Employment in Financial Services

The primary regulatory regime applicable to financial services employees in Hong Kong are as follows:

• Under the Banking Ordinance (BO), the Hong Kong Monetary Authority (HKMA) is responsible for regulating all authorised institutions (banks, restricted-licence banks and deposit-taking companies). In particular, the HKMA needs to ensure that the chief executive, directors, controllers and executive officers of the authorised institutions are “fit and proper”.

• Under the Securities and Futures Ordinance (SFO), the Securities and Futures Commission (SFC) is responsible for regulating the securities and futures markets. Employees performing any regulated functions under the SFO must obtain the requisite licence from the SFC. Relevant individuals engaged by the authorised institutions who perform regulated functions (eg, bank staff working in the securities dealing department) are not required to be licensed or registered with the SFC but their names have to be entered in the register maintained by the HKMA.

• Under the Insurance Ordinance (IO), the Insurance Authority (IA) is responsible for regulating the insurance industry. Employees carrying on a regulated activity under the IO must obtain the requisite licence from the IA.

Articles 5 and 123 of the Constitution of the United Mexican States provide express protection of labour rights and establish that legal rights are protected by the Federal Labour Law (the FLL).

Pursuant to article 5 thereof, no-one can be stopped from providing services in industry, commerce, or any other activity, provided it is not illegal; thus, individuals may only be prohibited from performing their duties as financial services employees if there is a legal justification. The activity may only be prohibited by a judicial declaration. Also, the law will define occupations that require a licence, the conditions to be met to obtain that licence and the issuing authorities.

Furthermore, no contract or provision that affects an individual’s freedom will be enforced.

All employers and employees within the private financial services sector are primarily subject to the FLL. Additionally, financial entities and their employees are subject to different laws and general provisions depending on the entities’ core business and activities, such as:

• Law to Regulate Finance Associations;
• Credit Institutions Law;
• General Provisions of Credit Institutions, issued by the supervisory authorities;
• Law to Regulate Credit Information Entities;
• General Law of Auxiliary Credit Organizations and Activities;
• Investment Funds Law;
• Popular Savings and Credit Law;
• Law to Regulate Technological Finance Institutions;
• General Provisions of Technological Finance Institutions, issued by the supervisory authorities;
• Law of Transparency and Promotion of Competition in Guaranteed Credit;
• Securities Market Law;
• Law for the Transparency and Regulation of Financial Services;
• Federal Law for the Prevention and Identity of Transactions with Illegally Obtained Resources;
• General Provisions applicable to securities operations carried out by counsel, managers and employees of financial entities and other obligated parties, issued by the supervisory authorities;
• Insurance and Bonding Institutes Law; and
• Insurance and Bonding Agents Regulations.

Some of the financial entities regulated are the following (Financial Entities):

• controlling entities (controlling entities of financial groups);
• credit institutions;
• credit information entities;
• multiple purpose financial entities;
• exchange bureaus and brokerage houses;
• auxiliary credit organisations;
• technological finance institutions;
• investment funds;
• financial cooperative associations and community finance entities; and
• insurance and bond institutes.

Authorities that regulate and supervise the compliance of financial laws and provisions are the National Banking and Securities Commission (CNBV), National Insurance and Bonding Commission (CNSF), National Commission of Retirement Savings Fund (CONSAR), National Commission for Financial Service Consumer Protection, Bank of Mexico, and the Ministry of Finance and Public Credit (SHCP).

In the UK, there are two main regulators responsible for the supervision of financial institutions. These are:

• The Prudential Regulation Authority (the PRA) – The PRA supervises over 1,500 financial institutions, including banks, building societies, credit unions, insurance companies and major investment firms. It creates policies for these institutions to follow and watches over aspects of their business.
• The Financial Conduct Authority (the FCA) – The FCA regulates the conduct of approximately 50,000 firms, prudentially supervises 48,000 firms, and sets specific standards for around 18,000 firms.

Some financial institutions are regulated by both the PRA and FCA (dual-regulated). Those financial institutions must comply with rules set down by the PRA in its rulebook (the PRA Rulebook) and by the FCA in its handbook (the FCA Handbook). Other firms are regulated solely by the FCA (solo-regulated) and must comply with the FCA handbook alone. Different rules can apply depending on the nature and size of the firm. The PRA and FCA work closely on certain issues and firms, but the FCA focuses specifically on ensuring fair outcomes for consumers.

The Senior Managers and Certification Regime (SM&CR) sets out how the UK regulators oversee people in businesses supervised and regulated by them, and how those people must act. As the FCA has summarised, “The SM&CR aims to reduce harm to consumers and strengthen market integrity by making individuals more accountable for their conduct and competence” (https://www.fca.org.uk/firms/senior-managers-certification-regime).

SM&CR consists of three elements:

• The Senior Managers Regime (SMR) – This applies to the most senior people in a firm (senior managers) who perform one or more senior management functions (SMFs). These functions are specified in the PRA Rulebook and the FCA Handbook. Senior managers must be pre-approved by the PRA or FCA before starting their roles. Each senior manager must also have a “Statement of Responsibilities” (that sets out what they are responsible and accountable for), which may include (depending on the firm) certain responsibilities prescribed by the regulator known as “Prescribed Responsibilities”. Every year, senior managers must be certified as fit and proper to carry out their role by their firm.
• The Certification Regime (CR) – This applies to employees who, because of their role, could pose a risk of significant harm to the firm or its customers, such as employees who offer investment advice (certified staff). For solo-regulated firms, these roles are generally called certification functions. Firms must certify that these employees are fit and proper for their roles both at the outset of their employment and continuously.
• The Conduct Rules – The Conduct Rules set minimum standards of individual behaviour in financial services in the UK. They apply to almost all employees of a firm. They also include particular rules applicable only to senior managers.

Certain parts of SM&CR apply to particular firms only. This is outside the scope of this note, which sets out the general position under SM&CR.

There are no particular pre-screening measures specified by the financial regulators in Hong Kong. Nevertheless, financial institutions would generally conduct background checks on prospective employees (especially those taking on senior positions) to ensure they comply with the “fit and proper” requirements of the financial regulators.

There is no particular form of regulator-specified reference to be provided by previous employers in the financial services industry. Nevertheless, the SFC has specified disclosure obligations for licensed corporations in respect of outgoing employees who were subject to internal investigations (see question 10).

For employees with general positions, there are no pre-screening measures. Under article 1 of the Constitution and article 21 of the FLL, discrimination is prohibited. Furthermore, article 21 of the FLL establishes that distinctions will not be deemed discriminatory if certain qualifications are required for certain work. Specifically, if there is no legal ground or work-related justification to request criminal records for a determined position, conditioning the position on that information may be deemed discriminatory.

For example, financial entities must include a list of the expected members of the board of directors, general manager, and main officers, including their respective professional and academic backgrounds, in the filing to obtain authorisation of the CNBV (except insurance and bond institutions) to start operations. These positions require certain special requirements, and thus financial entities must verify – by prior appointment and thereafter, at least every year – that general managers and officers:

• have a standing reputation;
• have expertise in legal, financial and management matters;
• have a satisfactory credit record and credit eligibility;
• are residents in Mexico (for credit entities); and
• have no other legal impediment (see below).

All financial entities must guarantee that high-level employees are capable, experienced and not subject to any procedure involving conduct contrary to financial stability or compliance with business or financial business standards. General managers and officers in controlling entities and auxiliary credit organisations, and in exchange bureaus and brokerage houses, and general managers in insurance and bonding institutions must have at least five years’ experience at a high decision-making level that required financial and management expertise.

Also, these individuals must not have any of the following legal impediments:

• a pending dispute with the financial entity or any other financial entities in the group;
• a conviction for a wilful economic crime;
• a disqualification from owning a business, public service positions or the Mexican financial system;
• declared bankruptcy or insolvency;
• carried out regulation, inspection, and monitoring of the financial entity or any other financial entities in the group; or
• participated in the board of directors of the financial entities.

