Assessing the Suitability of Key Individuals in Financial Institutions
Monday, May 15, 2017

Assessing the Suitability of Key Individuals in Financial Institutions


This note explains:

  • the key principles relating to the suitability[2] of key individuals[3] in a regulated financial institution[4];
  • why it is important for supervisors to monitor how firms assess the suitability of key individuals, and for supervisors to undertake their own assessments of the suitability of key individuals in the firms they supervise; and
  • how supervisors can improve the suitability of key individuals in the firms they supervise.  

This note focuses on key aspects of assessing the suitability of key individuals in firms – the scope of which individuals should be subject to supervisory assessment; the characteristics of an individual that should be subject to assessment; and the powers, tools and procedures available to supervisors.   

This note is relevant to supervisors of all types of regulated firms, including banking, insurance, securities, financial market infrastructure, pension companies and the boards of trustees of occupational pension plans. It is also relevant to key individuals responsible for how these firms meet conduct of business (in both retail and wholesale markets), anti-money laundering and other regulatory requirements, not just prudential requirements.   

The suitability of key individuals is important to supervisors because

  • Decisions taken by firms are taken by individuals, whether acting individually or collectively (for example in a Board[5] or a committee); 
  • Individuals who are honest, act with integrity, well-qualified and experienced are more likely to make good decisions that are consistent with a firm meeting supervisory objectives (including the safety and soundness of the firm; treating customers, clients and counterparties fairly; and meeting anti-money laundering and other regulatory requirements);
  • Firms managed by competent and honest individuals should be better placed to keep supervisors informed and to implement any changes in their structure, business activities and operations as required by supervisors; and
  • Effective corporate governance[6] in firms depends not only on good processes and procedures but also on the quality of the individuals at Board and senior management level.

Many problems in regulated firms can be traced back to weaknesses in key individuals, which have led to a firm making poor decisions about its strategy or business plans; imprudent decisions about credit, underwriting, market or operational risks; treating its customers, clients and counterparties unfairly; or undertaking fraudulent or unauthorised transactions.  

Supervisors and regulators have a number of tools available to them to improve the suitability of key individuals in the firms they supervise. These usually include:

  • Regulatory requirements on firms to assess the suitability of key individuals.
  • Statutory legislative requirements for supervisory authorities to assess the suitability of (some) individuals in a firm as part of the licensing (or authorisation) of a firm.  These requirements may also apply on a continuing basis – so a firm has to meet the relevant licensing criteria on a continuing basis, not just when it is first licensed. 
  • Powers both to approve the appointment of key individuals and to require the removal of individuals who fail to continue to meet the required standards once in position.
  • Setting clear expectations for the criteria that key individuals should meet, both when appointed and when in position. 
  • Monitoring whether relevant individuals meet these criteria.
  • Taking action – against either the individual or the firm - when an individual fails to meet these criteria.  

Core Principles

Unlike the development of (largely) common international standards in other areas, particularly since the financial crisis, much less progress has been made on common approaches to suitability regimes. Even otherwise similar G20 countries take very different approaches.  

Nevertheless, some common strands can be identified in the core principles and corporate governance principles for banking and insurance issued by the Basel Committee and the International Association of Insurance Supervisors (IAIS)[7]

Basel Committee on Banking Supervision

The key Basel Committee core principles relating to suitability regimes are CP 5 on licensing criteria and CP 14 on corporate governance. 

In addition to the licensing criteria that banks have to meet as corporate entities, CP 5 refers to the “fitness and propriety of Board members and senior management”.  The supporting essential criteria for CP 5 refer to the supervisory authority evaluating, at the point at which a bank is authorised: 

“the bank’s proposed Board members and senior management as to expertise and integrity (fit and proper test), and any potential for conflicts of interest. The fit and proper criteria include: (i) skills and experience in relevant financial operations commensurate with the intended activities of the bank; and (ii) no record of criminal activities or adverse regulatory judgments that make a person unfit to uphold important positions in a bank. The licensing authority determines whether the bank’s Board has collective sound knowledge of the material activities the bank intends to pursue, and the associated risks.” 

