licensed Insurance Intermediaries Under the Insurance Ordinance” published by the IA sets out the education requirements for licenced employees under the IO. Higher levels of educational qualifications are required for responsible officers.

Yes, under the Minimum Competency Regime (see question 1), employees who perform certain prescribed functions and roles in prescribed RFSPs such as insurance businesses and credit unions, must meet the required competencies and qualifications standards.

The 2023 Act also introduces a new requirement that persons can only be permitted to perform a CF role (including a PCF role) where a certificate of compliance with the F&P Standards given by the firm is in force (Certification Regime).

As part of the Certification Regime, a certificate of compliance may only be given if:

1. the firm is satisfied on reasonable grounds that the person complies with the F&P Standards; and
2. the person has agreed to abide by the F&P Standards and to notify the firm without delay if for any reason they no longer comply with the F&P Standards.

As noted in question 2 -, employees undertaking certain regulated roles must obtain the pre-approval of the relevant regulatory authority.  The regulators in each case will assess the fitness and propriety of the relevant individual.
 

For an individual’s FINRA registration to become effective, they must pass the Securities Industries Essentials examination. FINRA rules also require registered persons to participate in continuing education courses. Failure to do so may result in a covered person’s registration being deemed inactive until the requirement has been satisfied.

California Financing Law requires the licensing and regulation of finance lenders and brokers making and brokering consumer and commercial loans, unless exempt.

Under the SFO, ROs have enhanced responsibilities. They assume primary responsibility for compliance at a licensed corporation and are involved in supervising the regulated activities. A licensed corporation is required to appoint no less than two ROs to directly supervise the conduct of each regulated activity. Similarly, under the BO, registered institutions are required to appoint no less than two executive officers to be responsible for directly supervising the conduct of each regulated activity under the SFO. For each regulated activity, at least one RO must be available at all times to supervise the business and must be an executive director.

Under the IO, an RO of a licensed insurance agency or licensed insurance broker company has enhanced responsibilities. Responsible officers must use their best endeavours to ensure the agency or broker has established and maintains proper controls and procedures for securing compliance with the conduct requirements under the IO.

Yes. Common Conduct Standards and Additional Conduct Standards were introduced by the 2023 Act and employers need to update employees' contractual documents to reflect same.

The Common Conduct Standards set out standards of behaviour expected of individuals carrying out Controlled Functions (CFs) within firms. The Common Conduct Standards are basic standards such as acting with honesty and integrity with due skill, care and diligence and in the best interest of customers. An individual that is subject to the Common Conduct Standards will be expected to take reasonable steps to ensure that the Common Conduct Standards are met.

In addition, senior executives, which includes individuals performing PCF roles (e.g. the directors, designated persons) and other individuals who exercise significant influence on the conduct of a firm's affairs (CF1) will also have Additional Conduct Standards related to running the part of the business for which they are responsible. An individual who performs a PCF/CF1 role should take reasonable steps to ensure that the Additional Conduct Standards are met.

When SEAR comes into effect, those performing senior executive functions will be required to have detailed statements of responsibility setting out the scope of their role. The Duty of Responsibility which the PCF will have under SEAR is extensive. The duty extends to taking any step that is reasonable in the circumstances to avoid a breach by their firm of its obligations in relation to an aspect of the firm's affairs for which the PCF is responsible.

There are a number of General Prescribed Responsibilities that will need to be assigned to PCFs:

(a)   Performance by the Firm of its obligations under SEAR

(b)   Performance by the Firm of its obligations under the F&P framework

(c)   Performance by the Firm of its obligations under the new Conduct Standards

(d)   Responsibility for overseeing the adoption of the firm’s policy on diversity and inclusion.

There are no provisions that lay down enhanced responsibilities for a particular category of employees in the financial services sector.
 

While there are certain responsibilities for financial employees, such as being able to pass applicable certifications (see question 4) or registering with certain entities (see question 6), the American regulatory system does not include statutory delineations that create enhanced responsibilities for certain categories of employees.

The HKMA, SFC and IA each have a register for licensed employees to be listed on to undertake regulated activities:

• HKMA – the register of securities staff of authorised institutions is available on the HKMA’s website[1]. For registration, the names and particulars of the relevant individuals are required to be submitted to the HKMA for inclusion on the HKMA Register.

• SFC – the register of licensed persons is available on the SFC’s website[2]. For registration, individual applicants would need to submit an electronic application to the SFC through its online platform. When there is a change of employment, the licensed representative may apply for a transfer of accreditation through SFC’s online platform within 180 days after the cessation of the previous employment. It takes approximately seven business days to process an application for transfer of accreditation to carry on the same types of regulated activity for which the licensed representative was licensed immediately before the cessation.

• IA – the register of licensed insurance intermediaries is available on the IA’s website[3]. For registration, applicants can submit their licence applications to the IA by paper submission or electronic submission via an online portal.

No.

There is no public register of authorised individuals.

FINRA

Broker-dealers and Investment Advisors regulated by FINRA must file FINRA’s Form U4 when registering associated persons with FINRA or transferring their registration to another broker-dealer. Broker-dealers must also create and implement written procedures to verify the facts disclosed by prospective employees on the U4.

“Associated persons” include employees of all levels involved with the investment and securities operations, including:

• partners;
• officers;
• directors;
• branch managers;
• department supervisors;
• investment bankers;
• brokers;
• financial consultants; and
• salespeople.

