Employment in Financial Services

Specifically, employees holding executive, overall management, oversight or control functions in regulated companies are responsible for ensuring that the companies’ organization ensures the continued compliance with applicable financial market laws. Swiss financial market laws do not have enhanced responsibilities for different employee categories. Instead, a person’s fitness and propriety are assessed within the context of the specific requirements and functions of a given company, the scope of activities at that company, and the complexity of that company.

Responsibility differs based on the complexity and responsibility of the tasks assigned to the employee and defined by the employer. However, all companies in the sector must comply with financial market institutions, which may imply that employees have a responsibility towards different entities. We summarise the institutions of the Brazilian financial market as follows:

The Securities and Exchange Commission (CVM)

This was created to monitor, regulate, discipline, and develop the Brazilian securities market. It is responsible for creating rules for the market and supervising its functioning. The CVM is part of the government and is linked to the Treasury Department, but it has administrative independence.

The Brazilian National Central Bank

This is a federal agency linked to the Treasury Department but with administrative independence, which aims to guarantee the stability of the currency's purchasing power and maintain a solid and efficient financial system. It controls monetary, exchange rate, credit, and financial relations policies abroad, in addition to regulating the National Financial System. The national central bank also supervises financial market institutions.

B3 (Stock Exchange)

This was created in 2017 from the merger of BM&FBOVESPA and Cetip, two crucial financial market players. The new company began accumulating services that serve the market and its investors for fixed and variable income transactions, among other duties.

The Credit Guarantee Fund

This is a non-profit civil association that aims to provide credit guarantees to customers of institutions participating in the fund.

The Private Insurance Superintendence

This controls and supervises the insurance, open private pension, capitalisation, and reinsurance markets.

The Brazilian Association of Financial and Capital Market Entities (ANBIMA)

This has represented the market for over four decades and is responsible for more than 300 institutions. The entity's activities are organised around four commitments: represent, self-regulate, inform and educate. Its main objective is to strengthen the sector's representation and support the evolution of a capital market capable of financing local economic and social development and influencing the global market.

The activities of certain categories of employees in the financial services sector benefit from greater supervision, due to the risky nature of their activity. These include employees who have business dealings with individuals and employees who may have exposure to the financial markets.

Thus, Article L.533-10 of the Monetary and Financial Code provides that portfolio management companies and investment service providers must, on the one hand, put in place rules and procedures to ensure compliance with the provisions applicable to them. On the other hand, they must put in place rules and procedures defining the conditions and limits under which their employees may carry out personal transactions on their behalf.

They must still take all reasonable steps to prevent conflicts of interest that could affect their clients. In practice, these employees may be referred to as "sensitive personnel".

In addition, Law No. 2013-672 of 26 July 2013, on the separation and regulation of banking activities introduced several provisions constraining employees who may expose their company to the financial markets. These employees must comply with strict obligations in their activity to limit risk-taking.

Employees who qualify as risk-takers have enhanced responsibilities due to their influence on an institution’s risk profile, including documentation requirements. Investment brokers advising private clients are also subject to strict rules and extensive documentation requirements, inter alia, on the investment advice provided and how the investment was tailored to the preferences, investment objectives, and other characteristics of the investor.

Under the SFO, ROs have enhanced responsibilities. They assume primary responsibility for compliance at a licensed corporation and are involved in supervising the regulated activities. A licensed corporation is required to appoint no less than two ROs to directly supervise the conduct of each regulated activity. Similarly, under the BO, registered institutions are required to appoint no less than two executive officers to be responsible for directly supervising the conduct of each regulated activity under the SFO. For each regulated activity, at least one RO must be available at all times to supervise the business and must be an executive director.

Under the IO, an RO of a licensed insurance agency or licensed insurance broker company has enhanced responsibilities. Responsible officers must use their best endeavours to ensure the agency or broker has established and maintains proper controls and procedures for securing compliance with the conduct requirements under the IO.

There are no provisions that lay down enhanced responsibilities for a particular category of employees in the financial services sector.

However, the conduct rules for employees in the financial sector mandate employees to adhere to higher standards of code of conduct and self-discipline. Their codes of conduct include inter alia anti-bribery obligations, prohibition from accepting gifts in an official capacity, making representations to media, making contribution to political parties, holding demonstration against public interest, exercising undue influence to secure appointments of family members at same organisation or granting banking facilities without permission. They are supposed to observe secrecy in general and specifically, maintain financial secrecy about stocks too.

