Employment in Financial Services

In the UK, there are two main regulators responsible for the supervision of financial institutions. These are:

• The Prudential Regulation Authority (the PRA) – The PRA supervises over 1,500 financial institutions, including banks, building societies, credit unions, insurance companies and major investment firms. It creates policies for these institutions to follow and watches over aspects of their business.
• The Financial Conduct Authority (the FCA) – The FCA regulates the conduct of approximately 50,000 firms, prudentially supervises 48,000 firms, and sets specific standards for around 18,000 firms.

Some financial institutions are regulated by both the PRA and FCA (dual-regulated). Those financial institutions must comply with rules set down by the PRA in its rulebook (the PRA Rulebook) and by the FCA in its handbook (the FCA Handbook). Other firms are regulated solely by the FCA (solo-regulated) and must comply with the FCA handbook alone. Different rules can apply depending on the nature and size of the firm. The PRA and FCA work closely on certain issues and firms, but the FCA focuses specifically on ensuring fair outcomes for consumers.

The Senior Managers and Certification Regime (SM&CR) sets out how the UK regulators oversee people in businesses supervised and regulated by them, and how those people must act. As the FCA has summarised, “The SM&CR aims to reduce harm to consumers and strengthen market integrity by making individuals more accountable for their conduct and competence” (https://www.fca.org.uk/firms/senior-managers-certification-regime).

SM&CR consists of three elements:

• The Senior Managers Regime (SMR) – This applies to the most senior people in a firm (senior managers) who perform one or more senior management functions (SMFs). These functions are specified in the PRA Rulebook and the FCA Handbook. Senior managers must be pre-approved by the PRA or FCA before starting their roles. Each senior manager must also have a “Statement of Responsibilities” (that sets out what they are responsible and accountable for), which may include (depending on the firm) certain responsibilities prescribed by the regulator known as “Prescribed Responsibilities”. Every year, senior managers must be certified as fit and proper to carry out their role by their firm.
• The Certification Regime (CR) – This applies to employees who, because of their role, could pose a risk of significant harm to the firm or its customers, such as employees who offer investment advice (certified staff). For solo-regulated firms, these roles are generally called certification functions. Firms must certify that these employees are fit and proper for their roles both at the outset of their employment and continuously.
• The Conduct Rules – The Conduct Rules set minimum standards of individual behaviour in financial services in the UK. They apply to almost all employees of a firm. They also include particular rules applicable only to senior managers.

Certain parts of SM&CR apply to particular firms only. This is outside the scope of this note, which sets out the general position under SM&CR.

In the United States, there are different regulatory environments, depending on the nature of the employer.

• The Securities and Exchange Commission (SEC) regulates the offer and sale of securities, the various obligations of public companies, and the registration and conduct of broker-dealers. The SEC also regulates investment advisers.
• Every state has its own securities laws, known as Blue Sky Laws. These laws vary from state to state, but most, including New York and California, impose registration requirements on broker-dealers. State laws also require employees of brokers and dealers engaged in securities transactions to register as agents or salespersons.
  • The California Corporate Securities Law of 1968 covers securities offerings in the state of California.
  • The New York General Business Law and the New York Compilations of Codes, Rules and Regulations cover securities offerings in the state of New York.
• The Financial Industry Regulatory Authority (FINRA) is a private self-regulatory organisation that oversees exchange markets and brokerage firms and regulates the conduct of broker-dealer member firms.
• The Commodity Futures Trading Commission (CFTC) regulates commodities or future brokers and exchanges under the Commodity Exchange Act (CEA).
• Banks are regulated by both federal and state regulators, including the Federal Reserve Board, the Office of the Comptroller of the Currency, the Consumer Financial Protection Bureau, and the Federal Deposit Insurance Corporation.
• Commodities or future brokers or exchanges are covered by the CEA and are regulated by the CFTC.
• The Protocol for Broker Recruiting is an agreement signed by more than 2,000 broker-dealers. This Protocol specifically places limits on the restrictions a signatory firm can place on representatives who move to another signatory firm.

Most states have their own financial regulatory regimes. For example:

• The New York Department of Financial Services has regulatory authority over banks and certain other financial services entities within the state of New York.
• The California Department of Financial Protection and Innovation has regulatory authority over financial services entities within the state of California.

For employees subject to the SMR, anyone performing an SMF must be pre-approved by the relevant regulator before they can start their role. Generally, firms that wish to employ a senior manager must first carry out sufficient due diligence to satisfy themselves that the candidate is a fit and proper person to perform their proposed functions. In this regard, firms must consider the individual’s qualifications, training, competency and personal characteristics. The firm must also carry out a criminal records check. They may then apply to the relevant regulator for that candidate’s pre-approval. In the firm’s application, all matters relating to the candidate’s fitness and propriety must be disclosed. The firm must also enclose a statement of that individual’s proposed responsibilities and (depending on the firm) the latest version of the firm’s management responsibilities map.

For employees subject to the CR, before the appointment and annually thereafter, these employees must be certified by the employing SM&CR firm as being fit and proper. Certification does not involve pre-approval by the FCA or PRA.

Additionally, firms must comply with the regulatory reference rules for all candidates subject to either the SMR or CR before their employment. These rules require employing firms to request a regulatory reference from all previous employers covering the past six years of employment. Information must be shared between regulated firms using a particular template, which includes information relevant to assessing whether a candidate is fit and proper. Firms are also expected to retain records of disciplinary and fit and proper findings going back six years for their employees (or longer for findings of gross misconduct), and they must update regulatory references that they have previously given where new significant information comes to light that would impact the content of a previously given regulatory reference.

