Employment in Financial Services

The Central Bank of Ireland (CBI) is responsible for the authorisation and supervision of regulated financial service providers (RFSPs) in Ireland. RFSPs can include credit institutions, credit unions, brokers/retail intermediaries; and other RFSPs such as electronic money institutions, insurance and reinsurance undertakings, investment firms and payment institutions. The regulatory regime applies in a bespoke way to each sector and its employees and tailored legal advice should be taken for a specific situation. The general principles of the regulatory framework are set out below.

Fitness and Probity

The primary regulatory regime applicable to employees of RFSPs is the Fitness & Probity ("F&P") framework under the CBI Reform Act 2010 (2010 Act) as amended. Its function is to assess and monitor the suitability of individuals for certain key positions, known as Controlled Functions (CFs), including Pre-approved Controlled Functions (PCFs). The general rule is that an RFSP cannot permit a person to perform a controlled function unless the RFSP is satisfied on reasonable grounds that the person complies with the F&P Standards prescribed under the 2010 Act and further set out in the regulations and Guidance prescribed by the CBI. A link to resources governing the F&P Standards is here.

Fitness relates to an individual's competency, experience, qualifications and capacity to perform the role (including time commitments and being free from conflicts of interest).

Probity relates to an individual's honesty, diligence, independence, ethics and integrity in performing their role.

Employers are required to perform due diligence to confirm that individuals they propose placing in CF roles are fit and proper. Employers are also required to hold a certificate of compliance in respect of each in scope employee, certifying that the employee complies with the F&P Standards. Employees of RFSPs must agree in writing to comply with the F&P Standards.

A breach of an individual's F&P obligations can result in criminal and administrative sanctions for the RFSP and suspension and disqualification for the individual from holding a controlled function.

Minimum Competency Requirements

The CBI also operates a minimum competency regime under the Minimum Competency Code 2017 and the CBI (Supervision and Enforcement) Act 2013 (section 48(1)) Minimum Competency Regulations 2017, which set out professional standards and competencies, and continuing professional development (CPD) requirements, for persons providing certain financial services and products across certain sectors e.g., credit union and insurance services.  The aim is to protect consumers by ensuring a minimum acceptable level of competence from individuals acting for or on behalf of RFSPs providing advice and information and associated activities (such as dealing with insurance claims or complaints), in connection with in-scope financial products.

The Individual Accountability Framework

The CBI (Individual Accountability) Act 2023 (the "2023 Act") was signed into law on 9 March 2023. The 2023 Act introduced a new Individual Accountability Framework ("IAF"):

• An enhanced Fitness and Probity Framework;
• New Common Conduct Standards, including Additional Conduct Standards for PCFs, applicable to employees and officers of RFSPs as well as Business Conduct Standards;
• The Senior Executive Accountability Regime ("SEAR"); and
• Administrative Sanctions Procedures ("ASP") which empowers the CBI to investigate and sanction individuals for breaches of their obligations under the IAF including the Conduct Standards and their F&P obligations.

The IAF commenced in Ireland from 29 December 2023. The F&P Framework and the application of the new Conduct Standards became effective from this date. Other parts of the IAF will be effective later in 2024.

Conduct Standards

Under the 2010 Act, both CFs and PCFs must take any step that is reasonable in the circumstances in the performance of their role, to ensure that they meet the requirements of the Common Conduct Standards. The Common Conduct Standards are explained in Guidance published by the CBI here. The Conduct Standards include the requirement to act with honesty and integrity, due skill and care, co-operate in good faith with the CBI, act in the best interests of customers and comply with applicable rules governing market conduct and trading as applicable to the relevant RFSP's sector. The F&P Standards set a standard that CFs and PCFs must meet to ensure that they are sufficiently skilled and have the competence and capability to perform their roles. Whereas the Common Conduct Standards impose positive, enforceable legal obligations on individuals in those roles, governing their conduct and requiring them to act in accordance with a single set of standards of expected behaviour. Employers must train their employees on the applicable Conduct Standards. Employees are required to attend at that training and to fully understand and comply with the Conduct Standards. Additional Conduct Standards apply to PCFs.

Senior Executive Accountability Regime

SEAR which applies to senior managers/officers holding PCF and CF1 roles, will be applicable from 1 July 2024. SEAR will come into force in respect of Non Executive Directors (NEDs) and Independent Non Executive Directors (INEDs) with effect from 1 July 2025.

