Employment in Financial Services

Financial services employees are primarily subject to general employment law, such as the Employment Contracts Act of 3 July 1978.

Moreover, sectoral collective bargaining agreements (CBAs) also apply. The main concerned joint committees (JCs) are JC No. 310 for banks (including savings banks and stockbroker companies) and JC No. 341 for banking and investment services intermediaries

JC No. 309 for stockbroker companies is abolished since 1 July 2023 and the employees who were covered by it are now covered by joint committee No. 310. A specific CBA was adopted to regulate employees’ rights following this change (Collective bargaining agreement of 3 July 2023 concluded within the Joint Commission for Banks concerning the transfer of stockbroker companies from JC No. 309 to JC No. 310).

Due to the peculiarities of the financial sector, they are also governed by specific regulations, such as Regulation (EU) No. 468/2014 of the European Central Bank; Directive 2013/36/EU on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms; Directive 2014/65/EU on markets in financial instruments; the Status and Supervision of Credit Institutions Act of 25 April 2014, the Prevention of Money Laundering and Terrorist Financing Act of 18 September 2017; and the Supervision of the Financial Sector and on Financial Services Act of 2 August 2002.

Finally, the regulations adopted by supervisory authorities, such as the National Bank of Belgium (NBB), the European Central Bank and the Financial Services and Markets Authority (FSMA), apply to the sector. The Belgian Financial Sector Federation (Febelfin) also issues guidelines.

The main regulatory regime applicable to financial services employees is the Brazilian Labour Code (CLT). However, several rules created from collective bargaining have been formalised in the Collective Labour Contract. That contract established additional standards with a validity period determined by the contract.

Due to the unique activities of the financial sector, which involve confidential information, the handling of funds, possible conflicts of interest, etc, there is a special legal framework, specific to financial services employees, which is deployed at national and European levels.

Companies and employees in the sector are subject to private law. As such, they are bound by all the norms of French law, such as Law No. 2016-1691 dated 9 December 2016, on transparency, the fight against corruption and the modernisation of economic life; Ordinance No. 2017-1387 of 22 September 2017, on the predictability and securitisation of labour relations; Law No. 2022-401 of 21 March 2022, aimed at improving the protection of whistleblowers, or Law No. 2022-1598 of December 21, 2022 on emergency measures relating to the functioning of the labor market with a view to full employment. Most legal provisions specific to financial services employees are contained in the Monetary and Financial Code.

In addition, collective agreements govern the working conditions of financial services employees. The most common collective agreements in the financial services sector are:

• The national collective agreement of financial companies of 22 November 1968;
• The national collective agreement for financial market activities of 11 June 2010; and
• The national collective agreement of the bank of 10 January 2000.

Finally, two authorities supervise operators in the financial services sector: the Financial Markets Authority (FMA), which is an independent administrative authority that regulates and supervises financial services operators, through its General Regulations; and the French Prudential Supervision and Resolution Authority (ACPR), which is part of the Banque de France and is responsible for supervising banks.

At a European level, several instruments provide a framework for the financial services sector, including:

• for investment funds (Annex II of Directive 2011/61/EU for alternative investment funds (AIF) and Articles 14a, 14b of Directive 2009/65/EC for UCITS) ;
• for investment firms (Directive 2019/2034/EU, on the prudential supervision of investment firms) ; and
• for markets in financial instruments (Directive 2014/65/EU).

Financial services industry employers and their employees are subject to a multi-layered legal framework, which varies depending on the business activity of the respective institution. In each case, it comprises a patchwork of overarching EU law, local law, and ordinances issued by the regulatory watchdog, the Federal Financial Supervisory Authority (BaFin). Employees are particularly affected by specific remuneration principles targeted at avoiding excessive risk-taking.

Banks and financial services

These providers are subject to the German Banking Act (KWG), with a few exceptions (eg, certain provisions do not apply to some institutions due to the nature of their business (section 2 KWG)). The KWG provides, inter alia, a slightly reduced level of dismissal protection for certain banking employees and sets out rules for an appropriate ratio between variable and fixed annual remuneration for employees and managing directors. Bonuses may not exceed the fixed salary, unless the institution’s shareholders approve an increase of up to twice the fixed salary by qualified majority vote. Further details are set out in the Remuneration Ordinance for Financial Institutions (IVV) issued by BaFin. In addition, banks and financial service providers are under certain prerequisites subject to the EU Capital Requirements Regulation (Regulation (EU) No. 575/2013 (CRR) as modified by Regulation (EU) No. 2019/876 of 20 May 2019).

Insurance providers

These are subject to the Commission Delegated Regulation (EU) 2015/35 (Solvency II Regulation), which applies directly and takes precedence over national law. The Insurance Regulation Act governs regulatory supervision and forms the basis for a BaFin-issued insurance compensation ordinance. Compared to banking’s IVV, this is much broader in scope and only applies when not overridden by rules set out in the Solvency II Regulation.