Additionally, for exchange bureaus and brokerage houses, such individuals must not have been an external auditor of the exchange bureau or related entity in the 12 months before their appointment.

Specifically, in credit organisations, general managers and officers must not:

• be a partner or have a position within entities or associations that render services to the entity or its related entities;
• be a client, provider, debtor, creditor, partner, member of the board of directors or employee of an entity that is a client or provider (whose services or sales represent more than 10% of the client’s services or sales), or a debtor or creditor (of which the debt is higher than 15% of the assets);
• be an employee of a foundation, association or civil society that receive important contributions from the entity (which represent more than 15% of the total contributions received by such entities in a fiscal year).
• be a general manager, officer, or employee of another entity that is part of the financial group;
• be a spouse or domestic partner of any individual mentioned above, or be in a cohabiting relationship with them; or
• carry out regulation duties of credit organisations and exchange bureaus.

Financial entities must inform the CNBV, CNSF, or CONSAR, as applicable, of general managers’ and officers’ appointments, resignations or removals, within five business days of such events. Meanwhile, controlling entities, brokerage houses, surety deposit institutions and compensation chambers must inform the CNBV, CNSF, or CONSAR within 10 days of the same.

There are also limits to employees participating in the board of directors of these companies. Only the general manager and officers two levels below may be members, and no other employees may occupy these positions.

According to the Insurance and Bonds Regulations, officers and employees of credit institutions, insurance institutions, bond institutions, brokerage houses, stock market specialists, auxiliary credit organisations, investment companies, operating companies of investment companies, exchange houses, financial commissioners, retirement fund managers, specialised investment companies of retirement funds, and controlling companies with 10% or more of representative shares of such companies will not be authorised to act as insurance or bond agents.

For employees subject to the SMR, anyone performing an SMF must be pre-approved by the relevant regulator before they can start their role. Generally, firms that wish to employ a senior manager must first carry out sufficient due diligence to satisfy themselves that the candidate is a fit and proper person to perform their proposed functions. In this regard, firms must consider the individual’s qualifications, training, competency and personal characteristics. The firm must also carry out a criminal records check. They may then apply to the relevant regulator for that candidate’s pre-approval. In the firm’s application, all matters relating to the candidate’s fitness and propriety must be disclosed. The firm must also enclose a statement of that individual’s proposed responsibilities and (depending on the firm) the latest version of the firm’s management responsibilities map.

For employees subject to the CR, before the appointment and annually thereafter, these employees must be certified by the employing SM&CR firm as being fit and proper. Certification does not involve pre-approval by the FCA or PRA.

Additionally, firms must comply with the regulatory reference rules for all candidates subject to either the SMR or CR before their employment. These rules require employing firms to request a regulatory reference from all previous employers covering the past six years of employment. Information must be shared between regulated firms using a particular template, which includes information relevant to assessing whether a candidate is fit and proper. Firms are also expected to retain records of disciplinary and fit and proper findings going back six years for their employees (or longer for findings of gross misconduct), and they must update regulatory references that they have previously given where new significant information comes to light that would impact the content of a previously given regulatory reference.

In addition to an employment contract, there are additional documentation requirements in connection with the application or transfer of the employee’s licence with the financial regulators.

According to article 25 of the FLL, the following information must be included in an employee’s contract: full name, date of birth, nationality, gender, marital status, address, Federal Taxpayers Registry number, and Unique Population Registration Key. To verify such information, employers may ask employees to provide their official identification, proof of address, Tax Identification Card, and professional and academic records, among other documents as deemed necessary. 

Furthermore, given the requirements to be met by the general manager and officers, it is common practice in Mexico to include a statement in their employment contracts whereby they state that they:

• are in good standing;
• are resident in Mexico;
• have legal, financial and management expertise;
• have satisfactory credit record and credit eligibility; and
• have no legal impediment to occupying such positions and rendering their services.

Additionally, the general manager of controlling entities and brokerage houses must provide a written document stating that he or she:

• has no impediment to being appointed as general manager or officer;
• is up to date with his or her credit obligations and of any other nature; and
• acknowledge all rights and obligations to be assumed as a consequence of his or her appointment.

As a matter of general UK employment law, employers must give employees written particulars of certain terms and conditions of employment. This is known as a “section 1 statement” after section 1 of the Employment Rights Act 1996, which sets out the mandatory information that employers must give to employees no later than the first day of their employment. This includes fundamental information such as the names of the employer and employee; the date of commencement of employment; the rates and timing of pay; and working hours. Other prescribed particulars (such as information regarding pensions, collective agreements and training) can be provided to employees in instalments within two months of commencement of employment. Typically, a written employment contract will contain the relevant information to satisfy these requirements.

Financial services employers should ensure that, in addition, their employment contracts reinforce the requirements of SM&CR. This will help the employer manage the employment relationship in a manner compliant with SM&CR and demonstrate to the relevant regulators the employer’s commitment to compliance with SM&CR. The employment contract will usually include, therefore, additional provisions regarding the completion of SM&CR-compliant background checks; confirmation of the employee’s regulated function (eg, their SMF or certification function); required regulatory standards of conduct; cooperation with fitness and propriety assessments; and tailored termination events.

In addition, all senior managers must have a statement of responsibility setting out their role and responsibilities. Certain firms must also allocate certain regulator-prescribed responsibilities (prescribed responsibilities) among senior managers. It is common to set out a senior manager’s regulatory responsibilities in their employment contract.

Dual-regulated firms must also ensure that individuals approved to carry out a PRA-designated SMF are subject to any specific contractual requirements required by the PRA. For example, depending on the type of firm, a firm may be required to ensure that the relevant individual is contractually required to comply with certain standards of conduct, such as to act with integrity and with due care and skill (among other requirements).

SFC

The “Guidelines on Competence” published by the SFC lists the necessary qualifications for employees carrying on regulated activities. For academic qualifications, employees should attain at least Level 2 in either English or Chinese as well as in Mathematics in the Hong Kong Diploma of Secondary Education or equivalent. In addition, employees are expected to obtain recognised industry qualifications and pass the local regulatory framework paper. For responsible officers (ROs), the SFC requires higher levels of educational qualifications and experience.

IA

The “Guideline on ‘Fit and Proper’ Criteria for Licensed Insurance Intermediaries Under the Insurance Ordinance” published by the IA sets out the education requirements for licenced employees under the IO. Higher levels of educational qualifications are required for responsible officers.

Employees in general positions are not required to obtain specific certification to perform their duties within financial entities. However, in brokerage houses, individuals involved in operations with the public, counselling, promotion and, if applicable, acquisition and sale of securities, must be authorised by the CNBV and obtain a certification issued by a regulated body recognized by the CNBV.  

The CNBV and CNSF, as applicable, may caution, remove, adjourn, or disqualify board members and the general manager if they believe the individual does not comply with legal requirements to occupy such positions or if their conduct constitutes a breach of applicable laws and regulations.

See question 2.

All individuals performing an SMF, as classified by the FCA or PRA, will be subject to the SMR. SMFs are described in the Financial Services and Markets Act 2000 (FSMA) as functions that require the person performing them to be responsible for managing one or more aspects of a firm’s affairs authorised by the FSMA, and those aspects involve, or might involve, a risk of serious consequences for the firm or business or other interests in the UK. As noted, any individual performing an SMF will need to be pre-approved by the relevant regulator before they can start their role, and thereafter they must be certified as fit and proper by their firm annually. Applications to the regulator for pre-approval must disclose all matters relating to a candidate’s fitness and propriety and be accompanied by a statement of responsibilities. Firms must carry out a criminal records check as part of the application for approval.