In addition to the standard hiring measures that must be taken when engaging an employee, several additional steps must be taken when engaging financial services employees in the United States. Generally, financial services employees must pass certain screening and disclosure steps, including:

• background checks;
• criminal background disclosures; and
• fingerprinting.

Broker-dealers and investment advisors must register with FINRA (see below).

Background checks

FINRA-regulated entities must investigate each person they plan to register with FINRA to ensure that they meet FINRA Form U4 requirements regarding that person’s history of formal charges and indictments.

If the applicant has previously registered with FINRA, broker-dealers must also review an applicant’s most recent Form U5 or be able to demonstrate to FINRA that it has made reasonable efforts to review Form U5 but has been unable to do so. If the applicant has previously registered with a CFTC-registered firm, the broker-dealer must review CFTC Form 8-T.

Bank employees must undergo a background check. Certain criminal conduct may statutorily disqualify an applicant from employment. For example, federal law prohibits any person convicted of a criminal offence involving dishonesty or breach of trust (or who has entered into a pre-trial diversion or similar programme regarding such an offence) from serving as a director, officer, or employee of an FDIC-insured bank without the FDIC's consent. Banks must conduct reasonable inquiries into an applicant’s background to avoid hiring persons barred from employment by this law. Banks may be protected from claims of disparate impact (under state “ban-the-box” laws) when terminating or withdrawing offers from disqualified employees under this law. Both California and New York explicitly provide such carve-outs. However, these are position-specific rather than employer-specific, and employees with positions not subject to FINRA or other statutorily required background checks or disqualifiers based on criminal history may still be subject to state or local “fair chance” or ban-the-box laws. Therefore, as a best practice, non-bank financial services employers should avoid relying on these exceptions for all of their employees. Relatedly, the FDIC does not consider “de minimus” criminal violations disqualifying, including minor offences by young adults, bad cheques for less than $1,000 and simple theft of less than $500.

Fingerprinting

Entities covered by the SEC are also subject to fingerprinting requirements. Every member of a national securities exchange, broker, dealer, registered transfer agent, registered clearing agency, registered securities information processor, national securities exchange, and national securities association must ensure that each of its partners, directors, officers, and employees are fingerprinted and must submit such fingerprints, or cause the same to be submitted, to the Attorney General of the United States for identification and appropriate processing. Employees who will not be selling, keeping, or handling securities or supervising those who do are exempt from this requirement.

While New York generally prohibits fingerprinting, there is an exception where, as here, fingerprinting is statutorily required.

California Financing Law requires fingerprinting for certain individuals seeking to license in California.

Please note, during the COVID-19 epidemic, the SEC temporarily paused the fingerprinting requirements. This pause was lifted in September 2022.

As a matter of general UK employment law, employers must give employees written particulars of certain terms and conditions of employment. This is known as a “section 1 statement” after section 1 of the Employment Rights Act 1996, which sets out the mandatory information that employers must give to employees no later than the first day of their employment. This includes fundamental information such as the names of the employer and employee; the date of commencement of employment; the rates and timing of pay; and working hours. Other prescribed particulars (such as information regarding pensions, collective agreements and training) can be provided to employees in instalments within two months of commencement of employment. Typically, a written employment contract will contain the relevant information to satisfy these requirements.

Financial services employers should ensure that, in addition, their employment contracts reinforce the requirements of SM&CR. This will help the employer manage the employment relationship in a manner compliant with SM&CR and demonstrate to the relevant regulators the employer’s commitment to compliance with SM&CR. The employment contract will usually include, therefore, additional provisions regarding the completion of SM&CR-compliant background checks; confirmation of the employee’s regulated function (eg, their SMF or certification function); required regulatory standards of conduct; cooperation with fitness and propriety assessments; and tailored termination events.

In addition, all senior managers must have a statement of responsibility setting out their role and responsibilities. Certain firms must also allocate certain regulator-prescribed responsibilities (prescribed responsibilities) among senior managers. It is common to set out a senior manager’s regulatory responsibilities in their employment contract.

Dual-regulated firms must also ensure that individuals approved to carry out a PRA-designated SMF are subject to any specific contractual requirements required by the PRA. For example, depending on the type of firm, a firm may be required to ensure that the relevant individual is contractually required to comply with certain standards of conduct, such as to act with integrity and with due care and skill (among other requirements).

FINRA

Broker-dealers and investment advisors regulated by FINRA must electronically file FINRA’s Form U4 when registering “associated persons” with FINRA or transferring their registration to another broker-dealer. Broker-dealers must also create and implement written procedures to verify the facts disclosed by prospective employees on the U4.

• “Associated persons” include employees of all levels involved with investment and securities operations.
• The U4 form requires disclosure of the associated person’s background history, including any criminal convictions or civil actions, regulatory proceedings or sanctions, administrative proceedings, financial disclosures (such as bankruptcy), customer complaints, or arbitration awards.

Form U4 also contains an agreement requiring employees to submit to arbitration “any dispute, claim or controversy that may arise between [them and their] firm, or a customer, or any other person…”

Member firms must provide registered employees with an arbitration disclosure when asked to sign a U4.