The U4 form requires disclosure of the associated person’s background history, including any criminal convictions or civil actions, regulatory proceedings or sanctions, administrative proceedings, financial disclosures (such as bankruptcy), customer complaints, or arbitration awards.

SEC

Investment advisers must register with the SEC under the Advisers Act. They must submit Form ADV using the Investment Adviser Registration Depository (IARD), an internet-based filing system maintained by FINRA.

SEC-regulated entities require every prospective employee to complete a questionnaire disclosing their identifying information, employment history, and record of any disciplinary actions, denial or suspension of membership of registration, criminal record, or any record of civil action against that employee. FINRA form U4, if completed, fulfils the requirements of this Rule.

There are no specific mandatory rules relating to compensation payable to financial services employees in Hong Kong.

The HKMA has issued a Supervisory Policy Manual CG-5 “Guideline on a Sound Remuneration System”. This focuses on providing a broad idea and introducing basic principles of how remuneration policies should be designed and implemented in the authorised institution, to encourage employee behaviour that supports the risk management framework, corporate values and long-term financial soundness of the authorised institution.

Under the Guideline, the elements of a sound remuneration system are as follows:

Governance

• Remuneration policy should be in line with objectives, business strategies and the long-term goals of the authorised institution.
• The remuneration arrangement for employees whose activities could have a material impact on the authorised institution’s risk profile and financial soundness should support, but not undermine, the overall risk management approach.
• The Board of an authorised institution is ultimately responsible for overseeing the formulation and implementation of the remuneration policy.
• The establishment of a Board remuneration committee would assist the Board in discharging its responsibility for the design and operation of the authorised institution’s remuneration system.
• Risk control personnel should have appropriate authority and involvement in the process of design and implementation of the authorised institution’s remuneration policy.

Structure of remuneration

• Balance of fixed and variable remuneration should be determined with regard to the seniority, role, responsibilities and activities of their employees and the need to promote behaviour among employees that support the authorised institution’s risk-management framework and long-term financial soundness.
• Variable remuneration should be paid in such a manner as to align an employee’s incentive awards with long-term value creation and the time horizons of risk.
• Guaranteed minimum bonus to senior management or key personnel should be subject to the approval of the Board (or the Board’s remuneration committee with the necessary delegated authority).

Measurement of performance for variable remuneration

• The award of variable remuneration should depend on the fulfilment of certain pre-determined and assessable performance criteria, which include both financial and non-financial factors.
• Size and allocation of variable remuneration should take into account the current and potential risks associated with the activities of employees, as well as the performance (overall performance of the relevant business units and the authorised institution as a whole as well as the contribution of individual employees to such performance).
• Judgement and common sense may be required during the process to arrive at a fair and appropriate remuneration decision. The rationale for the exercise of judgment and the outcomes should be recorded in writing.

Alignment of remuneration pay-outs to the time horizon of risks

• Deferment of variable remuneration is appropriate when the risks taken by the employee in question are harder to measure or will be realised over a longer timeframe.
• The award of deferred remuneration should be subject to a minimum vesting period and pre-defined vesting conditions in respect of future performance.
• Authorised institutions should seek undertakings from employees not to engage in personal hedging strategies or remuneration and liability-related insurance to hedge their exposures in respect of the unvested portion of their deferred remuneration.

Remuneration disclosure

• Authorised institutions should make remuneration disclosures at least annually. The disclosure should include the qualitative and quantitative information that the HKMA has set out in its annual remuneration disclosure.

There are prescriptive, sector-specific requirements, which apply to the remuneration of specified categories of employees or directors, and which apply in the asset management, investment services, banking, and insurance sectors.

Employers in these sectors are tasked with ensuring that the remuneration paid to material risk takers (individuals whose professional activities have a material impact on an RFSP's risk profile) or identified staff align with the RFSP risk profile.

There are detailed rules with technical guidance (emanating from EU law) specific to each sector, but at a high level they (to differing degrees) set out rules on; variable remuneration composition, ratios or other metrics to compare variable to fixed remuneration to ensure it is appropriate; malus requirements, which would allow the RFSP to cancel or reduce the employee's variable remuneration before it is paid out; and clawback provisions which allow RFSPs to recover variable remuneration after it has been awarded. It is important to ensure that employees' contracts of employment acknowledge that any variable remuneration will be subject to all regulatory restrictions and rules and may be clawed back in certain circumstances.

The CBI's 2014 Guidelines on Variable Remuneration Arrangements for Sales Staff also emphasise the importance of remuneration structures to have sufficient deterrents built into them (such as malus and clawback mechanisms) to avoid incentivising undesirable/risky behaviours from sales staff in the banking, insurance and investment services sectors.

Both the DFSA General Rulebook and FSRA General Rulebook contain Best Practice Guidance for remuneration structure and strategies of authorised entities. In particular, the guidance identifies that the governing body of an authorised entity ought to consider the risk to which the firm could be exposed to as a result of the conduct or behaviour of its employees, and to consider the ratio and balance between fixed and variable remuneration components, the nature of the duties and functions performed by the relevant employees, the assessment criteria against which performance based components of remuneration are to be awarded, and the integrity and objectivity of any performance assessment against that criteria.

Overtime

Financial services employees in the United States are commonly classified as administrative employees exempt from both minimum wage and overtime laws. To qualify for this administrative exception under the Fair Labor Standard Acts (FLSA) and often, applicable state law, an employee must:

• be compensated on a salary or fee basis at a rate at least equal to the minimum required threshold (at the time of writing set at $684 a week or $35,568 annually); and
• have a primary duty:
  • that is the performance of office or non-manual work directly related to the management or general business operations of the employer or the employer’s customers; and
  • includes the exercise of discretion and independent judgment on significant matters.