Additionally, employees of firms who are not senior managers but who, because of their role, could still pose a risk of significant harm to the firm or any of its customers, may be subject to the CR. The certification functions that place an employee within the ambit of the CR are different under the rules of the FCA and the PRA but include persons such as those dealing with clients or those subject to qualification requirements. These employees must be certified by their firm as fit and proper for their roles both at the outset of their employment and on an annual basis thereafter (certified staff). Firms are not required to carry out criminal records checks for certified staff, but firms can choose to do so to the extent it is lawful.

The regulators have set out detailed guidance for firms to consider when assessing an individual’s fitness and propriety. This includes assessing an individual’s honesty, integrity and reputation; competence and capability; and financial soundness.

Under the SFO, ROs have enhanced responsibilities. They assume primary responsibility for compliance at a licensed corporation and are involved in supervising the regulated activities. A licensed corporation is required to appoint no less than two ROs to directly supervise the conduct of each regulated activity. Similarly, under the BO, registered institutions are required to appoint no less than two executive officers to be responsible for directly supervising the conduct of each regulated activity under the SFO. For each regulated activity, at least one RO must be available at all times to supervise the business and must be an executive director.

Under the IO, an RO of a licensed insurance agency or licensed insurance broker company has enhanced responsibilities. Responsible officers must use their best endeavours to ensure the agency or broker has established and maintains proper controls and procedures for securing compliance with the conduct requirements under the IO.

All employees, including general managers and officers, must keep information and documents confidential and may only provide information to the competent authorities or authorised parties, with the prior express authorisation of the user or client.

Also, employees must:

• not stop internal committees from carrying out their functions;
• disclose to the financial entity all information regarding the use of illegal resources, or any act against goods, services, an individual’s life, or physical or emotional integrity, the use of toxic substances, or terrorist acts, so that the financial entity may provide the SHCP with a report on the subject; and
• in insurance or bonding Institutes, not offer discounts, reduce premiums or grant different benefits than those outlined in the corresponding policy.

General managers and officers must provide reports and information to the board of directors and the corresponding authorities periodically. The general manager must also provide precise data and reports to assist the board of directors in making prudent decisions.

General managers must develop and present to the board of directors, for its approval,  adequate policies for employment and the use of material and human resources, including restrictions on the use of goods, supervision and control mechanisms, and the application of resources to the company’s activities consistent with their business purposes.  

Insurance and bond companies will respond to the conduct of the general manager and officers, without prejudice to the civil and criminal liabilities that they may personally incur.

Also, if any conflict of interest exists or arises, general managers and officers must inform their employers immediately and suspend any activity within the scope of the contract that gives rise to the conflict until the matter is addressed.

Additionally, general managers and officers must verify the compliance of all individuals under their responsibility with all applicable legal provisions for financial services. These include: confidential obligations; the development of reports; informing their direct superior, officers, general manager or board of directors if there is a conflict of interest; informing the SCHP and Prosecutor’s Office if there is an act, operation or service using illegal resources, or an act that may harm the company, or the health or wellbeing of an individual or the general public.

Specifically, general managers in brokerage houses must:

• design and carry out a communications policy regarding identifying contingencies;
• implement and distribute the continuity business plan within the brokerage house and establish training programmes;
• inform the CNBV of contingencies in any of the systems and channels for clients, authorities and central securities counterparties;
• ensure that the continuity business plan is submitted for efficiency testing; and
• inform the CNBV in writing of the hiring or removal of the responsible party for internal audit functions.

Every senior manager under the SMR has a “duty of responsibility” concerning the areas for which they are responsible. If a firm breaches a regulatory requirement, the senior manager responsible for the area relevant to the breach could be held accountable for the breach if they failed to take reasonable steps to prevent or stop the breach.

In addition, for most firms, the FCA requires that certain responsibilities – “prescribed responsibilities” – are allocated to appropriate senior managers. These responsibilities cover key conduct and prudential risks. They include, among others, responsibility for a firm’s performance of its obligations under the SMR; responsibility for a firm’s performance of its obligations under the CR; and responsibility for a firm’s obligations around conduct rules training and reporting. Firms must give careful thought to the best person to allocate each prescribed responsibility.

The HKMA, SFC and IA each have a register for licensed employees to be listed on to undertake regulated activities:

• HKMA – the register of securities staff of authorised institutions is available on the HKMA’s website[1]. For registration, the names and particulars of the relevant individuals are required to be submitted to the HKMA for inclusion on the HKMA Register.

• SFC – the register of licensed persons is available on the SFC’s website[2]. For registration, individual applicants would need to submit an electronic application to the SFC through its online platform. When there is a change of employment, the licensed representative may apply for a transfer of accreditation through SFC’s online platform within 180 days after the cessation of the previous employment. It takes approximately seven business days to process an application for transfer of accreditation to carry on the same types of regulated activity for which the licensed representative was licensed immediately before the cessation.

• IA – the register of licensed insurance intermediaries is available on the IA’s website[3]. For registration, applicants can submit their licence applications to the IA by paper submission or electronic submission via an online portal.

Under the FLL, all employees must be registered with the Social Security Mexican Institute (IMSS) to receive social security benefits.

Except for stock operators or employees that are granted proxies in brokerage houses, in financial entities employees are not required to be registered other than with the IMSS.

To obtain the authorisation of the CNBV to act as a stock operator or representative within a brokerage house, an individual must:

• pass the technical quality certification exams, and comply with the specific requirements outlined in the internal regulations of the stock market in which the individual intends to participate;
• prove before the regulatory body that he or she has a satisfactory credit record and is in good standing; and
• file before the regulatory body a writ of a brokerage house, credit institution, or the operating company of investment companies and retirement funds managers, establishing their wish to hire the individual as soon as he or she obtains an authorisation.

Within five days, the self-regulated body must file an application with the CNBV. They will then have 20 calendar days to issue the corresponding authorisation.

Stock operators and representatives, once authorised and provided with powers of attorney, must be registered before the Mexican Association of Stock Brokers (AMIB).

Brokerage houses must display, in a public place, a list of authorised proxies and stock operators, as well as on the website of the CNBV so this information may be verified.

Finally, financial entities must inform the CNBV, CNSF or CONSAR, as applicable, of the appointment and removal of general managers and officers within five calendar days for financial entities, or ten calendar days for controlling entities, brokerage houses, surety deposit institutions and compensation chambers. Also, a list of general managers and officers must be provided within the filing to operate as a financial entity.   

The FCA maintains a public list of authorised firms and the activities for which each firm has permission. This list is known as the Financial Services Register. The register also includes a directory of certified and assessed persons working in financial services – this includes for each firm (as applicable) senior managers; certified staff; directors (executive and non-executive) who are not performing SMFs; and other individuals who are sole traders or appointed representatives.

Firms are responsible for keeping the directory up to date. Firms must report certain information to the FCA about persons included in the register and directory, including information on an individual's role, their workplace location, and the types of business they are qualified to undertake. The FCA provides guidance and Q&As to assist firms with navigating the register and directory.

There are no specific mandatory rules relating to compensation payable to financial services employees in Hong Kong.

The HKMA has issued a Supervisory Policy Manual CG-5 “Guideline on a Sound Remuneration System”. This focuses on providing a broad idea and introducing basic principles of how remuneration policies should be designed and implemented in the authorised institution, to encourage employee behaviour that supports the risk management framework, corporate values and long-term financial soundness of the authorised institution.

Under the Guideline, the elements of a sound remuneration system are as follows:

Governance

• Remuneration policy should be in line with objectives, business strategies and the long-term goals of the authorised institution.
• The remuneration arrangement for employees whose activities could have a material impact on the authorised institution’s risk profile and financial soundness should support, but not undermine, the overall risk management approach.
• The Board of an authorised institution is ultimately responsible for overseeing the formulation and implementation of the remuneration policy.
• The establishment of a Board remuneration committee would assist the Board in discharging its responsibility for the design and operation of the authorised institution’s remuneration system.
• Risk control personnel should have appropriate authority and involvement in the process of design and implementation of the authorised institution’s remuneration policy.

