Employment in Financial Services

Members of management should at all times be of good repute and possess sufficient knowledge, skills and experience to perform their duties (article 91, Directive 2013/36/EU; and article 9, Directive 2014/65/EU).

Anyone in an executive position (i.e. members of the legal administrative body, the effective management and independent controllers) at a financial institution must exclusively be natural persons and must at all times have the necessary professional standing and expertise to perform their duties (article 19, Act of 25 April 2014). Since 2023, it is specified that “in particular, these persons must demonstrate honesty, integrity and independence of mind which, in the case of members of the legal administrative body, enable them to effectively evaluate and, if necessary, question the decisions of the actual management and to ensure the effective supervision and monitoring of the management decisions taken” (Art. 19, Act of 25 April 2014).

In addition, they must not have been convicted of any of the offences listed in article 20 of the Act of 25 April 2014. This concerns convictions with a professional ban and violations of financial legislation, company codes and insurance law.

The NBB will verify that these persons meet the conditions listed above. Forms for a new appointment, additional elements during the employment, termination of an appointment or renewal of an appointment are available on the NBB website (www.nbb.be). These forms require information mainly regarding education, past financial services experience, training, any criminal or administrative or civil proceedings or investigations, disciplinary decisions, bankruptcy, insolvency, potential conflicts of interest, and time commitments for the new appointment.

The NBB will assess the ability of the person based on five criteria:

• expertise, covering knowledge, experience and skills;
• professional repute;
• independence of mind;
• time commitment; and
• collective suitability for the board (ie, to verify whether the expertise within the said body is sufficiently guaranteed, given the person’s knowledge, experience and skills (NBB Fit & Proper Handbook of 22 December 2022, 2:26, p. 16)).

Concerning "N-1" effective managers (managers who exercise direct and decisive influence over the management of the institution, but who are not members of the management committee) other than branch managers, the supervisory authority does not have to authorise them (NBB Fit & Proper Handbook of 22 December 2022, 2:9, p. 14). This does not mean that these persons must not have the required expertise and professional reputation, but only that the NBB will not conduct an assessment.

The law does not require specific procedures or measures before hiring. However, depending on the activities the employee performs, specific certification may be necessary.

In the financial services sector, candidates must comply with standard recruitment practices, but also with suitability, requirements and, for certain positions, with supervision by the ACPR or the European Central Bank (ECB).

Traditionally, employees in the financial services sector are required to provide the usual documents requested when applying for a job: a cover letter and a curriculum vitae. This is especially important because, as we will see, access to certain positions is conditional. For example, investment advisors must provide proof of either a national diploma attesting to three years of study, or training, or professional experience in the field.

Also, due to the very nature of the financial services business, employees of companies in the sector are required to be honourable.

The Monetary and Financial Code provides that certain operational activities in the financial services sector, such as being a managing director, are barred in the event of a felony conviction, a prison sentence of at least six months with a suspended sentence in connection with the financial world, or a management ban (article L. 500-1 of the Monetary and Financial Code). For this reason, the criminal record of a concerned candidate is generally requested at the time of hiring.

In addition, the appointment or renewal of a senior executive of a credit institution, a finance company, an investment firm other than a portfolio management company, a payment institution or an electronic money institution must be ratified by the ACPR, and by the ECB in the case of major credit institutions. Validation of the appointment or renewal is based on good reputation and competence, which is assessed based on five criteria: experience, reputation, absence of conflicts of interest and independence of mind, availability, and collective ability.

Different notification procedures exist before employees may take up their roles.

Investment firms may only entrust employees to provide investment advice if they are knowledgeable and have demonstrated the required reliability – as evidenced, inter alia, by not having a relevant and unspent prior criminal record. Furthermore, such employees’ identities must be disclosed to BaFin before they commence their activities. The active registration of employees is intended to impart upon employers the significance of employee selection and responsibility for their decisions.

Representatives of regulated entities of the financial services sector (typically, members of management) must be approved by BaFin before they can take up their role (colloquially known as BaFin’s “driver’s licence”). To obtain approval, a request must be filed with BaFin, showing the experience and suitability of the candidate for the role. Depending on the financial services delivered by the company, information that must be filed include the following:

• a CV (including information on professional training, career, and references);
• information on reliability (a form or summary to be completed by the manager, including, for example, mandatory declarations on prior criminal or administrative offences);
• a "certificate of good conduct for submission to an authority", a "European certificate of good conduct for submission to an authority", or "corresponding documents" from abroad (depending on the countries of residence in the last 10 years);
• an extract from the central commercial register;
• an overview of other mandates as a managing director or in administrative and supervisory bodies; and
• information about the manager’s ability to dedicate sufficient time to the role.

Non-management employees responsible for specific key functions at an insurance provider are subject to a similar notification process. Further, financial services employers must perform a risk analysis under the Anti-Money Laundering Act and take internal security measures, which also includes assessing the reliability of employees.