Within CP 14 on corporate governance, the essential criteria refer to: 

“Processes for nominating and appointing Board members are appropriate for the bank … 

The bank’s Board has established fit and proper standards in selecting senior management … 

Board membership includes experienced non-executive members, where appropriate … 

Board members are suitably qualified, effective and exercise their “duty of care” and “duty of loyalty” … 

The bank’s Board and senior management know and understand the bank’s operational structure and its risks.” 

In addition, the Basel Committee’s corporate governance principles for banks state that: 

“The Board should be comprised of individuals with a balance of skills, diversity and expertise,

who collectively possess the necessary qualifications commensurate with the size, complexity and risk profile of the bank … 

The (bank’s own) selection process should include reviewing whether Board candidates: (i) possess the knowledge, skills, experience and, particularly in the case of non-executive directors, independence of mind given their responsibilities on the Board and in the light of the bank’s business and risk profile; (ii) have a record of integrity and good repute; (iii) have sufficient time to fully carry out their responsibilities; and (iv) have the ability to promote a smooth interaction between Board members … 

Members of senior management should have the necessary experience, competencies and integrity to manage the businesses and people under their supervision … 

Supervisors should evaluate the processes and criteria used by banks in the selection of Board members and senior management and, as they judge necessary, obtain information about the expertise and character of Board members and senior management. The individual and collective suitability of Board members and senior management should be subject to ongoing attention by supervisors … 

Supervisors should have a range of tools at their disposal to address governance improvement needs and governance failures … These tools may include the ability to compel changes in the composition of the Board of directors or senior management, or other corrective actions.” 


The key IAIS core principles relating to suitability regimes are ICP 5 on suitability of persons, and ICP 7 on corporate governance. 

ICP 5 states that “The supervisor requires Board members, senior management, key persons in control functions and significant owners of an insurer to be and remain suitable to fulfil their respective roles.” 

The accompanying standards and guidance refer to: 

“Legislation identifies which persons are required to meet suitability requirements ...  

Board members (individually and collectively), senior management and key persons in control functions possess competence and integrity … 

Competence is demonstrated generally through the level of an individual’s professional or formal qualifications and knowledge, skills and pertinent experience within the insurance and financial industries or other businesses. Competence also includes having the appropriate level of commitment to perform the role... 

Integrity is demonstrated generally through character, personal behaviour and business conduct … 

The supervisor should assess the suitability of Board members, senior management and key persons in control functions … as part of the licensing procedure before the insurer is permitted to operate … prior to changes in the positions or as soon as possible after appointment ... and should also require the insurer to perform internal suitability assessments on an ongoing basis … 

The application of suitability requirements relating to competence may vary depending on the degree of their influence and on their roles … An individual considered competent for a particular position within an insurer may not be considered competent for another position with different responsibilities or for a similar position within another insurer... 

The supervisor takes appropriate action to rectify the situation when relevant individuals no longer meet suitability requirements.” 

Key Themes

Four key themes emerge from these core principles.   

First, these core principles place the primary responsibility for ensuring the initial and continuing suitability of its key individuals on the regulated firm itself.  This is consistent with the responsibilities of firms for meeting other regulatory requirements, but leaves open the question of how much supervisors should do to monitor the extent to which firms are meeting their responsibilities. 

Second, the principles refer to the discretionary assessment of key function holders by supervisory authorities. This offers supervisors considerable discretion in undertaking their own assessments of the suitability of key individuals. This discretion extends to which individuals are covered by any suitability regime; the extent of assessment beyond the point at which a firm is licensed or a key individual is appointed; and the coverage (criteria) and depth of any supervisory assessments. 

Third, the principles provide the basis for a minimum set of assessment criteria for both competence and integrity, and some recognition of the importance of (a) taking into account the specific role being undertaken by a key individual (and the nature, scale and complexity of the specific firm in which this role is undertaken); and (b) assessing the collective – as well as the individual - competence of the Board and senior management.  

Fourth, supervisors are expected to have the powers and tools in place to intervene when key individuals do not meet whatever criteria are used to assess competence and integrity, not only at appointment but on a continuous basis thereafter.   

What do Supervisors Need to do to Assess Suitability?

Establish Supervisory Objectives

It is important for supervisors to be clear about their objectives for whatever suitability regime they operate.  