In terms of the scope of application, SEAR will be introduced on a phased basis and will initially apply from 1 July 2024 to credit institutions, insurance undertakings (excluding reinsurance undertakings, captive (re)insurance undertakings and insurance special purpose vehicles) and investment firms that underwrite on a firm commitment basis, deal on own account, or are authorised to hold client monies or assets; and third-country branches of the above.

However, the CBI has noted in its Consultation Paper 153 (CP153) that "there is much in the spirit of the SEAR that firms not initially failing within scope should consider as aligned with good quality governance". RFSPs which are not in Phase 1 of SEAR should therefore consider the presence of the new regime and whether it may be appropriate to comply with the spirit of SEAR by ensuring that individual responsibilities for senior managers are mapped and clearly allocated across the firm's senior management. This is to ensure that it is very clear who is individually accountable for what and in order to ensure that the business and its risks are being properly managed.

Business Standards

The 2023 Act provides for the ability of the CBI of Ireland (CBI) to prescribe the "Business Standards" for the purposes of ensuring that in the conduct of its affairs a firm:

1. acts in the best interests of customers and of the integrity of the market;
2. acts honestly, fairly and professionally; and
3. acts with due skill, care and diligence.

The Business Standards are obligations which apply to the RFSP.

Protected Disclosures Legislation – Whistleblowing

The Protected Disclosures Act 2014 as amended provides that all employers (with 50 or more employees) and most RFSPs regardless of head count (including MiFID firms, UCITS management companies, AIFMs, externally managed UCITS and externally managed AIFs)  have and maintain secure, confidential and effective internal reporting channels and investigation procedures that comply with its requirements. Employees and other workers, including INEDS and NEDS as well as contractors have significant anti retaliation protection in connection with making a protected disclosure. Employers are required to appoint a designated person to acknowledge a report within 7 days, make diligent inquiries and to follow up with the reporter within three months in relation to the progress/outcome of the investigation. The Central Bank (Supervision and Enforcement) Act, 2013 as well as the European Union (Market Abuse) Regulations, 2016 set out whistleblowing requirements for in scope employees and anti retaliation protection.

The Employment Act 2006 and the Equality Act 2017 prescribe general employment rights and obligations for both employers and employees, including those in the financial services industry.

The Isle of Man Financial Services Authority (IoM FSA) is responsible for the regulation and supervision of financial services providers in the Isle of Man. Among other things, regulated financial institutions must comply with the rules set down by the IoM FSA in its Financial Services Rule Book 2016 (as amended) (the Rule Book). The IoM FSA applies “fitness and propriety” criteria to holders of certain key roles within a licence holder. This entails the IoM FSA assessing an individual’s integrity, financial standing, competency and capacity to undertake the role.

The requirement for an individual to be “fit and proper” depends on the nature of the role rather than their job title, but generally applies to key person or senior managerial roles (also known as Controlled Functions), where the individual has significant influence or control over the regulatory matters of the financial institution or to roles that have a bearing on the regulatory objectives of the IoM FSA and its ability to meet them.

RFSPs must satisfy themselves that all CF and PCF candidates or employees comply with the F&P Standards. Pre-employment due diligence must be performed, including asking the candidate to certify they will comply with the F&P Standards and notify the RFSP immediately of any change in circumstance that may mean they no longer comply. Employers must continue to ensure that in scope employees comply with the F&P Standards and must complete an annual declaration to this effect. This means that due diligence must continue throughout the employment relationship and not just at the recruitment stage.

Candidates for PCF roles must complete an online individual questionnaire, which is submitted to the CBI in advance of appointment to the role through the Central Bank portal. The CBI must grant its approval for the PCF appointment before a candidate can take up the role. Any PCF offer of employment must be conditional on that approval being obtained. The CBI may request applicants attend an interview as part of the approval process.

Employers should take all reasonable steps to secure references from previous employers in order to due diligence the candidate's compliance with the F&P Standards and their suitability for the role. However, an employer is not obliged to issue a reference in respect of a former employee which means that a prospective employer may not be able to secure a reference from a previous employer.  The CBI does not oblige employers to either issue or obtain a reference as part of screening checks, however employers must make good efforts to do so.