There are no particular pre-screening measures specified by the financial regulators in Hong Kong. Nevertheless, financial institutions would generally conduct background checks on prospective employees (especially those taking on senior positions) to ensure they comply with the “fit and proper” requirements of the financial regulators.

There is no particular form of regulator-specified reference to be provided by previous employers in the financial services industry. Nevertheless, the SFC has specified disclosure obligations for licensed corporations in respect of outgoing employees who were subject to internal investigations (see question 10).

The pre-screening measures, when employing a financial service employee, are carried out in compliance with the frameworks laid down by the respective industry regulators. For instance, the Reserve Bank of India (RBI), the central banking sector regulator in India, periodically issues certain guidelines for banking and non-banking employers to conduct mandatory employee background checks. These regulators also recognise certain “Self-Regulatory Organisations” (SROs), who then play the primary role in conducting grassroots verifications. SROs conduct character and antecedent verification of employees registered with them as per the standards set by the regulator. Strict police verification of at least the last two addresses is usually mandated and verifications are periodically updated and shared on a common database at an industry level. For instance, the Finance Industry Development Council is an SRO of Non-Banking Finance Companies (NBFCs) and is registered with the RBI.

A financial services employer should be sensitive to the data being used for pre-screening measures as India protects individual privacy. Hence, both the employer and the service provider engaged by the employer should obtain prior consent from the prospective employee before pre-screening. If the pre-screening measures include the collection of “sensitive personal data information[1]”, then an employer must seek the individual’s consent, which would also help mitigate risks for any claims concerning the invasion of an employee’s privacy. Employers should ideally ensure that pre-screening is complete before the employee is hired. A comprehensive pre-screening will include verification of educational qualifications, checks with past employers, verification of residential addresses, police records, and passport status. Usually, with seniority of the role, checks with past employers happen more rigorously, while for entry-level employees, checks with academic institutions about educational qualifications may be done more rigorously. Similar standards must be met by contract employees empanelled by the service providers.

There is no regulator-specified reference that must be provided by previous employers in the financial services industry. However, in practice, most public sector banks (eg, Bank of India) and many central public sector undertakings in financial services (eg, Life Insurance Corporation of India (LIC)), as per their selection or onboarding protocols, require at least two “Character Certificates”, one of which should be from the head of the educational institution last attended or the present employer and the other should be from gazetted officers[2] or bank officers, without any familial ties to the employee.

RFSPs must satisfy themselves that all CF and PCF candidates or employees comply with the F&P Standards. Pre-employment due diligence must be performed, including asking the candidate to certify they will comply with the F&P Standards and notify the RFSP immediately of any change in circumstance that may mean they no longer comply. Employers must continue to ensure that in scope employees comply with the F&P Standards and must complete an annual declaration to this effect. This means that due diligence must continue throughout the employment relationship and not just at the recruitment stage.

Candidates for PCF roles must complete an online individual questionnaire, which is submitted to the CBI in advance of appointment to the role through the Central Bank portal. The CBI must grant its approval for the PCF appointment before a candidate can take up the role. Any PCF offer of employment must be conditional on that approval being obtained. The CBI may request applicants attend an interview as part of the approval process.

Employers should take all reasonable steps to secure references from previous employers in order to due diligence the candidate's compliance with the F&P Standards and their suitability for the role. However, an employer is not obliged to issue a reference in respect of a former employee which means that a prospective employer may not be able to secure a reference from a previous employer.  The CBI does not oblige employers to either issue or obtain a reference as part of screening checks, however employers must make good efforts to do so.

There are material obstacles from a data privacy and practical perspective to employers conducting criminal background checks in relation to prospective employees. Data relating to criminal convictions is special category data under the GDPR. Employers would need to satisfy both Article 6 and Article 9 requirements under the GDPR to justify the processing of this data. In terms of Article 9, this means employers would need to show reasons of substantial public interest or that they are carrying out their legal obligations in processing the data.  In terms of Article 6 the employer will need to show that the processing is necessary to comply with a legal obligation to which the employer is subject or the processing is necessary for the employer's legitimate interests for example to ensure the suitability and honesty of its employees and to protect its reputation. Employers are also prevented from asking candidates about "spent convictions" which are usually minor criminal offences dating back over seven years.

Pre-employment medical checks must also have a clear legal basis justifying the processing of an employee's medical and health information.

There is a general obligation on employers in the Isle of Man to undertake legal working checks to ensure that the prospective employee has the right to work lawfully in the Isle of Man.

In addition, financial institutions must take reasonable steps to ensure that individuals who perform any regulated activity in the course of their employment, or under any contract with the financial institution, are fit and proper for the tasks they perform, by providing adequate training and supervision and (where necessary) undertaking additional checks. Where the financial institution wishes to employ an individual in a Controlled Function, the financial institution must carry out sufficient due diligence to satisfy itself that the candidate is fit and proper to perform the proposed functions.

