Hello there, are you ‘Fit and Proper’?

Let’s be honest, “Are you ‘Fit and Proper’?” isn’t usually the first question one asks when starting a conversation. There are plenty of other options —and probably more enticing ones— for small talk. 

Of course, this also depends a little bit on where you live. Here in Luxembourg, chatting about the grey weather and the arrival of Christmas markets are particularly more fitting —pun intended—options. However, if you work in the financial sector, it isn’t completely impossible that someone will ask you this question at some point. So, let’s try again:

Don’t have time to read the whole blog entry? Then watch our “Blog in 1 minute” video for a quick summary of its main points:

“Are you fit and proper?” If you don’t know what to answer right away, well, no worries.

Instead, let’s try the following—by the end of this blog, you will be able to give us an answer. Or, at least, you will understand a little bit better why a question that seems so general—or, for many of us, quite vague—is actually becoming increasingly important in the context of our financial environment.

Indeed, if past crises have taught us anything, it’s that repeated inappropriate decisions could potentially have critical impacts. In fact, behind an unfitting decision, there were often  individuals with responsibilities who failed to identify—or didn’t sufficiently consider and analyse— potential risks and impacts. 

Similarly, there were probably good proposals that weren’t considered during key meetings as certain voices weren’t heard by the rest of the group.

To be clear, we know that no one’s perfect, and even with the most knowledgeable and experienced people involved, it isn’t always possible to find the perfect solution, especially for entities of the financial sector such as banks and investment firms. 

But, that said, without aiming for perfection, how can we ensure that our management is the most suitable to establish a thoughtful and risk-based approach, as well as a clear governance and effective internal reporting mechanisms on an ongoing basis?

What we are actually talking about

Behind what we refer to as ‘Fit and Proper’ requirements lies a key issue within the banks and investment firms’ internal governance: how to ensure and adequately document the individual and collective suitability (or ‘fitness & properness’) of members of the management body and key functions holders, including the following key stakeholders of such entities:

  • Board members; 
  • Authorised managers;
  • Key function holders (which can either designate the Chief Compliance Officer, the Chief Risk Officer, the Chief Internal Auditor and, when applicable, the Chief Financial Officer).

These rules on the individual and collective suitability of members of management bodies have been considerably strengthened since 2020, and more recently through the CSSF Circulars 12/552, as modified, and 20/758 (Circulars on central administration, internal governance and risk management for banks and investment firms respectively). 

They reflect the changes brought by the Joint ESMA and EBA Guidelines on the assessment of the suitability of members of the management body and key function holders, or mainly referred to here as the “Guidelines”. 

Formerly applicable to significant institutions only, these rules have been extended to all banks and investment firms, regardless of their size and volume of activities. The suitability assessments must now be performed every two years for less significant institutions and annually for significant institutions.

In addition, the Guidelines reinforce the criteria for the evaluation of individual and collective suitability through the introduction of more binding factors based on the following four pillars:

  1. Having the adequate knowledge, skills and experience for the position concerned

In addition to taking into account the experience in the “classical” sense —for instance, previous jobs held and type of responsibilities, specific training or certification obtained, among others— the Guidelines provide function-specific requirements to be considered.

They also present a list of criteria for guiding the assessment, ensuring that members of the governing body and key function holders demonstrate a high level of competence in a wide range of areas. 

This includes elements such as “chairing meetings” or “strategic acumen,” which would be considered essential, for instance, for a board member, as well as topics involving the largest number of individuals, such as “stress resistance” and “team work”. 

  1. Having the honesty, integrity and reputation required 

Here again, in addition to considering more standard elements, such as criminal records or past measures taken by a regulatory body, the Guidelines ensure that honesty, integrity and reputation are assessed in depth. This is done by taking into account a wide range of sanctions, procedures and investigations, including, for instance, the following examples:

  • Past and present business performance and financial soundness, including being a defaulting debtor or business performance of entities owned or directed;
  • Any refusal or loss of any membership, licence to carry a business or profession;
  • Any ongoing investigations resulting from judicial or administrative procedures or analogous regulatory investigations;
  • Any evidence, generally speaking, of a behaviour not aligned with the highest standards of conduct.

Concretely, the proposed criteria reinforce the importance and depth to be given in the analysis of information to confirm an exemplary and honest behaviour, both on and off the job, for the level of position and responsibilities concerned.