There are material obstacles from a data privacy and practical perspective to employers conducting criminal background checks in relation to prospective employees. Data relating to criminal convictions is special category data under the GDPR. Employers would need to satisfy both Article 6 and Article 9 requirements under the GDPR to justify the processing of this data. In terms of Article 9, this means employers would need to show reasons of substantial public interest or that they are carrying out their legal obligations in processing the data.  In terms of Article 6 the employer will need to show that the processing is necessary to comply with a legal obligation to which the employer is subject or the processing is necessary for the employer's legitimate interests for example to ensure the suitability and honesty of its employees and to protect its reputation. Employers are also prevented from asking candidates about "spent convictions" which are usually minor criminal offences dating back over seven years.

Pre-employment medical checks must also have a clear legal basis justifying the processing of an employee's medical and health information.

There is a general obligation on employers in the Isle of Man to undertake legal working checks to ensure that the prospective employee has the right to work lawfully in the Isle of Man.

In addition, financial institutions must take reasonable steps to ensure that individuals who perform any regulated activity in the course of their employment, or under any contract with the financial institution, are fit and proper for the tasks they perform, by providing adequate training and supervision and (where necessary) undertaking additional checks. Where the financial institution wishes to employ an individual in a Controlled Function, the financial institution must carry out sufficient due diligence to satisfy itself that the candidate is fit and proper to perform the proposed functions.

There are two types of Controlled Functions, those that require notification to, and acceptance by, the IoM FSA and those that require notification only. In either case, the financial institution is required to notify the IoM FSA of the appointment or intended appointment of certain key roles at least 20 business days before the appointment takes effect. Where the Controlled Function also requires acceptance, the financial institution will require the IoM FSA’s consent to the appointment of a prospective candidate to a particular role. It is recommended that job offers in such circumstances are made subject to the written acceptance of the IoM FSA.

While the IoM FSA does not specify any particular pre-screening measures, it provides guidance on the nature of the expected due diligence that it would expect a financial institution to carry out, particularly where the individual will be undertaking a key role. Such due diligence includes carrying out a professional body check (ie, any memberships held and if disciplinary action has been taken), capacity check[1], criminal record check, credit check and website checks. The financial institution should also consider the individual’s qualifications, training and competency.

The IoM FSA may ask for evidence of the due diligence carried out by the financial institution at any time, either remotely or during a supervisory visit.

The IoM FSA recommends financial institutions request a reference from the prospective candidate’s current employer and previous employers covering, as a minimum, the past ten years of employment.

The following documents should be in place:

• written statement of terms of employment e.g., a written contract of employment that complies with the Terms of Employment (Information) Act 1994-2014 and the European Union (Transparent and Predictable Working Conditions) Regulations 2022;
• grievance and disciplinary policy;
• protected disclosures policy;
• dignity at work policy (anti-harassment and bullying prevention);
• safety statement; and
• where possible, an employee handbook that details all the statutory leave policies and other bespoke policies of the RFSP.

As a matter of general Isle of Man employment law, employers must give employees written particulars of their terms and conditions of employment within four weeks of them starting work, pursuant to section 8 of the Employment Act 2006. This mandatory information includes (but is not limited to) the names of the employer and employee; the date of commencement of employment and the date when continuous service began for statutory employment rights purposes; scale or rate of remuneration; hours of work; and holiday entitlement. Typically, a written employment contract will contain the relevant information and satisfy these requirements.  

Financial institutions should also ensure that contracts of employment reinforce the requirements of meeting and maintaining the employee’s “fit and proper” status.

Yes, under the Minimum Competency Regime (see question 1), employees who perform certain prescribed functions and roles in prescribed RFSPs such as insurance businesses and credit unions, must meet the required competencies and qualifications standards.

The 2023 Act also introduces a new requirement that persons can only be permitted to perform a CF role (including a PCF role) where a certificate of compliance with the F&P Standards given by the firm is in force (Certification Regime).

As part of the Certification Regime, a certificate of compliance may only be given if:

1. the firm is satisfied on reasonable grounds that the person complies with the F&P Standards; and
2. the person has agreed to abide by the F&P Standards and to notify the firm without delay if for any reason they no longer comply with the F&P Standards.

Yes, please see question 2.

Any individual performing a prescribed key role must be pre-approved by the IoM FSA and be certified as “fit and proper”. The IoM FSA has issued detailed guidance for financial institutions that set out the criteria that they normally apply in considering the fitness and propriety of individuals who wish to undertake Controlled Functions. Appendix 2 of the guidance contains a table setting out which Controlled Functions require consent and which functions are notification only.

Guidance can be found here: https://www.iomfsa.im/media/2464/regulatoryguidancefitnessandpropriety.pdf

Yes. Common Conduct Standards and Additional Conduct Standards were introduced by the 2023 Act and employers need to update employees' contractual documents to reflect same.

