Employment in Financial Services

RFSPs must satisfy themselves that all CF and PCF candidates or employees comply with the F&P Standards. Pre-employment due diligence must be performed, including asking the candidate to certify they will comply with the F&P Standards and notify the RFSP immediately of any change in circumstance that may mean they no longer comply. Employers must continue to ensure that in scope employees comply with the F&P Standards and must complete an annual declaration to this effect. This means that due diligence must continue throughout the employment relationship and not just at the recruitment stage.

Candidates for PCF roles must complete an online individual questionnaire, which is submitted to the CBI in advance of appointment to the role through the Central Bank portal. The CBI must grant its approval for the PCF appointment before a candidate can take up the role. Any PCF offer of employment must be conditional on that approval being obtained. The CBI may request applicants attend an interview as part of the approval process.

Employers should take all reasonable steps to secure references from previous employers in order to due diligence the candidate's compliance with the F&P Standards and their suitability for the role. However, an employer is not obliged to issue a reference in respect of a former employee which means that a prospective employer may not be able to secure a reference from a previous employer.  The CBI does not oblige employers to either issue or obtain a reference as part of screening checks, however employers must make good efforts to do so.

There are material obstacles from a data privacy and practical perspective to employers conducting criminal background checks in relation to prospective employees. Data relating to criminal convictions is special category data under the GDPR. Employers would need to satisfy both Article 6 and Article 9 requirements under the GDPR to justify the processing of this data. In terms of Article 9, this means employers would need to show reasons of substantial public interest or that they are carrying out their legal obligations in processing the data.  In terms of Article 6 the employer will need to show that the processing is necessary to comply with a legal obligation to which the employer is subject or the processing is necessary for the employer's legitimate interests for example to ensure the suitability and honesty of its employees and to protect its reputation. Employers are also prevented from asking candidates about "spent convictions" which are usually minor criminal offences dating back over seven years.

Pre-employment medical checks must also have a clear legal basis justifying the processing of an employee's medical and health information.

In the DIFC, an individual who performs a “licensed function” must be approved in advance by the DFSA.   The roles which fall within the meaning of an authorised person for the DFSA includes someone appointed as:

• the Senior Executive Officer, who has ultimate responsibility for the day-to- day management, supervision and control of one or more (or all) of an authorised firm’s financial services carried on, in or from the DIFC;
• the Finance Officer;
• Compliance Officer;, and
• Money Laundering Reporting Officer. 

Where a firm proposes to appoint an authorised individual, an application to the DFSA must be made in advance; the DFSA will make an assessment of the  individual in order to satisfy itself that they are fit and proper to be an authorised individual. The Regulator will consider the individual’s integrity, competence and capability, financial soundness, their proposed role, and any other relevant matters.  That individual may not be considered as fit and proper where they have been declared bankrupt, convicted for a serious criminal offence, or incapable - through mental or physical incapacity - of managing their affairs.

In the ADGM, an individual who performs a “controlled function” must be approved in advance by the ADGM.  A controlled function includes someone appointed as the Senior Executive Officer, Finance Officer, Compliance Officer, and Money Laundering Reporting Officer.

Where a firm proposes to appoint someone in a controlled function, an application to the ADGM must be made in advance, The ADGM will make an assessment of  that individual in order to satisfy itself that they are fit and proper to be an approved individual.  The Regulator will consider the individual’s integrity, competence and capability, financial soundness, their proposed role and any other relevant matters.  That individual may not be considered as fit and proper where they have been declared bankrupt, convicted for a serious criminal offence, or incapable - through mental or physical incapacity - of managing their affairs.

The following documents should be in place:

• written statement of terms of employment e.g., a written contract of employment that complies with the Terms of Employment (Information) Act 1994-2014 and the European Union (Transparent and Predictable Working Conditions) Regulations 2022;
• grievance and disciplinary policy;
• protected disclosures policy;
• dignity at work policy (anti-harassment and bullying prevention);
• safety statement; and
• where possible, an employee handbook that details all the statutory leave policies and other bespoke policies of the RFSP.

Employees must be provided with an employment contract across the different jurisdictions in the UAE.  This applies to all employees, regardless of whether they work in the financial services industry.

