Employment in Financial Services

If a new element occurs that can influence one or more of the five criteria assessing the suitability of a person for the “fit and proper” authorisation (see question 2), the financial institution must file the adequate form with the NBB.

Notification to the NBB is also required in the event of termination or reappointment.

From a labour perspective, there are no circumstances in which notifications relating to the employee or their conduct must be made to local or international regulators.

Considering that the National Financial System is extremely regulated, there may be cases in which a mistake by an employee results in a duty to report to the authorities (information security breach, prevention of money laundering, and prevention of terrorist financing, among others, which could not be exhaustively included in this questionnaire).

There is no general code defined by law or regulation.

Each company can adopt its standard of behaviour, as a rule.

Some activities require specific protocols for the prevention of money laundering and combating the financing of terrorism:

• the capture, intermediation, and investment of financial resources from third parties in national or foreign currency;

• the purchase and sale of foreign currency or gold as a financial asset or exchange instrument; and

• the custody, issuance, distribution, settlement, negotiation, intermediation, or securities administration.

Within the scope of the system for preventing and combating money laundering and the financing of terrorism, it is up to institutions and their employees to adequately comply with Central Bank regulations; promote the effectiveness of the apparatus to combat and prevent money laundering; carry out risk management with the implementation of effective policies, procedures, and controls; and help the Brazilian state to locate which financial operations are suspicious so that they can be investigated.

In principle, the relationship between companies and employees in the financial services sector is private. As such, companies do not have to communicate confidential information about their employees to third parties, as this would constitute an infringement of their fundamental freedoms. However, in certain cases, employers must alert the competent authorities in the event of behaviour or "suspicions" of behaviour by one of their employees that is contrary to the law.

Thus, the Monetary and Financial Code provides that companies in the financial services sector, referred to in article L.561-2 of the code (the list of which was updated by Ordinance no. 2023-1139 of December 6, 2023 on credit managers and credit buyers to include "Credit managers"), must report to the national financial intelligence unit (Tracfin) all sums or transactions that they suspect to be the result of an offence punishable by a prison sentence of more than one year, or related to the financing of terrorism or tax evasion. This declaration may be made in respect of any employee of one of these companies.

In addition, when facts likely to constitute violations of the anticorruption code of conduct or to qualify as corruption or influence peddling are brought to the attention of the company and its managers, an internal investigation must be conducted (article 17 of Law No. 2016-1691 of 9 December 2016 on transparency). If the investigation confirms the suspicions, the employer must, on the one hand, sanction the employee, but also inform the prosecuting authority of the facts.

In smaller companies, the employer will also be able to report to the prosecution authorities any behaviour that could lead to criminal sanctions.

Yes. Under section 87 WpHG, investment firms must notify BaFin of any changes regarding employees providing investment advice, sales representation, and compliance advice. This includes, for example, personal data or a change of the responsible sales representative, but also the termination of the activity. Changes must be communicated to BaFin within one month.

Further, investment firms must notify BaFin as soon as a substantial customer complaint is made against one or more employees based on his or her activities in connection with investment advice. This applies, for example, to allegations of incorrect investment advice. The notification to BaFin must be submitted within six weeks of receipt of the complaint. Details on the content of the notification are governed by section 8 paragraph 4 of the Securities Trading Act Employee Notification Ordinance.

There are further notification obligations if there are doubts about an employee‘s reliability under the relevant statutory rules. For example, in their initial declaration of reliability under section 24 paragraph 1 No. 1 KWG and section 5b Ordinance on Notifications and Submission of Documents under the KWG, future managing directors and persons acting as sole representatives of credit institutions and financial services institutions must immediately report to BaFin in writing any subsequent changes that may be relevant to their reliability. This applies to all facts that were also relevant for the initial reliability assessment (eg, because an employee was convicted of certain financial crimes). In addition, BaFin must also receive notifications of preliminary proceedings, indictments and convictions of certain financial sector employees according to the Order on Notifications in Criminal Matters.