This question was upheld in Harinarayan Seet v. Andhra Bank[1], wherein the Andhra Pradesh High Court recognised that banking sector employees are mandated to exhibit higher standards of honesty, integrity, devotion and diligence and any failure to discharge such duty with diligence may trigger dismissal.

Yes. Common Conduct Standards and Additional Conduct Standards were introduced by the 2023 Act and employers need to update employees' contractual documents to reflect same.

The Common Conduct Standards set out standards of behaviour expected of individuals carrying out Controlled Functions (CFs) within firms. The Common Conduct Standards are basic standards such as acting with honesty and integrity with due skill, care and diligence and in the best interest of customers. An individual that is subject to the Common Conduct Standards will be expected to take reasonable steps to ensure that the Common Conduct Standards are met.

In addition, senior executives, which includes individuals performing PCF roles (e.g. the directors, designated persons) and other individuals who exercise significant influence on the conduct of a firm's affairs (CF1) will also have Additional Conduct Standards related to running the part of the business for which they are responsible. An individual who performs a PCF/CF1 role should take reasonable steps to ensure that the Additional Conduct Standards are met.

When SEAR comes into effect, those performing senior executive functions will be required to have detailed statements of responsibility setting out the scope of their role. The Duty of Responsibility which the PCF will have under SEAR is extensive. The duty extends to taking any step that is reasonable in the circumstances to avoid a breach by their firm of its obligations in relation to an aspect of the firm's affairs for which the PCF is responsible.

There are a number of General Prescribed Responsibilities that will need to be assigned to PCFs:

(a)   Performance by the Firm of its obligations under SEAR

(b)   Performance by the Firm of its obligations under the F&P framework

(c)   Performance by the Firm of its obligations under the new Conduct Standards

(d)   Responsibility for overseeing the adoption of the firm’s policy on diversity and inclusion.

Employees who carry out a Controlled Function will have a duty of responsibility to ensure compliance with the financial institution’s ongoing regulatory requirements. 

All employees, including general managers and officers, must keep information and documents confidential and may only provide information to the competent authorities or authorised parties, with the prior express authorisation of the user or client.

Also, employees must:

• not stop internal committees from carrying out their functions;
• disclose to the financial entity all information regarding the use of illegal resources, or any act against goods, services, an individual’s life, or physical or emotional integrity, the use of toxic substances, or terrorist acts, so that the financial entity may provide the SHCP with a report on the subject; and
• in insurance or bonding Institutes, not offer discounts, reduce premiums or grant different benefits than those outlined in the corresponding policy.

General managers and officers must provide reports and information to the board of directors and the corresponding authorities periodically. The general manager must also provide precise data and reports to assist the board of directors in making prudent decisions.

General managers must develop and present to the board of directors, for its approval,  adequate policies for employment and the use of material and human resources, including restrictions on the use of goods, supervision and control mechanisms, and the application of resources to the company’s activities consistent with their business purposes.  

Insurance and bond companies will respond to the conduct of the general manager and officers, without prejudice to the civil and criminal liabilities that they may personally incur.

Also, if any conflict of interest exists or arises, general managers and officers must inform their employers immediately and suspend any activity within the scope of the contract that gives rise to the conflict until the matter is addressed.

Additionally, general managers and officers must verify the compliance of all individuals under their responsibility with all applicable legal provisions for financial services. These include: confidential obligations; the development of reports; informing their direct superior, officers, general manager or board of directors if there is a conflict of interest; informing the SCHP and Prosecutor’s Office if there is an act, operation or service using illegal resources, or an act that may harm the company, or the health or wellbeing of an individual or the general public.

Specifically, general managers in brokerage houses must:

• design and carry out a communications policy regarding identifying contingencies;
• implement and distribute the continuity business plan within the brokerage house and establish training programmes;
• inform the CNBV of contingencies in any of the systems and channels for clients, authorities and central securities counterparties;
• ensure that the continuity business plan is submitted for efficiency testing; and
• inform the CNBV in writing of the hiring or removal of the responsible party for internal audit functions.

The reliability, propriety and fitness of (supervisory) directors and executives in the financial services sector, as well as employees in an integrity-sensitive position, must be “beyond doubt”. This is also assessed by local authorities.

Employees who are managers and executives or above generally have enhanced responsibilities, particularly regarding corporate governance.