In the DIFC, the DIFC Employment Law requires employers to provide their employees with a written contract that must specify the following:

• the parties’ names;
• the start date;
• the salary and any allowances to be provided to the employee;
• the applicable pay period;
• hours and days of work;
• vacation leave and pay;
• notice to be given by either party to terminate employment; 
• the employee’s job title;
• confirmation as to whether the contract is for an indefinite period or for a fixed term;
• the place of work;
• applicable disciplinary rules and grievances procedures;
• the probation period;
• a reference to any applicable policies and procedures (including any codes of conduct) and where these can be accessed; and
• any other matter that may be prescribed in any regulations issued under the DIFC Employment Law.

In the ADGM, the ADGM Employment Regulations requires employers to provide their employees with a written contract that must specify the following:

• the parties’ names;
• the start date;
• remuneration;
• the applicable pay period;
• hours and days of work; and
• any terms and conditions relating to:
  • vacation leave and pay, national holiday entitlement and pay;
  • sick leave and sick pay;
  • the notice period that either party is required to give to the other in order to terminate employment;
  • the employee’s job title;
  • whether the employment is for an indefinite or fixed term;
  • the place of work;
  • any disciplinary rules or grievance procedures applicable to the employee; and

any other matter that may be prescribed by the employer.

Yes, under the Minimum Competency Regime (see question 1), employees who perform certain prescribed functions and roles in prescribed RFSPs such as insurance businesses and credit unions, must meet the required competencies and qualifications standards.

The 2023 Act also introduces a new requirement that persons can only be permitted to perform a CF role (including a PCF role) where a certificate of compliance with the F&P Standards given by the firm is in force (Certification Regime).

As part of the Certification Regime, a certificate of compliance may only be given if:

1. the firm is satisfied on reasonable grounds that the person complies with the F&P Standards; and
2. the person has agreed to abide by the F&P Standards and to notify the firm without delay if for any reason they no longer comply with the F&P Standards.

As noted in question 2 -, employees undertaking certain regulated roles must obtain the pre-approval of the relevant regulatory authority.  The regulators in each case will assess the fitness and propriety of the relevant individual.
 

No.

There is no public register of authorised individuals.

There are prescriptive, sector-specific requirements, which apply to the remuneration of specified categories of employees or directors, and which apply in the asset management, investment services, banking, and insurance sectors.

Employers in these sectors are tasked with ensuring that the remuneration paid to material risk takers (individuals whose professional activities have a material impact on an RFSP's risk profile) or identified staff align with the RFSP risk profile.

There are detailed rules with technical guidance (emanating from EU law) specific to each sector, but at a high level they (to differing degrees) set out rules on; variable remuneration composition, ratios or other metrics to compare variable to fixed remuneration to ensure it is appropriate; malus requirements, which would allow the RFSP to cancel or reduce the employee's variable remuneration before it is paid out; and clawback provisions which allow RFSPs to recover variable remuneration after it has been awarded. It is important to ensure that employees' contracts of employment acknowledge that any variable remuneration will be subject to all regulatory restrictions and rules and may be clawed back in certain circumstances.

The CBI's 2014 Guidelines on Variable Remuneration Arrangements for Sales Staff also emphasise the importance of remuneration structures to have sufficient deterrents built into them (such as malus and clawback mechanisms) to avoid incentivising undesirable/risky behaviours from sales staff in the banking, insurance and investment services sectors.

Both the DFSA General Rulebook and FSRA General Rulebook contain Best Practice Guidance for remuneration structure and strategies of authorised entities. In particular, the guidance identifies that the governing body of an authorised entity ought to consider the risk to which the firm could be exposed to as a result of the conduct or behaviour of its employees, and to consider the ratio and balance between fixed and variable remuneration components, the nature of the duties and functions performed by the relevant employees, the assessment criteria against which performance based components of remuneration are to be awarded, and the integrity and objectivity of any performance assessment against that criteria.

Yes. A CF employee, subject to the Minimum Competency regime, will be required to complete CPD training. Evidence of meeting that CPD requirement is also a factor in determining a person's F&P. RFSPs must maintain records of CPD training provided to CFs to demonstrate compliance with the minimum competency regime.

The 2023 Act also introduces new training obligations for those subject to the Common and Additional Conduct Standards, with firms being required to train those persons on how these obligations apply to them and their new duties of responsibility. Attendance at, or completion of, training in respect of the Conduct Standards should be mandatory and such attendance should be carefully documented with refresher training rolled out periodically.

