Employment in Financial Services

If a new element occurs that can influence one or more of the five criteria assessing the suitability of a person for the “fit and proper” authorisation (see question 2), the financial institution must file the adequate form with the NBB.

Notification to the NBB is also required in the event of termination or reappointment.

From a labour perspective, there are no circumstances in which notifications relating to the employee or their conduct must be made to local or international regulators.

Considering that the National Financial System is extremely regulated, there may be cases in which a mistake by an employee results in a duty to report to the authorities (information security breach, prevention of money laundering, and prevention of terrorist financing, among others, which could not be exhaustively included in this questionnaire).

There is no general code defined by law or regulation.

Each company can adopt its standard of behaviour, as a rule.

Some activities require specific protocols for the prevention of money laundering and combating the financing of terrorism:

• the capture, intermediation, and investment of financial resources from third parties in national or foreign currency;

• the purchase and sale of foreign currency or gold as a financial asset or exchange instrument; and

• the custody, issuance, distribution, settlement, negotiation, intermediation, or securities administration.

Within the scope of the system for preventing and combating money laundering and the financing of terrorism, it is up to institutions and their employees to adequately comply with Central Bank regulations; promote the effectiveness of the apparatus to combat and prevent money laundering; carry out risk management with the implementation of effective policies, procedures, and controls; and help the Brazilian state to locate which financial operations are suspicious so that they can be investigated.

In principle, the relationship between companies and employees in the financial services sector is private. As such, companies do not have to communicate confidential information about their employees to third parties, as this would constitute an infringement of their fundamental freedoms. However, in certain cases, employers must alert the competent authorities in the event of behaviour or "suspicions" of behaviour by one of their employees that is contrary to the law.

Thus, the Monetary and Financial Code provides that companies in the financial services sector, referred to in article L.561-2 of the code (the list of which was updated by Ordinance no. 2023-1139 of December 6, 2023 on credit managers and credit buyers to include "Credit managers"), must report to the national financial intelligence unit (Tracfin) all sums or transactions that they suspect to be the result of an offence punishable by a prison sentence of more than one year, or related to the financing of terrorism or tax evasion. This declaration may be made in respect of any employee of one of these companies.

In addition, when facts likely to constitute violations of the anticorruption code of conduct or to qualify as corruption or influence peddling are brought to the attention of the company and its managers, an internal investigation must be conducted (article 17 of Law No. 2016-1691 of 9 December 2016 on transparency). If the investigation confirms the suspicions, the employer must, on the one hand, sanction the employee, but also inform the prosecuting authority of the facts.

In smaller companies, the employer will also be able to report to the prosecution authorities any behaviour that could lead to criminal sanctions.

Yes. Under section 87 WpHG, investment firms must notify BaFin of any changes regarding employees providing investment advice, sales representation, and compliance advice. This includes, for example, personal data or a change of the responsible sales representative, but also the termination of the activity. Changes must be communicated to BaFin within one month.

Further, investment firms must notify BaFin as soon as a substantial customer complaint is made against one or more employees based on his or her activities in connection with investment advice. This applies, for example, to allegations of incorrect investment advice. The notification to BaFin must be submitted within six weeks of receipt of the complaint. Details on the content of the notification are governed by section 8 paragraph 4 of the Securities Trading Act Employee Notification Ordinance.

There are further notification obligations if there are doubts about an employee‘s reliability under the relevant statutory rules. For example, in their initial declaration of reliability under section 24 paragraph 1 No. 1 KWG and section 5b Ordinance on Notifications and Submission of Documents under the KWG, future managing directors and persons acting as sole representatives of credit institutions and financial services institutions must immediately report to BaFin in writing any subsequent changes that may be relevant to their reliability. This applies to all facts that were also relevant for the initial reliability assessment (eg, because an employee was convicted of certain financial crimes). In addition, BaFin must also receive notifications of preliminary proceedings, indictments and convictions of certain financial sector employees according to the Order on Notifications in Criminal Matters.

SFC – Self-reporting obligation

An SFC-licensed intermediary is subject to the self-reporting obligation under paragraph 12.5 of the “Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission”. A licensed or registered person should report to the SFC immediately upon the occurrence of any material breach, infringement or non-compliance with any laws, rules regulations, and codes administered or issued by the SFC, exchange or clearing house of which it is a member or participant of, and the requirement of any regulatory authority applicable to that intermediary. This encompasses both actual and suspected breaches, infringements or non-compliance. In the report, the particulars of the actual or suspected breach, infringement or non-compliance, and relevant information and documents must be included to fulfil the obligation.