Investment funds

These are subject to the German Capital Investment Code (KAGB), which provides specific rules on remuneration for employees, as well as Annex II of Directive 2011/61/EU for alternative investment funds and articles 14a, 14b of Directive 2009/65/EC for undertakings for collective investments in transferable securities. There is no BaFin ordinance (comparable to IVV for banks) for this sector yet, although BaFin could be authorised to issue one. Section 37 paragraph 1 KAGB provides that investment funds should establish a remuneration system for certain employees, such as managers, that is consistent with and conducive to a sound and effective risk management system, that does not create incentives to take inappropriate risks, and does not prevent the investment fund from acting dutifully in the best interests of the investment assets.  

Investment firms

Finally, these are subject to a different regulatory regime depending on their size and impact. Larger investment firms are subject to the risk and remuneration regime for banks, while medium-sized investment firms (since June 2021) are subject to the new German Securities Act (WpIG). The Act implements the Investment Firm Directive (Directive (EU) 2019/2034) and is complemented by the Investment Firm Regulation (Regulation (EU) 2019/2033). Commission Delegated Regulations specify the standards to identify risk-takers, and Guidance by the European Securities and Markets Authority further detail the requirements for sound remuneration policies. In January, 2024, a new remuneration regime – the Investment Firm Remuneration Ordinance (WpI-VergV) – was introduced by BaFin after a multi-year consultation phase. Quite similar to the regime for banks and financial services, but with a few subtle differences, these rules must now be applied to the remuneration of medium-sized investment firms and especially their risk takers. Small investment firms are only subject to a low level of regulation. Further regulatory rules are set out, inter alia, in the German Securities Trading Act (WpHG) and the Financial Investment Mediation Ordinance, setting out behavioural standards for employees interacting with customers.

The primary regulatory regime applicable to financial services employees in Hong Kong are as follows:

• Under the Banking Ordinance (BO), the Hong Kong Monetary Authority (HKMA) is responsible for regulating all authorised institutions (banks, restricted-licence banks and deposit-taking companies). In particular, the HKMA needs to ensure that the chief executive, directors, controllers and executive officers of the authorised institutions are “fit and proper”.

• Under the Securities and Futures Ordinance (SFO), the Securities and Futures Commission (SFC) is responsible for regulating the securities and futures markets. Employees performing any regulated functions under the SFO must obtain the requisite licence from the SFC. Relevant individuals engaged by the authorised institutions who perform regulated functions (eg, bank staff working in the securities dealing department) are not required to be licensed or registered with the SFC but their names have to be entered in the register maintained by the HKMA.

• Under the Insurance Ordinance (IO), the Insurance Authority (IA) is responsible for regulating the insurance industry. Employees carrying on a regulated activity under the IO must obtain the requisite licence from the IA.

The important labour laws that may apply to financial services employees are:

• Industrial Disputes Act, 1947 (IDA)
• Contract Labour (Regulation & Abolition) Act, 1970
• Payment of Gratuity Act, 1972
• Payment of Bonus Act, 1965
• Equal Remuneration Act, 1976
• Maternity Benefit Act, 1961
• Apprentices Act, 1961
• Employees’ Compensation Act, 1923
• Employment Exchanges (Compulsory Notification of Vacancies) Act, 1959
• The Employees' Provident Funds and Miscellaneous Provisions Act, 1952
• Shops and Establishments Act(s)[1].

In addition, there are financial services regulations in India such as the Banking Regulation Act, 1949; Reserve Bank of India Act, 1934; Securities and Exchange Board of India Act, 1992 (and the regulations thereunder); Insurance Act, 1938; Income-tax Act, 1961; and the Foreign Exchange Management Act, 1999 (and the regulations thereunder). There are also multiple regulators established under these laws.

The Central Bank of Ireland (CBI) is responsible for the authorisation and supervision of regulated financial service providers (RFSPs) in Ireland. RFSPs can include credit institutions, credit unions, brokers/retail intermediaries; and other RFSPs such as electronic money institutions, insurance and reinsurance undertakings, investment firms and payment institutions. The regulatory regime applies in a bespoke way to each sector and its employees and tailored legal advice should be taken for a specific situation. The general principles of the regulatory framework are set out below.

Fitness and Probity

The primary regulatory regime applicable to employees of RFSPs is the Fitness & Probity ("F&P") framework under the CBI Reform Act 2010 (2010 Act) as amended. Its function is to assess and monitor the suitability of individuals for certain key positions, known as Controlled Functions (CFs), including Pre-approved Controlled Functions (PCFs). The general rule is that an RFSP cannot permit a person to perform a controlled function unless the RFSP is satisfied on reasonable grounds that the person complies with the F&P Standards prescribed under the 2010 Act and further set out in the regulations and Guidance prescribed by the CBI. A link to resources governing the F&P Standards is here.

Fitness relates to an individual's competency, experience, qualifications and capacity to perform the role (including time commitments and being free from conflicts of interest).

Probity relates to an individual's honesty, diligence, independence, ethics and integrity in performing their role.

Employers are required to perform due diligence to confirm that individuals they propose placing in CF roles are fit and proper. Employers are also required to hold a certificate of compliance in respect of each in scope employee, certifying that the employee complies with the F&P Standards. Employees of RFSPs must agree in writing to comply with the F&P Standards.

A breach of an individual's F&P obligations can result in criminal and administrative sanctions for the RFSP and suspension and disqualification for the individual from holding a controlled function.