SFC – Self-reporting obligation

An SFC-licensed intermediary is subject to the self-reporting obligation under paragraph 12.5 of the “Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission”. A licensed or registered person should report to the SFC immediately upon the occurrence of any material breach, infringement or non-compliance with any laws, rules regulations, and codes administered or issued by the SFC, exchange or clearing house of which it is a member or participant of, and the requirement of any regulatory authority applicable to that intermediary. This encompasses both actual and suspected breaches, infringements or non-compliance. In the report, the particulars of the actual or suspected breach, infringement or non-compliance, and relevant information and documents must be included to fulfil the obligation.

The same is to be reported by the registered institutions to the HKMA. The HKMA also requires authorised institutions to submit an incident report on the same day of discovering the incident.

SFC - Internal investigation disclosure obligation

In addition, a licensed corporation is required to provide the SFC with information about whether a licensed individual who ceases to be accredited to it (outgoing employee) was under any investigation commenced by the licensed corporation within six months preceding his or her cessation of accreditation. If the internal investigation commences after the notification of cessation of accreditation, the licensed corporation should also notify the SFC as soon as practicable. In addition, even if a firm has completed its investigation and made no negative findings against an outgoing employee, the firm will still be required to notify the SFC of the investigation.

The SFC expects licensed corporations to proactively disclose information about all investigative actions and the following is a non-exhaustive list of examples of investigations involving an outgoing employee that a licensed corporation should disclose to the SFC:

• investigations about a suspected breach or breach of applicable laws, rules and regulations;
• investigations about a suspected breach or breach of the licensed corporation's internal policies or procedures;
• investigations about misconduct that are likely to give rise to concerns about the fitness and properness of the outgoing employee;
• investigations about any matter that may have an adverse market or client impact; and
• investigations about any matter potentially involving fraud, dishonesty and misfeasance.

HKMA – Reporting incidents to HKMA

According to the “Incident Response and Management Procedures” published by the HKMA, once an authorised institution has become aware that a significant incident has occurred, the authorised institution concerned should notify the HKMA immediately and provide it with whatever information is available at the time. An authorised institution should not wait until it has rectified the problem before reporting the incident to the HKMA.

According to the Supervisory Policy Manual SB-1 “Supervision of Regulated Activities of SFC-Registered Authorized Institutions”, to be in line with the reporting requirements imposed by the SFC on licensed representatives, authorised institutions will be required to notify the HKMA in writing within seven business days upon knowledge of the occurrence of certain information (including any subsequent changes) of the relevant individuals. The required information is on whether or not the person is or has been:

• convicted of or charged with any criminal offence (other than a minor offence) in Hong Kong or elsewhere;
• subject to any disciplinary action, or investigation by a regulatory body or criminal investigatory body (as the case may be) in Hong Kong or elsewhere;
• subject to, or involved in the management of a corporation or business that has been or is subject to, any investigation by a criminal investigatory body or any regulatory body in Hong Kong or elsewhere concerning offences involving fraud or dishonesty;
• engaged in any judicial or other proceedings, whether in Hong Kong or elsewhere, that is material or relevant to the fitness and propriety of the individual; or
• bankrupt or aware of the existence of any matters that might render him insolvent or lead to the appointment of a receiver of his property under the Bankruptcy Ordinance.

HKMA – Guidance Note on Cooperation with HKMA Investigations

Under the “Guidance Note on Cooperation with the HKMA in Investigations and Enforcement Proceedings”, the HKMA encourages and recognises the cooperation of authorised institutions, banks and their staff in investigations and enforcement proceedings. Under this Guidance Note, cooperation includes early and voluntary reporting of any suspected breach or misconduct, taking a proactive approach to assist the HKMA’s investigation, and making timely arrangements to provide evidence and information.

