Employment in Financial Services

Financial services employees are primarily subject to general employment law, such as the Employment Contracts Act of 3 July 1978.

Moreover, sectoral collective bargaining agreements (CBAs) also apply. The main concerned joint committees (JCs) are JC No. 310 for banks (including savings banks and stockbroker companies) and JC No. 341 for banking and investment services intermediaries

JC No. 309 for stockbroker companies is abolished since 1 July 2023 and the employees who were covered by it are now covered by joint committee No. 310. A specific CBA was adopted to regulate employees’ rights following this change (Collective bargaining agreement of 3 July 2023 concluded within the Joint Commission for Banks concerning the transfer of stockbroker companies from JC No. 309 to JC No. 310).

Due to the peculiarities of the financial sector, they are also governed by specific regulations, such as Regulation (EU) No. 468/2014 of the European Central Bank; Directive 2013/36/EU on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms; Directive 2014/65/EU on markets in financial instruments; the Status and Supervision of Credit Institutions Act of 25 April 2014, the Prevention of Money Laundering and Terrorist Financing Act of 18 September 2017; and the Supervision of the Financial Sector and on Financial Services Act of 2 August 2002.

Finally, the regulations adopted by supervisory authorities, such as the National Bank of Belgium (NBB), the European Central Bank and the Financial Services and Markets Authority (FSMA), apply to the sector. The Belgian Financial Sector Federation (Febelfin) also issues guidelines.

The main regulatory regime applicable to financial services employees is the Brazilian Labour Code (CLT). However, several rules created from collective bargaining have been formalised in the Collective Labour Contract. That contract established additional standards with a validity period determined by the contract.

Due to the unique activities of the financial sector, which involve confidential information, the handling of funds, possible conflicts of interest, etc, there is a special legal framework, specific to financial services employees, which is deployed at national and European levels.

Companies and employees in the sector are subject to private law. As such, they are bound by all the norms of French law, such as Law No. 2016-1691 dated 9 December 2016, on transparency, the fight against corruption and the modernisation of economic life; Ordinance No. 2017-1387 of 22 September 2017, on the predictability and securitisation of labour relations; Law No. 2022-401 of 21 March 2022, aimed at improving the protection of whistleblowers, or Law No. 2022-1598 of December 21, 2022 on emergency measures relating to the functioning of the labor market with a view to full employment. Most legal provisions specific to financial services employees are contained in the Monetary and Financial Code.

In addition, collective agreements govern the working conditions of financial services employees. The most common collective agreements in the financial services sector are:

• The national collective agreement of financial companies of 22 November 1968;
• The national collective agreement for financial market activities of 11 June 2010; and
• The national collective agreement of the bank of 10 January 2000.

Finally, two authorities supervise operators in the financial services sector: the Financial Markets Authority (FMA), which is an independent administrative authority that regulates and supervises financial services operators, through its General Regulations; and the French Prudential Supervision and Resolution Authority (ACPR), which is part of the Banque de France and is responsible for supervising banks.

At a European level, several instruments provide a framework for the financial services sector, including:

• for investment funds (Annex II of Directive 2011/61/EU for alternative investment funds (AIF) and Articles 14a, 14b of Directive 2009/65/EC for UCITS) ;
• for investment firms (Directive 2019/2034/EU, on the prudential supervision of investment firms) ; and
• for markets in financial instruments (Directive 2014/65/EU).

Financial services industry employers and their employees are subject to a multi-layered legal framework, which varies depending on the business activity of the respective institution. In each case, it comprises a patchwork of overarching EU law, local law, and ordinances issued by the regulatory watchdog, the Federal Financial Supervisory Authority (BaFin). Employees are particularly affected by specific remuneration principles targeted at avoiding excessive risk-taking.

Banks and financial services

These providers are subject to the German Banking Act (KWG), with a few exceptions (eg, certain provisions do not apply to some institutions due to the nature of their business (section 2 KWG)). The KWG provides, inter alia, a slightly reduced level of dismissal protection for certain banking employees and sets out rules for an appropriate ratio between variable and fixed annual remuneration for employees and managing directors. Bonuses may not exceed the fixed salary, unless the institution’s shareholders approve an increase of up to twice the fixed salary by qualified majority vote. Further details are set out in the Remuneration Ordinance for Financial Institutions (IVV) issued by BaFin. In addition, banks and financial service providers are under certain prerequisites subject to the EU Capital Requirements Regulation (Regulation (EU) No. 575/2013 (CRR) as modified by Regulation (EU) No. 2019/876 of 20 May 2019).

Insurance providers

These are subject to the Commission Delegated Regulation (EU) 2015/35 (Solvency II Regulation), which applies directly and takes precedence over national law. The Insurance Regulation Act governs regulatory supervision and forms the basis for a BaFin-issued insurance compensation ordinance. Compared to banking’s IVV, this is much broader in scope and only applies when not overridden by rules set out in the Solvency II Regulation.

Investment funds

These are subject to the German Capital Investment Code (KAGB), which provides specific rules on remuneration for employees, as well as Annex II of Directive 2011/61/EU for alternative investment funds and articles 14a, 14b of Directive 2009/65/EC for undertakings for collective investments in transferable securities. There is no BaFin ordinance (comparable to IVV for banks) for this sector yet, although BaFin could be authorised to issue one. Section 37 paragraph 1 KAGB provides that investment funds should establish a remuneration system for certain employees, such as managers, that is consistent with and conducive to a sound and effective risk management system, that does not create incentives to take inappropriate risks, and does not prevent the investment fund from acting dutifully in the best interests of the investment assets.  