SEC

SEC-regulated entities require every prospective employee to complete a questionnaire disclosing their identifying information, employment history, and record of any disciplinary actions, denial or suspension of membership of registration, criminal record, or any record of civil action against that employee. FINRA form U4, if completed, fulfils the requirements of this Rule.

California

California employees must be provided with:

• A notice of workers’ compensation rights;
• notice of disability insurance and paid family leave insurance benefits;
• sexual harassment information under the Fair Employment and Housing Act;
• notice of pay information (if applicable);
• commission contract (if applicable);
• notice of rights for victims of crime or abuse; and
• lactation accommodation policy

New York

New York employees must be provided with:

• notice of pay rate and pay days;
• commissions Agreement (if applicable);
• New York Health and Essential Rights Act;
• notice of electronic monitoring;
• New York State Workers’ Compensation Board Statement of Rights – Disability Benefits Law;
• New York State Paid Family Leave Statement of Rights;
• New York City Earned Safe and Sick Time Act (City only);
• New York City Stop Sexual Harassment Act fact sheet (City only); and
• New York City Pregnancy Accommodations at Work fact sheet (City only).

See question 2.

All individuals performing an SMF, as classified by the FCA or PRA, will be subject to the SMR. SMFs are described in the Financial Services and Markets Act 2000 (FSMA) as functions that require the person performing them to be responsible for managing one or more aspects of a firm’s affairs authorised by the FSMA, and those aspects involve, or might involve, a risk of serious consequences for the firm or business or other interests in the UK. As noted, any individual performing an SMF will need to be pre-approved by the relevant regulator before they can start their role, and thereafter they must be certified as fit and proper by their firm annually. Applications to the regulator for pre-approval must disclose all matters relating to a candidate’s fitness and propriety and be accompanied by a statement of responsibilities. Firms must carry out a criminal records check as part of the application for approval.

Additionally, employees of firms who are not senior managers but who, because of their role, could still pose a risk of significant harm to the firm or any of its customers, may be subject to the CR. The certification functions that place an employee within the ambit of the CR are different under the rules of the FCA and the PRA but include persons such as those dealing with clients or those subject to qualification requirements. These employees must be certified by their firm as fit and proper for their roles both at the outset of their employment and on an annual basis thereafter (certified staff). Firms are not required to carry out criminal records checks for certified staff, but firms can choose to do so to the extent it is lawful.

The regulators have set out detailed guidance for firms to consider when assessing an individual’s fitness and propriety. This includes assessing an individual’s honesty, integrity and reputation; competence and capability; and financial soundness.

For an individual’s FINRA registration to become effective, they must pass the Securities Industries Essentials examination. FINRA rules also require registered persons to participate in continuing education courses. Failure to do so may result in a covered person’s registration being deemed inactive until the requirement has been satisfied.

California Financing Law requires the licensing and regulation of finance lenders and brokers making and brokering consumer and commercial loans, unless exempt.

Every senior manager under the SMR has a “duty of responsibility” concerning the areas for which they are responsible. If a firm breaches a regulatory requirement, the senior manager responsible for the area relevant to the breach could be held accountable for the breach if they failed to take reasonable steps to prevent or stop the breach.

In addition, for most firms, the FCA requires that certain responsibilities – “prescribed responsibilities” – are allocated to appropriate senior managers. These responsibilities cover key conduct and prudential risks. They include, among others, responsibility for a firm’s performance of its obligations under the SMR; responsibility for a firm’s performance of its obligations under the CR; and responsibility for a firm’s obligations around conduct rules training and reporting. Firms must give careful thought to the best person to allocate each prescribed responsibility.

While there are certain responsibilities for financial employees, such as being able to pass applicable certifications (see question 4) or registering with certain entities (see question 6), the American regulatory system does not include statutory delineations that create enhanced responsibilities for certain categories of employees.

The FCA maintains a public list of authorised firms and the activities for which each firm has permission. This list is known as the Financial Services Register. The register also includes a directory of certified and assessed persons working in financial services – this includes for each firm (as applicable) senior managers; certified staff; directors (executive and non-executive) who are not performing SMFs; and other individuals who are sole traders or appointed representatives.

Firms are responsible for keeping the directory up to date. Firms must report certain information to the FCA about persons included in the register and directory, including information on an individual's role, their workplace location, and the types of business they are qualified to undertake. The FCA provides guidance and Q&As to assist firms with navigating the register and directory.

FINRA

Broker-dealers and Investment Advisors regulated by FINRA must file FINRA’s Form U4 when registering associated persons with FINRA or transferring their registration to another broker-dealer. Broker-dealers must also create and implement written procedures to verify the facts disclosed by prospective employees on the U4.

“Associated persons” include employees of all levels involved with the investment and securities operations, including:

• partners;
• officers;
• directors;
• branch managers;
• department supervisors;
• investment bankers;
• brokers;
• financial consultants; and
• salespeople.

The U4 form requires disclosure of the associated person’s background history, including any criminal convictions or civil actions, regulatory proceedings or sanctions, administrative proceedings, financial disclosures (such as bankruptcy), customer complaints, or arbitration awards.

SEC

Investment advisers must register with the SEC under the Advisers Act. They must submit Form ADV using the Investment Adviser Registration Depository (IARD), an internet-based filing system maintained by FINRA.

SEC-regulated entities require every prospective employee to complete a questionnaire disclosing their identifying information, employment history, and record of any disciplinary actions, denial or suspension of membership of registration, criminal record, or any record of civil action against that employee. FINRA form U4, if completed, fulfils the requirements of this Rule.