There is a spectrum of possibilities. Supervisors need to be clear about where they position themselves on this spectrum and whether this is consistent with their mandate and powers under national legislation and regulation.    

At a minimum, the objective of supervisors is to prevent individuals without a sufficiently high level of honesty and integrity from being appointed to Board or senior management positions in (at least some) firms. The emphasis may be primarily on (a) the point at which an individual takes up a key function; and (b) whether anything is known against an individual, in terms of past misbehaviours of a criminal nature or an involvement in breaches of regulatory requirements.  Some supervisory authorities have such a suitability regime, or may not be operating a suitability regime at all.   

More demanding supervisory objectives generally take the form of some combination of (a) seeking to ensure that individuals meet whatever assessment criteria are applied not only at the point of entry but throughout the time they hold a key position in a firm[8]; and (b) seeking to ensure that key individuals meet not only the basic “anything known against” test but also exhibit sufficient “positive characteristics” such as experience and expertise.   In turn, (b) can cover a wide range of possible objectives, depending on which “positive characteristics” are assessed, how stringently they are assessed, and whether they apply generically (to broad types of role in a firm) or specifically to a specific role and possibly even to that role in a specific firm[9].  

The banking core principles provide only limited guidance on where supervisors should position themselves on this spectrum of possibilities, although the insurance core principles clearly aim to encourage supervisors to move along this spectrum towards a more intrusive and active supervisory approach.  

However, in some jurisdictions there are clearly concerns about the extent to which supervisors should be intervening in – or even be perceived as taking the final decision on – appointments, not least because of the moral hazard this could give rise to[10]; and concerns about whether the supervisor has sufficient legal grounds (together with the necessary skills and experience) on which to take decisions based on highly subjective, judgmental and qualitative considerations.    

Define the Scope of the Supervisory Regime

Supervisors need to be clear about which key individuals are covered by a suitability regime.  

While the Basel Committee core principles are generally confined to Board members and senior management, the IAIS core principles extend this to key individuals in internal control functions. Some jurisdictions have taken this further to extend their suitability regime to individuals who can commit a firm to significant risks (for example, traders taking market risk positions) and to customer-facing individuals who could take actions that amount to the unfair treatment of customers (for example, sales forces and investment advisers).   

Under a risk-based approach, much will depend on where the greatest risks are perceived to arise, in terms of both (a) the types of firm and (b) the key functions and roles within each type of firm. So a suitability regime might be applied only to certain types of regulated firm within a country (for example, only to banks, insurance companies and intermediaries, and securities firms that give advice to their clients, but not to investment management firms, execution-only securities brokers, or securities firms that deal only with professional clients); and the nature of the suitability regime may differ across sectors (for example, it may not apply to customer-facing staff in banks, but could apply to customer-facing staff in insurance companies selling pension-type products)[11]

A further scope consideration is whether a suitability regime should be extended to individuals who exercise a significant influence over the affairs of a regulated firm, even if they are not an employee or member of the Board of the regulated legal entity. This might apply, for example, in the case of a subsidiary of a (unregulated) holding company or of an overseas firm, where one or more individuals in the holding company or parent firm in effect direct a significant part of the regulated legal entity, or where an individual large shareholder exerts significance influence.    

Establish Assessment Criteria to be used by Firms and Supervisors

Supervisors should expect firms themselves to assess the propriety, integrity and character, and knowledge, skills and experience, of individuals in key functions prior to their appointment.   

Supervisors can then monitor how effectively a firm undertakes such assessments and, where applicable, undertake their own supervisory assessments of key individuals.  

The following assessment criteria are not intended to be exhaustive, but rather an illustration of good practice by firms (and by supervisors where they undertake their own assessments of key individuals).      


The assessment of propriety is essentially an “anything known against?” test. An individual can be considered to be of good repute if there is no evidence or reason to suggest otherwise. 

In principle, this should be an absolute test – either an individual is of good repute, or is not. In practice, however, this may be a difficult judgement to make. So, at the margin, there may be cases where the assessment takes into account the propose role of the individual and to the specific firm to which he or she is being appointed.  