Structure of remuneration

• Balance of fixed and variable remuneration should be determined with regard to the seniority, role, responsibilities and activities of their employees and the need to promote behaviour among employees that support the authorised institution’s risk-management framework and long-term financial soundness.
• Variable remuneration should be paid in such a manner as to align an employee’s incentive awards with long-term value creation and the time horizons of risk.
• Guaranteed minimum bonus to senior management or key personnel should be subject to the approval of the Board (or the Board’s remuneration committee with the necessary delegated authority).

Measurement of performance for variable remuneration

• The award of variable remuneration should depend on the fulfilment of certain pre-determined and assessable performance criteria, which include both financial and non-financial factors.
• Size and allocation of variable remuneration should take into account the current and potential risks associated with the activities of employees, as well as the performance (overall performance of the relevant business units and the authorised institution as a whole as well as the contribution of individual employees to such performance).
• Judgement and common sense may be required during the process to arrive at a fair and appropriate remuneration decision. The rationale for the exercise of judgment and the outcomes should be recorded in writing.

Alignment of remuneration pay-outs to the time horizon of risks

• Deferment of variable remuneration is appropriate when the risks taken by the employee in question are harder to measure or will be realised over a longer timeframe.
• The award of deferred remuneration should be subject to a minimum vesting period and pre-defined vesting conditions in respect of future performance.
• Authorised institutions should seek undertakings from employees not to engage in personal hedging strategies or remuneration and liability-related insurance to hedge their exposures in respect of the unvested portion of their deferred remuneration.

Remuneration disclosure

• Authorised institutions should make remuneration disclosures at least annually. The disclosure should include the qualitative and quantitative information that the HKMA has set out in its annual remuneration disclosure.

Brokerage houses must implement a compensation system under the general provisions set forth by the CNBV. This system must include all compensation provided and must contain the responsibilities of the boards that implement the compensation schemes, ordinary and extraordinary compensation policies, and periodic reviews of payment policies. The board of directors must incorporate a special committee for compensation.

Under article 9 of the general provisions applicable to brokerage houses, account management fees may be paid to stock proxies provided that they comply entirely with the applicable laws in the exercise of their duties. Stock operators must not execute operations with the public or receive any remuneration or account management fees, except if, with the proxy’s authorisation, they execute orders of institutional investors in the brokerage house’s reception and allocation system.

Brokerage houses must not pay fees, commissions, and other remuneration of third parties that act as promoters, sellers, associates, independent commissioners, investment advisors or any similar roles. This also applies to proxies of the investor client without being proxies of the brokerage house, or those who have a conflict of interest to receive fees, commissions, or any other remuneration from the investor client.

If there is a critical event, such as a control measure, the CNBV may order the brokerage house to suspend the payment of extraordinary compensation and bonuses to the general manager and senior officers. This includes preventing the granting of new compensation until the matter is properly resolved. This should be included in employment contracts, to avoid labour-related disputes should the extraordinary measure of the CNBV is enacted.

The remuneration of financial services employees working at certain firms (such as banks, building societies, asset managers and investment firms) is heavily regulated. The relevant rules can be found in various FCA “Remuneration Codes” (each Code tailored to different firms) and also (for dual-regulated firms) in specific remuneration parts of the PRA Rulebook and directly applicable retained EU law.

The remuneration rules are complex and their application is dependent on each firm. The key principle of the rules, however, is that firms subject to them must ensure that their remuneration policies and practices are consistent with and promote sound and effective risk management.

Some elements of the rules apply to all staff, whereas others apply only to material risk-takers within a particular firm.

By way of a snapshot, the rules generally cover such matters as:

• the appropriate ratio between fixed pay and variable pay, to ensure that fixed pay is a sufficiently high proportion of total remuneration to allow for the possibility of paying no variable pay;
• the amount of any discretionary bonus pool, which should be based on profit, adjusted for current and future risks, and take into account the cost and quantity of the capital and liquidity required;
• performance-related bonuses, which should be assessed based on a variety of factors, including the performance of the individual, the relevant business unit and the overall results of the firm;
• restrictions on guaranteed variable pay and payments on termination of employment; and
• malus and clawback requirements.

SFC

Persons engaging in regulated activities are required to continuously update their knowledge and skills through continuous professional training (CPT). The “Guidelines on Continuous Professional Training” published by the SFC provides for the following CPT requirements:

• a minimum of 10 CPT hours a year for licensed representatives and relevant individuals; and
• a minimum of 12 CPT hours a year for responsible officers and executive officers (including 2 CPT hours on topics relating to regulatory compliance).

In addition, an individual should attend at least five CPT hours a year (out of the 10 hours for licensed representatives and relevant individuals and 12 hours for responsible officers and executive officers) on topics directly relevant to the regulated activities for which he or she is licensed at the time the CPT hours are undertaken.

HKMA

The HKMA has implemented the “Enhanced Competency Framework”(ECF) for banking practitioners. While the ECF is not a mandatory regime, banks are strongly encouraged to adopt it as the benchmark for enhancing the level of core competence and ongoing professional development of banking practitioners.

IA

Under the “Guideline on Continuing Professional Development for Licensed Insurance Intermediaries”, licensed insurance intermediaries who are individuals are required to receive training through CPD to preserve their professional competence and standards in providing service to policyholders and potential policyholders.

The minimum number of CPD hours for individual licensees is 15 CPD hours for each assessment period, including a minimum of three compulsory CPD hours on “Ethics or Regulations” courses.

Financial services employees are also required to receive training on anti-money laundering and counter-financing of terrorism. New staff should be required to attend initial training as soon as possible after being hired or appointed. Apart from the initial training, refresher training should be provided regularly to ensure that staff are reminded of their responsibilities and are kept informed of new developments.

In terms of articles 132, 153-A to 153-X of the FLL, employers must provide employees with training so they can render their services and comply with the duties of their positions, and employees should receive such training under the plans and programmes formulated by mutual agreement of the employer and employees. Nevertheless, as indicated in previous questions, for employees to occupy certain positions, they must meet the requirements, and for brokerage houses proxies must be authorised to exercise their duties under their position within the brokerage houses.  

According to article 117 bis 9 of the general provisions applicable to brokerage houses, general managers are responsible for implementing, maintaining and distributing the continuity plan of the business within the brokerage house. Therefore, the general manager must establish a training programme outlining the actions to be carried out if an operation contingency arises.

On the other hand, the AMIB provides courses and training for interested individuals to obtain the necessary skills and capacity to perform the activities of proxies in brokerage houses, and thereafter, to obtain authorisation from the AMIB and CNBV to act and perform the corresponding duties of the position.  

A Finance Educational Committee has been created by several financial institutions, authorities, and the Bank of Mexico and is presided over by the SHCP. This committee is in charge of, among other things, defining a finance educational policy; preparing a national strategy for financial education and guidelines; and identifying new work areas and proposing new actions and programmes in financial education.

The PRA and FCA training and competence regimes set the minimum standards that must be achieved by individuals working in the financial services industry. These regimes aim to ensure that authorised firms have arrangements in place to satisfy themselves that their employees are competent.

All FSMA-authorised firms are required to have adequately trained and competent senior management and employees. The training and competence requirements include:

• Threshold conditions on suitability – All firms must show that persons connected with the firm are fit and proper, taking into account all the circumstances. When assessing the suitability threshold of an employee, the FCA and the PRA will consider:
  • the nature of the regulated activity the firm carries on or is seeking to carry on;
  • the need to ensure that the firm's affairs are conducted soundly and prudently;
  • the need to ensure that the firm's affairs are conducted appropriately, considering especially the interests of consumers and the integrity of the UK financial system; and
  • whether those who manage the firm's affairs have adequate skills and experience and act with probity.