The same is to be reported by the registered institutions to the HKMA. The HKMA also requires authorised institutions to submit an incident report on the same day of discovering the incident.

SFC - Internal investigation disclosure obligation

In addition, a licensed corporation is required to provide the SFC with information about whether a licensed individual who ceases to be accredited to it (outgoing employee) was under any investigation commenced by the licensed corporation within six months preceding his or her cessation of accreditation. If the internal investigation commences after the notification of cessation of accreditation, the licensed corporation should also notify the SFC as soon as practicable. In addition, even if a firm has completed its investigation and made no negative findings against an outgoing employee, the firm will still be required to notify the SFC of the investigation.

The SFC expects licensed corporations to proactively disclose information about all investigative actions and the following is a non-exhaustive list of examples of investigations involving an outgoing employee that a licensed corporation should disclose to the SFC:

• investigations about a suspected breach or breach of applicable laws, rules and regulations;
• investigations about a suspected breach or breach of the licensed corporation's internal policies or procedures;
• investigations about misconduct that are likely to give rise to concerns about the fitness and properness of the outgoing employee;
• investigations about any matter that may have an adverse market or client impact; and
• investigations about any matter potentially involving fraud, dishonesty and misfeasance.

HKMA – Reporting incidents to HKMA

According to the “Incident Response and Management Procedures” published by the HKMA, once an authorised institution has become aware that a significant incident has occurred, the authorised institution concerned should notify the HKMA immediately and provide it with whatever information is available at the time. An authorised institution should not wait until it has rectified the problem before reporting the incident to the HKMA.

According to the Supervisory Policy Manual SB-1 “Supervision of Regulated Activities of SFC-Registered Authorized Institutions”, to be in line with the reporting requirements imposed by the SFC on licensed representatives, authorised institutions will be required to notify the HKMA in writing within seven business days upon knowledge of the occurrence of certain information (including any subsequent changes) of the relevant individuals. The required information is on whether or not the person is or has been:

• convicted of or charged with any criminal offence (other than a minor offence) in Hong Kong or elsewhere;
• subject to any disciplinary action, or investigation by a regulatory body or criminal investigatory body (as the case may be) in Hong Kong or elsewhere;
• subject to, or involved in the management of a corporation or business that has been or is subject to, any investigation by a criminal investigatory body or any regulatory body in Hong Kong or elsewhere concerning offences involving fraud or dishonesty;
• engaged in any judicial or other proceedings, whether in Hong Kong or elsewhere, that is material or relevant to the fitness and propriety of the individual; or
• bankrupt or aware of the existence of any matters that might render him insolvent or lead to the appointment of a receiver of his property under the Bankruptcy Ordinance.

HKMA – Guidance Note on Cooperation with HKMA Investigations

Under the “Guidance Note on Cooperation with the HKMA in Investigations and Enforcement Proceedings”, the HKMA encourages and recognises the cooperation of authorised institutions, banks and their staff in investigations and enforcement proceedings. Under this Guidance Note, cooperation includes early and voluntary reporting of any suspected breach or misconduct, taking a proactive approach to assist the HKMA’s investigation, and making timely arrangements to provide evidence and information.

IA – Self-reporting obligation

Under “the Code of Conduct for Licensed Insurance Agents/Brokers”, there is a self-reporting obligation by licensed insurance agencies or brokerages to the IA. A licensed insurance agency or brokerage is required to have proper controls and procedures to ensure the following incidents are reported to the IA as soon as is reasonably practicable:

• a disciplinary action taken by the HKMA, the SFC or the Mandatory Provident Fund Schemes Authority;
• a criminal conviction (other than a minor offence) by any court in Hong Kong or elsewhere;
• any material breaches of requirements under the IO or any rules, regulations, codes or guidelines administered or issued by the IA; and
• any material incidents which happen to the agency or brokerage.