The remuneration of financial services employees working at certain firms (such as banks, building societies, asset managers and investment firms) is heavily regulated. The relevant rules can be found in various FCA “Remuneration Codes” (each Code tailored to different firms) and also (for dual-regulated firms) in specific remuneration parts of the PRA Rulebook and directly applicable retained EU law.

The remuneration rules are complex and their application is dependent on each firm. The key principle of the rules, however, is that firms subject to them must ensure that their remuneration policies and practices are consistent with and promote sound and effective risk management.

Some elements of the rules apply to all staff, whereas others apply only to material risk-takers within a particular firm.

By way of a snapshot, the rules generally cover such matters as:

• the appropriate ratio between fixed pay and variable pay, to ensure that fixed pay is a sufficiently high proportion of total remuneration to allow for the possibility of paying no variable pay;
• the amount of any discretionary bonus pool, which should be based on profit, adjusted for current and future risks, and take into account the cost and quantity of the capital and liquidity required;
• performance-related bonuses, which should be assessed based on a variety of factors, including the performance of the individual, the relevant business unit and the overall results of the firm;
• restrictions on guaranteed variable pay and payments on termination of employment; and
• malus and clawback requirements.

Overtime

Financial services employees in the United States are commonly classified as administrative employees exempt from both minimum wage and overtime laws. To qualify for this administrative exception under the Fair Labor Standard Acts (FLSA) and often, applicable state law, an employee must:

• be compensated on a salary or fee basis at a rate at least equal to the minimum required threshold (at the time of writing set at $684 a week or $35,568 annually); and
• have a primary duty:
  • that is the performance of office or non-manual work directly related to the management or general business operations of the employer or the employer’s customers; and
  • includes the exercise of discretion and independent judgment on significant matters.

Examples of employees qualifying for the administrative exemption are those whose duties include:

• collecting and analysing information regarding the customer’s income, assets, investments or debts;
• determining which financial products best meet a customer’s needs;
• advising customers regarding the pros and cons of various financial products; and
• marketing, servicing, or promoting financial products.

An employee whose sole duty is selling financial products does not qualify for the administrative exemption. United States courts are split on whether financial advisors are exempt.

Many states have a higher minimum annual salary threshold for the administrative exemption, including California ($1,240 a week, as of 1 January 2023) and New York ($1,125 a week for New York City and Nassau, Suffolk, and Westchester counties and $990 a week for the remainder of the state. The remainder of the State increased to $1,064.25 a week on 31 December 2022).

California has an administrative exemption test, which also requires the employee to customarily and regularly exercise discretion and independent judgement, in addition to being primarily engaged in administrative duties. Employees that do not qualify as non-exempt under one of the exemptions must receive overtime pay under California law.

FLSA also exempts “highly compensated” employees. To qualify for this exemption, an employee must earn at least $107,432 in total annual compensation (not including discretionary bonuses), must perform office or non-manual work as part of their primary duty, and must customarily perform one or more exempt duties of an administrative, executive, or professional employee.

Bonuses

Discretionary bonuses can be for any amount and can be determined on quantitative factors (eg, employer profits) or subjective factors (eg, known performance indicators, performance, merit) and employers may condition an employee’s eligibility to receive a bonus on their active employment at the time when bonuses are paid.

Guaranteed bonuses are typically non-discretionary and set at a fixed number or percentage (eg, a percentage of the employee’s annual base salary or the employer’s profits). A guaranteed bonus (unlike a discretionary one) creates a contractual obligation and will be considered wages. Once a payment is considered a “wage,” employers generally cannot withhold, recover or claw back the bonus from an employee.

California requires non-discretionary bonuses to be included in a non-exempt employee’s regular rate for overtime calculation.

Certain compensation plans include “forgivable loans,” conditioning an employee’s obligation to repay on their continued employment with the new employer for a time. If the employee leaves or is fired for certain reasons before the full loan amount is forgiven, the unforgiven share, with interest, can become due and payable.

California generally prohibits employers from deducting any outstanding loan balances from an employee’s final paycheck without express permission in contemporaneous writing signed by the employee, both at the time the loan or advance was given and at separation.

Similarly, New York has extremely nuanced rules related to permissible deductions for employee benefits, which are limited (eg, authorised deductions and deductions for the benefit of the employee).

The PRA and FCA training and competence regimes set the minimum standards that must be achieved by individuals working in the financial services industry. These regimes aim to ensure that authorised firms have arrangements in place to satisfy themselves that their employees are competent.

All FSMA-authorised firms are required to have adequately trained and competent senior management and employees. The training and competence requirements include:

• Threshold conditions on suitability – All firms must show that persons connected with the firm are fit and proper, taking into account all the circumstances. When assessing the suitability threshold of an employee, the FCA and the PRA will consider:
  • the nature of the regulated activity the firm carries on or is seeking to carry on;
  • the need to ensure that the firm's affairs are conducted soundly and prudently;
  • the need to ensure that the firm's affairs are conducted appropriately, considering especially the interests of consumers and the integrity of the UK financial system; and
  • whether those who manage the firm's affairs have adequate skills and experience and act with probity.