Investment firms

Finally, these are subject to a different regulatory regime depending on their size and impact. Larger investment firms are subject to the risk and remuneration regime for banks, while medium-sized investment firms (since June 2021) are subject to the new German Securities Act (WpIG). The Act implements the Investment Firm Directive (Directive (EU) 2019/2034) and is complemented by the Investment Firm Regulation (Regulation (EU) 2019/2033). Commission Delegated Regulations specify the standards to identify risk-takers, and Guidance by the European Securities and Markets Authority further detail the requirements for sound remuneration policies. In January, 2024, a new remuneration regime – the Investment Firm Remuneration Ordinance (WpI-VergV) – was introduced by BaFin after a multi-year consultation phase. Quite similar to the regime for banks and financial services, but with a few subtle differences, these rules must now be applied to the remuneration of medium-sized investment firms and especially their risk takers. Small investment firms are only subject to a low level of regulation. Further regulatory rules are set out, inter alia, in the German Securities Trading Act (WpHG) and the Financial Investment Mediation Ordinance, setting out behavioural standards for employees interacting with customers.

The primary regulatory regime applicable to financial services employees in Hong Kong are as follows:

• Under the Banking Ordinance (BO), the Hong Kong Monetary Authority (HKMA) is responsible for regulating all authorised institutions (banks, restricted-licence banks and deposit-taking companies). In particular, the HKMA needs to ensure that the chief executive, directors, controllers and executive officers of the authorised institutions are “fit and proper”.

• Under the Securities and Futures Ordinance (SFO), the Securities and Futures Commission (SFC) is responsible for regulating the securities and futures markets. Employees performing any regulated functions under the SFO must obtain the requisite licence from the SFC. Relevant individuals engaged by the authorised institutions who perform regulated functions (eg, bank staff working in the securities dealing department) are not required to be licensed or registered with the SFC but their names have to be entered in the register maintained by the HKMA.

• Under the Insurance Ordinance (IO), the Insurance Authority (IA) is responsible for regulating the insurance industry. Employees carrying on a regulated activity under the IO must obtain the requisite licence from the IA.

The important labour laws that may apply to financial services employees are:

• Industrial Disputes Act, 1947 (IDA)
• Contract Labour (Regulation & Abolition) Act, 1970
• Payment of Gratuity Act, 1972
• Payment of Bonus Act, 1965
• Equal Remuneration Act, 1976
• Maternity Benefit Act, 1961
• Apprentices Act, 1961
• Employees’ Compensation Act, 1923
• Employment Exchanges (Compulsory Notification of Vacancies) Act, 1959
• The Employees' Provident Funds and Miscellaneous Provisions Act, 1952
• Shops and Establishments Act(s)[1].

In addition, there are financial services regulations in India such as the Banking Regulation Act, 1949; Reserve Bank of India Act, 1934; Securities and Exchange Board of India Act, 1992 (and the regulations thereunder); Insurance Act, 1938; Income-tax Act, 1961; and the Foreign Exchange Management Act, 1999 (and the regulations thereunder). There are also multiple regulators established under these laws.

The Central Bank of Ireland (CBI) is responsible for the authorisation and supervision of regulated financial service providers (RFSPs) in Ireland. RFSPs can include credit institutions, credit unions, brokers/retail intermediaries; and other RFSPs such as electronic money institutions, insurance and reinsurance undertakings, investment firms and payment institutions. The regulatory regime applies in a bespoke way to each sector and its employees and tailored legal advice should be taken for a specific situation. The general principles of the regulatory framework are set out below.

Fitness and Probity

The primary regulatory regime applicable to employees of RFSPs is the Fitness & Probity ("F&P") framework under the CBI Reform Act 2010 (2010 Act) as amended. Its function is to assess and monitor the suitability of individuals for certain key positions, known as Controlled Functions (CFs), including Pre-approved Controlled Functions (PCFs). The general rule is that an RFSP cannot permit a person to perform a controlled function unless the RFSP is satisfied on reasonable grounds that the person complies with the F&P Standards prescribed under the 2010 Act and further set out in the regulations and Guidance prescribed by the CBI. A link to resources governing the F&P Standards is here.

Fitness relates to an individual's competency, experience, qualifications and capacity to perform the role (including time commitments and being free from conflicts of interest).

Probity relates to an individual's honesty, diligence, independence, ethics and integrity in performing their role.

Employers are required to perform due diligence to confirm that individuals they propose placing in CF roles are fit and proper. Employers are also required to hold a certificate of compliance in respect of each in scope employee, certifying that the employee complies with the F&P Standards. Employees of RFSPs must agree in writing to comply with the F&P Standards.

A breach of an individual's F&P obligations can result in criminal and administrative sanctions for the RFSP and suspension and disqualification for the individual from holding a controlled function.

Minimum Competency Requirements

The CBI also operates a minimum competency regime under the Minimum Competency Code 2017 and the CBI (Supervision and Enforcement) Act 2013 (section 48(1)) Minimum Competency Regulations 2017, which set out professional standards and competencies, and continuing professional development (CPD) requirements, for persons providing certain financial services and products across certain sectors e.g., credit union and insurance services.  The aim is to protect consumers by ensuring a minimum acceptable level of competence from individuals acting for or on behalf of RFSPs providing advice and information and associated activities (such as dealing with insurance claims or complaints), in connection with in-scope financial products.

