Employment in Financial Services

Specifically, employees holding executive, overall management, oversight or control functions in regulated companies are responsible for ensuring that the companies’ organization ensures the continued compliance with applicable financial market laws. Swiss financial market laws do not have enhanced responsibilities for different employee categories. Instead, a person’s fitness and propriety are assessed within the context of the specific requirements and functions of a given company, the scope of activities at that company, and the complexity of that company.

Responsibility differs based on the complexity and responsibility of the tasks assigned to the employee and defined by the employer. However, all companies in the sector must comply with financial market institutions, which may imply that employees have a responsibility towards different entities. We summarise the institutions of the Brazilian financial market as follows:

The Securities and Exchange Commission (CVM)

This was created to monitor, regulate, discipline, and develop the Brazilian securities market. It is responsible for creating rules for the market and supervising its functioning. The CVM is part of the government and is linked to the Treasury Department, but it has administrative independence.

The Brazilian National Central Bank

This is a federal agency linked to the Treasury Department but with administrative independence, which aims to guarantee the stability of the currency's purchasing power and maintain a solid and efficient financial system. It controls monetary, exchange rate, credit, and financial relations policies abroad, in addition to regulating the National Financial System. The national central bank also supervises financial market institutions.

B3 (Stock Exchange)

This was created in 2017 from the merger of BM&FBOVESPA and Cetip, two crucial financial market players. The new company began accumulating services that serve the market and its investors for fixed and variable income transactions, among other duties.

The Credit Guarantee Fund

This is a non-profit civil association that aims to provide credit guarantees to customers of institutions participating in the fund.

The Private Insurance Superintendence

This controls and supervises the insurance, open private pension, capitalisation, and reinsurance markets.

The Brazilian Association of Financial and Capital Market Entities (ANBIMA)

This has represented the market for over four decades and is responsible for more than 300 institutions. The entity's activities are organised around four commitments: represent, self-regulate, inform and educate. Its main objective is to strengthen the sector's representation and support the evolution of a capital market capable of financing local economic and social development and influencing the global market.

The activities of certain categories of employees in the financial services sector benefit from greater supervision, due to the risky nature of their activity. These include employees who have business dealings with individuals and employees who may have exposure to the financial markets.

Thus, Article L.533-10 of the Monetary and Financial Code provides that portfolio management companies and investment service providers must, on the one hand, put in place rules and procedures to ensure compliance with the provisions applicable to them. On the other hand, they must put in place rules and procedures defining the conditions and limits under which their employees may carry out personal transactions on their behalf.

They must still take all reasonable steps to prevent conflicts of interest that could affect their clients. In practice, these employees may be referred to as "sensitive personnel".

In addition, Law No. 2013-672 of 26 July 2013, on the separation and regulation of banking activities introduced several provisions constraining employees who may expose their company to the financial markets. These employees must comply with strict obligations in their activity to limit risk-taking.

Employees who qualify as risk-takers have enhanced responsibilities due to their influence on an institution’s risk profile, including documentation requirements. Investment brokers advising private clients are also subject to strict rules and extensive documentation requirements, inter alia, on the investment advice provided and how the investment was tailored to the preferences, investment objectives, and other characteristics of the investor.

Under the SFO, ROs have enhanced responsibilities. They assume primary responsibility for compliance at a licensed corporation and are involved in supervising the regulated activities. A licensed corporation is required to appoint no less than two ROs to directly supervise the conduct of each regulated activity. Similarly, under the BO, registered institutions are required to appoint no less than two executive officers to be responsible for directly supervising the conduct of each regulated activity under the SFO. For each regulated activity, at least one RO must be available at all times to supervise the business and must be an executive director.

Under the IO, an RO of a licensed insurance agency or licensed insurance broker company has enhanced responsibilities. Responsible officers must use their best endeavours to ensure the agency or broker has established and maintains proper controls and procedures for securing compliance with the conduct requirements under the IO.

There are no provisions that lay down enhanced responsibilities for a particular category of employees in the financial services sector.