Examples of employees qualifying for the administrative exemption are those whose duties include:

• collecting and analysing information regarding the customer’s income, assets, investments or debts;
• determining which financial products best meet a customer’s needs;
• advising customers regarding the pros and cons of various financial products; and
• marketing, servicing, or promoting financial products.

An employee whose sole duty is selling financial products does not qualify for the administrative exemption. United States courts are split on whether financial advisors are exempt.

Many states have a higher minimum annual salary threshold for the administrative exemption, including California ($1,240 a week, as of 1 January 2023) and New York ($1,125 a week for New York City and Nassau, Suffolk, and Westchester counties and $990 a week for the remainder of the state. The remainder of the State increased to $1,064.25 a week on 31 December 2022).

California has an administrative exemption test, which also requires the employee to customarily and regularly exercise discretion and independent judgement, in addition to being primarily engaged in administrative duties. Employees that do not qualify as non-exempt under one of the exemptions must receive overtime pay under California law.

FLSA also exempts “highly compensated” employees. To qualify for this exemption, an employee must earn at least $107,432 in total annual compensation (not including discretionary bonuses), must perform office or non-manual work as part of their primary duty, and must customarily perform one or more exempt duties of an administrative, executive, or professional employee.

Bonuses

Discretionary bonuses can be for any amount and can be determined on quantitative factors (eg, employer profits) or subjective factors (eg, known performance indicators, performance, merit) and employers may condition an employee’s eligibility to receive a bonus on their active employment at the time when bonuses are paid.

Guaranteed bonuses are typically non-discretionary and set at a fixed number or percentage (eg, a percentage of the employee’s annual base salary or the employer’s profits). A guaranteed bonus (unlike a discretionary one) creates a contractual obligation and will be considered wages. Once a payment is considered a “wage,” employers generally cannot withhold, recover or claw back the bonus from an employee.

California requires non-discretionary bonuses to be included in a non-exempt employee’s regular rate for overtime calculation.

Certain compensation plans include “forgivable loans,” conditioning an employee’s obligation to repay on their continued employment with the new employer for a time. If the employee leaves or is fired for certain reasons before the full loan amount is forgiven, the unforgiven share, with interest, can become due and payable.

California generally prohibits employers from deducting any outstanding loan balances from an employee’s final paycheck without express permission in contemporaneous writing signed by the employee, both at the time the loan or advance was given and at separation.

Similarly, New York has extremely nuanced rules related to permissible deductions for employee benefits, which are limited (eg, authorised deductions and deductions for the benefit of the employee).

SFC

Persons engaging in regulated activities are required to continuously update their knowledge and skills through continuous professional training (CPT). The “Guidelines on Continuous Professional Training” published by the SFC provides for the following CPT requirements:

• a minimum of 10 CPT hours a year for licensed representatives and relevant individuals; and
• a minimum of 12 CPT hours a year for responsible officers and executive officers (including 2 CPT hours on topics relating to regulatory compliance).

In addition, an individual should attend at least five CPT hours a year (out of the 10 hours for licensed representatives and relevant individuals and 12 hours for responsible officers and executive officers) on topics directly relevant to the regulated activities for which he or she is licensed at the time the CPT hours are undertaken.

HKMA

The HKMA has implemented the “Enhanced Competency Framework”(ECF) for banking practitioners. While the ECF is not a mandatory regime, banks are strongly encouraged to adopt it as the benchmark for enhancing the level of core competence and ongoing professional development of banking practitioners.

IA

Under the “Guideline on Continuing Professional Development for Licensed Insurance Intermediaries”, licensed insurance intermediaries who are individuals are required to receive training through CPD to preserve their professional competence and standards in providing service to policyholders and potential policyholders.

The minimum number of CPD hours for individual licensees is 15 CPD hours for each assessment period, including a minimum of three compulsory CPD hours on “Ethics or Regulations” courses.

Financial services employees are also required to receive training on anti-money laundering and counter-financing of terrorism. New staff should be required to attend initial training as soon as possible after being hired or appointed. Apart from the initial training, refresher training should be provided regularly to ensure that staff are reminded of their responsibilities and are kept informed of new developments.

Yes. A CF employee, subject to the Minimum Competency regime, will be required to complete CPD training. Evidence of meeting that CPD requirement is also a factor in determining a person's F&P. RFSPs must maintain records of CPD training provided to CFs to demonstrate compliance with the minimum competency regime.

The 2023 Act also introduces new training obligations for those subject to the Common and Additional Conduct Standards, with firms being required to train those persons on how these obligations apply to them and their new duties of responsibility. Attendance at, or completion of, training in respect of the Conduct Standards should be mandatory and such attendance should be carefully documented with refresher training rolled out periodically.

Employers within the scope of the Criminal Justice (Money Laundering and Terrorist Financing) Acts 2010 - 2021 (including RFSPs) are required to provide annual training to relevant staff and directors on its requirements and the RFSP must have procedures in place to comply with that legislation and associated guidance.

Depending on the RFSP's business, additional mandatory training may be needed annually, for example, on topics such as market abuse.

The designated person for responding to protected disclosures should be trained and competent in the identification and handling of protected disclosures.