The Individual Accountability Framework

The CBI (Individual Accountability) Act 2023 (the "2023 Act") was signed into law on 9 March 2023. The 2023 Act introduced a new Individual Accountability Framework ("IAF"):

• An enhanced Fitness and Probity Framework;
• New Common Conduct Standards, including Additional Conduct Standards for PCFs, applicable to employees and officers of RFSPs as well as Business Conduct Standards;
• The Senior Executive Accountability Regime ("SEAR"); and
• Administrative Sanctions Procedures ("ASP") which empowers the CBI to investigate and sanction individuals for breaches of their obligations under the IAF including the Conduct Standards and their F&P obligations.

The IAF commenced in Ireland from 29 December 2023. The F&P Framework and the application of the new Conduct Standards became effective from this date. Other parts of the IAF will be effective later in 2024.

Conduct Standards

Under the 2010 Act, both CFs and PCFs must take any step that is reasonable in the circumstances in the performance of their role, to ensure that they meet the requirements of the Common Conduct Standards. The Common Conduct Standards are explained in Guidance published by the CBI here. The Conduct Standards include the requirement to act with honesty and integrity, due skill and care, co-operate in good faith with the CBI, act in the best interests of customers and comply with applicable rules governing market conduct and trading as applicable to the relevant RFSP's sector. The F&P Standards set a standard that CFs and PCFs must meet to ensure that they are sufficiently skilled and have the competence and capability to perform their roles. Whereas the Common Conduct Standards impose positive, enforceable legal obligations on individuals in those roles, governing their conduct and requiring them to act in accordance with a single set of standards of expected behaviour. Employers must train their employees on the applicable Conduct Standards. Employees are required to attend at that training and to fully understand and comply with the Conduct Standards. Additional Conduct Standards apply to PCFs.

Senior Executive Accountability Regime

SEAR which applies to senior managers/officers holding PCF and CF1 roles, will be applicable from 1 July 2024. SEAR will come into force in respect of Non Executive Directors (NEDs) and Independent Non Executive Directors (INEDs) with effect from 1 July 2025.

In terms of the scope of application, SEAR will be introduced on a phased basis and will initially apply from 1 July 2024 to credit institutions, insurance undertakings (excluding reinsurance undertakings, captive (re)insurance undertakings and insurance special purpose vehicles) and investment firms that underwrite on a firm commitment basis, deal on own account, or are authorised to hold client monies or assets; and third-country branches of the above.

However, the CBI has noted in its Consultation Paper 153 (CP153) that "there is much in the spirit of the SEAR that firms not initially failing within scope should consider as aligned with good quality governance". RFSPs which are not in Phase 1 of SEAR should therefore consider the presence of the new regime and whether it may be appropriate to comply with the spirit of SEAR by ensuring that individual responsibilities for senior managers are mapped and clearly allocated across the firm's senior management. This is to ensure that it is very clear who is individually accountable for what and in order to ensure that the business and its risks are being properly managed.

Business Standards

The 2023 Act provides for the ability of the CBI of Ireland (CBI) to prescribe the "Business Standards" for the purposes of ensuring that in the conduct of its affairs a firm:

1. acts in the best interests of customers and of the integrity of the market;
2. acts honestly, fairly and professionally; and
3. acts with due skill, care and diligence.

The Business Standards are obligations which apply to the RFSP.

Protected Disclosures Legislation – Whistleblowing

The Protected Disclosures Act 2014 as amended provides that all employers (with 50 or more employees) and most RFSPs regardless of head count (including MiFID firms, UCITS management companies, AIFMs, externally managed UCITS and externally managed AIFs)  have and maintain secure, confidential and effective internal reporting channels and investigation procedures that comply with its requirements. Employees and other workers, including INEDS and NEDS as well as contractors have significant anti retaliation protection in connection with making a protected disclosure. Employers are required to appoint a designated person to acknowledge a report within 7 days, make diligent inquiries and to follow up with the reporter within three months in relation to the progress/outcome of the investigation. The Central Bank (Supervision and Enforcement) Act, 2013 as well as the European Union (Market Abuse) Regulations, 2016 set out whistleblowing requirements for in scope employees and anti retaliation protection.

The Employment Act 2006 and the Equality Act 2017 prescribe general employment rights and obligations for both employers and employees, including those in the financial services industry.

The Isle of Man Financial Services Authority (IoM FSA) is responsible for the regulation and supervision of financial services providers in the Isle of Man. Among other things, regulated financial institutions must comply with the rules set down by the IoM FSA in its Financial Services Rule Book 2016 (as amended) (the Rule Book). The IoM FSA applies “fitness and propriety” criteria to holders of certain key roles within a licence holder. This entails the IoM FSA assessing an individual’s integrity, financial standing, competency and capacity to undertake the role.

The requirement for an individual to be “fit and proper” depends on the nature of the role rather than their job title, but generally applies to key person or senior managerial roles (also known as Controlled Functions), where the individual has significant influence or control over the regulatory matters of the financial institution or to roles that have a bearing on the regulatory objectives of the IoM FSA and its ability to meet them.

Articles 5 and 123 of the Constitution of the United Mexican States provide express protection of labour rights and establish that legal rights are protected by the Federal Labour Law (the FLL).