Minimum Competency Requirements

The CBI also operates a minimum competency regime under the Minimum Competency Code 2017 and the CBI (Supervision and Enforcement) Act 2013 (section 48(1)) Minimum Competency Regulations 2017, which set out professional standards and competencies, and continuing professional development (CPD) requirements, for persons providing certain financial services and products across certain sectors e.g., credit union and insurance services.  The aim is to protect consumers by ensuring a minimum acceptable level of competence from individuals acting for or on behalf of RFSPs providing advice and information and associated activities (such as dealing with insurance claims or complaints), in connection with in-scope financial products.

The Individual Accountability Framework

The CBI (Individual Accountability) Act 2023 (the "2023 Act") was signed into law on 9 March 2023. The 2023 Act introduced a new Individual Accountability Framework ("IAF"):

• An enhanced Fitness and Probity Framework;
• New Common Conduct Standards, including Additional Conduct Standards for PCFs, applicable to employees and officers of RFSPs as well as Business Conduct Standards;
• The Senior Executive Accountability Regime ("SEAR"); and
• Administrative Sanctions Procedures ("ASP") which empowers the CBI to investigate and sanction individuals for breaches of their obligations under the IAF including the Conduct Standards and their F&P obligations.

The IAF commenced in Ireland from 29 December 2023. The F&P Framework and the application of the new Conduct Standards became effective from this date. Other parts of the IAF will be effective later in 2024.

Conduct Standards

Under the 2010 Act, both CFs and PCFs must take any step that is reasonable in the circumstances in the performance of their role, to ensure that they meet the requirements of the Common Conduct Standards. The Common Conduct Standards are explained in Guidance published by the CBI here. The Conduct Standards include the requirement to act with honesty and integrity, due skill and care, co-operate in good faith with the CBI, act in the best interests of customers and comply with applicable rules governing market conduct and trading as applicable to the relevant RFSP's sector. The F&P Standards set a standard that CFs and PCFs must meet to ensure that they are sufficiently skilled and have the competence and capability to perform their roles. Whereas the Common Conduct Standards impose positive, enforceable legal obligations on individuals in those roles, governing their conduct and requiring them to act in accordance with a single set of standards of expected behaviour. Employers must train their employees on the applicable Conduct Standards. Employees are required to attend at that training and to fully understand and comply with the Conduct Standards. Additional Conduct Standards apply to PCFs.

Senior Executive Accountability Regime

SEAR which applies to senior managers/officers holding PCF and CF1 roles, will be applicable from 1 July 2024. SEAR will come into force in respect of Non Executive Directors (NEDs) and Independent Non Executive Directors (INEDs) with effect from 1 July 2025.

In terms of the scope of application, SEAR will be introduced on a phased basis and will initially apply from 1 July 2024 to credit institutions, insurance undertakings (excluding reinsurance undertakings, captive (re)insurance undertakings and insurance special purpose vehicles) and investment firms that underwrite on a firm commitment basis, deal on own account, or are authorised to hold client monies or assets; and third-country branches of the above.

However, the CBI has noted in its Consultation Paper 153 (CP153) that "there is much in the spirit of the SEAR that firms not initially failing within scope should consider as aligned with good quality governance". RFSPs which are not in Phase 1 of SEAR should therefore consider the presence of the new regime and whether it may be appropriate to comply with the spirit of SEAR by ensuring that individual responsibilities for senior managers are mapped and clearly allocated across the firm's senior management. This is to ensure that it is very clear who is individually accountable for what and in order to ensure that the business and its risks are being properly managed.

Business Standards

The 2023 Act provides for the ability of the CBI of Ireland (CBI) to prescribe the "Business Standards" for the purposes of ensuring that in the conduct of its affairs a firm:

1. acts in the best interests of customers and of the integrity of the market;
2. acts honestly, fairly and professionally; and
3. acts with due skill, care and diligence.

The Business Standards are obligations which apply to the RFSP.

Protected Disclosures Legislation – Whistleblowing

The Protected Disclosures Act 2014 as amended provides that all employers (with 50 or more employees) and most RFSPs regardless of head count (including MiFID firms, UCITS management companies, AIFMs, externally managed UCITS and externally managed AIFs)  have and maintain secure, confidential and effective internal reporting channels and investigation procedures that comply with its requirements. Employees and other workers, including INEDS and NEDS as well as contractors have significant anti retaliation protection in connection with making a protected disclosure. Employers are required to appoint a designated person to acknowledge a report within 7 days, make diligent inquiries and to follow up with the reporter within three months in relation to the progress/outcome of the investigation. The Central Bank (Supervision and Enforcement) Act, 2013 as well as the European Union (Market Abuse) Regulations, 2016 set out whistleblowing requirements for in scope employees and anti retaliation protection.

The Employment Act 2006 and the Equality Act 2017 prescribe general employment rights and obligations for both employers and employees, including those in the financial services industry.

The Isle of Man Financial Services Authority (IoM FSA) is responsible for the regulation and supervision of financial services providers in the Isle of Man. Among other things, regulated financial institutions must comply with the rules set down by the IoM FSA in its Financial Services Rule Book 2016 (as amended) (the Rule Book). The IoM FSA applies “fitness and propriety” criteria to holders of certain key roles within a licence holder. This entails the IoM FSA assessing an individual’s integrity, financial standing, competency and capacity to undertake the role.