IA – Self-reporting obligation

Under “the Code of Conduct for Licensed Insurance Agents/Brokers”, there is a self-reporting obligation by licensed insurance agencies or brokerages to the IA. A licensed insurance agency or brokerage is required to have proper controls and procedures to ensure the following incidents are reported to the IA as soon as is reasonably practicable:

• a disciplinary action taken by the HKMA, the SFC or the Mandatory Provident Fund Schemes Authority;
• a criminal conviction (other than a minor offence) by any court in Hong Kong or elsewhere;
• any material breaches of requirements under the IO or any rules, regulations, codes or guidelines administered or issued by the IA; and
• any material incidents which happen to the agency or brokerage.

The RBI requires banks to conduct an annual review of fraud committed and provide a note of the total number to the board of directors or the local advisory board. These reports are not to be sent to the RBI but are to be preserved for verification by the RBI’s inspecting officers[1]. Necessary disclosures may also need to be made to SEBI under some of its regulations.

Publicly listed financial services companies may be required to make necessary disclosures, including to the stock exchanges and their auditors, in case of workplace fraud.

The CBI expects RFSPs to be open and transparent in their engagement, including concerning compliance with the F&P Standards and the Common Conduct Standards. While early versions of the IAF regulations and related guidance contained an obligation on a RFSP to report to the CBI if disciplinary action had been taken against an individual, the obligation was removed from the latest version of the draft legislation. The Guidance indicated that the CBI would expect that they would have already received relevant details as it provides that firms and persons performing PCF roles are required to report to the CBI where they suspect that a "prescribed contravention" may have occurred for the purposes of the CBI legislative framework and the CBI states that a breach of the Common Conduct Standards and/or Additional Conduct Standards is a "prescribed contravention" for these purposes.

Yes, please see question 10.

Financial institutions in the Isle of Man are required to comply with various statutory requirements. Breaches of those statutory requirements impose an obligation on the relevant entity to self-report to the IoM FSA. While ordinarily, businesses will endeavour not to supply information about individuals within the business to the regulator as part of this reporting, from time to time this may be necessary to comply with their regulatory obligations. Where this is the case, usually the regulator will be asked to use their powers of compulsion to seek the information rather than such information being given voluntarily. This is particularly the case where the regulator may have formed concerns about an individual’s fitness and propriety and wishes to investigate this further.

Regulators from other jurisdictions may use certain reciprocal agreements and reciprocal enforcement legislation to seek information from the IoM FSA or more directly from a financial services business. Where such requests are made, this may include information about individual employees (ordinarily those exercising Controlled Functions). However, any mechanism for reciprocal enforcement or exchange of information is subject to scrutiny and such information would normally only be offered by an employer under compulsion.

Pursuant to the Federal Law for the Prevention and Identity of Transactions with Illegally Obtained Resources, all acts carried out by financial entities are considered a vulnerable activity; therefore, financial entities must:

• set forth measures and procedures to prevent and detect acts and operations;
• file reports to the SHCP regarding acts, operations and services carried out by clients and employees if they suspect illegal resources are involved; and
• keep for at least 10 years any information and documents related to the identification of clients and users.

Given the above, if any action, operation or service is identified as undertaken with illegal resources or there is a breach of any of the provisions outlined in the above law, employers must inform the SHCP and prosecutor.

Also, if officers and general managers no longer comply with the legal requirements to occupy their positions (eg, not having a satisfactory credit record, or no longer being in good standing), financial entities may inform the CNBV or CNSF, as applicable, so the authorities may disqualify or remove those individuals from their positions.

Furthermore, if there is a breach of the code of conduct, the regulatory comptroller must inform the board of directors and keep such information available to the CNBV at all times. The board of directors will be in charge of establishing disciplinary measures.

Finally, if employees breach psychological risk prevention obligations (see question 11), employers must inform the labour authorities to impose corresponding sanctions.

Financial services companies must report to local regulators any behaviour or event that poses a serious threat to the ethical conduct of the business of the company or may affect the reliability of policymakers, sound and controlled business operations and continuity.