• FCA Principles for Businesses or PRA Fundamental Rules – These rules lay out the parameters of the “fit and proper” standard set for firms in the threshold condition on suitability, and require firms to undertake the following:
  • recruit staff in sufficient numbers;
  • provide employees with appropriate training, with competence assessed continuously;
  • make proper arrangements for employees involved with carrying on regulated activities to achieve, maintain and enhance competence; and
  • train employees to pay due regard to the interests of a firm’s customers and treat them fairly.

• Competent employees rule in chapters 3 and 5 of the Senior Management Arrangement Systems and Controls Sourcebook – This is the main employee competence requirement in the training and competence regime under the FSMA and applies to individuals engaged in a regulated activity in UK-regulated firms. The application of this rule can be complex and dependent upon the firm and the activities it undertakes, but in general, it provides that firms must employ personnel with the skills, knowledge and expertise necessary for the discharge of the responsibilities allocated to them.

• Detailed training and competence requirements in the FCA’s training and competence handbook (TC) – The TC rules are designed to supplement the competent employees rule, especially concerning retail activities carried on by firms. Among others, these rules include the following:
  • rules on assessing and maintaining competence;
  • supervision of employees who have not yet been assessed as competent;
  • appropriate qualifications; and
  • recordkeeping and reporting for firms within its scope, including how a firm assessed its employees as competent, and how it has ensured that its employees remain competent.

SFC

Under the SFO, licensed representatives and ROs are required to be “a fit and proper person” to carry on the regulated activities and must adhere to the standards of behaviour set out in the “Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission”. Other relevant guidelines regarding standards of behaviour include:

• “Fit and Proper Guidelines”, which set out the general expectations of the SFC of what is necessary to satisfy the licensing or registration requirements that a person is fit and proper.
• “Guidelines on Competence”, which set out the competence requirements and its objective to ensure a person is equipped with the necessary technical skills and professional expertise to be “fit”, and is aware of the relevant ethical standards and regulatory knowledge to be “proper” in carrying on any regulated activities.

HKMA

Under the BO, employees of an authorised institution that carry on regulated activities under the SFO are required to be fit and proper. In addition, the HKMA needs to be satisfied that the chief executive, directors, controllers and executive officers of the authorised institutions are fit and proper. Other relevant guidelines regarding standards of behaviour include:

• “Code of Banking Practice”, which is to be observed by authorised institutions in dealing with and providing services to their customers.
• Supervisory Policy Manual CG – 2 “Systems of Control for Appointment of Managers”, which sets out the system of control that authorised institutions should have for ensuring the fitness and propriety of individuals appointed as managers.

IA

The conduct requirements for licensed insurance agents and brokers are set out in Division 4 of the IO. Other relevant codes and guidelines include:

• “Code of Conduct for Licensed Insurance Agents”, which sets out the fundamental principles of professional conduct that buyers of insurance are entitled to expect in their dealings with licensed insurance agents.
• “Code of Conduct for Licensed Insurance Brokers”, which sets out the fundamental principles of professional conduct that buyers of insurance are entitled to expect in their dealings with licensed insurance brokers.
• “Guideline on ‘Fit and Proper’ Criteria under the Insurance Ordinance”

Financial entities must establish, implement and apply, among other things:

• confidentiality policies;
• policies for internal control to confirm the acts, operations and services of individuals are carried out in an ethical, professional and legal manner;
• policies regarding the prevention of acts and operations with illegal resources;
• policies to prevent psychological risk factors;
• policies that allow the identification, follow-up and control of risks inherent to operations; and
• conflict of interest resolution policies.

Under the general provisions applicable to operations with securities carried out by members of the board of directors, officers and employees of financial entities and other obligated parties, the principles that must be complied with are the following:

• transparency in operations;
• equal opportunity before all other market participants in sureties operations;
• compliance with fair stock market customs and practices;
• absence of a conflict of interest; and
• prevention of improper behaviour that may have as its origin the use of privileged or confidential information.

Policies, manuals and codes must also include guidelines for the resolution of potential conflicts of interest, as well as the mechanisms to avoid the existence of such conflicts.

Financial entities must inform the CNBV annually, within 15 days, a report on the conduct, operations, and services of individuals. If any act or operation with illegal resources is detected, financial entities must inform the authorities immediately, including the CNBV and the SHCP.

The board of directors of operating companies of investment funds, distribution entities, and stock appraisers of investment funds must approve a code of conduct, which must consider:

• activities in compliance with the applicable laws;
• internal control rules for the compliance of provisions and policies contained in the code, including investment provisions issued by the CNBV;
• security mechanisms to ensure confidential information is used solely for authorised purposes and security measures to protect clients’ files from fraud, robbery or misuse;
• an obligation on the general manager, officers and employees to conduct themselves in a fair, honest and professional manner in the performance of their activities; and
• a prohibition on officers, employees and proxies executing any type of operation with the public that contravenes market practices.

Members of the board of directors, the general manager, officers, regulatory comptrollers, proxies, and other employees must immediately report the existence of illegal or unethical conduct or activity to the regulatory comptroller.

Yes. Both the FCA and PRA have established their own high-level required standards of conduct known as the Conduct Rules. The FCA’s conduct rules are set out in the FCA’s Code of Conduct sourcebook. The PRA’s conduct rules are set out in the PRA Rulebook (and different versions apply to different types of PRA-regulated firms).

The FCA’s conduct rules apply to most individuals working at an SM&CR firm. The PRA’s conduct rules apply to more limited individuals working at dual-regulated SM&CR firms: senior managers (approved by the PRA or FCA); individuals within the PRA’s certification regime; key function holders; and non-executive directors.

The Conduct Rules apply to conduct relating to the carrying out of an individual’s role. They do not extend to conduct within an individual’s private life, provided that the conduct is unrelated to the activities they carry out for their firm. Nevertheless, an individual’s behaviour outside of work can still be relevant to the separate consideration of their fitness and propriety.

There are two tiers of Conduct Rules: a first tier of rules applicable to all individuals subject to the Conduct Rules; and a second tier applicable to senior managers only.

The rules of the first tier are:

• Rule 1 – You must act with integrity.
• Rule 2 – You must act with due skill, care and diligence.
• Rule 3 – You must be open and cooperative with the FCA, PRA and other regulators.
• Rule 4 – You must pay due regard to the interests of the customer and treat them fairly.
• Rule 5 – You must observe proper standards of market conduct.

The rules of the second tier (applicable to senior managers) are:

• SC1 – You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively.
• SC2 – You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system.
• SC3 – You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively.
• SC4 – You must disclose appropriately any information for which the FCA or PRA would reasonably expect notice.
• SC5 (certain dual-regulated firms only) – When exercising your responsibilities, you must pay due regard to the interests of current and potential future policyholders in ensuring the provision by the firm of an appropriate degree of protection for their insured benefits.

Firms must notify the FCA if they take disciplinary action against an individual for a breach of the Conduct Rules.

SFC – Self-reporting obligation

An SFC-licensed intermediary is subject to the self-reporting obligation under paragraph 12.5 of the “Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission”. A licensed or registered person should report to the SFC immediately upon the occurrence of any material breach, infringement or non-compliance with any laws, rules regulations, and codes administered or issued by the SFC, exchange or clearing house of which it is a member or participant of, and the requirement of any regulatory authority applicable to that intermediary. This encompasses both actual and suspected breaches, infringements or non-compliance. In the report, the particulars of the actual or suspected breach, infringement or non-compliance, and relevant information and documents must be included to fulfil the obligation.

The same is to be reported by the registered institutions to the HKMA. The HKMA also requires authorised institutions to submit an incident report on the same day of discovering the incident.