Pursuant to article 5 thereof, no-one can be stopped from providing services in industry, commerce, or any other activity, provided it is not illegal; thus, individuals may only be prohibited from performing their duties as financial services employees if there is a legal justification. The activity may only be prohibited by a judicial declaration. Also, the law will define occupations that require a licence, the conditions to be met to obtain that licence and the issuing authorities.

Furthermore, no contract or provision that affects an individual’s freedom will be enforced.

All employers and employees within the private financial services sector are primarily subject to the FLL. Additionally, financial entities and their employees are subject to different laws and general provisions depending on the entities’ core business and activities, such as:

• Law to Regulate Finance Associations;
• Credit Institutions Law;
• General Provisions of Credit Institutions, issued by the supervisory authorities;
• Law to Regulate Credit Information Entities;
• General Law of Auxiliary Credit Organizations and Activities;
• Investment Funds Law;
• Popular Savings and Credit Law;
• Law to Regulate Technological Finance Institutions;
• General Provisions of Technological Finance Institutions, issued by the supervisory authorities;
• Law of Transparency and Promotion of Competition in Guaranteed Credit;
• Securities Market Law;
• Law for the Transparency and Regulation of Financial Services;
• Federal Law for the Prevention and Identity of Transactions with Illegally Obtained Resources;
• General Provisions applicable to securities operations carried out by counsel, managers and employees of financial entities and other obligated parties, issued by the supervisory authorities;
• Insurance and Bonding Institutes Law; and
• Insurance and Bonding Agents Regulations.

Some of the financial entities regulated are the following (Financial Entities):

• controlling entities (controlling entities of financial groups);
• credit institutions;
• credit information entities;
• multiple purpose financial entities;
• exchange bureaus and brokerage houses;
• auxiliary credit organisations;
• technological finance institutions;
• investment funds;
• financial cooperative associations and community finance entities; and
• insurance and bond institutes.

Authorities that regulate and supervise the compliance of financial laws and provisions are the National Banking and Securities Commission (CNBV), National Insurance and Bonding Commission (CNSF), National Commission of Retirement Savings Fund (CONSAR), National Commission for Financial Service Consumer Protection, Bank of Mexico, and the Ministry of Finance and Public Credit (SHCP).

The Dutch Financial Supervision Act (Wft) and the Dutch Remuneration Policies for Financial Institutions Act.

All private-sector employers and employees in Singapore are regulated by the Ministry of Manpower (MOM). Legislation such as the Employment Act 1968, the Employment of Foreign Manpower Act 1990, and the Workplace Safety and Health Act 2006 prescribe general employment rights and obligations for both employers and employees, and are supplemented by various tripartite advisories and guidelines. Anti-workplace discrimination legislation is also expected in the second half of 2024.

From the perspective of financial services, financial institutions (FIs) and FI employees are regulated by the Monetary Authority of Singapore (MAS). FIs are broadly categorised into four sectors: banking, capital markets, insurance, and payments. Statutes specific to each FI sector also apply. These include the Banking Act 1970, Securities and Futures Act 2001, Trust Companies Act 2005, Financial Advisers Act 2001, Insurance Act 1966, and Payment Services Act 2019. These are supplemented by MAS-issued directions, guidelines, codes, practice notes, circulars and policy statements.

A new Financial Services and Markets Act 2022 (FMSA) was also passed by Parliament in April 2022, consolidating and enhancing MAS’ powers. The FMSA will be implemented in phases, with the first phase having been implemented on 28 April 2023. This first phase addresses the porting over of provisions under the Monetary Authority of Singapore Act 1970 which relates to the MAS’ general powers over financial institutions, the anti-money laundering / countering of terrorism financing framework, and the Financial Dispute Resolution Schemes framework. The MAS has stated that the remaining phases are targeted for implementation in 2024.

2024 also saw the introduction of the Financial Institutions (Miscellaneous Amendments) Bill 2024. If passed, the bill will enhance, clarify and consolidate MAS’ powers across various acts to investigate, reprimand, supervise and inspect potential breaches and offences.

Contravening legislation (primary or subsidiary) and directions would generally constitute a criminal offence. Contravening advisories, guidelines, codes and practice notes would not generally constitute a criminal offence, but may result in regulatory or administrative consequences such as reprimands, censures or prohibition orders (in the case of MAS) or other administrative actions, such as a curtailment of work-pass privileges (in the case of MOM) – which is significant as work passes are a requirement for employing foreign nationals in Singapore.

Employment law in Switzerland is based mainly on the following sources, set out in order of priority:

• the Federal Constitution;
• Cantonal Constitutions;
• public law, particularly the Federal Act on Work in Industry, Crafts and Commerce (the Labour Act) and five ordinances issued under this Act regulating work, and health and safety conditions;
• civil law, particularly the Swiss Code of Obligations (CO);
• collective bargaining agreements, if applicable;
• individual employment agreements; and
• usage, custom, doctrine, and case law.

Depending on the regulatory status of the employer and the specific activities of financial services employees, respectively, Swiss financial market laws may also apply. They are, in particular, the Federal banking, financial institutions and insurance supervision regulations.

The UAE has four different regulators responsible for the authorisation and supervision of banks, insurers, and other financial institutions.

There are two regulators "on-shore" in the UAE, namely, (i) the UAE Central Bank, which is the state institution responsible for banking and insurance regulation, as well as monetary policy, and has authority over all licensed financial institutions in the UAE, including those in the financial free zones; and (ii) the Emirates Securities and Commodities Authorities (ESCA)  that regulates markets, listed companies, and securities brokers.