The RBI requires banks to conduct an annual review of fraud committed and provide a note of the total number to the board of directors or the local advisory board. These reports are not to be sent to the RBI but are to be preserved for verification by the RBI’s inspecting officers[1]. Necessary disclosures may also need to be made to SEBI under some of its regulations.

Publicly listed financial services companies may be required to make necessary disclosures, including to the stock exchanges and their auditors, in case of workplace fraud.

The CBI expects RFSPs to be open and transparent in their engagement, including concerning compliance with the F&P Standards and the Common Conduct Standards. While early versions of the IAF regulations and related guidance contained an obligation on a RFSP to report to the CBI if disciplinary action had been taken against an individual, the obligation was removed from the latest version of the draft legislation. The Guidance indicated that the CBI would expect that they would have already received relevant details as it provides that firms and persons performing PCF roles are required to report to the CBI where they suspect that a "prescribed contravention" may have occurred for the purposes of the CBI legislative framework and the CBI states that a breach of the Common Conduct Standards and/or Additional Conduct Standards is a "prescribed contravention" for these purposes.

Yes, please see question 9.

Financial institutions in the Isle of Man are required to comply with various statutory requirements. Breaches of those statutory requirements impose an obligation on the relevant entity to self-report to the IoM FSA. While ordinarily, businesses will endeavour not to supply information about individuals within the business to the regulator as part of this reporting, from time to time this may be necessary to comply with their regulatory obligations. Where this is the case, usually the regulator will be asked to use their powers of compulsion to seek the information rather than such information being given voluntarily. This is particularly the case where the regulator may have formed concerns about an individual’s fitness and propriety and wishes to investigate this further.

Regulators from other jurisdictions may use certain reciprocal agreements and reciprocal enforcement legislation to seek information from the IoM FSA or more directly from a financial services business. Where such requests are made, this may include information about individual employees (ordinarily those exercising Controlled Functions). However, any mechanism for reciprocal enforcement or exchange of information is subject to scrutiny and such information would normally only be offered by an employer under compulsion.

Pursuant to the Federal Law for the Prevention and Identity of Transactions with Illegally Obtained Resources, all acts carried out by financial entities are considered a vulnerable activity; therefore, financial entities must:

• set forth measures and procedures to prevent and detect acts and operations;
• file reports to the SHCP regarding acts, operations and services carried out by clients and employees if they suspect illegal resources are involved; and
• keep for at least 10 years any information and documents related to the identification of clients and users.

Given the above, if any action, operation or service is identified as undertaken with illegal resources or there is a breach of any of the provisions outlined in the above law, employers must inform the SHCP and prosecutor.

Also, if officers and general managers no longer comply with the legal requirements to occupy their positions (eg, not having a satisfactory credit record, or no longer being in good standing), financial entities may inform the CNBV or CNSF, as applicable, so the authorities may disqualify or remove those individuals from their positions.

Furthermore, if there is a breach of the code of conduct, the regulatory comptroller must inform the board of directors and keep such information available to the CNBV at all times. The board of directors will be in charge of establishing disciplinary measures.

Finally, if employees breach psychological risk prevention obligations (see question 11), employers must inform the labour authorities to impose corresponding sanctions.

Financial services companies must report to local regulators any behaviour or event that poses a serious threat to the ethical conduct of the business of the company or may affect the reliability of policymakers, sound and controlled business operations and continuity.

Furthermore, there are several local disciplinary authorities where reports can be made about financial services employees who fail to comply with Dutch law, guidelines and rules of conduct.

Forms need to be submitted to the MAS when an individual ceases to act as a representative in regulated activities or financial advisory services. Depending on the FI, the MAS may also have to be informed of appointments or changes of representatives, directors, chief executive officers, and other key officeholders (see questions 2 and 4).

MAS notices are also required for the reporting of misconduct for employees who are representatives of certain capital market service providers, financial advisers, and insurance broking staff. Examples of reportable misconduct include acts involving fraud, dishonesty or other offences of a similar nature, and non-compliance with regulatory requirements. Specific declaration forms and timelines may apply depending on the FI. An FI may also be required to submit updates on cases where investigations have not concluded or disciplinary action was not taken, or submit a declaration that there was no misconduct reported in a given calendar year.  

While not specific to financial services employees, the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992 requires any person with knowledge, or reasonable grounds to suspect, that any property is being used in connection with criminal activity to file a Suspicious Transaction Report with the Suspicious Transaction Reporting Office. MAS notices concerning the prevention of anti-money laundering and incidents of fraud emphasise this obligation.