However, the conduct rules for employees in the financial sector mandate employees to adhere to higher standards of code of conduct and self-discipline. Their codes of conduct include inter alia anti-bribery obligations, prohibition from accepting gifts in an official capacity, making representations to media, making contribution to political parties, holding demonstration against public interest, exercising undue influence to secure appointments of family members at same organisation or granting banking facilities without permission. They are supposed to observe secrecy in general and specifically, maintain financial secrecy about stocks too.

This question was upheld in Harinarayan Seet v. Andhra Bank[1], wherein the Andhra Pradesh High Court recognised that banking sector employees are mandated to exhibit higher standards of honesty, integrity, devotion and diligence and any failure to discharge such duty with diligence may trigger dismissal.

Yes. Common Conduct Standards and Additional Conduct Standards were introduced by the 2023 Act and employers need to update employees' contractual documents to reflect same.

The Common Conduct Standards set out standards of behaviour expected of individuals carrying out Controlled Functions (CFs) within firms. The Common Conduct Standards are basic standards such as acting with honesty and integrity with due skill, care and diligence and in the best interest of customers. An individual that is subject to the Common Conduct Standards will be expected to take reasonable steps to ensure that the Common Conduct Standards are met.

In addition, senior executives, which includes individuals performing PCF roles (e.g. the directors, designated persons) and other individuals who exercise significant influence on the conduct of a firm's affairs (CF1) will also have Additional Conduct Standards related to running the part of the business for which they are responsible. An individual who performs a PCF/CF1 role should take reasonable steps to ensure that the Additional Conduct Standards are met.

When SEAR comes into effect, those performing senior executive functions will be required to have detailed statements of responsibility setting out the scope of their role. The Duty of Responsibility which the PCF will have under SEAR is extensive. The duty extends to taking any step that is reasonable in the circumstances to avoid a breach by their firm of its obligations in relation to an aspect of the firm's affairs for which the PCF is responsible.

There are a number of General Prescribed Responsibilities that will need to be assigned to PCFs:

(a)   Performance by the Firm of its obligations under SEAR

(b)   Performance by the Firm of its obligations under the F&P framework

(c)   Performance by the Firm of its obligations under the new Conduct Standards

(d)   Responsibility for overseeing the adoption of the firm’s policy on diversity and inclusion.

Employees who carry out a Controlled Function will have a duty of responsibility to ensure compliance with the financial institution’s ongoing regulatory requirements. 

All employees, including general managers and officers, must keep information and documents confidential and may only provide information to the competent authorities or authorised parties, with the prior express authorisation of the user or client.

Also, employees must:

• not stop internal committees from carrying out their functions;
• disclose to the financial entity all information regarding the use of illegal resources, or any act against goods, services, an individual’s life, or physical or emotional integrity, the use of toxic substances, or terrorist acts, so that the financial entity may provide the SHCP with a report on the subject; and
• in insurance or bonding Institutes, not offer discounts, reduce premiums or grant different benefits than those outlined in the corresponding policy.

General managers and officers must provide reports and information to the board of directors and the corresponding authorities periodically. The general manager must also provide precise data and reports to assist the board of directors in making prudent decisions.

General managers must develop and present to the board of directors, for its approval,  adequate policies for employment and the use of material and human resources, including restrictions on the use of goods, supervision and control mechanisms, and the application of resources to the company’s activities consistent with their business purposes.  

Insurance and bond companies will respond to the conduct of the general manager and officers, without prejudice to the civil and criminal liabilities that they may personally incur.

Also, if any conflict of interest exists or arises, general managers and officers must inform their employers immediately and suspend any activity within the scope of the contract that gives rise to the conflict until the matter is addressed.

Additionally, general managers and officers must verify the compliance of all individuals under their responsibility with all applicable legal provisions for financial services. These include: confidential obligations; the development of reports; informing their direct superior, officers, general manager or board of directors if there is a conflict of interest; informing the SCHP and Prosecutor’s Office if there is an act, operation or service using illegal resources, or an act that may harm the company, or the health or wellbeing of an individual or the general public.

Specifically, general managers in brokerage houses must:

• design and carry out a communications policy regarding identifying contingencies;
• implement and distribute the continuity business plan within the brokerage house and establish training programmes;
• inform the CNBV of contingencies in any of the systems and channels for clients, authorities and central securities counterparties;
• ensure that the continuity business plan is submitted for efficiency testing; and
• inform the CNBV in writing of the hiring or removal of the responsible party for internal audit functions.