There are two financial free zones in the UAE, the Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM), who were established as special economic zones with independent jurisdictions through amendment to the UAE Constitution.  Within the free zones, the Dubai Financial Services Authority (DFSA) is the regulator of the DIFC and the Financial Services Regulatory Authority (FSRA) is the regulator of the ADGM.

As the DIFC and ADGM free zones have been established as special economic zones in which financial services are conducted, most of the applicable legislation in the UAE which governs financial services is found in the two free zones.  Therefore, unless expressly referenced, the responses for the UAE in this guide consider the position in the DIFC and ADGM only.

The Dubai Financial Services Authority is the financial regulatory body of financial services conducted in or from the DIFC.  The key legislation is the Regulatory Law of 2004, as amended, which is administered by the DFSA and is described as the cornerstone legislation of the regulatory regime.

The ADGM Financial Services Regulatory Authority is the financial regulatory body of financial services conducted in or from the ADGM.  The key legislation is the Financial Services and Markets Regulations (FSMR), which sets out the legislative and regulatory framework for financial services in the ADGM.  The FSMR was modelled on the UK’s Financial Services and Markets Act 2000 and other related legislation.

Finally, all employees in the private sector (excluding the two financial free zones) are subject to Federal Decree-law No. 33 of 2021, as amended (the Labour Law).  In the DIFC, employees are subject to DIFC Law No. 2 of 2019, as amended (the DIFC Employment Law) and in the ADGM, employees are subject to the ADGM Employment Regulations 2019 (the ADGM Employment Regulations).  In addition to the employment legislation described above, a number of other laws will be applicable to employees in the UAE, including Federal Decree-law No. 30 of 2021 containing the Penal Code.

In the UK, there are two main regulators responsible for the supervision of financial institutions. These are:

• The Prudential Regulation Authority (the PRA) – The PRA supervises over 1,500 financial institutions, including banks, building societies, credit unions, insurance companies and major investment firms. It creates policies for these institutions to follow and watches over aspects of their business.
• The Financial Conduct Authority (the FCA) – The FCA regulates the conduct of approximately 50,000 firms, prudentially supervises 48,000 firms, and sets specific standards for around 18,000 firms.

Some financial institutions are regulated by both the PRA and FCA (dual-regulated). Those financial institutions must comply with rules set down by the PRA in its rulebook (the PRA Rulebook) and by the FCA in its handbook (the FCA Handbook). Other firms are regulated solely by the FCA (solo-regulated) and must comply with the FCA handbook alone. Different rules can apply depending on the nature and size of the firm. The PRA and FCA work closely on certain issues and firms, but the FCA focuses specifically on ensuring fair outcomes for consumers.

The Senior Managers and Certification Regime (SM&CR) sets out how the UK regulators oversee people in businesses supervised and regulated by them, and how those people must act. As the FCA has summarised, “The SM&CR aims to reduce harm to consumers and strengthen market integrity by making individuals more accountable for their conduct and competence” (https://www.fca.org.uk/firms/senior-managers-certification-regime).

SM&CR consists of three elements:

• The Senior Managers Regime (SMR) – This applies to the most senior people in a firm (senior managers) who perform one or more senior management functions (SMFs). These functions are specified in the PRA Rulebook and the FCA Handbook. Senior managers must be pre-approved by the PRA or FCA before starting their roles. Each senior manager must also have a “Statement of Responsibilities” (that sets out what they are responsible and accountable for), which may include (depending on the firm) certain responsibilities prescribed by the regulator known as “Prescribed Responsibilities”. Every year, senior managers must be certified as fit and proper to carry out their role by their firm.
• The Certification Regime (CR) – This applies to employees who, because of their role, could pose a risk of significant harm to the firm or its customers, such as employees who offer investment advice (certified staff). For solo-regulated firms, these roles are generally called certification functions. Firms must certify that these employees are fit and proper for their roles both at the outset of their employment and continuously.
• The Conduct Rules – The Conduct Rules set minimum standards of individual behaviour in financial services in the UK. They apply to almost all employees of a firm. They also include particular rules applicable only to senior managers.

Certain parts of SM&CR apply to particular firms only. This is outside the scope of this note, which sets out the general position under SM&CR.

In the United States, there are different regulatory environments, depending on the nature of the employer.

• The Securities and Exchange Commission (SEC) regulates the offer and sale of securities, the various obligations of public companies, and the registration and conduct of broker-dealers. The SEC also regulates investment advisers.
• Every state has its own securities laws, known as Blue Sky Laws. These laws vary from state to state, but most, including New York and California, impose registration requirements on broker-dealers. State laws also require employees of brokers and dealers engaged in securities transactions to register as agents or salespersons.
  • The California Corporate Securities Law of 1968 covers securities offerings in the state of California.
  • The New York General Business Law and the New York Compilations of Codes, Rules and Regulations cover securities offerings in the state of New York.
• The Financial Industry Regulatory Authority (FINRA) is a private self-regulatory organisation that oversees exchange markets and brokerage firms and regulates the conduct of broker-dealer member firms.
• The Commodity Futures Trading Commission (CFTC) regulates commodities or future brokers and exchanges under the Commodity Exchange Act (CEA).
• Banks are regulated by both federal and state regulators, including the Federal Reserve Board, the Office of the Comptroller of the Currency, the Consumer Financial Protection Bureau, and the Federal Deposit Insurance Corporation.
• Commodities or future brokers or exchanges are covered by the CEA and are regulated by the CFTC.
• The Protocol for Broker Recruiting is an agreement signed by more than 2,000 broker-dealers. This Protocol specifically places limits on the restrictions a signatory firm can place on representatives who move to another signatory firm.