SFC - Internal investigation disclosure obligation

In addition, a licensed corporation is required to provide the SFC with information about whether a licensed individual who ceases to be accredited to it (outgoing employee) was under any investigation commenced by the licensed corporation within six months preceding his or her cessation of accreditation. If the internal investigation commences after the notification of cessation of accreditation, the licensed corporation should also notify the SFC as soon as practicable. In addition, even if a firm has completed its investigation and made no negative findings against an outgoing employee, the firm will still be required to notify the SFC of the investigation.

The SFC expects licensed corporations to proactively disclose information about all investigative actions and the following is a non-exhaustive list of examples of investigations involving an outgoing employee that a licensed corporation should disclose to the SFC:

• investigations about a suspected breach or breach of applicable laws, rules and regulations;
• investigations about a suspected breach or breach of the licensed corporation's internal policies or procedures;
• investigations about misconduct that are likely to give rise to concerns about the fitness and properness of the outgoing employee;
• investigations about any matter that may have an adverse market or client impact; and
• investigations about any matter potentially involving fraud, dishonesty and misfeasance.

HKMA – Reporting incidents to HKMA

According to the “Incident Response and Management Procedures” published by the HKMA, once an authorised institution has become aware that a significant incident has occurred, the authorised institution concerned should notify the HKMA immediately and provide it with whatever information is available at the time. An authorised institution should not wait until it has rectified the problem before reporting the incident to the HKMA.

According to the Supervisory Policy Manual SB-1 “Supervision of Regulated Activities of SFC-Registered Authorized Institutions”, to be in line with the reporting requirements imposed by the SFC on licensed representatives, authorised institutions will be required to notify the HKMA in writing within seven business days upon knowledge of the occurrence of certain information (including any subsequent changes) of the relevant individuals. The required information is on whether or not the person is or has been:

• convicted of or charged with any criminal offence (other than a minor offence) in Hong Kong or elsewhere;
• subject to any disciplinary action, or investigation by a regulatory body or criminal investigatory body (as the case may be) in Hong Kong or elsewhere;
• subject to, or involved in the management of a corporation or business that has been or is subject to, any investigation by a criminal investigatory body or any regulatory body in Hong Kong or elsewhere concerning offences involving fraud or dishonesty;
• engaged in any judicial or other proceedings, whether in Hong Kong or elsewhere, that is material or relevant to the fitness and propriety of the individual; or
• bankrupt or aware of the existence of any matters that might render him insolvent or lead to the appointment of a receiver of his property under the Bankruptcy Ordinance.

HKMA – Guidance Note on Cooperation with HKMA Investigations

Under the “Guidance Note on Cooperation with the HKMA in Investigations and Enforcement Proceedings”, the HKMA encourages and recognises the cooperation of authorised institutions, banks and their staff in investigations and enforcement proceedings. Under this Guidance Note, cooperation includes early and voluntary reporting of any suspected breach or misconduct, taking a proactive approach to assist the HKMA’s investigation, and making timely arrangements to provide evidence and information.

IA – Self-reporting obligation

Under “the Code of Conduct for Licensed Insurance Agents/Brokers”, there is a self-reporting obligation by licensed insurance agencies or brokerages to the IA. A licensed insurance agency or brokerage is required to have proper controls and procedures to ensure the following incidents are reported to the IA as soon as is reasonably practicable:

• a disciplinary action taken by the HKMA, the SFC or the Mandatory Provident Fund Schemes Authority;
• a criminal conviction (other than a minor offence) by any court in Hong Kong or elsewhere;
• any material breaches of requirements under the IO or any rules, regulations, codes or guidelines administered or issued by the IA; and
• any material incidents which happen to the agency or brokerage.

Pursuant to the Federal Law for the Prevention and Identity of Transactions with Illegally Obtained Resources, all acts carried out by financial entities are considered a vulnerable activity; therefore, financial entities must:

• set forth measures and procedures to prevent and detect acts and operations;
• file reports to the SHCP regarding acts, operations and services carried out by clients and employees if they suspect illegal resources are involved; and
• keep for at least 10 years any information and documents related to the identification of clients and users.

Given the above, if any action, operation or service is identified as undertaken with illegal resources or there is a breach of any of the provisions outlined in the above law, employers must inform the SHCP and prosecutor.

Also, if officers and general managers no longer comply with the legal requirements to occupy their positions (eg, not having a satisfactory credit record, or no longer being in good standing), financial entities may inform the CNBV or CNSF, as applicable, so the authorities may disqualify or remove those individuals from their positions.

Furthermore, if there is a breach of the code of conduct, the regulatory comptroller must inform the board of directors and keep such information available to the CNBV at all times. The board of directors will be in charge of establishing disciplinary measures.

Finally, if employees breach psychological risk prevention obligations (see question 11), employers must inform the labour authorities to impose corresponding sanctions.

Yes. There are multiple potential reporting obligations with various timing imperatives. We include below a snapshot of some of the key obligations:

• under FCA Principle 11, firms have a general duty to inform the FCA of matters about which it would reasonably expect notice;
• a firm must notify the FCA immediately it becomes aware, or has information which reasonably suggests, that a matter which could have a significant adverse impact on the firm’s reputation has occurred, may have occurred or may occur in the foreseeable future;
• a firm must notify the FCA immediately it becomes aware, or has information which reasonably suggests, that a significant breach of a rule (including a significant breach of a Conduct Rule) has occurred, may have occurred or may occur in the foreseeable future; and
• a firm must also notify the FCA if it takes disciplinary action against an individual for a breach of the Conduct Rules. Where the relevant individual is a senior manager, the notification must be made within seven business days. Where the relevant individual is certified staff, the notification must be made in the firm’s annual reporting.

Anti-money laundering and counter-financing of terrorism

Financial services employees are required to receive training on anti-money laundering and counter-financing of terrorism. New staff should be required to attend initial training as soon as possible after being hired or appointed. Apart from the initial training, refresher training should be provided regularly to ensure that staff are reminded of their responsibilities and are kept informed of new developments (see question 8).

Whistleblowing

There is no single comprehensive whistleblowing legislation to protect whistleblowers in Hong Kong. However, piecemeal provisions in various ordinances may protect specific whistleblowers for the reporting of specific offences. For example, the Employment Ordinance provides that an employer shall not terminate (or threaten to terminate) the employment of, or in any way discriminate against, an employee because the employee has given evidence or information in any proceedings or inquiry in connection with the enforcement of the Employment Ordinance, work accidents or breach of work safety legislation.

While it is not legally required, as good practice, employers should consider implementing a whistleblowing policy to set out, among others, the type of incidents that should be reported and the procedures for filing the report.

Workplace harassment

Under the Sex Discrimination Ordinance, Disability Discrimination Ordinance and Race Discrimination Ordinance, any harassment in the workplace based on sex, pregnancy, disability and race (which includes colour, descent, ethnic or national origins) is unlawful.

As employers are vicariously liable for the wrongful acts of their employees (whether or not the act was done with the employer’s knowledge or approval), one of the statutory defences is for employers to establish that they took “reasonably practicable steps” to prevent the wrongful act in the workplace. Employers should therefore put in place anti-harassment policies and procedures to prevent harassment from happening in the workplace and to provide complaint or reporting procedures to handle such incidents.

In addition to the obligations previously described, employers and employees are subject to Official Mexican Rule NOM-035-STPS-2018 Employment Psychological Risks – Identification, Analysis and Prevention.

The purpose of NOM-035 is to establish the criteria to identify, analyse and prevent psychosocial risks; and to promote a favourable organisational environment in the workplace.

NOM-035 establishes specific obligations for employers, including:

• informing employees about policies to prevent psychosocial risk factors and labour violence, and promoting a favourable organisational environment;
• identifying and analysing factors of psychosocial risk;
• assessing the organisational environment;
• adopting measures to prevent psychosocial risk and promote a favourable organisational environment;
• adopting corrective actions when identifying psychosocial risk factors;
• identifying workers that could have been exposed to traumatic events and providing help; and
• keeping records of the analysis and identification of psychosocial risks, evaluations of the organisational environment, and corrective action.