The reliability, propriety and fitness of (supervisory) directors and executives in the financial services sector, as well as employees in an integrity-sensitive position, must be “beyond doubt”. This is also assessed by local authorities.

Employees who are managers and executives or above generally have enhanced responsibilities, particularly regarding corporate governance.

MAS’ Guidelines on Individual Accountability and Conduct provide that senior managers (ie, those principally responsible for day-to-day management) should be clearly identified, fit and proper for their roles, and responsible for the actions of employees and the conduct of the business under their purview. As for material risk personnel (ie, individuals who have the authority to make decisions or conduct activities that can significantly impact the FI’s safety and soundness, or cause harm to a significant segment of the FI’s customers or other stakeholders), they should be fit and proper for their roles, and subject to effective risk governance, appropriate incentive structures, and standards of conduct.

Subsidiary legislation or other MAS guidelines specific to the FI’s sector also contain corporate governance regulations, prescribing responsibilities to the board of directors, nominating committees, or senior management.

MAS’ Guidelines on Risk Management Practices – Board and Senior Management further states that an FI’s board and senior management are responsible for governing risk within an institution. This includes setting up appropriate risk management systems, stress-testing programmes and business contingency plans.

Specifically, employees holding executive, overall management, oversight or control functions in regulated companies are responsible for ensuring that the companies’ organization ensures the continued compliance with applicable financial market laws. Swiss financial market laws do not have enhanced responsibilities for different employee categories. Instead, a person’s fitness and propriety are assessed within the context of the specific requirements and functions of a given company, the scope of activities at that company, and the complexity of that company.

There are no provisions that lay down enhanced responsibilities for a particular category of employees in the financial services sector.
 

Every senior manager under the SMR has a “duty of responsibility” concerning the areas for which they are responsible. If a firm breaches a regulatory requirement, the senior manager responsible for the area relevant to the breach could be held accountable for the breach if they failed to take reasonable steps to prevent or stop the breach.

In addition, for most firms, the FCA requires that certain responsibilities – “prescribed responsibilities” – are allocated to appropriate senior managers. These responsibilities cover key conduct and prudential risks. They include, among others, responsibility for a firm’s performance of its obligations under the SMR; responsibility for a firm’s performance of its obligations under the CR; and responsibility for a firm’s obligations around conduct rules training and reporting. Firms must give careful thought to the best person to allocate each prescribed responsibility.

While there are certain responsibilities for financial employees, such as being able to pass applicable certifications (see question 4) or registering with certain entities (see question 6), the American regulatory system does not include statutory delineations that create enhanced responsibilities for certain categories of employees.

Employees must not, both during and after the termination of the contract, obtain, use or unlawfully disclose a business secret he or she became aware of in the course of his or her professional activity, or disclose the secrecy of any matter of a personal or confidential nature of which he or she became aware in the course of his or her professional activity (article 17, 3°, a, Employment Contracts Act).

The company can include a NDA in the employment contract to underline what is considered confidential information. A penalty clause (with a lump sum to be paid) can be foreseen in case of a breach after the end of the employment contract, but not during the period of the employment relationship. This is because of the prohibition on restricting the rights of employees or increasing their obligations in comparison with what is foreseen by the Employment Contracts Act (article 6).

Yes, non-disclosure agreements (NDAs) are potentially lawful in Brazil. The applicable rules are the same as for any legal transaction: expression of will, legality of the object, and compliance with the law.

As a rule, NDAs are a consequence of professional activity and do not require specific consideration.

Protected information is specific to the contractor (employer) and shared with the employee during the execution of the contract (strategies, customers, commercial secrets, etc).       

General information belonging to the employee due to his or her academic training and previous professional experience is not included in NDAs.

All actors in the financial services sector are bound by strict professional and banking secrecy.

But beyond the professional secrecy that is inherent to the employment contract, there may be an interest in particular circumstances to strengthen this requirement and make it an obligation of absolute professional secrecy. This is legal under French law and generally takes the form of a confidentiality clause (non-disclosure) inserted in the employee's employment contract.