Most states have their own financial regulatory regimes. For example:

• The New York Department of Financial Services has regulatory authority over banks and certain other financial services entities within the state of New York.
• The California Department of Financial Protection and Innovation has regulatory authority over financial services entities within the state of California.

If a new element occurs that can influence one or more of the five criteria assessing the suitability of a person for the “fit and proper” authorisation (see question 2), the financial institution must file the adequate form with the NBB.

Notification to the NBB is also required in the event of termination or reappointment.

From a labour perspective, there are no circumstances in which notifications relating to the employee or their conduct must be made to local or international regulators.

Considering that the National Financial System is extremely regulated, there may be cases in which a mistake by an employee results in a duty to report to the authorities (information security breach, prevention of money laundering, and prevention of terrorist financing, among others, which could not be exhaustively included in this questionnaire).

There is no general code defined by law or regulation.

Each company can adopt its standard of behaviour, as a rule.

Some activities require specific protocols for the prevention of money laundering and combating the financing of terrorism:

• the capture, intermediation, and investment of financial resources from third parties in national or foreign currency;

• the purchase and sale of foreign currency or gold as a financial asset or exchange instrument; and

• the custody, issuance, distribution, settlement, negotiation, intermediation, or securities administration.

Within the scope of the system for preventing and combating money laundering and the financing of terrorism, it is up to institutions and their employees to adequately comply with Central Bank regulations; promote the effectiveness of the apparatus to combat and prevent money laundering; carry out risk management with the implementation of effective policies, procedures, and controls; and help the Brazilian state to locate which financial operations are suspicious so that they can be investigated.

In principle, the relationship between companies and employees in the financial services sector is private. As such, companies do not have to communicate confidential information about their employees to third parties, as this would constitute an infringement of their fundamental freedoms. However, in certain cases, employers must alert the competent authorities in the event of behaviour or "suspicions" of behaviour by one of their employees that is contrary to the law.

Thus, the Monetary and Financial Code provides that companies in the financial services sector, referred to in article L.561-2 of the code (the list of which was updated by Ordinance no. 2023-1139 of December 6, 2023 on credit managers and credit buyers to include "Credit managers"), must report to the national financial intelligence unit (Tracfin) all sums or transactions that they suspect to be the result of an offence punishable by a prison sentence of more than one year, or related to the financing of terrorism or tax evasion. This declaration may be made in respect of any employee of one of these companies.

In addition, when facts likely to constitute violations of the anticorruption code of conduct or to qualify as corruption or influence peddling are brought to the attention of the company and its managers, an internal investigation must be conducted (article 17 of Law No. 2016-1691 of 9 December 2016 on transparency). If the investigation confirms the suspicions, the employer must, on the one hand, sanction the employee, but also inform the prosecuting authority of the facts.

In smaller companies, the employer will also be able to report to the prosecution authorities any behaviour that could lead to criminal sanctions.

Yes. Under section 87 WpHG, investment firms must notify BaFin of any changes regarding employees providing investment advice, sales representation, and compliance advice. This includes, for example, personal data or a change of the responsible sales representative, but also the termination of the activity. Changes must be communicated to BaFin within one month.

Further, investment firms must notify BaFin as soon as a substantial customer complaint is made against one or more employees based on his or her activities in connection with investment advice. This applies, for example, to allegations of incorrect investment advice. The notification to BaFin must be submitted within six weeks of receipt of the complaint. Details on the content of the notification are governed by section 8 paragraph 4 of the Securities Trading Act Employee Notification Ordinance.

There are further notification obligations if there are doubts about an employee‘s reliability under the relevant statutory rules. For example, in their initial declaration of reliability under section 24 paragraph 1 No. 1 KWG and section 5b Ordinance on Notifications and Submission of Documents under the KWG, future managing directors and persons acting as sole representatives of credit institutions and financial services institutions must immediately report to BaFin in writing any subsequent changes that may be relevant to their reliability. This applies to all facts that were also relevant for the initial reliability assessment (eg, because an employee was convicted of certain financial crimes). In addition, BaFin must also receive notifications of preliminary proceedings, indictments and convictions of certain financial sector employees according to the Order on Notifications in Criminal Matters.

SFC – Self-reporting obligation

An SFC-licensed intermediary is subject to the self-reporting obligation under paragraph 12.5 of the “Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission”. A licensed or registered person should report to the SFC immediately upon the occurrence of any material breach, infringement or non-compliance with any laws, rules regulations, and codes administered or issued by the SFC, exchange or clearing house of which it is a member or participant of, and the requirement of any regulatory authority applicable to that intermediary. This encompasses both actual and suspected breaches, infringements or non-compliance. In the report, the particulars of the actual or suspected breach, infringement or non-compliance, and relevant information and documents must be included to fulfil the obligation.

The same is to be reported by the registered institutions to the HKMA. The HKMA also requires authorised institutions to submit an incident report on the same day of discovering the incident.