To prove compliance, employers must adopt the following measures:

• develop a psychosocial risk policy;
• establish a complaints channel to receive and deal with reports of possible practices preventing a favourable organizational environment and report acts of workplace violence;
• conduct surveys to identify employees that have been exposed to psychosocial risks;
• conduct surveys to identify psychosocial risk factors and potential threats to the organisational environment; and
• create intervention programmes with specific actions based on the results obtained.

The Ministry of Labour and Social Welfare is the authority that inspects compliance with these obligations. NOM-035 does not establish specific sanctions for non-compliance, but inspectors may apply fines derived from the FLL. Also, employers must regularly carry out evaluations, research and follow-up on complaints. They must also prepare regular reports on the subject.

These provisions apply to all employers and there are no particular provisions regarding the prevention of harassment in financial entities.

Whistleblowing

In addition to the requirements of the SM&CR outlined above which relate to the prevention of wrongdoing (including the Conduct Rules, fitness and propriety assessments, Senior Managers’ Duty of Responsibility, the certification and approvals processes and associated training requirements), the PRA and the FCA maintain rules on whistleblowing. These are intended to encourage whistleblowers to come forward to report wrongdoing and protect them from retaliation when they do.

For certain types of SM&CR firms, the rules mandate measures that employers must implement, for others they provide guidance on measures to consider.

The key measures are as follows:

• Whistleblowers’ champion – a non-executive director and senior manager with responsibility for whistleblowing compliance within the firm, including oversight of internal policies and procedures and certain reporting requirements.

• Whistleblowing channel – a system which allows whistleblowers to report concerns confidentially and anonymously, and which allows such concerns to be assessed, addressed, and escalated where appropriate.

• Notification regarding external whistleblowing channels – that is, making staff aware of their right to report matters directly to the PRA and FCA and explaining how they can do so.

• Whistleblowing training – this must cover arrangements on whistleblowing within the firm and be provided (and tailored) to employees based in the UK, their managers, and employees responsible for operating the firm’s whistleblowing arrangements.

Prevention of harassment

Harassment and related unacceptable workplace behaviours (such as bullying and discrimination) are not specifically addressed in the SM&CR rules on individual accountability. However, it is clear from regulators’ public statements that the culture of firms (in its broadest sense) is central to their approach. Having a healthy firm culture is seen as critical to consumer protection and well-functioning markets, and firms with healthy cultures are considered to be less prone to misconduct.

Firms that are subject to the SM&CR need to be alive to the possibility that instances of harassment and other non-financial misconduct could amount to breaches of the individual accountability regime or trigger certain requirements under it, such as a requirement to investigate, reassess an individual’s fitness and propriety, or notify certain matters to the regulators. The same could apply to any failure by relevant staff to investigate and deal appropriately with allegations of this kind, such as a senior manager who turns a blind eye to reports of sexual harassment or workplace bullying. While there have been relatively few instances of non-financial misconduct resulting in an enforcement action to date, this is likely to become an emerging trend.

There are no particular rules or protocols that apply when terminating the employment of an employee in the financial services sector. The termination procedures will follow the requirements under the Employment Ordinance and the contractual terms of the employment contract. In certain cases (eg, termination of senior executives), the parties may enter into a mutual release and settlement agreement.

The licensed corporations should notify the regulators of any changes, including cessation of appointment of the licensed representative and responsible officer or managers-in-charge of core functions, within seven business days. In the case of registered institutions, the notification should be made to both the SFC and the HKMA.

Under section 64R of the IO, within 14 days after the day on which an authorised insurer, a licensed insurance agency or a licensed insurance broker company (collectively, “Appointing Principal”) terminates the appointment of a licensed insurance agency, a licensed individual insurance agent, a licensed technical representative (agent), a licensed technical representative (broker) or a responsible officer (as the case may be), then the Appointing Principal should notify the IA in writing of the termination.

Under the Constitution and the FLL, an employee has the right to secure employment (employment stability right) and an employer cannot terminate an employment contract without legal cause.

An employer may only dismiss an employee under one or more of the legal causes provided for in article 47 of the FLL (eg, lack of ethics, dishonesty, violence, harassment, absence more than three times in a month without authorisation, disobedience, and intoxication). Dismissal should be carried out within the one month after the employer becomes aware of the legal cause for termination (statute of limitations).

The FLL requires employers to provide the employee with a written notice of dismissal in which the date and causes are expressly described. A lack of written notice makes the termination unlawful and triggers the severance obligation described below.

In addition, financial entities may end the employment of individuals without notice in the following circumstances:

• if a general manager or officer no longer complies with the legal requirements to occupy their position (see question 2);
• if the CNBV or the CNSF, as applicable, disqualifies, removes, or relieves individuals from their positions; and
• if a brokerage house’s proxies are no longer authorised by the CNBV.

If there are no legal grounds to justify the termination and an employee is dismissed, the dismissal is wrongful and the employee has the right to:

• be reinstated (article 49 of the FLL establishes the cases where an employer is exempt from reinstating an employee, for example employees of trust); or
• a severance payment (three months of salary, plus 12 days of salary for each year of service capped at twice the general minimum wage of the geographic area where the employee rendered services, plus 20 days of salary per year of service, and, if applicable, back pay.

These obligations are only enforceable (reinstatement and payment of severance) if the dismissal is deemed wrongful by the labour authorities in their corresponding resolution. Nevertheless, if there are no legal grounds that justify the termination, it is common practice to pay the severance in advance if there is no intention to reinstate the employee after termination.

When termination occurs, financial entities must inform the self-regulated bodies to revoke powers of attorney within five days. The self-regulated body must then inform the CNBV of the revocation. For the removal or resignation of the general manager and officers, financial entities must inform the corresponding authority within five to ten days, depending on the type of financial entity.

For the termination of employment of employees in general positions, there is no particular document to execute other than a termination document (resignation or employment termination agreement and release).

Settlement agreements

The whistleblowing measures outlined above are complemented by mandatory requirements for SM&CR firms concerning settlement agreements, namely that any such agreement must include a term stating that it doesn’t prevent the individual from making a protected disclosure, and must not require the individual to warrant that they have not made a protected disclosure or that they do not know of any information which could lead to them doing so (a “protected disclosure” is a type of disclosure recognised in English employment law that gives the person making it legal protection from retaliatory detrimental treatment).

SM&CR firms entering into settlement agreements must also ensure that they are not drafted in a way that is incompatible with other relevant regulatory requirements. For example, there is a specific prohibition in the FCA Handbook on firms entering into any arrangements or agreements with any person that limit their ability to disclose information required by the regulatory reference rules (see question 2). As such, terms relating to confidentiality and the provision of employment references should allow the firm sufficient flexibility to comply with regulatory reference requirements, which could include a requirement to update such a reference. In addition, any obligations of confidentiality should include a carve-out to permit relevant regulatory disclosures and reports.

Handover procedures

The SM&CR includes requirements designed to ensure that adequate handovers take place between outgoing and incoming senior managers. Firms must take all reasonable steps to ensure that senior managers (and anyone who has management or supervisory responsibilities for them) have all the information and material that they could reasonably expect to have to perform their responsibilities effectively and under the requirements of the regulatory system. This applies when someone becomes a senior manager and when an existing senior manager takes on a new job or new responsibilities (or when their responsibilities or job are being changed).

Firms must have a handover policy in place to ensure compliance with these requirements. They must also make and maintain adequate records of steps taken to comply with them.

The information and material handed over should be practical and helpful, with an assessment of what issues should be prioritised, and judgement and opinion as well as facts, figures and records. It should also include details about unresolved or possible regulatory breaches and any unresolved concerns expressed by the FCA, the PRA or any other regulatory body.