In principle, a confidentiality clause, which includes an obligation of professional secrecy to which the employee is bound as well as an obligation of discretion, is not subject to any particular conditions. In particular, it does not require the payment of any financial consideration.

On the other hand, when an employee by an agreement or transaction goes further and waives his freedom of expression, the case law sets stricter conditions of validity. The agreement must be adapted, necessary and proportionate to the aim sought.

Confidentiality clauses must also comply with any obligations in terms of transparency, the fight against corruption and influence peddling provided for by Law No. 2016-1691 of 9 December 2016.

The only entities against which banking secrecy cannot be invoked are the French Prudential Supervision and Resolution Authority, the Banque de France and the judicial authority acting in the context of criminal proceedings (article L. 511-33 of the Monetary and Financial Code). On the other hand, bank secrecy is enforceable in civil court proceedings, as confirmed by abundant case law.

Under German law, it is permissible to enter into non-disclosure and confidentiality agreements. In practice, NDAs are usually agreed upon in written or text form, although this is not legally required. If drafted for use in multiple cases, NDAs are subject to a particularly strict test to be effective: they must be transparent and may not unduly burden the employee under General Terms and Conditions legislation. NDAs should, therefore, only relate to very limited and specific information.

In practice, NDAs are difficult to enforce as it is the employer who must prove a culpable breach of contract, as well as damages resulting from such a breach. Employers should, therefore, also use other means to ensure data protection and confidentiality, such as properly defining and protecting business secrets under the Business Secrets Act; and implementing technical and organisational measures to limit access to certain information, which may include sharing information only on a need-to-know basis.

Non-disclosure agreements are legally enforceable in Hong Kong. They follow the contract law rules and there is no other particular form or rules. To be enforceable, a non-disclosure agreement must protect information that is both confidential and valuable. There are common exceptions where confidentiality will not apply to certain information, including information available in the public domain, information lawfully received from a third party without proprietary or confidentiality limitations, information known to the employee before first receipt of same from the employer, and information disclosed in circumstances required by law or regulatory requirement.

NDAs are governed by the Indian Contract Act, 1872 and are generally lawful in India.

Generally, post-contract restrictive covenants like non-compete clauses that restrain a person’s exercise of lawful trade, profession or business are declared void because of Section 27 of the Indian Contract Act.

The enforceability of NDAs may be affected if they restrain an employee from exercising a lawful profession, trade or business. Accordingly, an NDA crafted to protect the “confidential information” of the former employer but not to impose the above-mentioned restraints on the employee is saved from any clash with Section 27 of the Indian Contract Act and is, therefore, enforceable in the courts of law in India. If NDAs prohibit an employee from disclosing commercial or trade secrets, then they cannot be held to be in restraint of trade. This was observed by the Bombay High Court in VFS Global Services Pvt Ltd v Mr Suprit Roy[1].

Yes. It is possible to use NDAs in Ireland and it is quite common for them to be used, but there are some limitations on their use and enforceability.

Certain mandatory reporting obligations will override a contractual non-disclosure agreement, such as the requirement for PCFs under section 38(2) of the CBI (Supervision and Enforcement) Act 2013 to disclose certain matters to the CBI.

Further, an NDA cannot extinguish an employee's right to anti-retaliation protection where the employee makes a protected disclosure either internally or externally under the Protected Disclosures Act 2014 - 2022.

Yes, non-disclosure agreements are potentially lawful in the Isle of Man. A contract of employment may also contain confidentiality provisions for financial services employees. However, a non-disclosure agreement or confidentiality clause would not (and could not) prevent a financial services employee (or any employee) from making a protected disclosure, (ie, a disclosure made by an employee where they reasonably believe there is serious wrongdoing within the workplace (whistleblowing)).

A financial services employee may, furthermore, be subject to a legal requirement to disclose information in certain circumstances that might override an NDA. For example, an individual can be compelled to provide information by the IoM FSA during an interview, and such compulsion will generally override an employee’s duties of confidentiality. Alternatively, an individual can be subject to a requirement to disclose information in the context of legal proceedings (eg, by court order).

Non-disclosure provisions under Mexican law are applicable and enforceable. All information to which employees have access, given their position and services, regarding third parties and deemed sensitive or confidential (ie, non-public information) may not be disclosed at any time after the termination of employment or used for any other purposes.