• FCA Principles for Businesses or PRA Fundamental Rules – These rules lay out the parameters of the “fit and proper” standard set for firms in the threshold condition on suitability, and require firms to undertake the following:
  • recruit staff in sufficient numbers;
  • provide employees with appropriate training, with competence assessed continuously;
  • make proper arrangements for employees involved with carrying on regulated activities to achieve, maintain and enhance competence; and
  • train employees to pay due regard to the interests of a firm’s customers and treat them fairly.

• Competent employees rule in chapters 3 and 5 of the Senior Management Arrangement Systems and Controls Sourcebook – This is the main employee competence requirement in the training and competence regime under the FSMA and applies to individuals engaged in a regulated activity in UK-regulated firms. The application of this rule can be complex and dependent upon the firm and the activities it undertakes, but in general, it provides that firms must employ personnel with the skills, knowledge and expertise necessary for the discharge of the responsibilities allocated to them.

• Detailed training and competence requirements in the FCA’s training and competence handbook (TC) – The TC rules are designed to supplement the competent employees rule, especially concerning retail activities carried on by firms. Among others, these rules include the following:
  • rules on assessing and maintaining competence;
  • supervision of employees who have not yet been assessed as competent;
  • appropriate qualifications; and
  • recordkeeping and reporting for firms within its scope, including how a firm assessed its employees as competent, and how it has ensured that its employees remain competent.

All employees in some states, including California and New York, are required to receive periodic sexual harassment training. Additionally, employees may be required to pass certain skills tests before registering with regulators or engage in continuing education programmes (most notably FINRA, see question 4).

Yes. Both the FCA and PRA have established their own high-level required standards of conduct known as the Conduct Rules. The FCA’s conduct rules are set out in the FCA’s Code of Conduct sourcebook. The PRA’s conduct rules are set out in the PRA Rulebook (and different versions apply to different types of PRA-regulated firms).

The FCA’s conduct rules apply to most individuals working at an SM&CR firm. The PRA’s conduct rules apply to more limited individuals working at dual-regulated SM&CR firms: senior managers (approved by the PRA or FCA); individuals within the PRA’s certification regime; key function holders; and non-executive directors.

The Conduct Rules apply to conduct relating to the carrying out of an individual’s role. They do not extend to conduct within an individual’s private life, provided that the conduct is unrelated to the activities they carry out for their firm. Nevertheless, an individual’s behaviour outside of work can still be relevant to the separate consideration of their fitness and propriety.

There are two tiers of Conduct Rules: a first tier of rules applicable to all individuals subject to the Conduct Rules; and a second tier applicable to senior managers only.

The rules of the first tier are:

• Rule 1 – You must act with integrity.
• Rule 2 – You must act with due skill, care and diligence.
• Rule 3 – You must be open and cooperative with the FCA, PRA and other regulators.
• Rule 4 – You must pay due regard to the interests of the customer and treat them fairly.
• Rule 5 – You must observe proper standards of market conduct.

The rules of the second tier (applicable to senior managers) are:

• SC1 – You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively.
• SC2 – You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system.
• SC3 – You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively.
• SC4 – You must disclose appropriately any information for which the FCA or PRA would reasonably expect notice.
• SC5 (certain dual-regulated firms only) – When exercising your responsibilities, you must pay due regard to the interests of current and potential future policyholders in ensuring the provision by the firm of an appropriate degree of protection for their insured benefits.

Firms must notify the FCA if they take disciplinary action against an individual for a breach of the Conduct Rules.

Employees in some states, including California and New York, are required to receive periodic sexual harassment training.

Employers are also required to implement anti-discrimination and anti-harassment policies that:

• contain information about where and how employees can report improper conduct;
• prohibit retaliation for reporting or opposing improper conduct, or participating in an investigation regarding misconduct; and
• comply with state and local provisions that require employer policies to contain certain provisions (eg, New York, Los Angeles and San Francisco).

New York law prohibits employers from mandating confidentiality or non-disclosure provisions when settling sexual harassment claims (though it allows such provisions where it is the employee’s preference to include them).

California law prohibits employers from mandating confidentiality or non-disclosure provisions in employment agreements, settlement agreements, and separation agreements that are designed to restrict an employee's ability to disclose information about unlawful acts in the workplace, including information pertaining to harassment or discrimination or any other conduct the employee has reason to believe is unlawful.

FINRA and the SEC both have requirements and recommendations for social media use.

FINRA requires that broker-dealers retain records of social media communications related to the broker-dealer’s business made using social media sites and adopt policies and procedures designed to ensure that their employees who use social media sites for business purposes are appropriately supervised and trained, and do not present an undue risk to investors.

The SEC similarly requires that social media use complies with all federal security laws, including antifraud, compliance, and recordkeeping provisions.

Banking regulators provide guidance stating that each financial institution is expected to carry out an appropriate risk assessment that takes social media activities into consideration.

Yes. There are multiple potential reporting obligations with various timing imperatives. We include below a snapshot of some of the key obligations:

• under FCA Principle 11, firms have a general duty to inform the FCA of matters about which it would reasonably expect notice;
• a firm must notify the FCA immediately it becomes aware, or has information which reasonably suggests, that a matter which could have a significant adverse impact on the firm’s reputation has occurred, may have occurred or may occur in the foreseeable future;
• a firm must notify the FCA immediately it becomes aware, or has information which reasonably suggests, that a significant breach of a rule (including a significant breach of a Conduct Rule) has occurred, may have occurred or may occur in the foreseeable future; and
• a firm must also notify the FCA if it takes disciplinary action against an individual for a breach of the Conduct Rules. Where the relevant individual is a senior manager, the notification must be made within seven business days. Where the relevant individual is certified staff, the notification must be made in the firm’s annual reporting.