SFC - Internal investigation disclosure obligation

In addition, a licensed corporation is required to provide the SFC with information about whether a licensed individual who ceases to be accredited to it (outgoing employee) was under any investigation commenced by the licensed corporation within six months preceding his or her cessation of accreditation. If the internal investigation commences after the notification of cessation of accreditation, the licensed corporation should also notify the SFC as soon as practicable. In addition, even if a firm has completed its investigation and made no negative findings against an outgoing employee, the firm will still be required to notify the SFC of the investigation.

The SFC expects licensed corporations to proactively disclose information about all investigative actions and the following is a non-exhaustive list of examples of investigations involving an outgoing employee that a licensed corporation should disclose to the SFC:

• investigations about a suspected breach or breach of applicable laws, rules and regulations;
• investigations about a suspected breach or breach of the licensed corporation's internal policies or procedures;
• investigations about misconduct that are likely to give rise to concerns about the fitness and properness of the outgoing employee;
• investigations about any matter that may have an adverse market or client impact; and
• investigations about any matter potentially involving fraud, dishonesty and misfeasance.

HKMA – Reporting incidents to HKMA

According to the “Incident Response and Management Procedures” published by the HKMA, once an authorised institution has become aware that a significant incident has occurred, the authorised institution concerned should notify the HKMA immediately and provide it with whatever information is available at the time. An authorised institution should not wait until it has rectified the problem before reporting the incident to the HKMA.

According to the Supervisory Policy Manual SB-1 “Supervision of Regulated Activities of SFC-Registered Authorized Institutions”, to be in line with the reporting requirements imposed by the SFC on licensed representatives, authorised institutions will be required to notify the HKMA in writing within seven business days upon knowledge of the occurrence of certain information (including any subsequent changes) of the relevant individuals. The required information is on whether or not the person is or has been:

• convicted of or charged with any criminal offence (other than a minor offence) in Hong Kong or elsewhere;
• subject to any disciplinary action, or investigation by a regulatory body or criminal investigatory body (as the case may be) in Hong Kong or elsewhere;
• subject to, or involved in the management of a corporation or business that has been or is subject to, any investigation by a criminal investigatory body or any regulatory body in Hong Kong or elsewhere concerning offences involving fraud or dishonesty;
• engaged in any judicial or other proceedings, whether in Hong Kong or elsewhere, that is material or relevant to the fitness and propriety of the individual; or
• bankrupt or aware of the existence of any matters that might render him insolvent or lead to the appointment of a receiver of his property under the Bankruptcy Ordinance.

HKMA – Guidance Note on Cooperation with HKMA Investigations

Under the “Guidance Note on Cooperation with the HKMA in Investigations and Enforcement Proceedings”, the HKMA encourages and recognises the cooperation of authorised institutions, banks and their staff in investigations and enforcement proceedings. Under this Guidance Note, cooperation includes early and voluntary reporting of any suspected breach or misconduct, taking a proactive approach to assist the HKMA’s investigation, and making timely arrangements to provide evidence and information.

IA – Self-reporting obligation

Under “the Code of Conduct for Licensed Insurance Agents/Brokers”, there is a self-reporting obligation by licensed insurance agencies or brokerages to the IA. A licensed insurance agency or brokerage is required to have proper controls and procedures to ensure the following incidents are reported to the IA as soon as is reasonably practicable:

• a disciplinary action taken by the HKMA, the SFC or the Mandatory Provident Fund Schemes Authority;
• a criminal conviction (other than a minor offence) by any court in Hong Kong or elsewhere;
• any material breaches of requirements under the IO or any rules, regulations, codes or guidelines administered or issued by the IA; and
• any material incidents which happen to the agency or brokerage.

The RBI requires banks to conduct an annual review of fraud committed and provide a note of the total number to the board of directors or the local advisory board. These reports are not to be sent to the RBI but are to be preserved for verification by the RBI’s inspecting officers[1]. Necessary disclosures may also need to be made to SEBI under some of its regulations.

Publicly listed financial services companies may be required to make necessary disclosures, including to the stock exchanges and their auditors, in case of workplace fraud.

The CBI expects RFSPs to be open and transparent in their engagement, including concerning compliance with the F&P Standards and the Common Conduct Standards. While early versions of the IAF regulations and related guidance contained an obligation on a RFSP to report to the CBI if disciplinary action had been taken against an individual, the obligation was removed from the latest version of the draft legislation. The Guidance indicated that the CBI would expect that they would have already received relevant details as it provides that firms and persons performing PCF roles are required to report to the CBI where they suspect that a "prescribed contravention" may have occurred for the purposes of the CBI legislative framework and the CBI states that a breach of the Common Conduct Standards and/or Additional Conduct Standards is a "prescribed contravention" for these purposes.

Yes, please see question 9.

Financial institutions in the Isle of Man are required to comply with various statutory requirements. Breaches of those statutory requirements impose an obligation on the relevant entity to self-report to the IoM FSA. While ordinarily, businesses will endeavour not to supply information about individuals within the business to the regulator as part of this reporting, from time to time this may be necessary to comply with their regulatory obligations. Where this is the case, usually the regulator will be asked to use their powers of compulsion to seek the information rather than such information being given voluntarily. This is particularly the case where the regulator may have formed concerns about an individual’s fitness and propriety and wishes to investigate this further.

Regulators from other jurisdictions may use certain reciprocal agreements and reciprocal enforcement legislation to seek information from the IoM FSA or more directly from a financial services business. Where such requests are made, this may include information about individual employees (ordinarily those exercising Controlled Functions). However, any mechanism for reciprocal enforcement or exchange of information is subject to scrutiny and such information would normally only be offered by an employer under compulsion.