The breach of non-disclosure obligations of confidential information and trade secrets may lead to economic sanctions or imprisonment. The disclosure of confidential information or using it to an employer’s detriment is an offence under criminal law. Also, employees that breach confidential obligations may have to pay damages to the affected party.

Pursuant to article 186 of the general provisions applicable to brokerage houses, internal policies must be in place to establish guidelines and procedures for the use, management, conservation and, as applicable, destruction of books, records, documents, and other information; and must guarantee the adequate use and control of documents containing the confidential information of clients. Also, these entities must establish strict controls to avoid the improper use of books, records, and documents in general.

According to the Law to Regulate Technological Finance Institutions, entities must include measures and policies to control operational risks within their filing for authorisation at the CNBV. They must also provide information security and confidentiality policies, with evidence of secure, trustable and precise technological support for their clients and with minimum standards of security to ensure the confidentiality, availability and integrity of information, as well as to prevent fraud and cyberattacks.

Additionally, financial entities must guarantee the security and integrity of the information, and implement security measures to preserve the integrity and confidentiality of the information generated, stored, or processed.

Lastly, under the Federal Law for the Prevention and Identity of Transactions with Illegally Obtained Resources, filing notices, information and documentation related to vulnerable activities to the SHCP does not qualify as a breach of confidentiality obligations.

Since there is no specific legislation on NDAs under Dutch law, the general principle is that NDAs are permitted.

NDAs may never prevent a financial sector employee from reporting or revealing suspected misconduct.

NDAs are generally lawful in Singapore, although the extent of their enforceability depends on their contents. For example, restrictive covenants can be subject to further scrutiny (see question 13). While not subject to any particular form or rules, employers should take particular care to specify the type of information protected under the NDA, so that employees have a clear understanding of the protected information – and to enhance the enforceability of the NDA.

Under Singapore common law, in addition to breach of contract, a party may also bring an action for breach of confidence. A plaintiff will have to show on the facts that the information is confidential and was imparted in circumstances giving rise to an obligation of confidence (including if confidential information has been accessed or acquired without a plaintiff’s knowledge or consent), which will then invoke the presumption of a breach of confidence. The burden will then fall on the defendant to rebut this presumption.

Non-disclosure agreements (NDAs) are generally lawful in Switzerland. However, NDAs are not regulated by statutory law and therefore do not have to follow any particular statutory form or rule. Nevertheless, most NDAs often contain a similar basic structure.

The core clauses of an NDA concern:

• manufacturing and business secrets or the scope of further confidentiality;
• the purpose of use;
• the return and destruction of devices containing confidential information; and
• post-contractual confidentiality obligations.

As a general rule, it is recommended to use the written form.

To ensure possible enforcement of an NDA in the employment context, the requirements of a post-contractual non-compete obligation (see below) must be met.

Non-disclosure agreements may be used in the UAE (including DIFC and ADGM free zones).  There are no particular requirements regarding the form or rules for those NDAs.

NDAs (also known as confidentiality agreements) are potentially lawful and enforceable in the UK. It is common to include NDAs in employment contracts (to protect the confidential information of the employer during and after employment) and in settlement agreements (to reiterate existing confidentiality obligations and to keep the circumstances of the settlement confidential).

NDAs do not need to follow a particular form, but they must be reasonable in scope. Following #MeToo, there has been considerable government, parliamentary, and regulatory scrutiny of the use of NDAs and their reasonableness in different circumstances.

The following limitations on NDAs should be noted:

• By law, any NDA purporting to prevent an individual from making a “protected disclosure” as defined in the Employment Rights Act 1996 (ie, blowing the whistle about a matter) is void.