There are two types of Controlled Functions, those that require notification to, and acceptance by, the IoM FSA and those that require notification only. In either case, the financial institution is required to notify the IoM FSA of the appointment or intended appointment of certain key roles at least 20 business days before the appointment takes effect. Where the Controlled Function also requires acceptance, the financial institution will require the IoM FSA’s consent to the appointment of a prospective candidate to a particular role. It is recommended that job offers in such circumstances are made subject to the written acceptance of the IoM FSA.

While the IoM FSA does not specify any particular pre-screening measures, it provides guidance on the nature of the expected due diligence that it would expect a financial institution to carry out, particularly where the individual will be undertaking a key role. Such due diligence includes carrying out a professional body check (ie, any memberships held and if disciplinary action has been taken), capacity check[1], criminal record check, credit check and website checks. The financial institution should also consider the individual’s qualifications, training and competency.

The IoM FSA may ask for evidence of the due diligence carried out by the financial institution at any time, either remotely or during a supervisory visit.

The IoM FSA recommends financial institutions request a reference from the prospective candidate’s current employer and previous employers covering, as a minimum, the past ten years of employment.

For employees with general positions, there are no pre-screening measures. Under article 1 of the Constitution and article 21 of the FLL, discrimination is prohibited. Furthermore, article 21 of the FLL establishes that distinctions will not be deemed discriminatory if certain qualifications are required for certain work. Specifically, if there is no legal ground or work-related justification to request criminal records for a determined position, conditioning the position on that information may be deemed discriminatory.

For example, financial entities must include a list of the expected members of the board of directors, general manager, and main officers, including their respective professional and academic backgrounds, in the filing to obtain authorisation of the CNBV (except insurance and bond institutions) to start operations. These positions require certain special requirements, and thus financial entities must verify – by prior appointment and thereafter, at least every year – that general managers and officers:

• have a standing reputation;
• have expertise in legal, financial and management matters;
• have a satisfactory credit record and credit eligibility;
• are residents in Mexico (for credit entities); and
• have no other legal impediment (see below).

All financial entities must guarantee that high-level employees are capable, experienced and not subject to any procedure involving conduct contrary to financial stability or compliance with business or financial business standards. General managers and officers in controlling entities and auxiliary credit organisations, and in exchange bureaus and brokerage houses, and general managers in insurance and bonding institutions must have at least five years’ experience at a high decision-making level that required financial and management expertise.

Also, these individuals must not have any of the following legal impediments:

• a pending dispute with the financial entity or any other financial entities in the group;
• a conviction for a wilful economic crime;
• a disqualification from owning a business, public service positions or the Mexican financial system;
• declared bankruptcy or insolvency;
• carried out regulation, inspection, and monitoring of the financial entity or any other financial entities in the group; or
• participated in the board of directors of the financial entities.

Additionally, for exchange bureaus and brokerage houses, such individuals must not have been an external auditor of the exchange bureau or related entity in the 12 months before their appointment.

Specifically, in credit organisations, general managers and officers must not:

• be a partner or have a position within entities or associations that render services to the entity or its related entities;
• be a client, provider, debtor, creditor, partner, member of the board of directors or employee of an entity that is a client or provider (whose services or sales represent more than 10% of the client’s services or sales), or a debtor or creditor (of which the debt is higher than 15% of the assets);
• be an employee of a foundation, association or civil society that receive important contributions from the entity (which represent more than 15% of the total contributions received by such entities in a fiscal year).
• be a general manager, officer, or employee of another entity that is part of the financial group;
• be a spouse or domestic partner of any individual mentioned above, or be in a cohabiting relationship with them; or
• carry out regulation duties of credit organisations and exchange bureaus.

Financial entities must inform the CNBV, CNSF, or CONSAR, as applicable, of general managers’ and officers’ appointments, resignations or removals, within five business days of such events. Meanwhile, controlling entities, brokerage houses, surety deposit institutions and compensation chambers must inform the CNBV, CNSF, or CONSAR within 10 days of the same.

There are also limits to employees participating in the board of directors of these companies. Only the general manager and officers two levels below may be members, and no other employees may occupy these positions.

According to the Insurance and Bonds Regulations, officers and employees of credit institutions, insurance institutions, bond institutions, brokerage houses, stock market specialists, auxiliary credit organisations, investment companies, operating companies of investment companies, exchange houses, financial commissioners, retirement fund managers, specialised investment companies of retirement funds, and controlling companies with 10% or more of representative shares of such companies will not be authorised to act as insurance or bond agents.

Under Dutch law, all financial services sector companies must make substantiated assessments on the reliability and integrity of candidates to be appointed in integrity-sensitive positions. However, in practice, almost all financial services sector companies have made a pre-employment screening mandatory for all candidates (for any position).