Employers within the scope of the Criminal Justice (Money Laundering and Terrorist Financing) Acts 2010 - 2021 (including RFSPs) are required to provide annual training to relevant staff and directors on its requirements and the RFSP must have procedures in place to comply with that legislation and associated guidance.

Depending on the RFSP's business, additional mandatory training may be needed annually, for example, on topics such as market abuse.

The designated person for responding to protected disclosures should be trained and competent in the identification and handling of protected disclosures.

The DFSA General Rulebook requires authorised entities to ensure that the Senior Executive Officer, Compliance Officers, and Money Laundering Reporting Officer, must complete a minimum of 15 hours of continuing professional development in each calendar year.  This continuing professional development must be relevant to the employee’s role and professional skill and knowledge, and consist of structured activities, such as courses, seminars, lectures, conferences, workshops, web-based seminars or e-learning, which require a commitment of 30 minutes or more.  The employee must also ensure that they maintain adequate records to be able to demonstrate that these requirements have been met.

The FSRA General Rulebook requires an authorised entity to ensure that its directors and senior managers are fit and proper and its guidance suggests that whether any training has been untaken or is required should be considered.  In addition, an authorised entity should satisfy itself that an employee continues to be competent and capable of performing the role, has kept abreast of market, product, technology, legislative and regulatory developments that are relevant to the role, through training or other means, and is able to apply this knowledge.

Yes there are. They are:

• the F&P Standards;
• the minimum competency regime; and
• the IAF and SEAR (see question 1).

There are also sector-specific conduct of business requirements in legislation and codes, including the Consumer Protection Code 2012, the MiFID II regime, and other regulatory requirements applicable to RFSPs based on their industry sector that apply and deal with matters such as:

• error handling,
• disclosures to customers,
• acting in the best interests of customers; and
• complaints handling.

In the DIFC, the DFSA General Rulebook provides that authorised individuals must adhere to six principles, as follows:

• Principle 1 – Integrity
• Principle 2 – Due skill, care and diligence
• Principle 3 – Market conduct
• Principle 4 – Relations with the DFSA
• Principle 5 – Management, systems and control
• Principle 6 – Compliance
   

In the ADGM, the FSRA General Rulebook provides that authorized individuals must adhere to eleven principles, as follows:

• Principle 1 – Integrity
• Principle 2 – Due skill, care and diligence
• Principle 3 – Management, systems and control
• Principle 4 – Resources
• Principle 5 – Market conduct
• Principle 6 – Information and interests
• Principle 7 – Conflicts of Interest
• Principle 8 – Suitability
• Principle 9 – Customer assets and money
• Principle 10 – Relations with regulators
• Principle 11 – Compliance with high standards of corporate governance

The CBI expects RFSPs to be open and transparent in their engagement, including concerning compliance with the F&P Standards and the Common Conduct Standards. While early versions of the IAF regulations and related guidance contained an obligation on a RFSP to report to the CBI if disciplinary action had been taken against an individual, the obligation was removed from the latest version of the draft legislation. The Guidance indicated that the CBI would expect that they would have already received relevant details as it provides that firms and persons performing PCF roles are required to report to the CBI where they suspect that a "prescribed contravention" may have occurred for the purposes of the CBI legislative framework and the CBI states that a breach of the Common Conduct Standards and/or Additional Conduct Standards is a "prescribed contravention" for these purposes.

Both the DFSA General Rulebook and FSRA General Rulebook provide that where an authorised firm requests the withdrawal of an authorised individual, they must provide to the regulator details of any circumstances in which they consider the individual is no longer fit and proper.  Where the individual is to be dismissed or has requested to resign, the firm must provide to the regulator a statement of the reason, or reasons, for the dismissal or resignation.

In addition, the DFSA and FSRA General Rulebooks contain broad obligations on any authorised firm to report to the regulator if it becomes aware of a range of occurrences, including any matter which could have a significant adverse effect on the authorised firm’s reputation, or a matter in relation the authorised firm which could result in serious adverse financial consequences to the financial system or to other firms, or a significant breach of a rule by the authorised firm or its employees.

Yes. Concerning the prevention of wrongdoing, RFSPs should implement a written protected disclosures/whistleblowing policy that explains the secure and confidential internal and external reporting channels available to workers who wish to report relevant wrongdoings. The anti-retaliation protection should be explained and workers should understand from the policy how a report of relevant wrongdoing will be dealt with by the RFSP.