The Common Conduct Standards set out standards of behaviour expected of individuals carrying out Controlled Functions (CFs) within firms. The Common Conduct Standards are basic standards such as acting with honesty and integrity with due skill, care and diligence and in the best interest of customers. An individual that is subject to the Common Conduct Standards will be expected to take reasonable steps to ensure that the Common Conduct Standards are met.

In addition, senior executives, which includes individuals performing PCF roles (e.g. the directors, designated persons) and other individuals who exercise significant influence on the conduct of a firm's affairs (CF1) will also have Additional Conduct Standards related to running the part of the business for which they are responsible. An individual who performs a PCF/CF1 role should take reasonable steps to ensure that the Additional Conduct Standards are met.

When SEAR comes into effect, those performing senior executive functions will be required to have detailed statements of responsibility setting out the scope of their role. The Duty of Responsibility which the PCF will have under SEAR is extensive. The duty extends to taking any step that is reasonable in the circumstances to avoid a breach by their firm of its obligations in relation to an aspect of the firm's affairs for which the PCF is responsible.

There are a number of General Prescribed Responsibilities that will need to be assigned to PCFs:

(a)   Performance by the Firm of its obligations under SEAR

(b)   Performance by the Firm of its obligations under the F&P framework

(c)   Performance by the Firm of its obligations under the new Conduct Standards

(d)   Responsibility for overseeing the adoption of the firm’s policy on diversity and inclusion.

Employees who carry out a Controlled Function will have a duty of responsibility to ensure compliance with the financial institution’s ongoing regulatory requirements. 

No.

The IoM FSA maintains a public register of entities that are regulated by them. The register lists the classes of regulated activity that the licence holder is authorised to carry out. However, there is no prescribed list or public register for financial services employees that individuals need to be included in to undertake regulated activities.

There are prescriptive, sector-specific requirements, which apply to the remuneration of specified categories of employees or directors, and which apply in the asset management, investment services, banking, and insurance sectors.

Employers in these sectors are tasked with ensuring that the remuneration paid to material risk takers (individuals whose professional activities have a material impact on an RFSP's risk profile) or identified staff align with the RFSP risk profile.

There are detailed rules with technical guidance (emanating from EU law) specific to each sector, but at a high level they (to differing degrees) set out rules on; variable remuneration composition, ratios or other metrics to compare variable to fixed remuneration to ensure it is appropriate; malus requirements, which would allow the RFSP to cancel or reduce the employee's variable remuneration before it is paid out; and clawback provisions which allow RFSPs to recover variable remuneration after it has been awarded. It is important to ensure that employees' contracts of employment acknowledge that any variable remuneration will be subject to all regulatory restrictions and rules and may be clawed back in certain circumstances.

The CBI's 2014 Guidelines on Variable Remuneration Arrangements for Sales Staff also emphasise the importance of remuneration structures to have sufficient deterrents built into them (such as malus and clawback mechanisms) to avoid incentivising undesirable/risky behaviours from sales staff in the banking, insurance and investment services sectors.

There are no prescribed rules relating to compensation payable to financial services employees and any remuneration, bonuses or clawback will be a matter of contract between the financial services employee and the financial institution. Inevitably, this will reflect what is typical in the market for experienced, qualified, financial services personnel performing the role for which they are applying or are currently carrying out.

Yes. A CF employee, subject to the Minimum Competency regime, will be required to complete CPD training. Evidence of meeting that CPD requirement is also a factor in determining a person's F&P. RFSPs must maintain records of CPD training provided to CFs to demonstrate compliance with the minimum competency regime.

The 2023 Act also introduces new training obligations for those subject to the Common and Additional Conduct Standards, with firms being required to train those persons on how these obligations apply to them and their new duties of responsibility. Attendance at, or completion of, training in respect of the Conduct Standards should be mandatory and such attendance should be carefully documented with refresher training rolled out periodically.

Employers within the scope of the Criminal Justice (Money Laundering and Terrorist Financing) Acts 2010 - 2021 (including RFSPs) are required to provide annual training to relevant staff and directors on its requirements and the RFSP must have procedures in place to comply with that legislation and associated guidance.

Depending on the RFSP's business, additional mandatory training may be needed annually, for example, on topics such as market abuse.

The designated person for responding to protected disclosures should be trained and competent in the identification and handling of protected disclosures.