MAS’ Guidelines on Individual Accountability and Conduct provide that senior managers (ie, those principally responsible for day-to-day management) should be clearly identified, fit and proper for their roles, and responsible for the actions of employees and the conduct of the business under their purview. As for material risk personnel (ie, individuals who have the authority to make decisions or conduct activities that can significantly impact the FI’s safety and soundness, or cause harm to a significant segment of the FI’s customers or other stakeholders), they should be fit and proper for their roles, and subject to effective risk governance, appropriate incentive structures, and standards of conduct.

Subsidiary legislation or other MAS guidelines specific to the FI’s sector also contain corporate governance regulations, prescribing responsibilities to the board of directors, nominating committees, or senior management.

MAS’ Guidelines on Risk Management Practices – Board and Senior Management further states that an FI’s board and senior management are responsible for governing risk within an institution. This includes setting up appropriate risk management systems, stress-testing programmes and business contingency plans.

Specifically, employees holding executive, overall management, oversight or control functions in regulated companies are responsible for ensuring that the companies’ organization ensures the continued compliance with applicable financial market laws. Swiss financial market laws do not have enhanced responsibilities for different employee categories. Instead, a person’s fitness and propriety are assessed within the context of the specific requirements and functions of a given company, the scope of activities at that company, and the complexity of that company.

There are no provisions that lay down enhanced responsibilities for a particular category of employees in the financial services sector.
 

Every senior manager under the SMR has a “duty of responsibility” concerning the areas for which they are responsible. If a firm breaches a regulatory requirement, the senior manager responsible for the area relevant to the breach could be held accountable for the breach if they failed to take reasonable steps to prevent or stop the breach.

In addition, for most firms, the FCA requires that certain responsibilities – “prescribed responsibilities” – are allocated to appropriate senior managers. These responsibilities cover key conduct and prudential risks. They include, among others, responsibility for a firm’s performance of its obligations under the SMR; responsibility for a firm’s performance of its obligations under the CR; and responsibility for a firm’s obligations around conduct rules training and reporting. Firms must give careful thought to the best person to allocate each prescribed responsibility.

While there are certain responsibilities for financial employees, such as being able to pass applicable certifications (see question 4) or registering with certain entities (see question 6), the American regulatory system does not include statutory delineations that create enhanced responsibilities for certain categories of employees.

If a new element occurs that can influence one or more of the five criteria assessing the suitability of a person for the “fit and proper” authorisation (see question 2), the financial institution must file the adequate form with the NBB.

Notification to the NBB is also required in the event of termination or reappointment.

From a labour perspective, there are no circumstances in which notifications relating to the employee or their conduct must be made to local or international regulators.

Considering that the National Financial System is extremely regulated, there may be cases in which a mistake by an employee results in a duty to report to the authorities (information security breach, prevention of money laundering, and prevention of terrorist financing, among others, which could not be exhaustively included in this questionnaire).

There is no general code defined by law or regulation.

Each company can adopt its standard of behaviour, as a rule.

Some activities require specific protocols for the prevention of money laundering and combating the financing of terrorism:

• the capture, intermediation, and investment of financial resources from third parties in national or foreign currency;

• the purchase and sale of foreign currency or gold as a financial asset or exchange instrument; and

• the custody, issuance, distribution, settlement, negotiation, intermediation, or securities administration.

Within the scope of the system for preventing and combating money laundering and the financing of terrorism, it is up to institutions and their employees to adequately comply with Central Bank regulations; promote the effectiveness of the apparatus to combat and prevent money laundering; carry out risk management with the implementation of effective policies, procedures, and controls; and help the Brazilian state to locate which financial operations are suspicious so that they can be investigated.

In principle, the relationship between companies and employees in the financial services sector is private. As such, companies do not have to communicate confidential information about their employees to third parties, as this would constitute an infringement of their fundamental freedoms. However, in certain cases, employers must alert the competent authorities in the event of behaviour or "suspicions" of behaviour by one of their employees that is contrary to the law.

Thus, the Monetary and Financial Code provides that companies in the financial services sector, referred to in article L.561-2 of the code (the list of which was updated by Ordinance no. 2023-1139 of December 6, 2023 on credit managers and credit buyers to include "Credit managers"), must report to the national financial intelligence unit (Tracfin) all sums or transactions that they suspect to be the result of an offence punishable by a prison sentence of more than one year, or related to the financing of terrorism or tax evasion. This declaration may be made in respect of any employee of one of these companies.