As a general principle, supervised companies are required to ensure that persons holding, in particular, executive, overall management, oversight or control functions fulfil the requirements of the “fit and proper” test. Consequently, such persons must be of good repute and can guarantee compliance with applicable laws and regulations.

If a person cannot guarantee that the regulatory requirements are fulfilled at all times (eg, because of a material breach of its duties) the employing entity and its audit companies may be required to immediately report to FINMA, respectively, any incident that is of significance.

Both the DFSA General Rulebook and FSRA General Rulebook provide that where an authorised firm requests the withdrawal of an authorised individual, they must provide to the regulator details of any circumstances in which they consider the individual is no longer fit and proper.  Where the individual is to be dismissed or has requested to resign, the firm must provide to the regulator a statement of the reason, or reasons, for the dismissal or resignation.

In addition, the DFSA and FSRA General Rulebooks contain broad obligations on any authorised firm to report to the regulator if it becomes aware of a range of occurrences, including any matter which could have a significant adverse effect on the authorised firm’s reputation, or a matter in relation the authorised firm which could result in serious adverse financial consequences to the financial system or to other firms, or a significant breach of a rule by the authorised firm or its employees.

Yes. There are multiple potential reporting obligations with various timing imperatives. We include below a snapshot of some of the key obligations:

• under FCA Principle 11, firms have a general duty to inform the FCA of matters about which it would reasonably expect notice;
• a firm must notify the FCA immediately it becomes aware, or has information which reasonably suggests, that a matter which could have a significant adverse impact on the firm’s reputation has occurred, may have occurred or may occur in the foreseeable future;
• a firm must notify the FCA immediately it becomes aware, or has information which reasonably suggests, that a significant breach of a rule (including a significant breach of a Conduct Rule) has occurred, may have occurred or may occur in the foreseeable future; and
• a firm must also notify the FCA if it takes disciplinary action against an individual for a breach of the Conduct Rules. Where the relevant individual is a senior manager, the notification must be made within seven business days. Where the relevant individual is certified staff, the notification must be made in the firm’s annual reporting.

FINRA members must report to FINRA within 30 calendar days after the firm has concluded, or reasonably should have concluded, that an associated person of the firm or the firm itself has violated any securities, insurance, commodities, financial or investment-related laws, rules, regulations or standards of conduct of any domestic or foreign regulatory body or self-regulatory organisation.

While there is no requirement to report misconduct to regulators, the SEC routinely gives credit to organisations that voluntarily choose to self-report, which can lead to reduced fines, non-prosecution agreements, deferred prosecution agreements, waivers of disqualification following regulatory or criminal actions, or more organisation-friendly language in settlement documents. However, such disclosed information may later be discoverable by private plaintiffs.

The SEC has issued guidance that a failure to self-report significant misconduct can lead to more severe penalties.

Employees must not, both during and after the termination of the contract, obtain, use or unlawfully disclose a business secret he or she became aware of in the course of his or her professional activity, or disclose the secrecy of any matter of a personal or confidential nature of which he or she became aware in the course of his or her professional activity (article 17, 3°, a, Employment Contracts Act).

The company can include a NDA in the employment contract to underline what is considered confidential information. A penalty clause (with a lump sum to be paid) can be foreseen in case of a breach after the end of the employment contract, but not during the period of the employment relationship. This is because of the prohibition on restricting the rights of employees or increasing their obligations in comparison with what is foreseen by the Employment Contracts Act (article 6).

Yes, non-disclosure agreements (NDAs) are potentially lawful in Brazil. The applicable rules are the same as for any legal transaction: expression of will, legality of the object, and compliance with the law.

As a rule, NDAs are a consequence of professional activity and do not require specific consideration.

Protected information is specific to the contractor (employer) and shared with the employee during the execution of the contract (strategies, customers, commercial secrets, etc).       

General information belonging to the employee due to his or her academic training and previous professional experience is not included in NDAs.

All actors in the financial services sector are bound by strict professional and banking secrecy.

But beyond the professional secrecy that is inherent to the employment contract, there may be an interest in particular circumstances to strengthen this requirement and make it an obligation of absolute professional secrecy. This is legal under French law and generally takes the form of a confidentiality clause (non-disclosure) inserted in the employee's employment contract.