  1. Being independent

It’s important to understand that independence, according to the Guidelines, isn’t considered only in the classical sense in terms of preventing conflicts of interest. Of course, the assessment should fully consider elements such as “economic interests”, “personal or professional relationships” or “political influence and relationships,” which may create situations of conflicts of interest with the entity. 

By the way, note that the latest updates of the Guidelines and their implementation into the CSSF Circular 12/552 (as amended), applicable to banks, introduced new detailed rules on the prevention of conflicts of interest.

That said, the review should also focus on the “independence of mind” of the person concerned, meaning in his or her capacity to demonstrate independence and resist “groupthink”. 

This requirement would be also key, for instance, for board members —both in the initial appointment as a new member and on a more periodic basis— to assess, through the ongoing monitoring of the conflicts of interest and based on the meeting minutes, whether the member has been able to challenge opinions or develop and actively share arguments with the rest of the group during previous meetings. 

In addition, we would like to outline that having a diverse composition of members is key to reinforcing independence —but we will focus on that in a moment, so please stay with us.

  1. Having time to devote to the position, with the necessary seriousness and commitment

Similarly to knowledge and experience, availability for a given position is a key criteria. The Guidelines also provide a framework to help achieve a comprehensive analysis on this aspect.

Hence, the assessment needs to take into account other mandates, professional obligations or non-professional activities, possible voluntary work or political involvement, to determine the overall time required to fulfil such commitments

Here again, this analysis is to be monitored on a periodic basis, to evaluate whether the person has been actually able to provide sufficient and adequate work for the position concerned. 

To achieve this, the review should consider, for instance, if the person has been able to set aside enough time to prepare and attend for meetings; or if any long-term accumulated absence has occurred because of other professional commitments, which then ultimately had an negative impact on the bank or investment firm that the person works for and has responsibilities.

Collective suitability

In addition to this individual dimension, there is a collective component aimed at determining whether the management body has a thorough knowledge of the institution’s business and the risks to which it’s exposed.

The assessment of collective capacity is also complex in practice, mainly because of the number of profiles to be assessed jointly, as well as due to the multiple aspects to be taken into account, such as:

  • The ability to make appropriate decisions based on the institution’s business model, risk appetite or strategy;
  • The ability of the board to challenge the decisions of the authorised management;
  • Sufficient knowledge in a wide range of areas, including risk management, financial accounting and the regulatory environment.

As with the individual analysis, the quality and completeness in terms of criteria of the formalisation of the collective analysis are key.

Promoting diversity

Even if it isn’t considered as an additional criterion for the assessment of the members’ individual suitability within the “four pillars” of the Guidelines, as previously described, diversity remains essential in the context of the ‘Fit and Proper’ assessment. 

Indeed, when reaching a decision during the individual assessment, it’s important to take into account the fact that a more diverse management body fosters a richer, more constructive dialogue based on different points of view. 

In fact, diversity is the best way to counteract the “groupthink” phenomenon and reinforce independence.

To achieve a more diverse composition, the entity should consider aspects such as educational and professional background, age, gender and geographical origin. In particular, institutions should take measures to ensure that gender balance is taken into account when selecting members of the management body.


To be effective, entities are required to incorporate the ‘Fit and Proper’ assessment into a clear and coherent process, which is based on a dedicated mandatory ‘Fit and Proper’ policy. This policy is implemented in line with the Guidelines we mentioned throughout this blog. 

Above all, entities should delineate and document the analysis in a comprehensive report, which reflects the methodology applied, the elements listed in the analysis, if shortcomings have been identified and the possible decisions and action points required.

The ‘Fit and Proper’ assessment is, therefore, central to the existence of strong internal governance mechanisms, contributing to a transparent, independent and well-founded decision-making process.

In turn, it makes banks and investment firms less vulnerable to excessive risk-taking and better able to withstand external shocks. Moreover, ‘Fit and Proper’ also contributes to promoting diversity of views within the management body, strengthening the independence of the decision-making process and, consequently, its legitimacy.

So… are you fit and proper?

What we think
Cécile Liegeois, Regulatory and Audit Partner at PwC Luxembourg
Cécile Liégeois, Banking Regulatory Partner at PwC Luxembourg

Beyond its regulatory component, you should think of the ‘Fit and Proper’ rules as a mechanism to enhance and expand the level of experience and competence of the management body while ensuring that the latter is sufficiently diverse in its composition.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top