FINRA members must report to FINRA within 30 calendar days after the firm has concluded, or reasonably should have concluded, that an associated person of the firm or the firm itself has violated any securities, insurance, commodities, financial or investment-related laws, rules, regulations or standards of conduct of any domestic or foreign regulatory body or self-regulatory organisation.

While there is no requirement to report misconduct to regulators, the SEC routinely gives credit to organisations that voluntarily choose to self-report, which can lead to reduced fines, non-prosecution agreements, deferred prosecution agreements, waivers of disqualification following regulatory or criminal actions, or more organisation-friendly language in settlement documents. However, such disclosed information may later be discoverable by private plaintiffs.

The SEC has issued guidance that a failure to self-report significant misconduct can lead to more severe penalties.

Whistleblowing

In addition to the requirements of the SM&CR outlined above which relate to the prevention of wrongdoing (including the Conduct Rules, fitness and propriety assessments, Senior Managers’ Duty of Responsibility, the certification and approvals processes and associated training requirements), the PRA and the FCA maintain rules on whistleblowing. These are intended to encourage whistleblowers to come forward to report wrongdoing and protect them from retaliation when they do.

For certain types of SM&CR firms, the rules mandate measures that employers must implement, for others they provide guidance on measures to consider.

The key measures are as follows:

• Whistleblowers’ champion – a non-executive director and senior manager with responsibility for whistleblowing compliance within the firm, including oversight of internal policies and procedures and certain reporting requirements.

• Whistleblowing channel – a system which allows whistleblowers to report concerns confidentially and anonymously, and which allows such concerns to be assessed, addressed, and escalated where appropriate.

• Notification regarding external whistleblowing channels – that is, making staff aware of their right to report matters directly to the PRA and FCA and explaining how they can do so.

• Whistleblowing training – this must cover arrangements on whistleblowing within the firm and be provided (and tailored) to employees based in the UK, their managers, and employees responsible for operating the firm’s whistleblowing arrangements.

Prevention of harassment

Harassment and related unacceptable workplace behaviours (such as bullying and discrimination) are not specifically addressed in the SM&CR rules on individual accountability. However, it is clear from regulators’ public statements that the culture of firms (in its broadest sense) is central to their approach. Having a healthy firm culture is seen as critical to consumer protection and well-functioning markets, and firms with healthy cultures are considered to be less prone to misconduct.

Firms that are subject to the SM&CR need to be alive to the possibility that instances of harassment and other non-financial misconduct could amount to breaches of the individual accountability regime or trigger certain requirements under it, such as a requirement to investigate, reassess an individual’s fitness and propriety, or notify certain matters to the regulators. The same could apply to any failure by relevant staff to investigate and deal appropriately with allegations of this kind, such as a senior manager who turns a blind eye to reports of sexual harassment or workplace bullying. While there have been relatively few instances of non-financial misconduct resulting in an enforcement action to date, this is likely to become an emerging trend.

Whistleblowing in the United States is governed by two main statutory sources, the Sarbanes-Oxley Act (SOX) and the Dodd-Frank Act (Dodd-Frank).

SOX protects whistleblowers who report violations of securities laws to:

• federal regulatory bodies or law enforcement;
• members of Congress or congressional committees; or
• supervisors or persons authorised by the employer to investigate, discover, or terminate misconduct.

Dodd-Frank generally only protects whistleblowers who report violations of the securities or commodities laws to the SEC or CFTC. However, it also prohibits employers from discriminating against financial services employees for objecting or refusing to participate in any activity that would be a violation of securities law (note that Dodd-Frank prohibits mandatory arbitration of retaliation claims under the Act).

Whistleblowers in the banking industry are also protected under both federal and applicable state laws for reporting violations of banking law to the US Department of Justice.

Under Dodd-Frank and banking laws, employees may be offered a bounty for whistleblowing activities that results in successful enforcement actions.

Employment Discrimination and Sexual Harassment Claims are not subject to mandatory FINRA arbitration, though the claims may be arbitrated if all parties agree.

Californian employers with at least five employees globally must implement policies and provide training on the prohibition of harassment, discrimination, and retaliation in the workplace.

Settlement agreements

The whistleblowing measures outlined above are complemented by mandatory requirements for SM&CR firms concerning settlement agreements, namely that any such agreement must include a term stating that it doesn’t prevent the individual from making a protected disclosure, and must not require the individual to warrant that they have not made a protected disclosure or that they do not know of any information which could lead to them doing so (a “protected disclosure” is a type of disclosure recognised in English employment law that gives the person making it legal protection from retaliatory detrimental treatment).

SM&CR firms entering into settlement agreements must also ensure that they are not drafted in a way that is incompatible with other relevant regulatory requirements. For example, there is a specific prohibition in the FCA Handbook on firms entering into any arrangements or agreements with any person that limit their ability to disclose information required by the regulatory reference rules (see question 2). As such, terms relating to confidentiality and the provision of employment references should allow the firm sufficient flexibility to comply with regulatory reference requirements, which could include a requirement to update such a reference. In addition, any obligations of confidentiality should include a carve-out to permit relevant regulatory disclosures and reports.