RFSPs should ensure that they have clear, up-to-date and fully compliant policies governing:

• dignity at work (including anti-harassment and anti-bullying measures); and
• grievance and disciplinary policies.

RFSPs should ensure that employees are trained on the RFSP's dignity at work (anti-bullying and harassment) policies to ensure that the RFSP's values, culture and commitment to preventing harassment and bullying are clear regarding their rights and obligations.

Whistleblowing

In the DIFC, whistleblowing is addressed both by the DFSA, who introduced its regulatory regime for whistleblowing in 2022 through amendment to its Regulatory Law 2004, as well as the more general obligations contained in the Operating Law of the DIFC Authority.

Under the Regulatory Law, any person who makes a qualifying disclosure to a specified person is entitled to protection under the law.  Similar provisions are contained in the Operating Law.

The disclosure may be made internally within the company, for example, to a director, officer or any person in a management position of the relevant company, or any person designated by that company to receive the disclosure of such information; or externally, for example, to the Registrar, Financial Services Regulator, Office of Data Protection, or criminal law enforcement agency in the UAE.

The qualifying disclosure must relate to the disclosure of information made in good faith, that relates to a reasonable suspicion that a regulated entity, or any of its employees or officers, has or may have, contravened a provision of legislation administered by the DFSA, or has engaged in money laundering, fraud, or other financial crime.

A person making a protected disclosure shall not be subject to any civil or contractual liability for making the disclosure, nor shall they be dismissed or otherwise suffer a detriment or disadvantage in connection with making the disclosure. 

The corresponding DFSA module sets out the DFSA’s expectations that companies should implement appropriate written policies in order to facilitate the reporting of any regulatory concerns by whistleblowers, and to assess, and, where appropriate, escalate regulatory concerns reported to it. 

The ADGM published Guiding Principles on Whistleblowing in December 2022, which whilst non-binding, were designed to assist entities and individuals in the ADGM in establishing whistleblowing frameworks and ensure that potential whistleblowers were encouraged to speak up and were fairly treated when they did so.  In March 2024, the ADGM announced a public consultation on proposals for a whistleblowing framework, which will lead to the introduction of Whistleblower Protections Regulations and amendments to the Employment Regulations.

Harassment

Harassment is not dealt with in the regulatory framework outlined above, but is contained in the applicable employment legislation.

Where possible it is important to try to resolve any outstanding issues that a PCF has or may have before the PCF's contract is terminated. An RFSP is required to give details of the circumstances of a PCF's termination of employment and to confirm whether or not there are outstanding issues regarding the PCF.

It is important to ensure that there are adequate provisions to govern the following in any settlement agreement or termination arrangements:

• adequate handover of operational responsibility;
• continued co-operation on operational matters within the employee's knowledge or in relation to matters that may subsequently be investigated by the CBI;
• secure return of all company property including any personal data; and
• post-termination confidentiality obligations and any other necessary post-termination restrictions.

As noted in question 7, the DFSA General Rulebook and FSRA General Rulebook contain Best Practice Guidance for remuneration structure and strategies of authorised persons.  In this regard, both sets of guidance provide that where an authorised entity provides discretionary payouts on termination of employment (either by way of severance payments, or other payments, such as “golden parachutes”), these should be subject to appropriate limits or shareholder approval.  In addition, they should be aligned with the firm’s overall financial status and performance.

No there are no bespoke rules that apply. Post termination restrictions in Ireland are void as being in restraint of trade unless it can be shown that the restrictions are necessary to protect an employer's legitimate proprietary interest and they are proportionate and reasonable in their scope and duration to achieve that protection[i].

[i] Law as of 15 April 2024

The DFSA and FSRA Rulebooks do not regulate the use of post-termination restrictive covenants. It is fairly typical for financial services firms in both free zones to include non-dealing, non-solicitation, non-compete and similar restrictive covenants in their employment contracts. These are subject to the same common law rules on interpretation and enforceability as in any other sector.  In addition, whilst the courts in both the DIFC and ADGM will award injunctive relief, there is no similar right in the federal courts.  This means that the enforceability of an injunctive order outside of the geographic scope of the two free zones is uncertain.