The requirement for an individual to be “fit and proper” depends on the nature of the role rather than their job title, but generally applies to key person or senior managerial roles (also known as Controlled Functions), where the individual has significant influence or control over the regulatory matters of the financial institution or to roles that have a bearing on the regulatory objectives of the IoM FSA and its ability to meet them.

Articles 5 and 123 of the Constitution of the United Mexican States provide express protection of labour rights and establish that legal rights are protected by the Federal Labour Law (the FLL).

Pursuant to article 5 thereof, no-one can be stopped from providing services in industry, commerce, or any other activity, provided it is not illegal; thus, individuals may only be prohibited from performing their duties as financial services employees if there is a legal justification. The activity may only be prohibited by a judicial declaration. Also, the law will define occupations that require a licence, the conditions to be met to obtain that licence and the issuing authorities.

Furthermore, no contract or provision that affects an individual’s freedom will be enforced.

All employers and employees within the private financial services sector are primarily subject to the FLL. Additionally, financial entities and their employees are subject to different laws and general provisions depending on the entities’ core business and activities, such as:

• Law to Regulate Finance Associations;
• Credit Institutions Law;
• General Provisions of Credit Institutions, issued by the supervisory authorities;
• Law to Regulate Credit Information Entities;
• General Law of Auxiliary Credit Organizations and Activities;
• Investment Funds Law;
• Popular Savings and Credit Law;
• Law to Regulate Technological Finance Institutions;
• General Provisions of Technological Finance Institutions, issued by the supervisory authorities;
• Law of Transparency and Promotion of Competition in Guaranteed Credit;
• Securities Market Law;
• Law for the Transparency and Regulation of Financial Services;
• Federal Law for the Prevention and Identity of Transactions with Illegally Obtained Resources;
• General Provisions applicable to securities operations carried out by counsel, managers and employees of financial entities and other obligated parties, issued by the supervisory authorities;
• Insurance and Bonding Institutes Law; and
• Insurance and Bonding Agents Regulations.

Some of the financial entities regulated are the following (Financial Entities):

• controlling entities (controlling entities of financial groups);
• credit institutions;
• credit information entities;
• multiple purpose financial entities;
• exchange bureaus and brokerage houses;
• auxiliary credit organisations;
• technological finance institutions;
• investment funds;
• financial cooperative associations and community finance entities; and
• insurance and bond institutes.

Authorities that regulate and supervise the compliance of financial laws and provisions are the National Banking and Securities Commission (CNBV), National Insurance and Bonding Commission (CNSF), National Commission of Retirement Savings Fund (CONSAR), National Commission for Financial Service Consumer Protection, Bank of Mexico, and the Ministry of Finance and Public Credit (SHCP).

The Dutch Financial Supervision Act (Wft) and the Dutch Remuneration Policies for Financial Institutions Act.

All private-sector employers and employees in Singapore are regulated by the Ministry of Manpower (MOM). Legislation such as the Employment Act 1968, the Employment of Foreign Manpower Act 1990, and the Workplace Safety and Health Act 2006 prescribe general employment rights and obligations for both employers and employees, and are supplemented by various tripartite advisories and guidelines. Anti-workplace discrimination legislation is also expected in the second half of 2024.

From the perspective of financial services, financial institutions (FIs) and FI employees are regulated by the Monetary Authority of Singapore (MAS). FIs are broadly categorised into four sectors: banking, capital markets, insurance, and payments. Statutes specific to each FI sector also apply. These include the Banking Act 1970, Securities and Futures Act 2001, Trust Companies Act 2005, Financial Advisers Act 2001, Insurance Act 1966, and Payment Services Act 2019. These are supplemented by MAS-issued directions, guidelines, codes, practice notes, circulars and policy statements.

A new Financial Services and Markets Act 2022 (FMSA) was also passed by Parliament in April 2022, consolidating and enhancing MAS’ powers. The FMSA will be implemented in phases, with the first phase having been implemented on 28 April 2023. This first phase addresses the porting over of provisions under the Monetary Authority of Singapore Act 1970 which relates to the MAS’ general powers over financial institutions, the anti-money laundering / countering of terrorism financing framework, and the Financial Dispute Resolution Schemes framework. The MAS has stated that the remaining phases are targeted for implementation in 2024.

2024 also saw the introduction of the Financial Institutions (Miscellaneous Amendments) Bill 2024. If passed, the bill will enhance, clarify and consolidate MAS’ powers across various acts to investigate, reprimand, supervise and inspect potential breaches and offences.

Contravening legislation (primary or subsidiary) and directions would generally constitute a criminal offence. Contravening advisories, guidelines, codes and practice notes would not generally constitute a criminal offence, but may result in regulatory or administrative consequences such as reprimands, censures or prohibition orders (in the case of MAS) or other administrative actions, such as a curtailment of work-pass privileges (in the case of MOM) – which is significant as work passes are a requirement for employing foreign nationals in Singapore.

Employment law in Switzerland is based mainly on the following sources, set out in order of priority:

• the Federal Constitution;
• Cantonal Constitutions;
• public law, particularly the Federal Act on Work in Industry, Crafts and Commerce (the Labour Act) and five ordinances issued under this Act regulating work, and health and safety conditions;
• civil law, particularly the Swiss Code of Obligations (CO);
• collective bargaining agreements, if applicable;
• individual employment agreements; and
• usage, custom, doctrine, and case law.