In principle, a confidentiality clause, which includes an obligation of professional secrecy to which the employee is bound as well as an obligation of discretion, is not subject to any particular conditions. In particular, it does not require the payment of any financial consideration.

On the other hand, when an employee by an agreement or transaction goes further and waives his freedom of expression, the case law sets stricter conditions of validity. The agreement must be adapted, necessary and proportionate to the aim sought.

Confidentiality clauses must also comply with any obligations in terms of transparency, the fight against corruption and influence peddling provided for by Law No. 2016-1691 of 9 December 2016.

The only entities against which banking secrecy cannot be invoked are the French Prudential Supervision and Resolution Authority, the Banque de France and the judicial authority acting in the context of criminal proceedings (article L. 511-33 of the Monetary and Financial Code). On the other hand, bank secrecy is enforceable in civil court proceedings, as confirmed by abundant case law.

Under German law, it is permissible to enter into non-disclosure and confidentiality agreements. In practice, NDAs are usually agreed upon in written or text form, although this is not legally required. If drafted for use in multiple cases, NDAs are subject to a particularly strict test to be effective: they must be transparent and may not unduly burden the employee under General Terms and Conditions legislation. NDAs should, therefore, only relate to very limited and specific information.

In practice, NDAs are difficult to enforce as it is the employer who must prove a culpable breach of contract, as well as damages resulting from such a breach. Employers should, therefore, also use other means to ensure data protection and confidentiality, such as properly defining and protecting business secrets under the Business Secrets Act; and implementing technical and organisational measures to limit access to certain information, which may include sharing information only on a need-to-know basis.

Non-disclosure agreements are legally enforceable in Hong Kong. They follow the contract law rules and there is no other particular form or rules. To be enforceable, a non-disclosure agreement must protect information that is both confidential and valuable. There are common exceptions where confidentiality will not apply to certain information, including information available in the public domain, information lawfully received from a third party without proprietary or confidentiality limitations, information known to the employee before first receipt of same from the employer, and information disclosed in circumstances required by law or regulatory requirement.

NDAs are governed by the Indian Contract Act, 1872 and are generally lawful in India.

Generally, post-contract restrictive covenants like non-compete clauses that restrain a person’s exercise of lawful trade, profession or business are declared void because of Section 27 of the Indian Contract Act.

The enforceability of NDAs may be affected if they restrain an employee from exercising a lawful profession, trade or business. Accordingly, an NDA crafted to protect the “confidential information” of the former employer but not to impose the above-mentioned restraints on the employee is saved from any clash with Section 27 of the Indian Contract Act and is, therefore, enforceable in the courts of law in India. If NDAs prohibit an employee from disclosing commercial or trade secrets, then they cannot be held to be in restraint of trade. This was observed by the Bombay High Court in VFS Global Services Pvt Ltd v Mr Suprit Roy[1].

Yes. It is possible to use NDAs in Ireland and it is quite common for them to be used, but there are some limitations on their use and enforceability.

Certain mandatory reporting obligations will override a contractual non-disclosure agreement, such as the requirement for PCFs under section 38(2) of the CBI (Supervision and Enforcement) Act 2013 to disclose certain matters to the CBI.

Further, an NDA cannot extinguish an employee's right to anti-retaliation protection where the employee makes a protected disclosure either internally or externally under the Protected Disclosures Act 2014 - 2022.

Yes, non-disclosure agreements are potentially lawful in the Isle of Man. A contract of employment may also contain confidentiality provisions for financial services employees. However, a non-disclosure agreement or confidentiality clause would not (and could not) prevent a financial services employee (or any employee) from making a protected disclosure, (ie, a disclosure made by an employee where they reasonably believe there is serious wrongdoing within the workplace (whistleblowing)).

A financial services employee may, furthermore, be subject to a legal requirement to disclose information in certain circumstances that might override an NDA. For example, an individual can be compelled to provide information by the IoM FSA during an interview, and such compulsion will generally override an employee’s duties of confidentiality. Alternatively, an individual can be subject to a requirement to disclose information in the context of legal proceedings (eg, by court order).