The IoM FSA’s “Training and Competence Framework” sets the minimum standards that must be achieved by individuals working in the financial services industry. The framework sets out the IoM FSA’s expectations regarding competency, not only for employees who carry out a Controlled Function (and who are subject to fitness and propriety criteria) but for all staff.

The framework is split into two segments: general training and competence requirements for all staff; and training and competence expectations for Controlled Functions and Other Functions – essentially additional expectations for individuals undertaking or aspiring to undertake certain Controlled Functions or other designated functions.

The IoM FSA also sets requirements concerning continuing professional development (CPD) for different types of regulated entities and staff at different levels. For example, Rule 8.5 of the Rule Book specifies that directors and key persons within a licence holder must undertake a minimum of 25 hours of relevant CPD per year or meet the level prescribed by their professional body (where higher). There are further CPD requirements on individuals who provide investment advice to retail investors.

Even absent a prescribed minimum level of CPD, the IoM FSA believes that ongoing training and CPD for all financial services staff and officers is good practice. Such training and CPD should be relevant to the role of the individual and take account of new developments (ie, changes to tax legislation, new regulatory requirements and new products).

Yes there are. They are:

• the F&P Standards;
• the minimum competency regime; and
• the IAF and SEAR (see question 1).

There are also sector-specific conduct of business requirements in legislation and codes, including the Consumer Protection Code 2012, the MiFID II regime, and other regulatory requirements applicable to RFSPs based on their industry sector that apply and deal with matters such as:

• error handling,
• disclosures to customers,
• acting in the best interests of customers; and
• complaints handling.

Yes, financial institutions are required to comply with the rules and standards of conduct as set out in the Rule Book (as a minimum).

Financial institutions must notify the IoM FSA of any departure or intended departure of an employee who undertakes a Controlled Function within ten business days. Furthermore, where a financial institution discovers an event which may lead to a final warning being given to, or other serious disciplinary action being taken against, any of its employees, the financial institution must inform the IoM FSA within ten business days. The notice must specify the event, and the name of the employee where the employee holds a Controlled Function or is a “key person”. Where the employee is not a “key person” and does not hold a Controlled Function role, the financial institution is not required to inform the IoM FSA of the name of the employee unless – following an investigation – the employee is given a final warning or other serious disciplinary action is taken (in which case, the financial institution will have to inform the IoM FSA of the employee’s name at that point).

The CBI expects RFSPs to be open and transparent in their engagement, including concerning compliance with the F&P Standards and the Common Conduct Standards. While early versions of the IAF regulations and related guidance contained an obligation on a RFSP to report to the CBI if disciplinary action had been taken against an individual, the obligation was removed from the latest version of the draft legislation. The Guidance indicated that the CBI would expect that they would have already received relevant details as it provides that firms and persons performing PCF roles are required to report to the CBI where they suspect that a "prescribed contravention" may have occurred for the purposes of the CBI legislative framework and the CBI states that a breach of the Common Conduct Standards and/or Additional Conduct Standards is a "prescribed contravention" for these purposes.

Yes, please see question 9.

Financial institutions in the Isle of Man are required to comply with various statutory requirements. Breaches of those statutory requirements impose an obligation on the relevant entity to self-report to the IoM FSA. While ordinarily, businesses will endeavour not to supply information about individuals within the business to the regulator as part of this reporting, from time to time this may be necessary to comply with their regulatory obligations. Where this is the case, usually the regulator will be asked to use their powers of compulsion to seek the information rather than such information being given voluntarily. This is particularly the case where the regulator may have formed concerns about an individual’s fitness and propriety and wishes to investigate this further.

Regulators from other jurisdictions may use certain reciprocal agreements and reciprocal enforcement legislation to seek information from the IoM FSA or more directly from a financial services business. Where such requests are made, this may include information about individual employees (ordinarily those exercising Controlled Functions). However, any mechanism for reciprocal enforcement or exchange of information is subject to scrutiny and such information would normally only be offered by an employer under compulsion.

Yes. Concerning the prevention of wrongdoing, RFSPs should implement a written protected disclosures/whistleblowing policy that explains the secure and confidential internal and external reporting channels available to workers who wish to report relevant wrongdoings. The anti-retaliation protection should be explained and workers should understand from the policy how a report of relevant wrongdoing will be dealt with by the RFSP.

RFSPs should ensure that they have clear, up-to-date and fully compliant policies governing:

• dignity at work (including anti-harassment and anti-bullying measures); and
• grievance and disciplinary policies.