Depending on the regulatory status of the employer and the specific activities of financial services employees, respectively, Swiss financial market laws may also apply. They are, in particular, the Federal banking, financial institutions and insurance supervision regulations.

The UAE has four different regulators responsible for the authorisation and supervision of banks, insurers, and other financial institutions.

There are two regulators "on-shore" in the UAE, namely, (i) the UAE Central Bank, which is the state institution responsible for banking and insurance regulation, as well as monetary policy, and has authority over all licensed financial institutions in the UAE, including those in the financial free zones; and (ii) the Emirates Securities and Commodities Authorities (ESCA)  that regulates markets, listed companies, and securities brokers.

There are two financial free zones in the UAE, the Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM), who were established as special economic zones with independent jurisdictions through amendment to the UAE Constitution.  Within the free zones, the Dubai Financial Services Authority (DFSA) is the regulator of the DIFC and the Financial Services Regulatory Authority (FSRA) is the regulator of the ADGM.

As the DIFC and ADGM free zones have been established as special economic zones in which financial services are conducted, most of the applicable legislation in the UAE which governs financial services is found in the two free zones.  Therefore, unless expressly referenced, the responses for the UAE in this guide consider the position in the DIFC and ADGM only.

The Dubai Financial Services Authority is the financial regulatory body of financial services conducted in or from the DIFC.  The key legislation is the Regulatory Law of 2004, as amended, which is administered by the DFSA and is described as the cornerstone legislation of the regulatory regime.

The ADGM Financial Services Regulatory Authority is the financial regulatory body of financial services conducted in or from the ADGM.  The key legislation is the Financial Services and Markets Regulations (FSMR), which sets out the legislative and regulatory framework for financial services in the ADGM.  The FSMR was modelled on the UK’s Financial Services and Markets Act 2000 and other related legislation.

Finally, all employees in the private sector (excluding the two financial free zones) are subject to Federal Decree-law No. 33 of 2021, as amended (the Labour Law).  In the DIFC, employees are subject to DIFC Law No. 2 of 2019, as amended (the DIFC Employment Law) and in the ADGM, employees are subject to the ADGM Employment Regulations 2019 (the ADGM Employment Regulations).  In addition to the employment legislation described above, a number of other laws will be applicable to employees in the UAE, including Federal Decree-law No. 30 of 2021 containing the Penal Code.

In the UK, there are two main regulators responsible for the supervision of financial institutions. These are:

• The Prudential Regulation Authority (the PRA) – The PRA supervises over 1,500 financial institutions, including banks, building societies, credit unions, insurance companies and major investment firms. It creates policies for these institutions to follow and watches over aspects of their business.
• The Financial Conduct Authority (the FCA) – The FCA regulates the conduct of approximately 50,000 firms, prudentially supervises 48,000 firms, and sets specific standards for around 18,000 firms.

Some financial institutions are regulated by both the PRA and FCA (dual-regulated). Those financial institutions must comply with rules set down by the PRA in its rulebook (the PRA Rulebook) and by the FCA in its handbook (the FCA Handbook). Other firms are regulated solely by the FCA (solo-regulated) and must comply with the FCA handbook alone. Different rules can apply depending on the nature and size of the firm. The PRA and FCA work closely on certain issues and firms, but the FCA focuses specifically on ensuring fair outcomes for consumers.

The Senior Managers and Certification Regime (SM&CR) sets out how the UK regulators oversee people in businesses supervised and regulated by them, and how those people must act. As the FCA has summarised, “The SM&CR aims to reduce harm to consumers and strengthen market integrity by making individuals more accountable for their conduct and competence” (https://www.fca.org.uk/firms/senior-managers-certification-regime).

SM&CR consists of three elements:

• The Senior Managers Regime (SMR) – This applies to the most senior people in a firm (senior managers) who perform one or more senior management functions (SMFs). These functions are specified in the PRA Rulebook and the FCA Handbook. Senior managers must be pre-approved by the PRA or FCA before starting their roles. Each senior manager must also have a “Statement of Responsibilities” (that sets out what they are responsible and accountable for), which may include (depending on the firm) certain responsibilities prescribed by the regulator known as “Prescribed Responsibilities”. Every year, senior managers must be certified as fit and proper to carry out their role by their firm.
• The Certification Regime (CR) – This applies to employees who, because of their role, could pose a risk of significant harm to the firm or its customers, such as employees who offer investment advice (certified staff). For solo-regulated firms, these roles are generally called certification functions. Firms must certify that these employees are fit and proper for their roles both at the outset of their employment and continuously.
• The Conduct Rules – The Conduct Rules set minimum standards of individual behaviour in financial services in the UK. They apply to almost all employees of a firm. They also include particular rules applicable only to senior managers.

Certain parts of SM&CR apply to particular firms only. This is outside the scope of this note, which sets out the general position under SM&CR.

In the United States, there are different regulatory environments, depending on the nature of the employer.