An individual should not be considered to be of good repute if his or her personal or business conduct gives rise to any material doubt about his or her ability to ensure that a firm will be managed soundly and prudently, and that its customers, clients and counterparties will be treated fairly. 

Particular account should be taken of: 

  • Criminal conviction, civil liability or pending legal proceedings against the individual or against a firm in which the individual was a key individual, including:
    • offences under the laws governing financial services;
    • offences of dishonesty, fraud or financial crime;
    • tax offences;
    • other offences under legislation relating to companies, bankruptcy, insolvency, or consumer or investor protection;
  • Relevant current or past investigations and/or enforcement actions relating to the individual, or the imposition of administrative sanctions for non-compliance with provisions governing financial services legislation and regulation, or with the provisions of any other regulatory or professional bodies;
  • Evidence that the individual has not been transparent, open, and cooperative in his or her dealings with supervisory or regulatory authorities;
  • Any refusal of any registration, authorisation, membership, or license to carry out a trade, business, or profession; or restrictions, revocation, withdrawal or termination of such registration, authorisation, membership, or license;
  • Reasons for any dismissal from employment or any position of trust, fiduciary relationship, or similar situation, or having been asked to resign from employment in such a position;
  • Declaration of personal bankruptcy; and
  • Financial and business performance of the entities which the individual has owned, directed or had a significant shareholding in, with special consideration to any rehabilitation, bankruptcy and winding-up proceedings and whether and how the individual contributed to the situation. 

All relevant information available for the assessment should be taken into account, regardless of the jurisdiction where any relevant events occurred. 

Consideration should also be given to: 

  • The seriousness of any offence or action – minor misdemeanours should not necessarily result in an individual being considered as not reputable, although a series of otherwise minor incidents might be regarded as being cumulatively serious;
  • The circumstances of breaches of regulatory requirements by entities, or the failure of entities, in which the individual has worked, and the role of the specific individual in these breaches or failures;
  • Rehabilitation periods and measures – some offences might be regarded as being “spent” after a period of time has elapsed, or if an individual has undertaken remedial training and demonstrated good conduct since the offence. But in other cases, an individual might be considered to be barred from key roles in firms for the rest of their working life (for example where an individual has stolen client funds).   

Both firms and supervisors may therefore have to exercise considerable judgement in assessing the propriety of key individuals.     

Integrity and Character

The assessment of integrity and character is also in part an “anything known against” test, where similar features as those applying to propriety may be indicators of poor integrity and character.   

However, there may also be positive observable indications of an individual’s integrity and character, for example where an individual has displayed integrity and good character through past behaviours, decision taking, an ability and willingness to challenge others when appropriate, and his or her relationship with supervisors. 

A firm – or a supervisor undertaking its own assessment of a key individual – should be expected to seek evidence on the existence (or otherwise) of such positive examples, and then to exercise judgement on whether there are material concerns about the integrity and character of a key individual, even if “integrity” and “character” are difficult to define and to evaluate.   

Knowledge, Skills and Experience

The third set of characteristics – the knowledge, skills and experience of a key individual – should be capable of assessment based on a set of positive factors.  

These factors should also be role and firm dependent, at least to some extent. For example, the knowledge, skills and experience required of the chair of the Board of a major bank or insurance company will be different to the knowledge, skills and experience of a financial adviser or securities salesperson offering advice to retail customers. Firms and, where applicable, supervisors should take this dependency into account.  

Knowledge, skills and experience can be gained through both education and training and practical “on the job” experience gained in previous occupations. The assessment of an individual’s knowledge, skills and experience should therefore consider: 

  • Education and formal qualifications;
  • Experience of working in financial services and other previous occupations (taking into account the functions performed in previous employment and the nature, scale and complexity of the businesses in which the individual was employed);
  • Knowledge and experience of:
    • financial markets
    • strategic and business planning
    • risk management (identifying, assessing, monitoring, controlling and mitigating the main types of risk of a firm)
    • governance, oversight and controls
    • financial information, controls, accounting and reporting
    • regulatory framework and requirements;
  • For applicants to senior management positions:
    • previous experience in managerial positions
    • scope of responsibilities and decision making powers
    • managing conflicts of interest. 