The DFSA General Rulebook requires authorised entities to ensure that the Senior Executive Officer, Compliance Officers, and Money Laundering Reporting Officer, must complete a minimum of 15 hours of continuing professional development in each calendar year.  This continuing professional development must be relevant to the employee’s role and professional skill and knowledge, and consist of structured activities, such as courses, seminars, lectures, conferences, workshops, web-based seminars or e-learning, which require a commitment of 30 minutes or more.  The employee must also ensure that they maintain adequate records to be able to demonstrate that these requirements have been met.

The FSRA General Rulebook requires an authorised entity to ensure that its directors and senior managers are fit and proper and its guidance suggests that whether any training has been untaken or is required should be considered.  In addition, an authorised entity should satisfy itself that an employee continues to be competent and capable of performing the role, has kept abreast of market, product, technology, legislative and regulatory developments that are relevant to the role, through training or other means, and is able to apply this knowledge.

All employees in some states, including California and New York, are required to receive periodic sexual harassment training. Additionally, employees may be required to pass certain skills tests before registering with regulators or engage in continuing education programmes (most notably FINRA, see question 4).

SFC

Under the SFO, licensed representatives and ROs are required to be “a fit and proper person” to carry on the regulated activities and must adhere to the standards of behaviour set out in the “Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission”. Other relevant guidelines regarding standards of behaviour include:

• “Fit and Proper Guidelines”, which set out the general expectations of the SFC of what is necessary to satisfy the licensing or registration requirements that a person is fit and proper.
• “Guidelines on Competence”, which set out the competence requirements and its objective to ensure a person is equipped with the necessary technical skills and professional expertise to be “fit”, and is aware of the relevant ethical standards and regulatory knowledge to be “proper” in carrying on any regulated activities.

HKMA

Under the BO, employees of an authorised institution that carry on regulated activities under the SFO are required to be fit and proper. In addition, the HKMA needs to be satisfied that the chief executive, directors, controllers and executive officers of the authorised institutions are fit and proper. Other relevant guidelines regarding standards of behaviour include:

• “Code of Banking Practice”, which is to be observed by authorised institutions in dealing with and providing services to their customers.
• Supervisory Policy Manual CG – 2 “Systems of Control for Appointment of Managers”, which sets out the system of control that authorised institutions should have for ensuring the fitness and propriety of individuals appointed as managers.

IA

The conduct requirements for licensed insurance agents and brokers are set out in Division 4 of the IO. Other relevant codes and guidelines include:

• “Code of Conduct for Licensed Insurance Agents”, which sets out the fundamental principles of professional conduct that buyers of insurance are entitled to expect in their dealings with licensed insurance agents.
• “Code of Conduct for Licensed Insurance Brokers”, which sets out the fundamental principles of professional conduct that buyers of insurance are entitled to expect in their dealings with licensed insurance brokers.
• “Guideline on ‘Fit and Proper’ Criteria under the Insurance Ordinance”

Yes there are. They are:

• the F&P Standards;
• the minimum competency regime; and
• the IAF and SEAR (see question 1).

There are also sector-specific conduct of business requirements in legislation and codes, including the Consumer Protection Code 2012, the MiFID II regime, and other regulatory requirements applicable to RFSPs based on their industry sector that apply and deal with matters such as:

• error handling,
• disclosures to customers,
• acting in the best interests of customers; and
• complaints handling.

In the DIFC, the DFSA General Rulebook provides that authorised individuals must adhere to six principles, as follows:

• Principle 1 – Integrity
• Principle 2 – Due skill, care and diligence
• Principle 3 – Market conduct
• Principle 4 – Relations with the DFSA
• Principle 5 – Management, systems and control
• Principle 6 – Compliance
   

In the ADGM, the FSRA General Rulebook provides that authorized individuals must adhere to eleven principles, as follows:

• Principle 1 – Integrity
• Principle 2 – Due skill, care and diligence
• Principle 3 – Management, systems and control
• Principle 4 – Resources
• Principle 5 – Market conduct
• Principle 6 – Information and interests
• Principle 7 – Conflicts of Interest
• Principle 8 – Suitability
• Principle 9 – Customer assets and money
• Principle 10 – Relations with regulators
• Principle 11 – Compliance with high standards of corporate governance

Employees in some states, including California and New York, are required to receive periodic sexual harassment training.

Employers are also required to implement anti-discrimination and anti-harassment policies that:

• contain information about where and how employees can report improper conduct;
• prohibit retaliation for reporting or opposing improper conduct, or participating in an investigation regarding misconduct; and
• comply with state and local provisions that require employer policies to contain certain provisions (eg, New York, Los Angeles and San Francisco).

New York law prohibits employers from mandating confidentiality or non-disclosure provisions when settling sexual harassment claims (though it allows such provisions where it is the employee’s preference to include them).

California law prohibits employers from mandating confidentiality or non-disclosure provisions in employment agreements, settlement agreements, and separation agreements that are designed to restrict an employee's ability to disclose information about unlawful acts in the workplace, including information pertaining to harassment or discrimination or any other conduct the employee has reason to believe is unlawful.

FINRA and the SEC both have requirements and recommendations for social media use.

FINRA requires that broker-dealers retain records of social media communications related to the broker-dealer’s business made using social media sites and adopt policies and procedures designed to ensure that their employees who use social media sites for business purposes are appropriately supervised and trained, and do not present an undue risk to investors.

The SEC similarly requires that social media use complies with all federal security laws, including antifraud, compliance, and recordkeeping provisions.