• The Securities and Exchange Commission (SEC) regulates the offer and sale of securities, the various obligations of public companies, and the registration and conduct of broker-dealers. The SEC also regulates investment advisers.
• Every state has its own securities laws, known as Blue Sky Laws. These laws vary from state to state, but most, including New York and California, impose registration requirements on broker-dealers. State laws also require employees of brokers and dealers engaged in securities transactions to register as agents or salespersons.
  • The California Corporate Securities Law of 1968 covers securities offerings in the state of California.
  • The New York General Business Law and the New York Compilations of Codes, Rules and Regulations cover securities offerings in the state of New York.
• The Financial Industry Regulatory Authority (FINRA) is a private self-regulatory organisation that oversees exchange markets and brokerage firms and regulates the conduct of broker-dealer member firms.
• The Commodity Futures Trading Commission (CFTC) regulates commodities or future brokers and exchanges under the Commodity Exchange Act (CEA).
• Banks are regulated by both federal and state regulators, including the Federal Reserve Board, the Office of the Comptroller of the Currency, the Consumer Financial Protection Bureau, and the Federal Deposit Insurance Corporation.
• Commodities or future brokers or exchanges are covered by the CEA and are regulated by the CFTC.
• The Protocol for Broker Recruiting is an agreement signed by more than 2,000 broker-dealers. This Protocol specifically places limits on the restrictions a signatory firm can place on representatives who move to another signatory firm.

Most states have their own financial regulatory regimes. For example:

• The New York Department of Financial Services has regulatory authority over banks and certain other financial services entities within the state of New York.
• The California Department of Financial Protection and Innovation has regulatory authority over financial services entities within the state of California.

Employees must not, both during and after the termination of the contract, obtain, use or unlawfully disclose a business secret he or she became aware of in the course of his or her professional activity, or disclose the secrecy of any matter of a personal or confidential nature of which he or she became aware in the course of his or her professional activity (article 17, 3°, a, Employment Contracts Act).

The company can include a NDA in the employment contract to underline what is considered confidential information. A penalty clause (with a lump sum to be paid) can be foreseen in case of a breach after the end of the employment contract, but not during the period of the employment relationship. This is because of the prohibition on restricting the rights of employees or increasing their obligations in comparison with what is foreseen by the Employment Contracts Act (article 6).

Yes, non-disclosure agreements (NDAs) are potentially lawful in Brazil. The applicable rules are the same as for any legal transaction: expression of will, legality of the object, and compliance with the law.

As a rule, NDAs are a consequence of professional activity and do not require specific consideration.

Protected information is specific to the contractor (employer) and shared with the employee during the execution of the contract (strategies, customers, commercial secrets, etc).       

General information belonging to the employee due to his or her academic training and previous professional experience is not included in NDAs.

All actors in the financial services sector are bound by strict professional and banking secrecy.

But beyond the professional secrecy that is inherent to the employment contract, there may be an interest in particular circumstances to strengthen this requirement and make it an obligation of absolute professional secrecy. This is legal under French law and generally takes the form of a confidentiality clause (non-disclosure) inserted in the employee's employment contract.

In principle, a confidentiality clause, which includes an obligation of professional secrecy to which the employee is bound as well as an obligation of discretion, is not subject to any particular conditions. In particular, it does not require the payment of any financial consideration.

On the other hand, when an employee by an agreement or transaction goes further and waives his freedom of expression, the case law sets stricter conditions of validity. The agreement must be adapted, necessary and proportionate to the aim sought.

Confidentiality clauses must also comply with any obligations in terms of transparency, the fight against corruption and influence peddling provided for by Law No. 2016-1691 of 9 December 2016.

The only entities against which banking secrecy cannot be invoked are the French Prudential Supervision and Resolution Authority, the Banque de France and the judicial authority acting in the context of criminal proceedings (article L. 511-33 of the Monetary and Financial Code). On the other hand, bank secrecy is enforceable in civil court proceedings, as confirmed by abundant case law.

Under German law, it is permissible to enter into non-disclosure and confidentiality agreements. In practice, NDAs are usually agreed upon in written or text form, although this is not legally required. If drafted for use in multiple cases, NDAs are subject to a particularly strict test to be effective: they must be transparent and may not unduly burden the employee under General Terms and Conditions legislation. NDAs should, therefore, only relate to very limited and specific information.

In practice, NDAs are difficult to enforce as it is the employer who must prove a culpable breach of contract, as well as damages resulting from such a breach. Employers should, therefore, also use other means to ensure data protection and confidentiality, such as properly defining and protecting business secrets under the Business Secrets Act; and implementing technical and organisational measures to limit access to certain information, which may include sharing information only on a need-to-know basis.

Non-disclosure agreements are legally enforceable in Hong Kong. They follow the contract law rules and there is no other particular form or rules. To be enforceable, a non-disclosure agreement must protect information that is both confidential and valuable. There are common exceptions where confidentiality will not apply to certain information, including information available in the public domain, information lawfully received from a third party without proprietary or confidentiality limitations, information known to the employee before first receipt of same from the employer, and information disclosed in circumstances required by law or regulatory requirement.

NDAs are governed by the Indian Contract Act, 1872 and are generally lawful in India.

Generally, post-contract restrictive covenants like non-compete clauses that restrain a person’s exercise of lawful trade, profession or business are declared void because of Section 27 of the Indian Contract Act.