In addition, when facts likely to constitute violations of the anticorruption code of conduct or to qualify as corruption or influence peddling are brought to the attention of the company and its managers, an internal investigation must be conducted (article 17 of Law No. 2016-1691 of 9 December 2016 on transparency). If the investigation confirms the suspicions, the employer must, on the one hand, sanction the employee, but also inform the prosecuting authority of the facts.

In smaller companies, the employer will also be able to report to the prosecution authorities any behaviour that could lead to criminal sanctions.

Yes. Under section 87 WpHG, investment firms must notify BaFin of any changes regarding employees providing investment advice, sales representation, and compliance advice. This includes, for example, personal data or a change of the responsible sales representative, but also the termination of the activity. Changes must be communicated to BaFin within one month.

Further, investment firms must notify BaFin as soon as a substantial customer complaint is made against one or more employees based on his or her activities in connection with investment advice. This applies, for example, to allegations of incorrect investment advice. The notification to BaFin must be submitted within six weeks of receipt of the complaint. Details on the content of the notification are governed by section 8 paragraph 4 of the Securities Trading Act Employee Notification Ordinance.

There are further notification obligations if there are doubts about an employee‘s reliability under the relevant statutory rules. For example, in their initial declaration of reliability under section 24 paragraph 1 No. 1 KWG and section 5b Ordinance on Notifications and Submission of Documents under the KWG, future managing directors and persons acting as sole representatives of credit institutions and financial services institutions must immediately report to BaFin in writing any subsequent changes that may be relevant to their reliability. This applies to all facts that were also relevant for the initial reliability assessment (eg, because an employee was convicted of certain financial crimes). In addition, BaFin must also receive notifications of preliminary proceedings, indictments and convictions of certain financial sector employees according to the Order on Notifications in Criminal Matters.

SFC – Self-reporting obligation

An SFC-licensed intermediary is subject to the self-reporting obligation under paragraph 12.5 of the “Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission”. A licensed or registered person should report to the SFC immediately upon the occurrence of any material breach, infringement or non-compliance with any laws, rules regulations, and codes administered or issued by the SFC, exchange or clearing house of which it is a member or participant of, and the requirement of any regulatory authority applicable to that intermediary. This encompasses both actual and suspected breaches, infringements or non-compliance. In the report, the particulars of the actual or suspected breach, infringement or non-compliance, and relevant information and documents must be included to fulfil the obligation.

The same is to be reported by the registered institutions to the HKMA. The HKMA also requires authorised institutions to submit an incident report on the same day of discovering the incident.

SFC - Internal investigation disclosure obligation

In addition, a licensed corporation is required to provide the SFC with information about whether a licensed individual who ceases to be accredited to it (outgoing employee) was under any investigation commenced by the licensed corporation within six months preceding his or her cessation of accreditation. If the internal investigation commences after the notification of cessation of accreditation, the licensed corporation should also notify the SFC as soon as practicable. In addition, even if a firm has completed its investigation and made no negative findings against an outgoing employee, the firm will still be required to notify the SFC of the investigation.

The SFC expects licensed corporations to proactively disclose information about all investigative actions and the following is a non-exhaustive list of examples of investigations involving an outgoing employee that a licensed corporation should disclose to the SFC:

• investigations about a suspected breach or breach of applicable laws, rules and regulations;
• investigations about a suspected breach or breach of the licensed corporation's internal policies or procedures;
• investigations about misconduct that are likely to give rise to concerns about the fitness and properness of the outgoing employee;
• investigations about any matter that may have an adverse market or client impact; and
• investigations about any matter potentially involving fraud, dishonesty and misfeasance.

HKMA – Reporting incidents to HKMA

According to the “Incident Response and Management Procedures” published by the HKMA, once an authorised institution has become aware that a significant incident has occurred, the authorised institution concerned should notify the HKMA immediately and provide it with whatever information is available at the time. An authorised institution should not wait until it has rectified the problem before reporting the incident to the HKMA.

According to the Supervisory Policy Manual SB-1 “Supervision of Regulated Activities of SFC-Registered Authorized Institutions”, to be in line with the reporting requirements imposed by the SFC on licensed representatives, authorised institutions will be required to notify the HKMA in writing within seven business days upon knowledge of the occurrence of certain information (including any subsequent changes) of the relevant individuals. The required information is on whether or not the person is or has been:

• convicted of or charged with any criminal offence (other than a minor offence) in Hong Kong or elsewhere;
• subject to any disciplinary action, or investigation by a regulatory body or criminal investigatory body (as the case may be) in Hong Kong or elsewhere;
• subject to, or involved in the management of a corporation or business that has been or is subject to, any investigation by a criminal investigatory body or any regulatory body in Hong Kong or elsewhere concerning offences involving fraud or dishonesty;
• engaged in any judicial or other proceedings, whether in Hong Kong or elsewhere, that is material or relevant to the fitness and propriety of the individual; or
• bankrupt or aware of the existence of any matters that might render him insolvent or lead to the appointment of a receiver of his property under the Bankruptcy Ordinance.