The exact pre-screening process differs per financial service industry and company. In general, the following components are part of the pre-screening process: proof of identity; insolvency check; highest level of education; work experience (reference check); certificate of conduct (VOG, see question 3); and an integrity questionnaire.

Reference checks that go back five years are common in the financial services sector.

Pre-screening measures are only required if the FI employee is going to be involved in the provision of financial services (or other MAS-regulated activities).

Such employees need to pass a fit-and-proper assessment, referring to the MAS Guidelines on Fit and Proper Criteria. Criteria to be considered include the employee’s honesty, integrity and reputation; competence and capability; and financial soundness.

In considering the employee’s honesty, integrity and reputation, relevant factors include whether the employee has been the subject of proceedings or investigations (whether criminal or disciplinary) or has been dismissed or asked to resign. MAS’ Circular CMI 01/2011 also sets out MAS’ expectations on due diligence checks, declarations and documentation concerning employees who are expected to be representatives of specific FIs. Among other things, this entails conducting reference checks with the previous employers of the FI’s proposed employees.

In December 2023, MAS issued its response to a May 2021 consultation paper which sought to address issues arising from the recycling of “bad apples” through FIs. In doing so, the MAS noted it will proceed with its proposal to impose mandatory requirements to conduct and respond to reference checks. The anticipated reference check regime will apply to specific groups of employees, with the information to be addressed in reference checks standarised. The MAS will look to consult on the relevant draft notices in this respect in due course, and this will bear watching.

For more senior roles (eg, senior managers, material risk personnel, directors, committee members, chairpersons and key executives), FIs are expected to ensure that they are fit and proper for their roles. MAS’ prior approval may also have to be obtained or notices may have to be made, depending on the licence, registration and role sought. FIs in these sectors are expected to conduct more rigorous checks before seeking MAS’ approval or submitting a notice, with a greater emphasis on considering circumstances that may give rise to a conflict of interest.

Under Swiss civil law, there is no requirement to apply pre-screening measures. However, while not a statutory requirement under Swiss financial market laws per se, companies subject to these laws apply pre-screening measures to ensure that a prospective financial services employee meets the requirements set forth by these laws. In particular, regulated companies such as banks, securities firms, insurance companies, fund management companies, managers of collective investment schemes and asset managers are required to obtain authorisation from the Swiss Financial Market Supervisory Authority (FINMA) relating to strategic and executive management and each change thereto.

As a general rule, the higher the responsibility or position of a person, the more requirements financial services employees may need to fulfil. Persons holding executive or overall management functions (eg, a member of the board or members of the senior management) are required to fulfil certain requirements set forth by the applicable Swiss financial market regulations. Such requirements may include providing current CVs showing relevant work experience and education as well as excerpts from the debt and criminal register. It may also include providing various declarations (eg, concerning pending and concluded proceedings, qualified participations and other mandates). Furthermore, financial services employees holding certain control functions (eg, compliance officer, risk officer and their deputies) may also be required to prove that they are suitable for the position by providing, for example, a current CV showing relevant work experience and education.

In the DIFC, an individual who performs a “licensed function” must be approved in advance by the DFSA.   The roles which fall within the meaning of an authorised person for the DFSA includes someone appointed as:

• the Senior Executive Officer, who has ultimate responsibility for the day-to- day management, supervision and control of one or more (or all) of an authorised firm’s financial services carried on, in or from the DIFC;
• the Finance Officer;
• Compliance Officer;, and
• Money Laundering Reporting Officer. 

Where a firm proposes to appoint an authorised individual, an application to the DFSA must be made in advance; the DFSA will make an assessment of the  individual in order to satisfy itself that they are fit and proper to be an authorised individual. The Regulator will consider the individual’s integrity, competence and capability, financial soundness, their proposed role, and any other relevant matters.  That individual may not be considered as fit and proper where they have been declared bankrupt, convicted for a serious criminal offence, or incapable - through mental or physical incapacity - of managing their affairs.

In the ADGM, an individual who performs a “controlled function” must be approved in advance by the ADGM.  A controlled function includes someone appointed as the Senior Executive Officer, Finance Officer, Compliance Officer, and Money Laundering Reporting Officer.

Where a firm proposes to appoint someone in a controlled function, an application to the ADGM must be made in advance, The ADGM will make an assessment of  that individual in order to satisfy itself that they are fit and proper to be an approved individual.  The Regulator will consider the individual’s integrity, competence and capability, financial soundness, their proposed role and any other relevant matters.  That individual may not be considered as fit and proper where they have been declared bankrupt, convicted for a serious criminal offence, or incapable - through mental or physical incapacity - of managing their affairs.