Handover procedures

The SM&CR includes requirements designed to ensure that adequate handovers take place between outgoing and incoming senior managers. Firms must take all reasonable steps to ensure that senior managers (and anyone who has management or supervisory responsibilities for them) have all the information and material that they could reasonably expect to have to perform their responsibilities effectively and under the requirements of the regulatory system. This applies when someone becomes a senior manager and when an existing senior manager takes on a new job or new responsibilities (or when their responsibilities or job are being changed).

Firms must have a handover policy in place to ensure compliance with these requirements. They must also make and maintain adequate records of steps taken to comply with them.

The information and material handed over should be practical and helpful, with an assessment of what issues should be prioritised, and judgement and opinion as well as facts, figures and records. It should also include details about unresolved or possible regulatory breaches and any unresolved concerns expressed by the FCA, the PRA or any other regulatory body.

The format and arrangements of a handover should allow for an orderly transition, which should include the outgoing senior manager contributing to the handover everything that it would be reasonable to expect them to know and consider relevant, including their opinions. This could be achieved by requiring outgoing senior managers to prepare a handover certificate, but the FCA recognises that this will not always be practical.

To ensure that these requirements are satisfied, it is good practice to include in senior managers’ employment contracts (and settlement agreements) specific obligations relating to handovers.

Reallocating senior managers’ responsibilities

In addition to ensuring that adequate handovers take place between outgoing and incoming senior managers, firms should also ensure on the departure of a senior manager that their responsibilities are reallocated and that this is recorded in a way that is compliant with relevant regulatory requirements. This may include temporary reallocation to one or more existing senior managers where the replacement does not take over immediately on the departure of the departing senior manager, as well as updating the firm’s management responsibilities map and statements of responsibilities.

Reporting requirements

When an individual ceases to perform an SMF, the firm must generally notify the relevant regulatory within seven business days.

SM&CR firms must notify the relevant regulators if certain types of disciplinary action are taken, which can include dismissal – see question 10.

Form U5, the Uniform Termination Notice for Securities Industry Registration, is used by broker-dealers to terminate the registration of an associated person with FINRA and in other applicable jurisdictions and self-regulatory organisations. A FINRA member firm must file Form U5 within 30 days of an employee’s termination. This form includes the reason for an employee’s departure and must include a detailed description of the reasons for termination. Employee appeals related to the content of the U5 are arbitrated before FINRA (eg, if an employee challenges their termination).

Payments to retiring employees

FINRA prohibits paying commissions to unregistered persons, except for retired representatives receiving trailing commissions where a bona fide contract was entered into between the broker-dealer and the retiring employee.

California

California law prohibits the use of non-disclosure provisions in settlement agreements that are designed to restrict an employee's ability to disclose information about unlawful acts in the workplace, including information pertaining to harassment or discrimination or any other conduct the employee has reason to believe is unlawful. Provisions protecting the identity of a claimant are permitted where requested by the claimant. California law also prohibits “no-rehire” provisions in settlements of employment disputes, with limited exceptions for employees whom the employer, in good faith, determined engaged in sexual harassment or sexual assault, or any criminal conduct.

The SM&CR does not regulate the use of post-termination restrictive covenants for employees in the financial services sector. It is fairly typical for financial services firms in the UK to include non-dealing, non-solicitation, non-compete and similar restrictive covenants in their employment contracts. These are subject to the same common law rules on interpretation and enforceability as in any other sector. The only caveat to this is that firms should ensure that such terms do not include any provision that might conflict with the regulatory duties of either the firm or the employee. This will be a rare occurrence in practice for most types of restrictive covenant, but could arise in respect of post-termination contractual obligations that are closely associated with restrictive covenants, namely those relating to confidentiality. As such, firms should ensure that confidentiality clauses in employment contracts or other agreements such as NDAs include appropriate carve-outs.

The enforceability of restrictive covenants varies greatly depending on applicable state law. Many states impose specific requirements or limitations on enforceable covenants.

FINRA-regulated firms must comply with additional regulations:

• FINRA rules prohibit interference with a customer’s choice to follow a former representative during a change in employment where there is no existing dispute with the customer about the account. The FINRA-registered agent must help transfer a customer’s account in the event of such a customer request. Note that this only explicitly affects requests by customers and not solicitation by a representative. A non-solicit provision might be upheld whereas a non-compete might not.

• Broker-dealer firms that are signatories to the Protocol for Broker Recruiting are subject to additional requirements. Under this protocol, a departing employee may be permitted to take certain information regarding clients they serviced while at the firm to a new employer and use that information to solicit clients. Non-signatories are not bound to this protocol and can sue departing brokers for violating the terms of otherwise enforceable covenants.

Non-competes and so-called garden leave provisions are regularly included in termination documents. The enforceability of these covenants vary based on jurisdiction, with courts evaluating provisions based on duration and geographic scope.

New York

New York law disfavours non-compete agreements as a general rule. However, such agreements may be enforceable if the restrictions are reasonable and are intended to protect a legitimate interest. A court can enforce a non-compete only if the covenant:

• is no greater than required to protect an employer’s legitimate interests;
• does not impose undue hardship on the employee;
• does not cause injury to the public; or
• is reasonable in duration and geographic scope.

California

California law does not allow post-employment non-compete or non-solicit agreements except agreements involving the sale or dissolution of a business. California law protects employer confidential information and prohibits current or former employees from using employer confidential information in the solicitation of employees.