HKMA – Guidance Note on Cooperation with HKMA Investigations

Under the “Guidance Note on Cooperation with the HKMA in Investigations and Enforcement Proceedings”, the HKMA encourages and recognises the cooperation of authorised institutions, banks and their staff in investigations and enforcement proceedings. Under this Guidance Note, cooperation includes early and voluntary reporting of any suspected breach or misconduct, taking a proactive approach to assist the HKMA’s investigation, and making timely arrangements to provide evidence and information.

IA – Self-reporting obligation

Under “the Code of Conduct for Licensed Insurance Agents/Brokers”, there is a self-reporting obligation by licensed insurance agencies or brokerages to the IA. A licensed insurance agency or brokerage is required to have proper controls and procedures to ensure the following incidents are reported to the IA as soon as is reasonably practicable:

• a disciplinary action taken by the HKMA, the SFC or the Mandatory Provident Fund Schemes Authority;
• a criminal conviction (other than a minor offence) by any court in Hong Kong or elsewhere;
• any material breaches of requirements under the IO or any rules, regulations, codes or guidelines administered or issued by the IA; and
• any material incidents which happen to the agency or brokerage.

The RBI requires banks to conduct an annual review of fraud committed and provide a note of the total number to the board of directors or the local advisory board. These reports are not to be sent to the RBI but are to be preserved for verification by the RBI’s inspecting officers[1]. Necessary disclosures may also need to be made to SEBI under some of its regulations.

Publicly listed financial services companies may be required to make necessary disclosures, including to the stock exchanges and their auditors, in case of workplace fraud.

The CBI expects RFSPs to be open and transparent in their engagement, including concerning compliance with the F&P Standards and the Common Conduct Standards. While early versions of the IAF regulations and related guidance contained an obligation on a RFSP to report to the CBI if disciplinary action had been taken against an individual, the obligation was removed from the latest version of the draft legislation. The Guidance indicated that the CBI would expect that they would have already received relevant details as it provides that firms and persons performing PCF roles are required to report to the CBI where they suspect that a "prescribed contravention" may have occurred for the purposes of the CBI legislative framework and the CBI states that a breach of the Common Conduct Standards and/or Additional Conduct Standards is a "prescribed contravention" for these purposes.

Yes, please see question 9.

Financial institutions in the Isle of Man are required to comply with various statutory requirements. Breaches of those statutory requirements impose an obligation on the relevant entity to self-report to the IoM FSA. While ordinarily, businesses will endeavour not to supply information about individuals within the business to the regulator as part of this reporting, from time to time this may be necessary to comply with their regulatory obligations. Where this is the case, usually the regulator will be asked to use their powers of compulsion to seek the information rather than such information being given voluntarily. This is particularly the case where the regulator may have formed concerns about an individual’s fitness and propriety and wishes to investigate this further.

Regulators from other jurisdictions may use certain reciprocal agreements and reciprocal enforcement legislation to seek information from the IoM FSA or more directly from a financial services business. Where such requests are made, this may include information about individual employees (ordinarily those exercising Controlled Functions). However, any mechanism for reciprocal enforcement or exchange of information is subject to scrutiny and such information would normally only be offered by an employer under compulsion.

Pursuant to the Federal Law for the Prevention and Identity of Transactions with Illegally Obtained Resources, all acts carried out by financial entities are considered a vulnerable activity; therefore, financial entities must:

• set forth measures and procedures to prevent and detect acts and operations;
• file reports to the SHCP regarding acts, operations and services carried out by clients and employees if they suspect illegal resources are involved; and
• keep for at least 10 years any information and documents related to the identification of clients and users.

Given the above, if any action, operation or service is identified as undertaken with illegal resources or there is a breach of any of the provisions outlined in the above law, employers must inform the SHCP and prosecutor.

Also, if officers and general managers no longer comply with the legal requirements to occupy their positions (eg, not having a satisfactory credit record, or no longer being in good standing), financial entities may inform the CNBV or CNSF, as applicable, so the authorities may disqualify or remove those individuals from their positions.