The format and arrangements of a handover should allow for an orderly transition, which should include the outgoing senior manager contributing to the handover everything that it would be reasonable to expect them to know and consider relevant, including their opinions. This could be achieved by requiring outgoing senior managers to prepare a handover certificate, but the FCA recognises that this will not always be practical.

To ensure that these requirements are satisfied, it is good practice to include in senior managers’ employment contracts (and settlement agreements) specific obligations relating to handovers.

Reallocating senior managers’ responsibilities

In addition to ensuring that adequate handovers take place between outgoing and incoming senior managers, firms should also ensure on the departure of a senior manager that their responsibilities are reallocated and that this is recorded in a way that is compliant with relevant regulatory requirements. This may include temporary reallocation to one or more existing senior managers where the replacement does not take over immediately on the departure of the departing senior manager, as well as updating the firm’s management responsibilities map and statements of responsibilities.

Reporting requirements

When an individual ceases to perform an SMF, the firm must generally notify the relevant regulatory within seven business days.

SM&CR firms must notify the relevant regulators if certain types of disciplinary action are taken, which can include dismissal – see question 10.

There are no particular rules that apply concerning the use of post-termination restrictive covenants for employees in the financial services sector. The rules concerning post-termination restrictive covenants are governed by common law principles in which they will only be enforced if the restriction is necessary for the protection of the employer’s legitimate business interest and is reasonable in scope and duration.

There are no particular rules or legal provisions concerning the use of post-termination restrictive covenants. Nevertheless, it is common practice to execute termination agreements with officers and general managers whereby non-disclosure, non-compete and non-solicitation provisions are set forth by the parties. The use of non-compete and non-solicitation provisions in termination agreements is only recommended for very specific employees and must be negotiated when the employment is terminated.

Plain non-compete and non-solicitation provisions binding employees after termination are not enforceable under Mexican law, because the Mexican Constitution grants individuals the right to perform any job, industry, commerce or work as long it is legal and not prohibited by a judicial or governmental decision.

Post-employment non-compete obligations, which are treated as an exception, must be agreed upon in connection to specific activities that may be deemed unfair competition, and may be enforced with economic compensation.

The period of enforceability must be proportional to:

• the number of years of employment;
• the level of information and importance of the position;
• the economic compensation; and
• the scope of the non-compete obligations.

Unfair competition and solicitation – either for business, or to induce other individuals to leave the company, while the employment contract between an individual and employer is in effect – may be considered misconduct. This misconduct is a cause of termination without notice for the company, and therefore it is feasible to enforce it.

The terms and conditions must be specifically addressed in writing, within the employment termination agreement, making express reference to the importance of the information, potential competition, activities that may be deemed unfair competition, intellectual property, and commercial advantages. The compensation paid is usually similar to or above the income of the employee while he or she was active with the company. Clawback and damages payments for breach of contract are standard practices.

The SM&CR does not regulate the use of post-termination restrictive covenants for employees in the financial services sector. It is fairly typical for financial services firms in the UK to include non-dealing, non-solicitation, non-compete and similar restrictive covenants in their employment contracts. These are subject to the same common law rules on interpretation and enforceability as in any other sector. The only caveat to this is that firms should ensure that such terms do not include any provision that might conflict with the regulatory duties of either the firm or the employee. This will be a rare occurrence in practice for most types of restrictive covenant, but could arise in respect of post-termination contractual obligations that are closely associated with restrictive covenants, namely those relating to confidentiality. As such, firms should ensure that confidentiality clauses in employment contracts or other agreements such as NDAs include appropriate carve-outs.

Non-disclosure agreements are legally enforceable in Hong Kong. They follow the contract law rules and there is no other particular form or rules. To be enforceable, a non-disclosure agreement must protect information that is both confidential and valuable. There are common exceptions where confidentiality will not apply to certain information, including information available in the public domain, information lawfully received from a third party without proprietary or confidentiality limitations, information known to the employee before first receipt of same from the employer, and information disclosed in circumstances required by law or regulatory requirement.

Non-disclosure provisions under Mexican law are applicable and enforceable. All information to which employees have access, given their position and services, regarding third parties and deemed sensitive or confidential (ie, non-public information) may not be disclosed at any time after the termination of employment or used for any other purposes.

The breach of non-disclosure obligations of confidential information and trade secrets may lead to economic sanctions or imprisonment. The disclosure of confidential information or using it to an employer’s detriment is an offence under criminal law. Also, employees that breach confidential obligations may have to pay damages to the affected party.

Pursuant to article 186 of the general provisions applicable to brokerage houses, internal policies must be in place to establish guidelines and procedures for the use, management, conservation and, as applicable, destruction of books, records, documents, and other information; and must guarantee the adequate use and control of documents containing the confidential information of clients. Also, these entities must establish strict controls to avoid the improper use of books, records, and documents in general.

According to the Law to Regulate Technological Finance Institutions, entities must include measures and policies to control operational risks within their filing for authorisation at the CNBV. They must also provide information security and confidentiality policies, with evidence of secure, trustable and precise technological support for their clients and with minimum standards of security to ensure the confidentiality, availability and integrity of information, as well as to prevent fraud and cyberattacks.

Additionally, financial entities must guarantee the security and integrity of the information, and implement security measures to preserve the integrity and confidentiality of the information generated, stored, or processed.

Lastly, under the Federal Law for the Prevention and Identity of Transactions with Illegally Obtained Resources, filing notices, information and documentation related to vulnerable activities to the SHCP does not qualify as a breach of confidentiality obligations.

NDAs (also known as confidentiality agreements) are potentially lawful and enforceable in the UK. It is common to include NDAs in employment contracts (to protect the confidential information of the employer during and after employment) and in settlement agreements (to reiterate existing confidentiality obligations and to keep the circumstances of the settlement confidential).

NDAs do not need to follow a particular form, but they must be reasonable in scope. Following #MeToo, there has been considerable government, parliamentary, and regulatory scrutiny of the use of NDAs and their reasonableness in different circumstances.

The following limitations on NDAs should be noted:

• By law, any NDA purporting to prevent an individual from making a “protected disclosure” as defined in the Employment Rights Act 1996 (ie, blowing the whistle about a matter) is void.

• The regulatory body for solicitors in England and Wales, the Solicitors Regulation Authority (SRA), has issued a detailed warning notice and guidance to practitioners setting out – in its view – inappropriate or improper uses of NDAs. Failure to comply with the SRA’s warning notice may lead to disciplinary action. The SRA lists the following as examples of improper use of NDAs:

• • using an NDA as a means of preventing, or seeking to impede or deter, a person from:
    • cooperating with a criminal investigation or prosecution;
    • reporting an offence to a law enforcement agency;
    • reporting misconduct, or a serious breach of the SRA’s regulatory requirements, to the SRA, or making an equivalent report to any other body responsible for supervising or regulating the matters in question; and
    • making a protected disclosure;
    • using an NDA to influence the substance of such a report, disclosure or cooperation;
    • using an NDA to prevent any disclosure required by law;
    • using an NDA to prevent proper disclosure about the agreement or circumstances surrounding the agreement to professional advisers, such as legal or tax advisors, or medical professionals and counsellors, who are bound by a duty of confidentiality;
    • including or proposing clauses known to be unenforceable; and
    • using warranties, indemnities and clawback clauses in a way that is designed to, or has the effect of, improperly preventing or inhibiting permitted reporting or disclosures being made (for example, asking a person to warrant that they are not aware of any reason why they would make a permitted disclosure, in circumstances where a breach of warranty would activate a clawback clause).
       
• The Law Society of England and Wales, a professional association representing solicitors in England and Wales, has issued similar guidance (including a practice note) on the use of NDAs in the context of the termination of employment relationships.
• Other non-regulatory guidance on the use of NDAs has also been issued, including by the Advisory, Conciliation and Arbitration Service and by the UK Equality and Human Rights Commission.

Care should be taken accordingly to ensure that the wording of any NDA complies with prevailing guidance, especially from the SRA.