The enforceability of NDAs may be affected if they restrain an employee from exercising a lawful profession, trade or business. Accordingly, an NDA crafted to protect the “confidential information” of the former employer but not to impose the above-mentioned restraints on the employee is saved from any clash with Section 27 of the Indian Contract Act and is, therefore, enforceable in the courts of law in India. If NDAs prohibit an employee from disclosing commercial or trade secrets, then they cannot be held to be in restraint of trade. This was observed by the Bombay High Court in VFS Global Services Pvt Ltd v Mr Suprit Roy[1].

Yes. It is possible to use NDAs in Ireland and it is quite common for them to be used, but there are some limitations on their use and enforceability.

Certain mandatory reporting obligations will override a contractual non-disclosure agreement, such as the requirement for PCFs under section 38(2) of the CBI (Supervision and Enforcement) Act 2013 to disclose certain matters to the CBI.

Further, an NDA cannot extinguish an employee's right to anti-retaliation protection where the employee makes a protected disclosure either internally or externally under the Protected Disclosures Act 2014 - 2022.

Yes, non-disclosure agreements are potentially lawful in the Isle of Man. A contract of employment may also contain confidentiality provisions for financial services employees. However, a non-disclosure agreement or confidentiality clause would not (and could not) prevent a financial services employee (or any employee) from making a protected disclosure, (ie, a disclosure made by an employee where they reasonably believe there is serious wrongdoing within the workplace (whistleblowing)).

A financial services employee may, furthermore, be subject to a legal requirement to disclose information in certain circumstances that might override an NDA. For example, an individual can be compelled to provide information by the IoM FSA during an interview, and such compulsion will generally override an employee’s duties of confidentiality. Alternatively, an individual can be subject to a requirement to disclose information in the context of legal proceedings (eg, by court order).

Non-disclosure provisions under Mexican law are applicable and enforceable. All information to which employees have access, given their position and services, regarding third parties and deemed sensitive or confidential (ie, non-public information) may not be disclosed at any time after the termination of employment or used for any other purposes.

The breach of non-disclosure obligations of confidential information and trade secrets may lead to economic sanctions or imprisonment. The disclosure of confidential information or using it to an employer’s detriment is an offence under criminal law. Also, employees that breach confidential obligations may have to pay damages to the affected party.

Pursuant to article 186 of the general provisions applicable to brokerage houses, internal policies must be in place to establish guidelines and procedures for the use, management, conservation and, as applicable, destruction of books, records, documents, and other information; and must guarantee the adequate use and control of documents containing the confidential information of clients. Also, these entities must establish strict controls to avoid the improper use of books, records, and documents in general.

According to the Law to Regulate Technological Finance Institutions, entities must include measures and policies to control operational risks within their filing for authorisation at the CNBV. They must also provide information security and confidentiality policies, with evidence of secure, trustable and precise technological support for their clients and with minimum standards of security to ensure the confidentiality, availability and integrity of information, as well as to prevent fraud and cyberattacks.

Additionally, financial entities must guarantee the security and integrity of the information, and implement security measures to preserve the integrity and confidentiality of the information generated, stored, or processed.

Lastly, under the Federal Law for the Prevention and Identity of Transactions with Illegally Obtained Resources, filing notices, information and documentation related to vulnerable activities to the SHCP does not qualify as a breach of confidentiality obligations.

Since there is no specific legislation on NDAs under Dutch law, the general principle is that NDAs are permitted.

NDAs may never prevent a financial sector employee from reporting or revealing suspected misconduct.

NDAs are generally lawful in Singapore, although the extent of their enforceability depends on their contents. For example, restrictive covenants can be subject to further scrutiny (see question 13). While not subject to any particular form or rules, employers should take particular care to specify the type of information protected under the NDA, so that employees have a clear understanding of the protected information – and to enhance the enforceability of the NDA.

Under Singapore common law, in addition to breach of contract, a party may also bring an action for breach of confidence. A plaintiff will have to show on the facts that the information is confidential and was imparted in circumstances giving rise to an obligation of confidence (including if confidential information has been accessed or acquired without a plaintiff’s knowledge or consent), which will then invoke the presumption of a breach of confidence. The burden will then fall on the defendant to rebut this presumption.

Non-disclosure agreements (NDAs) are generally lawful in Switzerland. However, NDAs are not regulated by statutory law and therefore do not have to follow any particular statutory form or rule. Nevertheless, most NDAs often contain a similar basic structure.

The core clauses of an NDA concern:

• manufacturing and business secrets or the scope of further confidentiality;
• the purpose of use;
• the return and destruction of devices containing confidential information; and
• post-contractual confidentiality obligations.

As a general rule, it is recommended to use the written form.

To ensure possible enforcement of an NDA in the employment context, the requirements of a post-contractual non-compete obligation (see below) must be met.

Non-disclosure agreements may be used in the UAE (including DIFC and ADGM free zones).  There are no particular requirements regarding the form or rules for those NDAs.

NDAs (also known as confidentiality agreements) are potentially lawful and enforceable in the UK. It is common to include NDAs in employment contracts (to protect the confidential information of the employer during and after employment) and in settlement agreements (to reiterate existing confidentiality obligations and to keep the circumstances of the settlement confidential).