RFSPs should ensure that employees are trained on the RFSP's dignity at work (anti-bullying and harassment) policies to ensure that the RFSP's values, culture and commitment to preventing harassment and bullying are clear regarding their rights and obligations.

Yes, from 1 January 2017 financial institutions must have an internal whistleblowing policy in place. Financial services employees are encouraged to first raise issues with their employer. However, employees may also raise serious concerns with the IoM FSA if they remain unsatisfied at the end of the employer’s process.

Under employment legislation, if an employee is dismissed because they have made a “protected disclosure” (ie, blown the whistle), that dismissal is automatically unfair. Compensatory damages for whistleblowing are uncapped in the Isle of Man Employment and Equality Tribunal.

While there is no sector-specific guidance on harassment in the workplace, all employers have a legal duty to ensure that employees are not harassed at work (this would extend to bullying and being subjected to discrimination). Failure to have and enforce appropriate policies on bullying and harassment is likely to impair any defence that the employer may raise to a legal claim because it will not be able to show that it took “all reasonable steps” to prevent such acts.

Where possible it is important to try to resolve any outstanding issues that a PCF has or may have before the PCF's contract is terminated. An RFSP is required to give details of the circumstances of a PCF's termination of employment and to confirm whether or not there are outstanding issues regarding the PCF.

It is important to ensure that there are adequate provisions to govern the following in any settlement agreement or termination arrangements:

• adequate handover of operational responsibility;
• continued co-operation on operational matters within the employee's knowledge or in relation to matters that may subsequently be investigated by the CBI;
• secure return of all company property including any personal data; and
• post-termination confidentiality obligations and any other necessary post-termination restrictions.

Terminating an employee’s employment must occur in accordance with the terms of their contract, otherwise the employer risks a claim for wrongful dismissal.

Additionally, financial institutions have certain notification obligations to the IoM FSA as outlined in question 10. Where a settlement agreement is entered into in respect of the exit of an employee and a factor in their departure is a disciplinary issue, the IoM FSA will usually wish to know the terms of, and circumstances leading to, the settlement agreement. In particular, the IoM FSA will want to understand whether the reason for the termination was a systemic failure on the part of the financial institution or an issue with the individual and their capability or conduct. The settlement agreement cannot prevent an employee from making a protected disclosure and must not require the employee to warrant that they have not made a protected disclosure.

No there are no bespoke rules that apply. Post termination restrictions in Ireland are void as being in restraint of trade unless it can be shown that the restrictions are necessary to protect an employer's legitimate proprietary interest and they are proportionate and reasonable in their scope and duration to achieve that protection[i].

[i] Law as of 15 April 2024

The IoM FSA does not regulate the use of post-termination restrictive covenants for employees in the financial services sector. Post-termination restrictive covenants will be a matter of contract and will typically include non-compete, non-solicitation and non-dealing restrictions. These are subject to the same common law rules on interpretation and enforceability as in any other sector. Restraint of trade provisions are, in principle, contrary to public policy as a result of which it is for the employer to justify the length and scope of the restrictive covenant and show that it goes no further than necessary to protect its legitimate business interests. If a restraint is considered to be excessive, the courts will not generally rewrite or modify it to make it enforceable and, therefore, the whole of a defective covenant could fall away or be of no effect.

Yes. It is possible to use NDAs in Ireland and it is quite common for them to be used, but there are some limitations on their use and enforceability.

Certain mandatory reporting obligations will override a contractual non-disclosure agreement, such as the requirement for PCFs under section 38(2) of the CBI (Supervision and Enforcement) Act 2013 to disclose certain matters to the CBI.

Further, an NDA cannot extinguish an employee's right to anti-retaliation protection where the employee makes a protected disclosure either internally or externally under the Protected Disclosures Act 2014 - 2022.

Yes, non-disclosure agreements are potentially lawful in the Isle of Man. A contract of employment may also contain confidentiality provisions for financial services employees. However, a non-disclosure agreement or confidentiality clause would not (and could not) prevent a financial services employee (or any employee) from making a protected disclosure, (ie, a disclosure made by an employee where they reasonably believe there is serious wrongdoing within the workplace (whistleblowing)).

A financial services employee may, furthermore, be subject to a legal requirement to disclose information in certain circumstances that might override an NDA. For example, an individual can be compelled to provide information by the IoM FSA during an interview, and such compulsion will generally override an employee’s duties of confidentiality. Alternatively, an individual can be subject to a requirement to disclose information in the context of legal proceedings (eg, by court order).