For employees subject to the SMR, anyone performing an SMF must be pre-approved by the relevant regulator before they can start their role. Generally, firms that wish to employ a senior manager must first carry out sufficient due diligence to satisfy themselves that the candidate is a fit and proper person to perform their proposed functions. In this regard, firms must consider the individual’s qualifications, training, competency and personal characteristics. The firm must also carry out a criminal records check. They may then apply to the relevant regulator for that candidate’s pre-approval. In the firm’s application, all matters relating to the candidate’s fitness and propriety must be disclosed. The firm must also enclose a statement of that individual’s proposed responsibilities and (depending on the firm) the latest version of the firm’s management responsibilities map.

For employees subject to the CR, before the appointment and annually thereafter, these employees must be certified by the employing SM&CR firm as being fit and proper. Certification does not involve pre-approval by the FCA or PRA.

Additionally, firms must comply with the regulatory reference rules for all candidates subject to either the SMR or CR before their employment. These rules require employing firms to request a regulatory reference from all previous employers covering the past six years of employment. Information must be shared between regulated firms using a particular template, which includes information relevant to assessing whether a candidate is fit and proper. Firms are also expected to retain records of disciplinary and fit and proper findings going back six years for their employees (or longer for findings of gross misconduct), and they must update regulatory references that they have previously given where new significant information comes to light that would impact the content of a previously given regulatory reference.

In addition to the standard hiring measures that must be taken when engaging an employee, several additional steps must be taken when engaging financial services employees in the United States. Generally, financial services employees must pass certain screening and disclosure steps, including:

• background checks;
• criminal background disclosures; and
• fingerprinting.

Broker-dealers and investment advisors must register with FINRA (see below).

Background checks

FINRA-regulated entities must investigate each person they plan to register with FINRA to ensure that they meet FINRA Form U4 requirements regarding that person’s history of formal charges and indictments.

If the applicant has previously registered with FINRA, broker-dealers must also review an applicant’s most recent Form U5 or be able to demonstrate to FINRA that it has made reasonable efforts to review Form U5 but has been unable to do so. If the applicant has previously registered with a CFTC-registered firm, the broker-dealer must review CFTC Form 8-T.

Bank employees must undergo a background check. Certain criminal conduct may statutorily disqualify an applicant from employment. For example, federal law prohibits any person convicted of a criminal offence involving dishonesty or breach of trust (or who has entered into a pre-trial diversion or similar programme regarding such an offence) from serving as a director, officer, or employee of an FDIC-insured bank without the FDIC's consent. Banks must conduct reasonable inquiries into an applicant’s background to avoid hiring persons barred from employment by this law. Banks may be protected from claims of disparate impact (under state “ban-the-box” laws) when terminating or withdrawing offers from disqualified employees under this law. Both California and New York explicitly provide such carve-outs. However, these are position-specific rather than employer-specific, and employees with positions not subject to FINRA or other statutorily required background checks or disqualifiers based on criminal history may still be subject to state or local “fair chance” or ban-the-box laws. Therefore, as a best practice, non-bank financial services employers should avoid relying on these exceptions for all of their employees. Relatedly, the FDIC does not consider “de minimus” criminal violations disqualifying, including minor offences by young adults, bad cheques for less than $1,000 and simple theft of less than $500.

Fingerprinting

Entities covered by the SEC are also subject to fingerprinting requirements. Every member of a national securities exchange, broker, dealer, registered transfer agent, registered clearing agency, registered securities information processor, national securities exchange, and national securities association must ensure that each of its partners, directors, officers, and employees are fingerprinted and must submit such fingerprints, or cause the same to be submitted, to the Attorney General of the United States for identification and appropriate processing. Employees who will not be selling, keeping, or handling securities or supervising those who do are exempt from this requirement.

While New York generally prohibits fingerprinting, there is an exception where, as here, fingerprinting is statutorily required.

California Financing Law requires fingerprinting for certain individuals seeking to license in California.

Please note, during the COVID-19 epidemic, the SEC temporarily paused the fingerprinting requirements. This pause was lifted in September 2022.

If a new element occurs that can influence one or more of the five criteria assessing the suitability of a person for the “fit and proper” authorisation (see question 2), the financial institution must file the adequate form with the NBB.

Notification to the NBB is also required in the event of termination or reappointment.

From a labour perspective, there are no circumstances in which notifications relating to the employee or their conduct must be made to local or international regulators.

Considering that the National Financial System is extremely regulated, there may be cases in which a mistake by an employee results in a duty to report to the authorities (information security breach, prevention of money laundering, and prevention of terrorist financing, among others, which could not be exhaustively included in this questionnaire).

There is no general code defined by law or regulation.

Each company can adopt its standard of behaviour, as a rule.

Some activities require specific protocols for the prevention of money laundering and combating the financing of terrorism:

• the capture, intermediation, and investment of financial resources from third parties in national or foreign currency;

• the purchase and sale of foreign currency or gold as a financial asset or exchange instrument; and

• the custody, issuance, distribution, settlement, negotiation, intermediation, or securities administration.