NDAs do not need to follow a particular form, but they must be reasonable in scope. Following #MeToo, there has been considerable government, parliamentary, and regulatory scrutiny of the use of NDAs and their reasonableness in different circumstances.

The following limitations on NDAs should be noted:

• By law, any NDA purporting to prevent an individual from making a “protected disclosure” as defined in the Employment Rights Act 1996 (ie, blowing the whistle about a matter) is void.

• The regulatory body for solicitors in England and Wales, the Solicitors Regulation Authority (SRA), has issued a detailed warning notice and guidance to practitioners setting out – in its view – inappropriate or improper uses of NDAs. Failure to comply with the SRA’s warning notice may lead to disciplinary action. The SRA lists the following as examples of improper use of NDAs:

• • using an NDA as a means of preventing, or seeking to impede or deter, a person from:
    • cooperating with a criminal investigation or prosecution;
    • reporting an offence to a law enforcement agency;
    • reporting misconduct, or a serious breach of the SRA’s regulatory requirements, to the SRA, or making an equivalent report to any other body responsible for supervising or regulating the matters in question; and
    • making a protected disclosure;
    • using an NDA to influence the substance of such a report, disclosure or cooperation;
    • using an NDA to prevent any disclosure required by law;
    • using an NDA to prevent proper disclosure about the agreement or circumstances surrounding the agreement to professional advisers, such as legal or tax advisors, or medical professionals and counsellors, who are bound by a duty of confidentiality;
    • including or proposing clauses known to be unenforceable; and
    • using warranties, indemnities and clawback clauses in a way that is designed to, or has the effect of, improperly preventing or inhibiting permitted reporting or disclosures being made (for example, asking a person to warrant that they are not aware of any reason why they would make a permitted disclosure, in circumstances where a breach of warranty would activate a clawback clause).
       
• The Law Society of England and Wales, a professional association representing solicitors in England and Wales, has issued similar guidance (including a practice note) on the use of NDAs in the context of the termination of employment relationships.
• Other non-regulatory guidance on the use of NDAs has also been issued, including by the Advisory, Conciliation and Arbitration Service and by the UK Equality and Human Rights Commission.

Care should be taken accordingly to ensure that the wording of any NDA complies with prevailing guidance, especially from the SRA.

Non-disclosure agreements are currently permissible under United States law with some exceptions, typically pertaining to whistleblower, harassment, and discrimination matters. On 7 December 2022, President Joe Biden signed the Speak Out Act, which prohibits the enforcement of non-disclosure and non-disparagement provisions that were agreed to before an incident of workplace sexual assault or sexual harassment occurred. In other words, it does not prohibit these provisions in settlement or severance agreements.

Both Dodd-Frank and SOX prohibit employers from impeding an individual’s whistleblowing process. Confidentiality provisions should expressly authorise employee communications directly with, or responding to any inquiry from, or providing testimony before the SEC, FINRA, any other self-regulatory organisation or any other state or federal regulatory authority.

The United States Tax Cuts and Jobs Act of 2018 discourages NDAs in the settlement of sexual harassment claims. Under this law, employers settling claims alleging sexual harassment or abuse that include a confidentiality or non-disclosure provision in the settlement agreement cannot take a tax deduction for that settlement payment or related attorneys' fees.

Under the National Labor Relations Act, employees (except for supervisors) cannot be prohibited from discussing their compensation or working conditions

California

• California Law prohibits NDAs that would prevent employees from discussing or disclosing their compensation or discussing the wages of others. However, California permits the use of a non-disclosure provision that may preclude the disclosure of any amount paid in any separation or settlement agreement.
• California imposes restrictions on the use of non-disclosure provisions that are designed to restrict an employee's ability to disclose information about unlawful acts in the workplace, including information pertaining to harassment or discrimination or any other conduct the employee has reason to believe is unlawful in employment agreements, settlement agreements, and separation agreements.
• California employers cannot:
  • require employees, in exchange for a raise or a bonus, or as a condition of employment or for continued employment, to sign any non-disparagement or non-disclosure provision that denies the employee the right to disclose information about unlawful acts in the workplace;
  • include in any separation agreement a provision that prohibits the disclosure of information about unlawful acts in the workplace; or
  • include a provision within a settlement agreement that prevents or restricts the disclosure of factual information related to claims for sexual assault, sexual harassment, workplace harassment or discrimination, retaliation, or failure to prevent workplace harassment or discrimination that are filed in a civil or administrative action, unless the settlement agreement is negotiated, which means that the agreement is voluntary, deliberate, informed, provides consideration of value to the employee, and the employee is giving notice and an opportunity to retain an attorney or is represented by an attorney.

New York

• New York law prohibits NDAs that:
  • prevent an employee from discussing or disclosing their wages or the wages of another employee.
  • prevent an employee from disclosing factual information related to a future discrimination claim, unless the agreement notifies employees that it does not prevent them from speaking to the EEOC, the New York Department of Human Rights, and any local human rights commission or attorney retained by the individual.

New York law also prohibits employers from mandating confidentiality or non-disclosure provisions when settling sexual harassment claims (though allows such provisions where it is the employee’s preference to include them).