Banking regulators provide guidance stating that each financial institution is expected to carry out an appropriate risk assessment that takes social media activities into consideration.

SFC – Self-reporting obligation

An SFC-licensed intermediary is subject to the self-reporting obligation under paragraph 12.5 of the “Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission”. A licensed or registered person should report to the SFC immediately upon the occurrence of any material breach, infringement or non-compliance with any laws, rules regulations, and codes administered or issued by the SFC, exchange or clearing house of which it is a member or participant of, and the requirement of any regulatory authority applicable to that intermediary. This encompasses both actual and suspected breaches, infringements or non-compliance. In the report, the particulars of the actual or suspected breach, infringement or non-compliance, and relevant information and documents must be included to fulfil the obligation.

The same is to be reported by the registered institutions to the HKMA. The HKMA also requires authorised institutions to submit an incident report on the same day of discovering the incident.

SFC - Internal investigation disclosure obligation

In addition, a licensed corporation is required to provide the SFC with information about whether a licensed individual who ceases to be accredited to it (outgoing employee) was under any investigation commenced by the licensed corporation within six months preceding his or her cessation of accreditation. If the internal investigation commences after the notification of cessation of accreditation, the licensed corporation should also notify the SFC as soon as practicable. In addition, even if a firm has completed its investigation and made no negative findings against an outgoing employee, the firm will still be required to notify the SFC of the investigation.

The SFC expects licensed corporations to proactively disclose information about all investigative actions and the following is a non-exhaustive list of examples of investigations involving an outgoing employee that a licensed corporation should disclose to the SFC:

• investigations about a suspected breach or breach of applicable laws, rules and regulations;
• investigations about a suspected breach or breach of the licensed corporation's internal policies or procedures;
• investigations about misconduct that are likely to give rise to concerns about the fitness and properness of the outgoing employee;
• investigations about any matter that may have an adverse market or client impact; and
• investigations about any matter potentially involving fraud, dishonesty and misfeasance.

HKMA – Reporting incidents to HKMA

According to the “Incident Response and Management Procedures” published by the HKMA, once an authorised institution has become aware that a significant incident has occurred, the authorised institution concerned should notify the HKMA immediately and provide it with whatever information is available at the time. An authorised institution should not wait until it has rectified the problem before reporting the incident to the HKMA.

According to the Supervisory Policy Manual SB-1 “Supervision of Regulated Activities of SFC-Registered Authorized Institutions”, to be in line with the reporting requirements imposed by the SFC on licensed representatives, authorised institutions will be required to notify the HKMA in writing within seven business days upon knowledge of the occurrence of certain information (including any subsequent changes) of the relevant individuals. The required information is on whether or not the person is or has been:

• convicted of or charged with any criminal offence (other than a minor offence) in Hong Kong or elsewhere;
• subject to any disciplinary action, or investigation by a regulatory body or criminal investigatory body (as the case may be) in Hong Kong or elsewhere;
• subject to, or involved in the management of a corporation or business that has been or is subject to, any investigation by a criminal investigatory body or any regulatory body in Hong Kong or elsewhere concerning offences involving fraud or dishonesty;
• engaged in any judicial or other proceedings, whether in Hong Kong or elsewhere, that is material or relevant to the fitness and propriety of the individual; or
• bankrupt or aware of the existence of any matters that might render him insolvent or lead to the appointment of a receiver of his property under the Bankruptcy Ordinance.

HKMA – Guidance Note on Cooperation with HKMA Investigations

Under the “Guidance Note on Cooperation with the HKMA in Investigations and Enforcement Proceedings”, the HKMA encourages and recognises the cooperation of authorised institutions, banks and their staff in investigations and enforcement proceedings. Under this Guidance Note, cooperation includes early and voluntary reporting of any suspected breach or misconduct, taking a proactive approach to assist the HKMA’s investigation, and making timely arrangements to provide evidence and information.

IA – Self-reporting obligation

Under “the Code of Conduct for Licensed Insurance Agents/Brokers”, there is a self-reporting obligation by licensed insurance agencies or brokerages to the IA. A licensed insurance agency or brokerage is required to have proper controls and procedures to ensure the following incidents are reported to the IA as soon as is reasonably practicable:

• a disciplinary action taken by the HKMA, the SFC or the Mandatory Provident Fund Schemes Authority;
• a criminal conviction (other than a minor offence) by any court in Hong Kong or elsewhere;
• any material breaches of requirements under the IO or any rules, regulations, codes or guidelines administered or issued by the IA; and
• any material incidents which happen to the agency or brokerage.

The CBI expects RFSPs to be open and transparent in their engagement, including concerning compliance with the F&P Standards and the Common Conduct Standards. While early versions of the IAF regulations and related guidance contained an obligation on a RFSP to report to the CBI if disciplinary action had been taken against an individual, the obligation was removed from the latest version of the draft legislation. The Guidance indicated that the CBI would expect that they would have already received relevant details as it provides that firms and persons performing PCF roles are required to report to the CBI where they suspect that a "prescribed contravention" may have occurred for the purposes of the CBI legislative framework and the CBI states that a breach of the Common Conduct Standards and/or Additional Conduct Standards is a "prescribed contravention" for these purposes.

Both the DFSA General Rulebook and FSRA General Rulebook provide that where an authorised firm requests the withdrawal of an authorised individual, they must provide to the regulator details of any circumstances in which they consider the individual is no longer fit and proper.  Where the individual is to be dismissed or has requested to resign, the firm must provide to the regulator a statement of the reason, or reasons, for the dismissal or resignation.