Within the scope of the system for preventing and combating money laundering and the financing of terrorism, it is up to institutions and their employees to adequately comply with Central Bank regulations; promote the effectiveness of the apparatus to combat and prevent money laundering; carry out risk management with the implementation of effective policies, procedures, and controls; and help the Brazilian state to locate which financial operations are suspicious so that they can be investigated.

In principle, the relationship between companies and employees in the financial services sector is private. As such, companies do not have to communicate confidential information about their employees to third parties, as this would constitute an infringement of their fundamental freedoms. However, in certain cases, employers must alert the competent authorities in the event of behaviour or "suspicions" of behaviour by one of their employees that is contrary to the law.

Thus, the Monetary and Financial Code provides that companies in the financial services sector, referred to in article L.561-2 of the code (the list of which was updated by Ordinance no. 2023-1139 of December 6, 2023 on credit managers and credit buyers to include "Credit managers"), must report to the national financial intelligence unit (Tracfin) all sums or transactions that they suspect to be the result of an offence punishable by a prison sentence of more than one year, or related to the financing of terrorism or tax evasion. This declaration may be made in respect of any employee of one of these companies.

In addition, when facts likely to constitute violations of the anticorruption code of conduct or to qualify as corruption or influence peddling are brought to the attention of the company and its managers, an internal investigation must be conducted (article 17 of Law No. 2016-1691 of 9 December 2016 on transparency). If the investigation confirms the suspicions, the employer must, on the one hand, sanction the employee, but also inform the prosecuting authority of the facts.

In smaller companies, the employer will also be able to report to the prosecution authorities any behaviour that could lead to criminal sanctions.

Yes. Under section 87 WpHG, investment firms must notify BaFin of any changes regarding employees providing investment advice, sales representation, and compliance advice. This includes, for example, personal data or a change of the responsible sales representative, but also the termination of the activity. Changes must be communicated to BaFin within one month.

Further, investment firms must notify BaFin as soon as a substantial customer complaint is made against one or more employees based on his or her activities in connection with investment advice. This applies, for example, to allegations of incorrect investment advice. The notification to BaFin must be submitted within six weeks of receipt of the complaint. Details on the content of the notification are governed by section 8 paragraph 4 of the Securities Trading Act Employee Notification Ordinance.

There are further notification obligations if there are doubts about an employee‘s reliability under the relevant statutory rules. For example, in their initial declaration of reliability under section 24 paragraph 1 No. 1 KWG and section 5b Ordinance on Notifications and Submission of Documents under the KWG, future managing directors and persons acting as sole representatives of credit institutions and financial services institutions must immediately report to BaFin in writing any subsequent changes that may be relevant to their reliability. This applies to all facts that were also relevant for the initial reliability assessment (eg, because an employee was convicted of certain financial crimes). In addition, BaFin must also receive notifications of preliminary proceedings, indictments and convictions of certain financial sector employees according to the Order on Notifications in Criminal Matters.

SFC – Self-reporting obligation

An SFC-licensed intermediary is subject to the self-reporting obligation under paragraph 12.5 of the “Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission”. A licensed or registered person should report to the SFC immediately upon the occurrence of any material breach, infringement or non-compliance with any laws, rules regulations, and codes administered or issued by the SFC, exchange or clearing house of which it is a member or participant of, and the requirement of any regulatory authority applicable to that intermediary. This encompasses both actual and suspected breaches, infringements or non-compliance. In the report, the particulars of the actual or suspected breach, infringement or non-compliance, and relevant information and documents must be included to fulfil the obligation.

The same is to be reported by the registered institutions to the HKMA. The HKMA also requires authorised institutions to submit an incident report on the same day of discovering the incident.

SFC - Internal investigation disclosure obligation

In addition, a licensed corporation is required to provide the SFC with information about whether a licensed individual who ceases to be accredited to it (outgoing employee) was under any investigation commenced by the licensed corporation within six months preceding his or her cessation of accreditation. If the internal investigation commences after the notification of cessation of accreditation, the licensed corporation should also notify the SFC as soon as practicable. In addition, even if a firm has completed its investigation and made no negative findings against an outgoing employee, the firm will still be required to notify the SFC of the investigation.

The SFC expects licensed corporations to proactively disclose information about all investigative actions and the following is a non-exhaustive list of examples of investigations involving an outgoing employee that a licensed corporation should disclose to the SFC:

• investigations about a suspected breach or breach of applicable laws, rules and regulations;
• investigations about a suspected breach or breach of the licensed corporation's internal policies or procedures;
• investigations about misconduct that are likely to give rise to concerns about the fitness and properness of the outgoing employee;
• investigations about any matter that may have an adverse market or client impact; and
• investigations about any matter potentially involving fraud, dishonesty and misfeasance.

HKMA – Reporting incidents to HKMA

According to the “Incident Response and Management Procedures” published by the HKMA, once an authorised institution has become aware that a significant incident has occurred, the authorised institution concerned should notify the HKMA immediately and provide it with whatever information is available at the time. An authorised institution should not wait until it has rectified the problem before reporting the incident to the HKMA.