Furthermore, if there is a breach of the code of conduct, the regulatory comptroller must inform the board of directors and keep such information available to the CNBV at all times. The board of directors will be in charge of establishing disciplinary measures.

Finally, if employees breach psychological risk prevention obligations (see question 11), employers must inform the labour authorities to impose corresponding sanctions.

Financial services companies must report to local regulators any behaviour or event that poses a serious threat to the ethical conduct of the business of the company or may affect the reliability of policymakers, sound and controlled business operations and continuity.

Furthermore, there are several local disciplinary authorities where reports can be made about financial services employees who fail to comply with Dutch law, guidelines and rules of conduct.

Forms need to be submitted to the MAS when an individual ceases to act as a representative in regulated activities or financial advisory services. Depending on the FI, the MAS may also have to be informed of appointments or changes of representatives, directors, chief executive officers, and other key officeholders (see questions 2 and 4).

MAS notices are also required for the reporting of misconduct for employees who are representatives of certain capital market service providers, financial advisers, and insurance broking staff. Examples of reportable misconduct include acts involving fraud, dishonesty or other offences of a similar nature, and non-compliance with regulatory requirements. Specific declaration forms and timelines may apply depending on the FI. An FI may also be required to submit updates on cases where investigations have not concluded or disciplinary action was not taken, or submit a declaration that there was no misconduct reported in a given calendar year.  

While not specific to financial services employees, the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992 requires any person with knowledge, or reasonable grounds to suspect, that any property is being used in connection with criminal activity to file a Suspicious Transaction Report with the Suspicious Transaction Reporting Office. MAS notices concerning the prevention of anti-money laundering and incidents of fraud emphasise this obligation.

As a general principle, supervised companies are required to ensure that persons holding, in particular, executive, overall management, oversight or control functions fulfil the requirements of the “fit and proper” test. Consequently, such persons must be of good repute and can guarantee compliance with applicable laws and regulations.

If a person cannot guarantee that the regulatory requirements are fulfilled at all times (eg, because of a material breach of its duties) the employing entity and its audit companies may be required to immediately report to FINMA, respectively, any incident that is of significance.

Both the DFSA General Rulebook and FSRA General Rulebook provide that where an authorised firm requests the withdrawal of an authorised individual, they must provide to the regulator details of any circumstances in which they consider the individual is no longer fit and proper.  Where the individual is to be dismissed or has requested to resign, the firm must provide to the regulator a statement of the reason, or reasons, for the dismissal or resignation.

In addition, the DFSA and FSRA General Rulebooks contain broad obligations on any authorised firm to report to the regulator if it becomes aware of a range of occurrences, including any matter which could have a significant adverse effect on the authorised firm’s reputation, or a matter in relation the authorised firm which could result in serious adverse financial consequences to the financial system or to other firms, or a significant breach of a rule by the authorised firm or its employees.

Yes. There are multiple potential reporting obligations with various timing imperatives. We include below a snapshot of some of the key obligations:

• under FCA Principle 11, firms have a general duty to inform the FCA of matters about which it would reasonably expect notice;
• a firm must notify the FCA immediately it becomes aware, or has information which reasonably suggests, that a matter which could have a significant adverse impact on the firm’s reputation has occurred, may have occurred or may occur in the foreseeable future;
• a firm must notify the FCA immediately it becomes aware, or has information which reasonably suggests, that a significant breach of a rule (including a significant breach of a Conduct Rule) has occurred, may have occurred or may occur in the foreseeable future; and
• a firm must also notify the FCA if it takes disciplinary action against an individual for a breach of the Conduct Rules. Where the relevant individual is a senior manager, the notification must be made within seven business days. Where the relevant individual is certified staff, the notification must be made in the firm’s annual reporting.

FINRA members must report to FINRA within 30 calendar days after the firm has concluded, or reasonably should have concluded, that an associated person of the firm or the firm itself has violated any securities, insurance, commodities, financial or investment-related laws, rules, regulations or standards of conduct of any domestic or foreign regulatory body or self-regulatory organisation.

While there is no requirement to report misconduct to regulators, the SEC routinely gives credit to organisations that voluntarily choose to self-report, which can lead to reduced fines, non-prosecution agreements, deferred prosecution agreements, waivers of disqualification following regulatory or criminal actions, or more organisation-friendly language in settlement documents. However, such disclosed information may later be discoverable by private plaintiffs.

The SEC has issued guidance that a failure to self-report significant misconduct can lead to more severe penalties.