Non-executive Directors

In addition to all the above criteria, the assessment of the suitability of non-executive directors should take account of:

  • experience in governance, oversight and challenge of senior management;
  • ability to commit sufficient time to the role, given other commitments;
  • (for independent non-executive directors) the independence of the individual from the firm, its senior management, Board members and shareholders, and from political interference;
  • the overall composition of the Board - the collective knowledge and expertise required for the Board to exercise effective oversight of the executive management. 
Require Firms to Assess the Suitability of Key Individuals

In addition to whatever recruitment policies and procedures they would normally operate, regulated firms should be required to assess the suitability of key individuals

  • when the firm is applying to be authorised;
  • when individuals are proposed for appointment to relevant positions; and
  • whenever appropriate, for example as part of an annual assessment or when events make a re-assessment necessary in order to verify an individual’s continuing suitability. 

This in turn requires regulated firms to operate procedures, policies and record keeping for the selection and assessment of key individuals, including: 

  • the positions for which a suitability assessment is required;
  • the individuals or function responsible for performing the suitability assessment;
  • the assessment criteria to be used for each relevant position;
  • the information and evidence that an individual should provide to the firm;
  • where a key individual is to be appointed by the shareholders, procedures to ensure that shareholders are informed about the requirements for the position and the relevant profile of individuals before they are appointed;
  • policies on determining situations where a re-assessment of suitability should be performed;
  • the provision of training and development;
  • an annual assessment of the collective knowledge, skills and experience of the Board;
  • reporting to the supervisory authority on appointments, and on policies and procedures more generally.   

If a firm’s assessment (or re-assessment) concludes that an individual is not suitable to be appointed to a key position then that individual should not be appointed, or if the individual has already been appointed, the firm should either replace this individual or take steps (such as further development or training, or adjusting the role and responsibilities of the individual) to ensure the suitability of the individual in a timely manner. 

Establish an Approach to Supervisory Assessment

Supervisors need to decide the extent to which they are going to undertake their own assessments of key individuals, and how this will be undertaken.  

This will depend on a wide range of factors, including: 

Statutory legislation – this may prescribe the types of firm and the roles that require some form of supervisory assessment of key individuals (this may also differ by sector); when supervisory assessments are required; and some high-level indication of assessment criteria. Legislation may also constrain the extent to which supervisors can intervene in decisions made by regulated firms. 

Supervisory resources – resource availability may constrain the extent to which a supervisory authority can undertake suitability assessments. 

Supervisory trust in firms – supervisors may decide to rely more (or less) on firms’ own suitability assessments. 

Risk-based supervision and proportionality – supervisory intensity and resource allocation should be determined at least in part by where the greatest risks lie. Supervisory assessments of suitability may therefore vary across different types of role, different types (by sector) of firm, and different risk profiles of firms. Supervisory assessments of suitability might then be more intensive for the most senior key individuals at high impact and high risk firms. 

Intervention powers – the nature of suitability assessments may be determined in part by the intervention powers available to a supervisor. 

Given these high-level considerations, supervisors need to: 

Monitor the effectiveness of the policies and procedures governing suitability assessments undertaken by firms. This should be part of continuing supervision, although in practice the intensity of this will be driven by the risk-based approach. For smaller firms, there may be scope to review practices in a sample of firms (a “thematic” review) or to pursue individual firms where events or other information suggests that these firms have weak procedures for assessing the suitability of key individuals.

 Establish a fair and transparent suitability regime. Supervisors need to establish (and publish details of) a clear and fair suitability regime. In addition to scope (of the firms and key individual roles covered by the regime), the regime should include:

  • An application or notification procedure.  A supervisor may require a formal prior application from each firm for each key individual appointment, or some form of pre- or post- notification from each firm of the appointment (or intention to appoint) a key individual. 
  • Rules as to when and how such applications or notifications need to be made. This is likely to include some standard forms. 
  • The minimum (written) information required from firms about key individuals (pre- or post- appointment), including the position for which the individual will be (or has been) appointed; name and detailed CV; education and professional training; professional experience; references from past employers; statements relevant to the assessment of an individual’s propriety (as listed above); and a record of the firm’s own suitability assessment and identification of the individual’s training and development needs.
  • The powers of supervisors to request additional information.
  • The powers and procedures of supervisors to cooperate and share relevant information with other supervisors and agencies, nationally and cross-border.
  • The assessment criteria that the supervisor will apply. This might include specific minimum requirements for certain roles, such as education and qualifications[12]; years and types of prior experience; indicators of a lack of propriety; and (for independent non-executive directors) time commitment, number of other directorships, and indicators of a lack of sufficient independence.
  • The processes by which a supervisor will determine whether the assessment criteria are met. This may differ across roles and across firms. At one extreme this may amount to nothing more than a reliance on the firms itself, or a quick review of the information provided on an individual’s propriety, past experience and professional qualifications. At the other extreme a supervisor may undertake a detailed review of all the information provided, may request additional information, and may interview some individuals (if this is in accordance with national law) when facts or circumstances raise doubts about the propriety, integrity or character of an individual (for example the individual’s decisiveness, strategic vision, judgment on risks, leadership, independence of mind, persuasive power, and the ability and willingness to engage in continuous learning and development), or in order to undertake a more thorough assessment of an individual’s knowledge, experience and skills and how these relate to the role that the individual will be undertaking.
  • Time periods for undertaking a suitability assessment and the communication of the outcome.
  • Whether the supervisor will grant an explicit approval (or refusal) of the appointment of a key individual, or operate a non-objection (silent consent) or objection regime.
  • Process and procedures (if any) for a firm (or an individual) to appeal against a supervisory decision on suitability.   

Establish the supervisory authority’s internal organisational arrangements for the supervisory assessment of suitability, including the division of responsibilities between the department(s) responsible for the continuing supervision of individual firms and any separate department responsible for the authorisation of firms. 

Supervisory Intervention

The banking and insurance core principles state clearly that supervisors are expected to have powers and tools in place to intervene when key individuals do not meet the assessment criteria for suitability, both at appointment and on a continuous basis thereafter.   

The powers and tools available to supervisors will depend on national legislation and on the regulatory requirements in force. The options available to supervisors therefore differ across jurisdictions, but may include some or all of: 

  • In cases where a firm’s own policies and procedures for assessing the suitability of key individuals are judged to be inadequate by the supervisory authority, or where a firm fails to provide sufficient information to the supervisory authority, the supervisor should be able to use whatever corrective measures it has available to it in the case of any breach of regulatory requirements. These might include, for example, issuing a direction to the firm to put the necessary improvements in place.
  • Where the assessment of the suitability of individuals is part of the authorisation procedures for a firm seeking authorisation, the supervisor should have the power to refuse to grant authorisation unless the proposed key individuals are individually and collectively suitable.
  • Where a specific individual (or set of individuals) proposed or appointed to a key function is judged to be unsuitable by the supervisory authority, the supervisor should have the power to object to, or not to approve, the appointment of that individual. If the individual has already been appointed, the supervisor should have the power to require the firm to replace that individual. In practice the supervisor may begin in such cases by indicating to the firm that it is “minded” to object, and then expect the firm to withdraw the proposal accordingly. 
  • In some cases the supervisor may, in effect, impose conditions on an approval of suitability, for example by requiring that the relevant individual receives further training and development, is subject to a probationary period after which a further assessment will be undertaken, or that the role and responsibilities of the individual are adjusted.
  • Where an individual is already performing a key function and is subsequently judged by the supervisory authority to be unsuitable, the supervisor should have the power to prohibit that individual from continuing to perform key functions, and to require the firm to replace that individual with a suitable individual. 
  • Where the supervisor judges that the Board or senior management team of a firm lacks the necessary collective knowledge, skills or experience, the supervisors should have the power to require the firm to alter the overall composition of the Board or senior management team. For example, a supervisor may judge that the Board of an insurance company requires more non-executive directors with insurance expertise and experience, and could then refuse to approve any new non-executive director unless that individual could demonstrate sufficient insurance experience and expertise. 
  • Even where a supervisor has only limited intervention powers relating specifically to key individuals, it may be able to effect changes through other routes.  For example, concerns about the suitability of key individuals at director and senior management level could feed into supervisory judgements about the extent to which a firm meets the required standards of corporate governance. 
  • More generally, supervisors should have the power to impose higher “Pillar 2” capital requirements on a firm until suitability concerns are addressed, and ultimately to withdraw the authorisation of a firm in cases where a firm was unwilling or unable to appoint suitable key individuals.  