According to the Supervisory Policy Manual SB-1 “Supervision of Regulated Activities of SFC-Registered Authorized Institutions”, to be in line with the reporting requirements imposed by the SFC on licensed representatives, authorised institutions will be required to notify the HKMA in writing within seven business days upon knowledge of the occurrence of certain information (including any subsequent changes) of the relevant individuals. The required information is on whether or not the person is or has been:

• convicted of or charged with any criminal offence (other than a minor offence) in Hong Kong or elsewhere;
• subject to any disciplinary action, or investigation by a regulatory body or criminal investigatory body (as the case may be) in Hong Kong or elsewhere;
• subject to, or involved in the management of a corporation or business that has been or is subject to, any investigation by a criminal investigatory body or any regulatory body in Hong Kong or elsewhere concerning offences involving fraud or dishonesty;
• engaged in any judicial or other proceedings, whether in Hong Kong or elsewhere, that is material or relevant to the fitness and propriety of the individual; or
• bankrupt or aware of the existence of any matters that might render him insolvent or lead to the appointment of a receiver of his property under the Bankruptcy Ordinance.

HKMA – Guidance Note on Cooperation with HKMA Investigations

Under the “Guidance Note on Cooperation with the HKMA in Investigations and Enforcement Proceedings”, the HKMA encourages and recognises the cooperation of authorised institutions, banks and their staff in investigations and enforcement proceedings. Under this Guidance Note, cooperation includes early and voluntary reporting of any suspected breach or misconduct, taking a proactive approach to assist the HKMA’s investigation, and making timely arrangements to provide evidence and information.

IA – Self-reporting obligation

Under “the Code of Conduct for Licensed Insurance Agents/Brokers”, there is a self-reporting obligation by licensed insurance agencies or brokerages to the IA. A licensed insurance agency or brokerage is required to have proper controls and procedures to ensure the following incidents are reported to the IA as soon as is reasonably practicable:

• a disciplinary action taken by the HKMA, the SFC or the Mandatory Provident Fund Schemes Authority;
• a criminal conviction (other than a minor offence) by any court in Hong Kong or elsewhere;
• any material breaches of requirements under the IO or any rules, regulations, codes or guidelines administered or issued by the IA; and
• any material incidents which happen to the agency or brokerage.

The RBI requires banks to conduct an annual review of fraud committed and provide a note of the total number to the board of directors or the local advisory board. These reports are not to be sent to the RBI but are to be preserved for verification by the RBI’s inspecting officers[1]. Necessary disclosures may also need to be made to SEBI under some of its regulations.

Publicly listed financial services companies may be required to make necessary disclosures, including to the stock exchanges and their auditors, in case of workplace fraud.

The CBI expects RFSPs to be open and transparent in their engagement, including concerning compliance with the F&P Standards and the Common Conduct Standards. While early versions of the IAF regulations and related guidance contained an obligation on a RFSP to report to the CBI if disciplinary action had been taken against an individual, the obligation was removed from the latest version of the draft legislation. The Guidance indicated that the CBI would expect that they would have already received relevant details as it provides that firms and persons performing PCF roles are required to report to the CBI where they suspect that a "prescribed contravention" may have occurred for the purposes of the CBI legislative framework and the CBI states that a breach of the Common Conduct Standards and/or Additional Conduct Standards is a "prescribed contravention" for these purposes.

Yes, please see question 9.

Financial institutions in the Isle of Man are required to comply with various statutory requirements. Breaches of those statutory requirements impose an obligation on the relevant entity to self-report to the IoM FSA. While ordinarily, businesses will endeavour not to supply information about individuals within the business to the regulator as part of this reporting, from time to time this may be necessary to comply with their regulatory obligations. Where this is the case, usually the regulator will be asked to use their powers of compulsion to seek the information rather than such information being given voluntarily. This is particularly the case where the regulator may have formed concerns about an individual’s fitness and propriety and wishes to investigate this further.

Regulators from other jurisdictions may use certain reciprocal agreements and reciprocal enforcement legislation to seek information from the IoM FSA or more directly from a financial services business. Where such requests are made, this may include information about individual employees (ordinarily those exercising Controlled Functions). However, any mechanism for reciprocal enforcement or exchange of information is subject to scrutiny and such information would normally only be offered by an employer under compulsion.

Pursuant to the Federal Law for the Prevention and Identity of Transactions with Illegally Obtained Resources, all acts carried out by financial entities are considered a vulnerable activity; therefore, financial entities must:

• set forth measures and procedures to prevent and detect acts and operations;
• file reports to the SHCP regarding acts, operations and services carried out by clients and employees if they suspect illegal resources are involved; and
• keep for at least 10 years any information and documents related to the identification of clients and users.