Non-disclosure provisions under Mexican law are applicable and enforceable. All information to which employees have access, given their position and services, regarding third parties and deemed sensitive or confidential (ie, non-public information) may not be disclosed at any time after the termination of employment or used for any other purposes.

The breach of non-disclosure obligations of confidential information and trade secrets may lead to economic sanctions or imprisonment. The disclosure of confidential information or using it to an employer’s detriment is an offence under criminal law. Also, employees that breach confidential obligations may have to pay damages to the affected party.

Pursuant to article 186 of the general provisions applicable to brokerage houses, internal policies must be in place to establish guidelines and procedures for the use, management, conservation and, as applicable, destruction of books, records, documents, and other information; and must guarantee the adequate use and control of documents containing the confidential information of clients. Also, these entities must establish strict controls to avoid the improper use of books, records, and documents in general.

According to the Law to Regulate Technological Finance Institutions, entities must include measures and policies to control operational risks within their filing for authorisation at the CNBV. They must also provide information security and confidentiality policies, with evidence of secure, trustable and precise technological support for their clients and with minimum standards of security to ensure the confidentiality, availability and integrity of information, as well as to prevent fraud and cyberattacks.

Additionally, financial entities must guarantee the security and integrity of the information, and implement security measures to preserve the integrity and confidentiality of the information generated, stored, or processed.

Lastly, under the Federal Law for the Prevention and Identity of Transactions with Illegally Obtained Resources, filing notices, information and documentation related to vulnerable activities to the SHCP does not qualify as a breach of confidentiality obligations.

Since there is no specific legislation on NDAs under Dutch law, the general principle is that NDAs are permitted.

NDAs may never prevent a financial sector employee from reporting or revealing suspected misconduct.

NDAs are generally lawful in Singapore, although the extent of their enforceability depends on their contents. For example, restrictive covenants can be subject to further scrutiny (see question 13). While not subject to any particular form or rules, employers should take particular care to specify the type of information protected under the NDA, so that employees have a clear understanding of the protected information – and to enhance the enforceability of the NDA.

Under Singapore common law, in addition to breach of contract, a party may also bring an action for breach of confidence. A plaintiff will have to show on the facts that the information is confidential and was imparted in circumstances giving rise to an obligation of confidence (including if confidential information has been accessed or acquired without a plaintiff’s knowledge or consent), which will then invoke the presumption of a breach of confidence. The burden will then fall on the defendant to rebut this presumption.

Non-disclosure agreements (NDAs) are generally lawful in Switzerland. However, NDAs are not regulated by statutory law and therefore do not have to follow any particular statutory form or rule. Nevertheless, most NDAs often contain a similar basic structure.

The core clauses of an NDA concern:

• manufacturing and business secrets or the scope of further confidentiality;
• the purpose of use;
• the return and destruction of devices containing confidential information; and
• post-contractual confidentiality obligations.

As a general rule, it is recommended to use the written form.

To ensure possible enforcement of an NDA in the employment context, the requirements of a post-contractual non-compete obligation (see below) must be met.

Non-disclosure agreements may be used in the UAE (including DIFC and ADGM free zones).  There are no particular requirements regarding the form or rules for those NDAs.

NDAs (also known as confidentiality agreements) are potentially lawful and enforceable in the UK. It is common to include NDAs in employment contracts (to protect the confidential information of the employer during and after employment) and in settlement agreements (to reiterate existing confidentiality obligations and to keep the circumstances of the settlement confidential).

NDAs do not need to follow a particular form, but they must be reasonable in scope. Following #MeToo, there has been considerable government, parliamentary, and regulatory scrutiny of the use of NDAs and their reasonableness in different circumstances.

The following limitations on NDAs should be noted:

• By law, any NDA purporting to prevent an individual from making a “protected disclosure” as defined in the Employment Rights Act 1996 (ie, blowing the whistle about a matter) is void.