As with other types of supervisory intervention, the appropriate corrective measures will depend on the circumstances.  Supervisors need to decide how tough they want to be in reaching supervisory judgements; how tough they can be in intervening given the constraints on their formal powers; the extent they want to rely on a firm responding positively to informal guidance from the supervisor; and ultimately their appetite and ability (in terms of the resources and weight of evidence required) for pursuing formal intervention against a firm. This in turn may also depend on much broader issues, including the extent to which the supervisory authority would have political and public support for formal interventions.    

Related Issues

Many other issues may arise that are relevant to the establishment and operation of a suitability regime.   

First, how can a suitability regime apply effectively in countries with some combination of (a) state owned firms, where the Minister of Finance (or other politicians or government departments) appoint key individuals (who may themselves be government officials); (b) family owned firms (or other forms of concentrated shareholdings) where a dominant shareholder(s) appoint key individuals; (c) a high level of cronyism (appointing friends and relations); (d) a relatively small financial sector in which “everyone knows everyone else”; and (e) a supposed shortage of suitable alternative candidates?   

It is important not only to recognise these constraints but to address them in a measured and sensitive manner. For example: 

  • Irrespective of these constraints there is value in supervisors setting out clearly their expectations of the qualities that key individuals should exhibit. Even a political or family appointee to a key position in a firm should be made fully aware of their responsibilities under the regulatory regime and of the integrity, skills and experience that they should bring to the role.         
  • Similarly, firms should be made aware of any failings in their own recruitment and selection procedures, and where there are individual and collective shortcomings against the required qualities of key individuals.
  • In many cases it may be easier for supervisors to take action against a firm than against individuals – so even if unsuitable individuals are appointed because the “point of entry” controls are weak, a supervisor may be able to impose restrictions and requirements on a firm if some of its key individuals are judged to be unsuitable.        

Second, because a suitability regime involves supervisors taking decisions about individuals who may be known to supervisors on a personal basis, this accentuates some of the factors that may lead more generally to a weak and ineffective supervisory approach, including (i) career and financial concerns, where supervisors might hope to be employed by a supervised firm in the future; (ii) an unwillingness to reach judgements based on subjective and difficult to measure assessment criteria such as those relating to an individual’s propriety, integrity and knowledge; (iii) an unwillingness or inability to intervene[13]; (iv) a lack of the necessary persuasion skills (or “leverage” over a firm) to obtain good outcomes without formal intervention; and (v) difficulties in demonstrating a lack of compliance with laws and regulations that may be expressed at a high level of generality (for example a requirement that key individuals be “fit and proper”). 

Again, there are no easy and simple solutions, not least because in this context the constraints on operating an effective suitability regime are part of the wider supervisory approach. So perhaps a more interesting question for a supervisor to ask is whether they are taking a less (or more) tough approach with respect to their suitability regime than they are with respect to other aspects of supervision, or whether they are differentiating within their suitability regime between “easy targets” and “hard targets” – so some firms or individuals are treated more leniently than others.  

Third, supervisors should remain alert to gender and other diversity issues when operating a suitability regime.[14] For example, if the assessment criteria for suitability include previous experience in financial services, or minimum educational and professional qualifications, does this disadvantage some groups of individuals that are already under-represented in the financial sector or (for whatever reason) lack access to formal education? Is there a risk of creating self-perpetuating imbalances in access to senior positions in financial services? Another example would be where firms claim that it is difficult to find independent non-executive directors, when they are limiting their search to half the adult population.    


An effective suitability regime is important – if the wrong people are overseeing or managing firms, or interfacing with customers, clients and counterparties, this is likely to lead to bad outcomes. 

The design and implementation of an effective suitability regime is difficult – there are multiple considerations relating to supervisory powers, defining the scope and nature of the regime, and intervening on the basis of subjective judgements against qualitative assessment criteria.     

Supervisors should consider whether they have a suitability regime that is aligned with their supervisory objectives – the main purpose of this note is to enable supervisors to ask themselves the right questions about their suitability regimes and to help them to build some solutions.  The absence of a single “one size fits all” solution makes this both more difficult and more interesting.   