Pursuant to the Federal Law for the Prevention and Identity of Transactions with Illegally Obtained Resources, all acts carried out by financial entities are considered a vulnerable activity; therefore, financial entities must:

• set forth measures and procedures to prevent and detect acts and operations;
• file reports to the SHCP regarding acts, operations and services carried out by clients and employees if they suspect illegal resources are involved; and
• keep for at least 10 years any information and documents related to the identification of clients and users.

Given the above, if any action, operation or service is identified as undertaken with illegal resources or there is a breach of any of the provisions outlined in the above law, employers must inform the SHCP and prosecutor.

Also, if officers and general managers no longer comply with the legal requirements to occupy their positions (eg, not having a satisfactory credit record, or no longer being in good standing), financial entities may inform the CNBV or CNSF, as applicable, so the authorities may disqualify or remove those individuals from their positions.

Furthermore, if there is a breach of the code of conduct, the regulatory comptroller must inform the board of directors and keep such information available to the CNBV at all times. The board of directors will be in charge of establishing disciplinary measures.

Finally, if employees breach psychological risk prevention obligations (see question 11), employers must inform the labour authorities to impose corresponding sanctions.

Financial services companies must report to local regulators any behaviour or event that poses a serious threat to the ethical conduct of the business of the company or may affect the reliability of policymakers, sound and controlled business operations and continuity.

Furthermore, there are several local disciplinary authorities where reports can be made about financial services employees who fail to comply with Dutch law, guidelines and rules of conduct.

Forms need to be submitted to the MAS when an individual ceases to act as a representative in regulated activities or financial advisory services. Depending on the FI, the MAS may also have to be informed of appointments or changes of representatives, directors, chief executive officers, and other key officeholders (see questions 2 and 4).

MAS notices are also required for the reporting of misconduct for employees who are representatives of certain capital market service providers, financial advisers, and insurance broking staff. Examples of reportable misconduct include acts involving fraud, dishonesty or other offences of a similar nature, and non-compliance with regulatory requirements. Specific declaration forms and timelines may apply depending on the FI. An FI may also be required to submit updates on cases where investigations have not concluded or disciplinary action was not taken, or submit a declaration that there was no misconduct reported in a given calendar year.  

While not specific to financial services employees, the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992 requires any person with knowledge, or reasonable grounds to suspect, that any property is being used in connection with criminal activity to file a Suspicious Transaction Report with the Suspicious Transaction Reporting Office. MAS notices concerning the prevention of anti-money laundering and incidents of fraud emphasise this obligation.

As a general principle, supervised companies are required to ensure that persons holding, in particular, executive, overall management, oversight or control functions fulfil the requirements of the “fit and proper” test. Consequently, such persons must be of good repute and can guarantee compliance with applicable laws and regulations.

If a person cannot guarantee that the regulatory requirements are fulfilled at all times (eg, because of a material breach of its duties) the employing entity and its audit companies may be required to immediately report to FINMA, respectively, any incident that is of significance.

Both the DFSA General Rulebook and FSRA General Rulebook provide that where an authorised firm requests the withdrawal of an authorised individual, they must provide to the regulator details of any circumstances in which they consider the individual is no longer fit and proper.  Where the individual is to be dismissed or has requested to resign, the firm must provide to the regulator a statement of the reason, or reasons, for the dismissal or resignation.

In addition, the DFSA and FSRA General Rulebooks contain broad obligations on any authorised firm to report to the regulator if it becomes aware of a range of occurrences, including any matter which could have a significant adverse effect on the authorised firm’s reputation, or a matter in relation the authorised firm which could result in serious adverse financial consequences to the financial system or to other firms, or a significant breach of a rule by the authorised firm or its employees.

Yes. There are multiple potential reporting obligations with various timing imperatives. We include below a snapshot of some of the key obligations:

• under FCA Principle 11, firms have a general duty to inform the FCA of matters about which it would reasonably expect notice;
• a firm must notify the FCA immediately it becomes aware, or has information which reasonably suggests, that a matter which could have a significant adverse impact on the firm’s reputation has occurred, may have occurred or may occur in the foreseeable future;
• a firm must notify the FCA immediately it becomes aware, or has information which reasonably suggests, that a significant breach of a rule (including a significant breach of a Conduct Rule) has occurred, may have occurred or may occur in the foreseeable future; and
• a firm must also notify the FCA if it takes disciplinary action against an individual for a breach of the Conduct Rules. Where the relevant individual is a senior manager, the notification must be made within seven business days. Where the relevant individual is certified staff, the notification must be made in the firm’s annual reporting.

FINRA members must report to FINRA within 30 calendar days after the firm has concluded, or reasonably should have concluded, that an associated person of the firm or the firm itself has violated any securities, insurance, commodities, financial or investment-related laws, rules, regulations or standards of conduct of any domestic or foreign regulatory body or self-regulatory organisation.

While there is no requirement to report misconduct to regulators, the SEC routinely gives credit to organisations that voluntarily choose to self-report, which can lead to reduced fines, non-prosecution agreements, deferred prosecution agreements, waivers of disqualification following regulatory or criminal actions, or more organisation-friendly language in settlement documents. However, such disclosed information may later be discoverable by private plaintiffs.

The SEC has issued guidance that a failure to self-report significant misconduct can lead to more severe penalties.