In addition, the DFSA and FSRA General Rulebooks contain broad obligations on any authorised firm to report to the regulator if it becomes aware of a range of occurrences, including any matter which could have a significant adverse effect on the authorised firm’s reputation, or a matter in relation the authorised firm which could result in serious adverse financial consequences to the financial system or to other firms, or a significant breach of a rule by the authorised firm or its employees.

FINRA members must report to FINRA within 30 calendar days after the firm has concluded, or reasonably should have concluded, that an associated person of the firm or the firm itself has violated any securities, insurance, commodities, financial or investment-related laws, rules, regulations or standards of conduct of any domestic or foreign regulatory body or self-regulatory organisation.

While there is no requirement to report misconduct to regulators, the SEC routinely gives credit to organisations that voluntarily choose to self-report, which can lead to reduced fines, non-prosecution agreements, deferred prosecution agreements, waivers of disqualification following regulatory or criminal actions, or more organisation-friendly language in settlement documents. However, such disclosed information may later be discoverable by private plaintiffs.

The SEC has issued guidance that a failure to self-report significant misconduct can lead to more severe penalties.

Anti-money laundering and counter-financing of terrorism

Financial services employees are required to receive training on anti-money laundering and counter-financing of terrorism. New staff should be required to attend initial training as soon as possible after being hired or appointed. Apart from the initial training, refresher training should be provided regularly to ensure that staff are reminded of their responsibilities and are kept informed of new developments (see question 8).

Whistleblowing

There is no single comprehensive whistleblowing legislation to protect whistleblowers in Hong Kong. However, piecemeal provisions in various ordinances may protect specific whistleblowers for the reporting of specific offences. For example, the Employment Ordinance provides that an employer shall not terminate (or threaten to terminate) the employment of, or in any way discriminate against, an employee because the employee has given evidence or information in any proceedings or inquiry in connection with the enforcement of the Employment Ordinance, work accidents or breach of work safety legislation.

While it is not legally required, as good practice, employers should consider implementing a whistleblowing policy to set out, among others, the type of incidents that should be reported and the procedures for filing the report.

Workplace harassment

Under the Sex Discrimination Ordinance, Disability Discrimination Ordinance and Race Discrimination Ordinance, any harassment in the workplace based on sex, pregnancy, disability and race (which includes colour, descent, ethnic or national origins) is unlawful.

As employers are vicariously liable for the wrongful acts of their employees (whether or not the act was done with the employer’s knowledge or approval), one of the statutory defences is for employers to establish that they took “reasonably practicable steps” to prevent the wrongful act in the workplace. Employers should therefore put in place anti-harassment policies and procedures to prevent harassment from happening in the workplace and to provide complaint or reporting procedures to handle such incidents.

Yes. Concerning the prevention of wrongdoing, RFSPs should implement a written protected disclosures/whistleblowing policy that explains the secure and confidential internal and external reporting channels available to workers who wish to report relevant wrongdoings. The anti-retaliation protection should be explained and workers should understand from the policy how a report of relevant wrongdoing will be dealt with by the RFSP.

RFSPs should ensure that they have clear, up-to-date and fully compliant policies governing:

• dignity at work (including anti-harassment and anti-bullying measures); and
• grievance and disciplinary policies.

RFSPs should ensure that employees are trained on the RFSP's dignity at work (anti-bullying and harassment) policies to ensure that the RFSP's values, culture and commitment to preventing harassment and bullying are clear regarding their rights and obligations.

Whistleblowing

In the DIFC, whistleblowing is addressed both by the DFSA, who introduced its regulatory regime for whistleblowing in 2022 through amendment to its Regulatory Law 2004, as well as the more general obligations contained in the Operating Law of the DIFC Authority.

Under the Regulatory Law, any person who makes a qualifying disclosure to a specified person is entitled to protection under the law.  Similar provisions are contained in the Operating Law.

The disclosure may be made internally within the company, for example, to a director, officer or any person in a management position of the relevant company, or any person designated by that company to receive the disclosure of such information; or externally, for example, to the Registrar, Financial Services Regulator, Office of Data Protection, or criminal law enforcement agency in the UAE.

The qualifying disclosure must relate to the disclosure of information made in good faith, that relates to a reasonable suspicion that a regulated entity, or any of its employees or officers, has or may have, contravened a provision of legislation administered by the DFSA, or has engaged in money laundering, fraud, or other financial crime.

A person making a protected disclosure shall not be subject to any civil or contractual liability for making the disclosure, nor shall they be dismissed or otherwise suffer a detriment or disadvantage in connection with making the disclosure. 

The corresponding DFSA module sets out the DFSA’s expectations that companies should implement appropriate written policies in order to facilitate the reporting of any regulatory concerns by whistleblowers, and to assess, and, where appropriate, escalate regulatory concerns reported to it. 

The ADGM published Guiding Principles on Whistleblowing in December 2022, which whilst non-binding, were designed to assist entities and individuals in the ADGM in establishing whistleblowing frameworks and ensure that potential whistleblowers were encouraged to speak up and were fairly treated when they did so.  In March 2024, the ADGM announced a public consultation on proposals for a whistleblowing framework, which will lead to the introduction of Whistleblower Protections Regulations and amendments to the Employment Regulations.

Harassment

Harassment is not dealt with in the regulatory framework outlined above, but is contained in the applicable employment legislation.