Given the above, if any action, operation or service is identified as undertaken with illegal resources or there is a breach of any of the provisions outlined in the above law, employers must inform the SHCP and prosecutor.

Also, if officers and general managers no longer comply with the legal requirements to occupy their positions (eg, not having a satisfactory credit record, or no longer being in good standing), financial entities may inform the CNBV or CNSF, as applicable, so the authorities may disqualify or remove those individuals from their positions.

Furthermore, if there is a breach of the code of conduct, the regulatory comptroller must inform the board of directors and keep such information available to the CNBV at all times. The board of directors will be in charge of establishing disciplinary measures.

Finally, if employees breach psychological risk prevention obligations (see question 11), employers must inform the labour authorities to impose corresponding sanctions.

Financial services companies must report to local regulators any behaviour or event that poses a serious threat to the ethical conduct of the business of the company or may affect the reliability of policymakers, sound and controlled business operations and continuity.

Furthermore, there are several local disciplinary authorities where reports can be made about financial services employees who fail to comply with Dutch law, guidelines and rules of conduct.

Forms need to be submitted to the MAS when an individual ceases to act as a representative in regulated activities or financial advisory services. Depending on the FI, the MAS may also have to be informed of appointments or changes of representatives, directors, chief executive officers, and other key officeholders (see questions 2 and 4).

MAS notices are also required for the reporting of misconduct for employees who are representatives of certain capital market service providers, financial advisers, and insurance broking staff. Examples of reportable misconduct include acts involving fraud, dishonesty or other offences of a similar nature, and non-compliance with regulatory requirements. Specific declaration forms and timelines may apply depending on the FI. An FI may also be required to submit updates on cases where investigations have not concluded or disciplinary action was not taken, or submit a declaration that there was no misconduct reported in a given calendar year.  

While not specific to financial services employees, the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992 requires any person with knowledge, or reasonable grounds to suspect, that any property is being used in connection with criminal activity to file a Suspicious Transaction Report with the Suspicious Transaction Reporting Office. MAS notices concerning the prevention of anti-money laundering and incidents of fraud emphasise this obligation.

As a general principle, supervised companies are required to ensure that persons holding, in particular, executive, overall management, oversight or control functions fulfil the requirements of the “fit and proper” test. Consequently, such persons must be of good repute and can guarantee compliance with applicable laws and regulations.

If a person cannot guarantee that the regulatory requirements are fulfilled at all times (eg, because of a material breach of its duties) the employing entity and its audit companies may be required to immediately report to FINMA, respectively, any incident that is of significance.

Both the DFSA General Rulebook and FSRA General Rulebook provide that where an authorised firm requests the withdrawal of an authorised individual, they must provide to the regulator details of any circumstances in which they consider the individual is no longer fit and proper.  Where the individual is to be dismissed or has requested to resign, the firm must provide to the regulator a statement of the reason, or reasons, for the dismissal or resignation.

In addition, the DFSA and FSRA General Rulebooks contain broad obligations on any authorised firm to report to the regulator if it becomes aware of a range of occurrences, including any matter which could have a significant adverse effect on the authorised firm’s reputation, or a matter in relation the authorised firm which could result in serious adverse financial consequences to the financial system or to other firms, or a significant breach of a rule by the authorised firm or its employees.

Yes. There are multiple potential reporting obligations with various timing imperatives. We include below a snapshot of some of the key obligations:

• under FCA Principle 11, firms have a general duty to inform the FCA of matters about which it would reasonably expect notice;
• a firm must notify the FCA immediately it becomes aware, or has information which reasonably suggests, that a matter which could have a significant adverse impact on the firm’s reputation has occurred, may have occurred or may occur in the foreseeable future;
• a firm must notify the FCA immediately it becomes aware, or has information which reasonably suggests, that a significant breach of a rule (including a significant breach of a Conduct Rule) has occurred, may have occurred or may occur in the foreseeable future; and
• a firm must also notify the FCA if it takes disciplinary action against an individual for a breach of the Conduct Rules. Where the relevant individual is a senior manager, the notification must be made within seven business days. Where the relevant individual is certified staff, the notification must be made in the firm’s annual reporting.

FINRA members must report to FINRA within 30 calendar days after the firm has concluded, or reasonably should have concluded, that an associated person of the firm or the firm itself has violated any securities, insurance, commodities, financial or investment-related laws, rules, regulations or standards of conduct of any domestic or foreign regulatory body or self-regulatory organisation.

While there is no requirement to report misconduct to regulators, the SEC routinely gives credit to organisations that voluntarily choose to self-report, which can lead to reduced fines, non-prosecution agreements, deferred prosecution agreements, waivers of disqualification following regulatory or criminal actions, or more organisation-friendly language in settlement documents. However, such disclosed information may later be discoverable by private plaintiffs.

The SEC has issued guidance that a failure to self-report significant misconduct can lead to more severe penalties.