• The regulatory body for solicitors in England and Wales, the Solicitors Regulation Authority (SRA), has issued a detailed warning notice and guidance to practitioners setting out – in its view – inappropriate or improper uses of NDAs. Failure to comply with the SRA’s warning notice may lead to disciplinary action. The SRA lists the following as examples of improper use of NDAs:

• • using an NDA as a means of preventing, or seeking to impede or deter, a person from:
    • cooperating with a criminal investigation or prosecution;
    • reporting an offence to a law enforcement agency;
    • reporting misconduct, or a serious breach of the SRA’s regulatory requirements, to the SRA, or making an equivalent report to any other body responsible for supervising or regulating the matters in question; and
    • making a protected disclosure;
    • using an NDA to influence the substance of such a report, disclosure or cooperation;
    • using an NDA to prevent any disclosure required by law;
    • using an NDA to prevent proper disclosure about the agreement or circumstances surrounding the agreement to professional advisers, such as legal or tax advisors, or medical professionals and counsellors, who are bound by a duty of confidentiality;
    • including or proposing clauses known to be unenforceable; and
    • using warranties, indemnities and clawback clauses in a way that is designed to, or has the effect of, improperly preventing or inhibiting permitted reporting or disclosures being made (for example, asking a person to warrant that they are not aware of any reason why they would make a permitted disclosure, in circumstances where a breach of warranty would activate a clawback clause).
       
• The Law Society of England and Wales, a professional association representing solicitors in England and Wales, has issued similar guidance (including a practice note) on the use of NDAs in the context of the termination of employment relationships.
• Other non-regulatory guidance on the use of NDAs has also been issued, including by the Advisory, Conciliation and Arbitration Service and by the UK Equality and Human Rights Commission.

Care should be taken accordingly to ensure that the wording of any NDA complies with prevailing guidance, especially from the SRA.

Non-disclosure agreements are currently permissible under United States law with some exceptions, typically pertaining to whistleblower, harassment, and discrimination matters. On 7 December 2022, President Joe Biden signed the Speak Out Act, which prohibits the enforcement of non-disclosure and non-disparagement provisions that were agreed to before an incident of workplace sexual assault or sexual harassment occurred. In other words, it does not prohibit these provisions in settlement or severance agreements.

Both Dodd-Frank and SOX prohibit employers from impeding an individual’s whistleblowing process. Confidentiality provisions should expressly authorise employee communications directly with, or responding to any inquiry from, or providing testimony before the SEC, FINRA, any other self-regulatory organisation or any other state or federal regulatory authority.

The United States Tax Cuts and Jobs Act of 2018 discourages NDAs in the settlement of sexual harassment claims. Under this law, employers settling claims alleging sexual harassment or abuse that include a confidentiality or non-disclosure provision in the settlement agreement cannot take a tax deduction for that settlement payment or related attorneys' fees.

Under the National Labor Relations Act, employees (except for supervisors) cannot be prohibited from discussing their compensation or working conditions

California

• California Law prohibits NDAs that would prevent employees from discussing or disclosing their compensation or discussing the wages of others. However, California permits the use of a non-disclosure provision that may preclude the disclosure of any amount paid in any separation or settlement agreement.
• California imposes restrictions on the use of non-disclosure provisions that are designed to restrict an employee's ability to disclose information about unlawful acts in the workplace, including information pertaining to harassment or discrimination or any other conduct the employee has reason to believe is unlawful in employment agreements, settlement agreements, and separation agreements.
• California employers cannot:
  • require employees, in exchange for a raise or a bonus, or as a condition of employment or for continued employment, to sign any non-disparagement or non-disclosure provision that denies the employee the right to disclose information about unlawful acts in the workplace;
  • include in any separation agreement a provision that prohibits the disclosure of information about unlawful acts in the workplace; or
  • include a provision within a settlement agreement that prevents or restricts the disclosure of factual information related to claims for sexual assault, sexual harassment, workplace harassment or discrimination, retaliation, or failure to prevent workplace harassment or discrimination that are filed in a civil or administrative action, unless the settlement agreement is negotiated, which means that the agreement is voluntary, deliberate, informed, provides consideration of value to the employee, and the employee is giving notice and an opportunity to retain an attorney or is represented by an attorney.

New York

• New York law prohibits NDAs that:
  • prevent an employee from discussing or disclosing their wages or the wages of another employee.
  • prevent an employee from disclosing factual information related to a future discrimination claim, unless the agreement notifies employees that it does not prevent them from speaking to the EEOC, the New York Department of Human Rights, and any local human rights commission or attorney retained by the individual.

New York law also prohibits employers from mandating confidentiality or non-disclosure provisions when settling sexual harassment claims (though allows such provisions where it is the employee’s preference to include them).