Whistleblowing in the United States is governed by two main statutory sources, the Sarbanes-Oxley Act (SOX) and the Dodd-Frank Act (Dodd-Frank).

SOX protects whistleblowers who report violations of securities laws to:

• federal regulatory bodies or law enforcement;
• members of Congress or congressional committees; or
• supervisors or persons authorised by the employer to investigate, discover, or terminate misconduct.

Dodd-Frank generally only protects whistleblowers who report violations of the securities or commodities laws to the SEC or CFTC. However, it also prohibits employers from discriminating against financial services employees for objecting or refusing to participate in any activity that would be a violation of securities law (note that Dodd-Frank prohibits mandatory arbitration of retaliation claims under the Act).

Whistleblowers in the banking industry are also protected under both federal and applicable state laws for reporting violations of banking law to the US Department of Justice.

Under Dodd-Frank and banking laws, employees may be offered a bounty for whistleblowing activities that results in successful enforcement actions.

Employment Discrimination and Sexual Harassment Claims are not subject to mandatory FINRA arbitration, though the claims may be arbitrated if all parties agree.

Californian employers with at least five employees globally must implement policies and provide training on the prohibition of harassment, discrimination, and retaliation in the workplace.

There are no particular rules or protocols that apply when terminating the employment of an employee in the financial services sector. The termination procedures will follow the requirements under the Employment Ordinance and the contractual terms of the employment contract. In certain cases (eg, termination of senior executives), the parties may enter into a mutual release and settlement agreement.

The licensed corporations should notify the regulators of any changes, including cessation of appointment of the licensed representative and responsible officer or managers-in-charge of core functions, within seven business days. In the case of registered institutions, the notification should be made to both the SFC and the HKMA.

Under section 64R of the IO, within 14 days after the day on which an authorised insurer, a licensed insurance agency or a licensed insurance broker company (collectively, “Appointing Principal”) terminates the appointment of a licensed insurance agency, a licensed individual insurance agent, a licensed technical representative (agent), a licensed technical representative (broker) or a responsible officer (as the case may be), then the Appointing Principal should notify the IA in writing of the termination.

Where possible it is important to try to resolve any outstanding issues that a PCF has or may have before the PCF's contract is terminated. An RFSP is required to give details of the circumstances of a PCF's termination of employment and to confirm whether or not there are outstanding issues regarding the PCF.

It is important to ensure that there are adequate provisions to govern the following in any settlement agreement or termination arrangements:

• adequate handover of operational responsibility;
• continued co-operation on operational matters within the employee's knowledge or in relation to matters that may subsequently be investigated by the CBI;
• secure return of all company property including any personal data; and
• post-termination confidentiality obligations and any other necessary post-termination restrictions.

As noted in question 7, the DFSA General Rulebook and FSRA General Rulebook contain Best Practice Guidance for remuneration structure and strategies of authorised persons.  In this regard, both sets of guidance provide that where an authorised entity provides discretionary payouts on termination of employment (either by way of severance payments, or other payments, such as “golden parachutes”), these should be subject to appropriate limits or shareholder approval.  In addition, they should be aligned with the firm’s overall financial status and performance.

Form U5, the Uniform Termination Notice for Securities Industry Registration, is used by broker-dealers to terminate the registration of an associated person with FINRA and in other applicable jurisdictions and self-regulatory organisations. A FINRA member firm must file Form U5 within 30 days of an employee’s termination. This form includes the reason for an employee’s departure and must include a detailed description of the reasons for termination. Employee appeals related to the content of the U5 are arbitrated before FINRA (eg, if an employee challenges their termination).

Payments to retiring employees

FINRA prohibits paying commissions to unregistered persons, except for retired representatives receiving trailing commissions where a bona fide contract was entered into between the broker-dealer and the retiring employee.

California

California law prohibits the use of non-disclosure provisions in settlement agreements that are designed to restrict an employee's ability to disclose information about unlawful acts in the workplace, including information pertaining to harassment or discrimination or any other conduct the employee has reason to believe is unlawful. Provisions protecting the identity of a claimant are permitted where requested by the claimant. California law also prohibits “no-rehire” provisions in settlements of employment disputes, with limited exceptions for employees whom the employer, in good faith, determined engaged in sexual harassment or sexual assault, or any criminal conduct.

There are no particular rules that apply concerning the use of post-termination restrictive covenants for employees in the financial services sector. The rules concerning post-termination restrictive covenants are governed by common law principles in which they will only be enforced if the restriction is necessary for the protection of the employer’s legitimate business interest and is reasonable in scope and duration.

No there are no bespoke rules that apply. Post termination restrictions in Ireland are void as being in restraint of trade unless it can be shown that the restrictions are necessary to protect an employer's legitimate proprietary interest and they are proportionate and reasonable in their scope and duration to achieve that protection[i].

[i] Law as of 15 April 2024

The DFSA and FSRA Rulebooks do not regulate the use of post-termination restrictive covenants. It is fairly typical for financial services firms in both free zones to include non-dealing, non-solicitation, non-compete and similar restrictive covenants in their employment contracts. These are subject to the same common law rules on interpretation and enforceability as in any other sector.  In addition, whilst the courts in both the DIFC and ADGM will award injunctive relief, there is no similar right in the federal courts.  This means that the enforceability of an injunctive order outside of the geographic scope of the two free zones is uncertain.

The enforceability of restrictive covenants varies greatly depending on applicable state law. Many states impose specific requirements or limitations on enforceable covenants.