Core Principles for Effective Banking Supervision.  Basel Committee on Banking Supervision.  September 2012. 

Insurance core principles.  International Association of Insurance Supervisors.  November 2015. 

Additional Readings

The making of good supervision:  Learning to say “no”.  IMF Staff Position Note.  May 2010. 

Guidelines on the assessment of the suitability of members of the management body and key function holders. European Banking Authority. November 2012.

Corporate governance principles for banks.  Basel Committee on Banking Supervision. July 2015.

Improving Corporate Governance in Regulated Firms. Toronto Centre Supervisory Guidance Series.

January 2016.

Consultation Paper on Joint ESMA and EBA Guidelines on the assessment of the suitability of members of the management body and key function holders. European Securities and Markets Authority and European Banking Authority. October 2016. 

Consultation Paper on Review of Competency Requirements for Representatives Conducting Regulated Activities under the Securities and Futures Act and Financial Advisers Act. Monetary Authority of Singapore.  December 2016.

Strengthening individual accountability in banking. UK Prudential Regulation Authority. May 2017. 

Strengthening individual accountability in insurance. UK Prudential Regulation Authority. May 2017.

Guide to fit and proper assessments. European Central Bank. May 2017.


[1] This note was prepared by Clive Briault, an independent consultant on risk and regulation issues and Chair of the Toronto Centre Banking Advisory Board.

[2] This note refers primarily to a “suitability” regime for key individuals, although some supervisors may be more familiar with descriptions such as “licensing”, “authorisation”, “approval” or “pre-approval”, or “fit and proper” regimes for individuals. The use of “suitability” here should not be confused with the suitability of customer/client recommendations by financial advisers and securities firms.

[3] “Key individuals” refers in this note to individuals appointed to – or proposed to be appointed to – whichever roles and functions (referred to in this note as “key roles”) in a regulated firm are designated by legislation, or by a regulatory or supervisory authority, to be covered by a suitability regime. This designation differs across countries, and often differs across different types of firm within countries.   

[4] For brevity, this note refers to regulated financial institutions as “firms”. 

[5] In some countries, firms have a ‘unitary’ Board which contains both executive and non-executive directors. In other countries, firms have a two-tier Board structure, in which a ‘supervisory’ Board, consisting entirely of non-executive directors, sits above and oversees a management Board of executive directors. In this note “Board” is used to apply to both unitary and supervisory Boards, since the roles and responsibilities of these types of Board are broadly similar. 

[6] See also the Toronto Centre’s Supervisory Guidance Note on “Improving Corporate Governance in Regulated Firms”. All documents referred to in this note are listed in the References and Additional Readings.

[7] In addition, the draft European Securities and Markets Authority and the European Banking Authority joint guidelines on suitability demonstrate the applicability of a suitability regime to a wide range of securities firms.

[8] For example, a supervisor might consider whether its supervisory reviews and on-site inspections of a firm provide any evidence or indication that a key individual may no longer be suitable.   

[9] So an individual might be judged to have sufficient positive attributes to undertake role 1 in firm A, but not role 2 in firm A, and not sufficient for any role in firm B (which may be larger, more complex or more systemically important than firm A).

[10] For example, a supervisor may be reluctant to take supervisory action against a firm or an approved key individual if that individual subsequently causes the breach of a regulatory requirement; or a supervisor may be concerned that it is acting as a “shadow director” of a firm.     

[11] The UK’s “Senior Manager Regime” provides an alternative way of defining the scope of a suitability regime, by applying a relatively intensive supervisory assessment to key individuals in a narrow set of roles and functions, while requiring the firm to operate its own internal suitability regime for a much wider range of functions, including customer-facing roles. In addition, a specific key individual has to be designated by the firm as being responsible and accountable for how the firm operates its own suitability regime.       

[12] See, for example, the Monetary Authority of Singapore’s approach to the minimum qualifications of relevant staff in securities firms.

[13] See, for example, the IMF paper on learning to say “no”.

[14] The draft ESMA and EBA guidelines on suitability make explicit reference (in section 13) to diversity issues, in the context of the collective suitability of a firm’s Board.