Employment in Financial Services

There are no particular pre-screening measures specified by the financial regulators in Hong Kong. Nevertheless, financial institutions would generally conduct background checks on prospective employees (especially those taking on senior positions) to ensure they comply with the “fit and proper” requirements of the financial regulators.

There is no particular form of regulator-specified reference to be provided by previous employers in the financial services industry. Nevertheless, the SFC has specified disclosure obligations for licensed corporations in respect of outgoing employees who were subject to internal investigations (see question 10).

The pre-screening measures, when employing a financial service employee, are carried out in compliance with the frameworks laid down by the respective industry regulators. For instance, the Reserve Bank of India (RBI), the central banking sector regulator in India, periodically issues certain guidelines for banking and non-banking employers to conduct mandatory employee background checks. These regulators also recognise certain “Self-Regulatory Organisations” (SROs), who then play the primary role in conducting grassroots verifications. SROs conduct character and antecedent verification of employees registered with them as per the standards set by the regulator. Strict police verification of at least the last two addresses is usually mandated and verifications are periodically updated and shared on a common database at an industry level. For instance, the Finance Industry Development Council is an SRO of Non-Banking Finance Companies (NBFCs) and is registered with the RBI.

A financial services employer should be sensitive to the data being used for pre-screening measures as India protects individual privacy. Hence, both the employer and the service provider engaged by the employer should obtain prior consent from the prospective employee before pre-screening. If the pre-screening measures include the collection of “sensitive personal data information[1]”, then an employer must seek the individual’s consent, which would also help mitigate risks for any claims concerning the invasion of an employee’s privacy. Employers should ideally ensure that pre-screening is complete before the employee is hired. A comprehensive pre-screening will include verification of educational qualifications, checks with past employers, verification of residential addresses, police records, and passport status. Usually, with seniority of the role, checks with past employers happen more rigorously, while for entry-level employees, checks with academic institutions about educational qualifications may be done more rigorously. Similar standards must be met by contract employees empanelled by the service providers.

There is no regulator-specified reference that must be provided by previous employers in the financial services industry. However, in practice, most public sector banks (eg, Bank of India) and many central public sector undertakings in financial services (eg, Life Insurance Corporation of India (LIC)), as per their selection or onboarding protocols, require at least two “Character Certificates”, one of which should be from the head of the educational institution last attended or the present employer and the other should be from gazetted officers[2] or bank officers, without any familial ties to the employee.

RFSPs must satisfy themselves that all CF and PCF candidates or employees comply with the F&P Standards. Pre-employment due diligence must be performed, including asking the candidate to certify they will comply with the F&P Standards and notify the RFSP immediately of any change in circumstance that may mean they no longer comply. Employers must continue to ensure that in scope employees comply with the F&P Standards and must complete an annual declaration to this effect. This means that due diligence must continue throughout the employment relationship and not just at the recruitment stage.

Candidates for PCF roles must complete an online individual questionnaire, which is submitted to the CBI in advance of appointment to the role through the Central Bank portal. The CBI must grant its approval for the PCF appointment before a candidate can take up the role. Any PCF offer of employment must be conditional on that approval being obtained. The CBI may request applicants attend an interview as part of the approval process.

Employers should take all reasonable steps to secure references from previous employers in order to due diligence the candidate's compliance with the F&P Standards and their suitability for the role. However, an employer is not obliged to issue a reference in respect of a former employee which means that a prospective employer may not be able to secure a reference from a previous employer.  The CBI does not oblige employers to either issue or obtain a reference as part of screening checks, however employers must make good efforts to do so.

There are material obstacles from a data privacy and practical perspective to employers conducting criminal background checks in relation to prospective employees. Data relating to criminal convictions is special category data under the GDPR. Employers would need to satisfy both Article 6 and Article 9 requirements under the GDPR to justify the processing of this data. In terms of Article 9, this means employers would need to show reasons of substantial public interest or that they are carrying out their legal obligations in processing the data.  In terms of Article 6 the employer will need to show that the processing is necessary to comply with a legal obligation to which the employer is subject or the processing is necessary for the employer's legitimate interests for example to ensure the suitability and honesty of its employees and to protect its reputation. Employers are also prevented from asking candidates about "spent convictions" which are usually minor criminal offences dating back over seven years.

Pre-employment medical checks must also have a clear legal basis justifying the processing of an employee's medical and health information.