• The regulatory body for solicitors in England and Wales, the Solicitors Regulation Authority (SRA), has issued a detailed warning notice and guidance to practitioners setting out – in its view – inappropriate or improper uses of NDAs. Failure to comply with the SRA’s warning notice may lead to disciplinary action. The SRA lists the following as examples of improper use of NDAs:

• • using an NDA as a means of preventing, or seeking to impede or deter, a person from:
    • cooperating with a criminal investigation or prosecution;
    • reporting an offence to a law enforcement agency;
    • reporting misconduct, or a serious breach of the SRA’s regulatory requirements, to the SRA, or making an equivalent report to any other body responsible for supervising or regulating the matters in question; and
    • making a protected disclosure;
    • using an NDA to influence the substance of such a report, disclosure or cooperation;
    • using an NDA to prevent any disclosure required by law;
    • using an NDA to prevent proper disclosure about the agreement or circumstances surrounding the agreement to professional advisers, such as legal or tax advisors, or medical professionals and counsellors, who are bound by a duty of confidentiality;
    • including or proposing clauses known to be unenforceable; and
    • using warranties, indemnities and clawback clauses in a way that is designed to, or has the effect of, improperly preventing or inhibiting permitted reporting or disclosures being made (for example, asking a person to warrant that they are not aware of any reason why they would make a permitted disclosure, in circumstances where a breach of warranty would activate a clawback clause).
       
• The Law Society of England and Wales, a professional association representing solicitors in England and Wales, has issued similar guidance (including a practice note) on the use of NDAs in the context of the termination of employment relationships.
• Other non-regulatory guidance on the use of NDAs has also been issued, including by the Advisory, Conciliation and Arbitration Service and by the UK Equality and Human Rights Commission.

Care should be taken accordingly to ensure that the wording of any NDA complies with prevailing guidance, especially from the SRA.

Non-disclosure agreements are currently permissible under United States law with some exceptions, typically pertaining to whistleblower, harassment, and discrimination matters. On 7 December 2022, President Joe Biden signed the Speak Out Act, which prohibits the enforcement of non-disclosure and non-disparagement provisions that were agreed to before an incident of workplace sexual assault or sexual harassment occurred. In other words, it does not prohibit these provisions in settlement or severance agreements.

Both Dodd-Frank and SOX prohibit employers from impeding an individual’s whistleblowing process. Confidentiality provisions should expressly authorise employee communications directly with, or responding to any inquiry from, or providing testimony before the SEC, FINRA, any other self-regulatory organisation or any other state or federal regulatory authority.

The United States Tax Cuts and Jobs Act of 2018 discourages NDAs in the settlement of sexual harassment claims. Under this law, employers settling claims alleging sexual harassment or abuse that include a confidentiality or non-disclosure provision in the settlement agreement cannot take a tax deduction for that settlement payment or related attorneys' fees.

Under the National Labor Relations Act, employees (except for supervisors) cannot be prohibited from discussing their compensation or working conditions

California

• California Law prohibits NDAs that would prevent employees from discussing or disclosing their compensation or discussing the wages of others. However, California permits the use of a non-disclosure provision that may preclude the disclosure of any amount paid in any separation or settlement agreement.
• California imposes restrictions on the use of non-disclosure provisions that are designed to restrict an employee's ability to disclose information about unlawful acts in the workplace, including information pertaining to harassment or discrimination or any other conduct the employee has reason to believe is unlawful in employment agreements, settlement agreements, and separation agreements.
• California employers cannot:
  • require employees, in exchange for a raise or a bonus, or as a condition of employment or for continued employment, to sign any non-disparagement or non-disclosure provision that denies the employee the right to disclose information about unlawful acts in the workplace;
  • include in any separation agreement a provision that prohibits the disclosure of information about unlawful acts in the workplace; or
  • include a provision within a settlement agreement that prevents or restricts the disclosure of factual information related to claims for sexual assault, sexual harassment, workplace harassment or discrimination, retaliation, or failure to prevent workplace harassment or discrimination that are filed in a civil or administrative action, unless the settlement agreement is negotiated, which means that the agreement is voluntary, deliberate, informed, provides consideration of value to the employee, and the employee is giving notice and an opportunity to retain an attorney or is represented by an attorney.

New York

• New York law prohibits NDAs that:
  • prevent an employee from discussing or disclosing their wages or the wages of another employee.
  • prevent an employee from disclosing factual information related to a future discrimination claim, unless the agreement notifies employees that it does not prevent them from speaking to the EEOC, the New York Department of Human Rights, and any local human rights commission or attorney retained by the individual.

New York law also prohibits employers from mandating confidentiality or non-disclosure provisions when settling sexual harassment claims (though allows such provisions where it is the employee’s preference to include them).