Furthermore, there are several local disciplinary authorities where reports can be made about financial services employees who fail to comply with Dutch law, guidelines and rules of conduct.

Forms need to be submitted to the MAS when an individual ceases to act as a representative in regulated activities or financial advisory services. Depending on the FI, the MAS may also have to be informed of appointments or changes of representatives, directors, chief executive officers, and other key officeholders (see questions 2 and 4).

MAS notices are also required for the reporting of misconduct for employees who are representatives of certain capital market service providers, financial advisers, and insurance broking staff. Examples of reportable misconduct include acts involving fraud, dishonesty or other offences of a similar nature, and non-compliance with regulatory requirements. Specific declaration forms and timelines may apply depending on the FI. An FI may also be required to submit updates on cases where investigations have not concluded or disciplinary action was not taken, or submit a declaration that there was no misconduct reported in a given calendar year.  

While not specific to financial services employees, the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992 requires any person with knowledge, or reasonable grounds to suspect, that any property is being used in connection with criminal activity to file a Suspicious Transaction Report with the Suspicious Transaction Reporting Office. MAS notices concerning the prevention of anti-money laundering and incidents of fraud emphasise this obligation.

As a general principle, supervised companies are required to ensure that persons holding, in particular, executive, overall management, oversight or control functions fulfil the requirements of the “fit and proper” test. Consequently, such persons must be of good repute and can guarantee compliance with applicable laws and regulations.

If a person cannot guarantee that the regulatory requirements are fulfilled at all times (eg, because of a material breach of its duties) the employing entity and its audit companies may be required to immediately report to FINMA, respectively, any incident that is of significance.

Both the DFSA General Rulebook and FSRA General Rulebook provide that where an authorised firm requests the withdrawal of an authorised individual, they must provide to the regulator details of any circumstances in which they consider the individual is no longer fit and proper.  Where the individual is to be dismissed or has requested to resign, the firm must provide to the regulator a statement of the reason, or reasons, for the dismissal or resignation.

In addition, the DFSA and FSRA General Rulebooks contain broad obligations on any authorised firm to report to the regulator if it becomes aware of a range of occurrences, including any matter which could have a significant adverse effect on the authorised firm’s reputation, or a matter in relation the authorised firm which could result in serious adverse financial consequences to the financial system or to other firms, or a significant breach of a rule by the authorised firm or its employees.

Yes. There are multiple potential reporting obligations with various timing imperatives. We include below a snapshot of some of the key obligations:

• under FCA Principle 11, firms have a general duty to inform the FCA of matters about which it would reasonably expect notice;
• a firm must notify the FCA immediately it becomes aware, or has information which reasonably suggests, that a matter which could have a significant adverse impact on the firm’s reputation has occurred, may have occurred or may occur in the foreseeable future;
• a firm must notify the FCA immediately it becomes aware, or has information which reasonably suggests, that a significant breach of a rule (including a significant breach of a Conduct Rule) has occurred, may have occurred or may occur in the foreseeable future; and
• a firm must also notify the FCA if it takes disciplinary action against an individual for a breach of the Conduct Rules. Where the relevant individual is a senior manager, the notification must be made within seven business days. Where the relevant individual is certified staff, the notification must be made in the firm’s annual reporting.

FINRA members must report to FINRA within 30 calendar days after the firm has concluded, or reasonably should have concluded, that an associated person of the firm or the firm itself has violated any securities, insurance, commodities, financial or investment-related laws, rules, regulations or standards of conduct of any domestic or foreign regulatory body or self-regulatory organisation.

While there is no requirement to report misconduct to regulators, the SEC routinely gives credit to organisations that voluntarily choose to self-report, which can lead to reduced fines, non-prosecution agreements, deferred prosecution agreements, waivers of disqualification following regulatory or criminal actions, or more organisation-friendly language in settlement documents. However, such disclosed information may later be discoverable by private plaintiffs.

The SEC has issued guidance that a failure to self-report significant misconduct can lead to more severe penalties.