FINRA-regulated firms must comply with additional regulations:

• FINRA rules prohibit interference with a customer’s choice to follow a former representative during a change in employment where there is no existing dispute with the customer about the account. The FINRA-registered agent must help transfer a customer’s account in the event of such a customer request. Note that this only explicitly affects requests by customers and not solicitation by a representative. A non-solicit provision might be upheld whereas a non-compete might not.

• Broker-dealer firms that are signatories to the Protocol for Broker Recruiting are subject to additional requirements. Under this protocol, a departing employee may be permitted to take certain information regarding clients they serviced while at the firm to a new employer and use that information to solicit clients. Non-signatories are not bound to this protocol and can sue departing brokers for violating the terms of otherwise enforceable covenants.

Non-competes and so-called garden leave provisions are regularly included in termination documents. The enforceability of these covenants vary based on jurisdiction, with courts evaluating provisions based on duration and geographic scope.

New York

New York law disfavours non-compete agreements as a general rule. However, such agreements may be enforceable if the restrictions are reasonable and are intended to protect a legitimate interest. A court can enforce a non-compete only if the covenant:

• is no greater than required to protect an employer’s legitimate interests;
• does not impose undue hardship on the employee;
• does not cause injury to the public; or
• is reasonable in duration and geographic scope.

California

California law does not allow post-employment non-compete or non-solicit agreements except agreements involving the sale or dissolution of a business. California law protects employer confidential information and prohibits current or former employees from using employer confidential information in the solicitation of employees.

Non-disclosure agreements are legally enforceable in Hong Kong. They follow the contract law rules and there is no other particular form or rules. To be enforceable, a non-disclosure agreement must protect information that is both confidential and valuable. There are common exceptions where confidentiality will not apply to certain information, including information available in the public domain, information lawfully received from a third party without proprietary or confidentiality limitations, information known to the employee before first receipt of same from the employer, and information disclosed in circumstances required by law or regulatory requirement.

Yes. It is possible to use NDAs in Ireland and it is quite common for them to be used, but there are some limitations on their use and enforceability.

Certain mandatory reporting obligations will override a contractual non-disclosure agreement, such as the requirement for PCFs under section 38(2) of the CBI (Supervision and Enforcement) Act 2013 to disclose certain matters to the CBI.

Further, an NDA cannot extinguish an employee's right to anti-retaliation protection where the employee makes a protected disclosure either internally or externally under the Protected Disclosures Act 2014 - 2022.

Non-disclosure agreements may be used in the UAE (including DIFC and ADGM free zones).  There are no particular requirements regarding the form or rules for those NDAs.

Non-disclosure agreements are currently permissible under United States law with some exceptions, typically pertaining to whistleblower, harassment, and discrimination matters. On 7 December 2022, President Joe Biden signed the Speak Out Act, which prohibits the enforcement of non-disclosure and non-disparagement provisions that were agreed to before an incident of workplace sexual assault or sexual harassment occurred. In other words, it does not prohibit these provisions in settlement or severance agreements.

Both Dodd-Frank and SOX prohibit employers from impeding an individual’s whistleblowing process. Confidentiality provisions should expressly authorise employee communications directly with, or responding to any inquiry from, or providing testimony before the SEC, FINRA, any other self-regulatory organisation or any other state or federal regulatory authority.

The United States Tax Cuts and Jobs Act of 2018 discourages NDAs in the settlement of sexual harassment claims. Under this law, employers settling claims alleging sexual harassment or abuse that include a confidentiality or non-disclosure provision in the settlement agreement cannot take a tax deduction for that settlement payment or related attorneys' fees.

Under the National Labor Relations Act, employees (except for supervisors) cannot be prohibited from discussing their compensation or working conditions

California

• California Law prohibits NDAs that would prevent employees from discussing or disclosing their compensation or discussing the wages of others. However, California permits the use of a non-disclosure provision that may preclude the disclosure of any amount paid in any separation or settlement agreement.
• California imposes restrictions on the use of non-disclosure provisions that are designed to restrict an employee's ability to disclose information about unlawful acts in the workplace, including information pertaining to harassment or discrimination or any other conduct the employee has reason to believe is unlawful in employment agreements, settlement agreements, and separation agreements.
• California employers cannot:
  • require employees, in exchange for a raise or a bonus, or as a condition of employment or for continued employment, to sign any non-disparagement or non-disclosure provision that denies the employee the right to disclose information about unlawful acts in the workplace;
  • include in any separation agreement a provision that prohibits the disclosure of information about unlawful acts in the workplace; or
  • include a provision within a settlement agreement that prevents or restricts the disclosure of factual information related to claims for sexual assault, sexual harassment, workplace harassment or discrimination, retaliation, or failure to prevent workplace harassment or discrimination that are filed in a civil or administrative action, unless the settlement agreement is negotiated, which means that the agreement is voluntary, deliberate, informed, provides consideration of value to the employee, and the employee is giving notice and an opportunity to retain an attorney or is represented by an attorney.

New York

• New York law prohibits NDAs that:
  • prevent an employee from discussing or disclosing their wages or the wages of another employee.
  • prevent an employee from disclosing factual information related to a future discrimination claim, unless the agreement notifies employees that it does not prevent them from speaking to the EEOC, the New York Department of Human Rights, and any local human rights commission or attorney retained by the individual.

New York law also prohibits employers from mandating confidentiality or non-disclosure provisions when settling sexual harassment claims (though allows such provisions where it is the employee’s preference to include them).