NDAs (also known as confidentiality agreements) are potentially lawful and enforceable in the UK. It is common to include NDAs in employment contracts (to protect the confidential information of the employer during and after employment) and in settlement agreements (to reiterate existing confidentiality obligations and to keep the circumstances of the settlement confidential).

NDAs do not need to follow a particular form, but they must be reasonable in scope. Following #MeToo, there has been considerable government, parliamentary, and regulatory scrutiny of the use of NDAs and their reasonableness in different circumstances.

The following limitations on NDAs should be noted:

• By law, any NDA purporting to prevent an individual from making a “protected disclosure” as defined in the Employment Rights Act 1996 (ie, blowing the whistle about a matter) is void.

• The regulatory body for solicitors in England and Wales, the Solicitors Regulation Authority (SRA), has issued a detailed warning notice and guidance to practitioners setting out – in its view – inappropriate or improper uses of NDAs. Failure to comply with the SRA’s warning notice may lead to disciplinary action. The SRA lists the following as examples of improper use of NDAs:

• • using an NDA as a means of preventing, or seeking to impede or deter, a person from:
    • cooperating with a criminal investigation or prosecution;
    • reporting an offence to a law enforcement agency;
    • reporting misconduct, or a serious breach of the SRA’s regulatory requirements, to the SRA, or making an equivalent report to any other body responsible for supervising or regulating the matters in question; and
    • making a protected disclosure;
    • using an NDA to influence the substance of such a report, disclosure or cooperation;
    • using an NDA to prevent any disclosure required by law;
    • using an NDA to prevent proper disclosure about the agreement or circumstances surrounding the agreement to professional advisers, such as legal or tax advisors, or medical professionals and counsellors, who are bound by a duty of confidentiality;
    • including or proposing clauses known to be unenforceable; and
    • using warranties, indemnities and clawback clauses in a way that is designed to, or has the effect of, improperly preventing or inhibiting permitted reporting or disclosures being made (for example, asking a person to warrant that they are not aware of any reason why they would make a permitted disclosure, in circumstances where a breach of warranty would activate a clawback clause).
       
• The Law Society of England and Wales, a professional association representing solicitors in England and Wales, has issued similar guidance (including a practice note) on the use of NDAs in the context of the termination of employment relationships.
• Other non-regulatory guidance on the use of NDAs has also been issued, including by the Advisory, Conciliation and Arbitration Service and by the UK Equality and Human Rights Commission.

Care should be taken accordingly to ensure that the wording of any NDA complies with prevailing guidance, especially from the SRA.

Non-disclosure agreements are currently permissible under United States law with some exceptions, typically pertaining to whistleblower, harassment, and discrimination matters. On 7 December 2022, President Joe Biden signed the Speak Out Act, which prohibits the enforcement of non-disclosure and non-disparagement provisions that were agreed to before an incident of workplace sexual assault or sexual harassment occurred. In other words, it does not prohibit these provisions in settlement or severance agreements.

Both Dodd-Frank and SOX prohibit employers from impeding an individual’s whistleblowing process. Confidentiality provisions should expressly authorise employee communications directly with, or responding to any inquiry from, or providing testimony before the SEC, FINRA, any other self-regulatory organisation or any other state or federal regulatory authority.

The United States Tax Cuts and Jobs Act of 2018 discourages NDAs in the settlement of sexual harassment claims. Under this law, employers settling claims alleging sexual harassment or abuse that include a confidentiality or non-disclosure provision in the settlement agreement cannot take a tax deduction for that settlement payment or related attorneys' fees.

Under the National Labor Relations Act, employees (except for supervisors) cannot be prohibited from discussing their compensation or working conditions

California

• California Law prohibits NDAs that would prevent employees from discussing or disclosing their compensation or discussing the wages of others. However, California permits the use of a non-disclosure provision that may preclude the disclosure of any amount paid in any separation or settlement agreement.
• California imposes restrictions on the use of non-disclosure provisions that are designed to restrict an employee's ability to disclose information about unlawful acts in the workplace, including information pertaining to harassment or discrimination or any other conduct the employee has reason to believe is unlawful in employment agreements, settlement agreements, and separation agreements.
• California employers cannot:
  • require employees, in exchange for a raise or a bonus, or as a condition of employment or for continued employment, to sign any non-disparagement or non-disclosure provision that denies the employee the right to disclose information about unlawful acts in the workplace;
  • include in any separation agreement a provision that prohibits the disclosure of information about unlawful acts in the workplace; or
  • include a provision within a settlement agreement that prevents or restricts the disclosure of factual information related to claims for sexual assault, sexual harassment, workplace harassment or discrimination, retaliation, or failure to prevent workplace harassment or discrimination that are filed in a civil or administrative action, unless the settlement agreement is negotiated, which means that the agreement is voluntary, deliberate, informed, provides consideration of value to the employee, and the employee is giving notice and an opportunity to retain an attorney or is represented by an attorney.

New York

• New York law prohibits NDAs that:
  • prevent an employee from discussing or disclosing their wages or the wages of another employee.
  • prevent an employee from disclosing factual information related to a future discrimination claim, unless the agreement notifies employees that it does not prevent them from speaking to the EEOC, the New York Department of Human Rights, and any local human rights commission or attorney retained by the individual.

New York law also prohibits employers from mandating confidentiality or non-disclosure provisions when settling sexual harassment claims (though allows such provisions where it is the employee’s preference to include them).