In recent years, diversity and inclusion (D&I) in the financial services sector has become a focus for regulators around the world. Individual regulators, however, have taken different approaches to D&I to reflect the local socio-economic environment.

Below, we provide a high-level summary of the position across a number of key jurisdictions updating our table published on 6 December 2023.

JurisdictionSummary of regulatory regime relating to D&I in financial servicesNorton Rose Fulbright regulatory contact
  Asia  
China
[Updated 11.12.24]
China does not have an overarching legislation or regulatory framework governing D&I. Under various People’s Republic of China (PRC) laws and regulations on employment, several characteristics of individuals are protected from discrimination in employment, such as nationality, race, gender, religious belief and disability (Protected Characteristics). According to a guiding case published by the Supreme People’s Court of China, any characteristic that is not directly related to the requirements of work shall not be the reason for the individuals having such characteristic to be treated differently in employment. This essentially means that unless any characteristic will affect a candidate’s or employee’s ability to fulfil their work duties, an individual having such characteristic shall not be treated differently in employment, e.g. not being hired for that characteristic. Although China is not a common law jurisdiction, the judgments published by the Supreme People’s Court from time to time do provide referenceable guidance to juridical practice in China. Therefore, by applying the same principles in the aforesaid guiding case, certain other characteristics, such as sexual orientation and household registration may also be regarded as falling within the scope of Protected Characteristics.

China has also issued laws and regulations to protect individuals with certain specific characteristics (e.g. physical disability) in the workplace. Under the relevant law, at least 1.5% of a firm’s total number of employees must be disabled persons. If a firm fails to meet this requirement, it shall make contributions to the disabled employment security fund (which is used to support the employment and livelihood of disabled persons).

PRC laws and regulations also expressly prohibit certain discriminatory behaviours. Amongst other things, employers are not allowed to include pregnancy testing in the employee’s onboarding medical examination, and are also prohibited from placing any restriction on marriage or childbirth or the candidate’s marriage or childbirth status as a pre-condition for hiring female employees. In August 2024, the Ministry of Human Resources and Social Security issued a notice to strengthen the supervision of employment discrimination and prevent employers and human resources service agencies from publishing recruitment information that contains discriminatory content based on gender, age, education and other Protected Characteristics.
Sun Hong, Partner
Hong Kong
[Updated 11.12.24]
There is no overarching regulatory framework targeting D&I in the financial services sector, although a number of specific regulatory developments indicate that financial services regulatory and supervisory bodies in Hong Kong are focussing on D&I.

For example, on 6 October 2017, the Hong Kong Monetary Authority (HKMA), published a revised version of its Supervisory Policy Manual module CG-1 “Corporate Governance of Locally Incorporated Authorized Institutions” (SPM CG-1). This sets out the minimum standards which the HKMA expects locally incorporated authorized institutions to adopt in respect of their internal corporate governance procedures. Paragraph 2.10.2 of SPM CG-1, specifically, stipulates that an authorized institution must publicly disclose, whenever relevant but at least annually, the approach for recruitment and selection of members of the board (in so far as the sensitivity of the information will not be disadvantageous to the authorized institution) and ensure appropriate diversity of skills, backgrounds and viewpoints. Additionally, pursuant to paragraph 4.2.1 of SPM CG-1, the board of authorized institutions should be composed of board members who possess a range of knowledge and experience in relevant areas and varied backgrounds to promote a diversity of views.

The Hong Kong Stock Exchange (HKEX) has imposed D&I requirements on its members. Since 2016, listed companies have been required to disclose details regarding the composition of their workforce, such as gender, age and employment type, under the environmental, social and governance reporting framework. On 1 January 2022, the HKEX amended its Listing Rules (LR), including the Corporate Governance Code (Code), with the aim of increasing diversity on its issuers’ boards. The HKEX stated that issuers’ boards that are only composed by members of one gender will be in contravention of its Listing Rules. Issuers will have a three-year transition period in which to comply, meaning that issuers must appoint a director of a different gender (to the majority of the board) by no later than 31 December 2024. On 1 January 2025, further enhancements to the LR and the Code will come into effect, including new requirements for the nomination committee to comprise directors of different genders, issuers to have and disclose a workforce diversity policy (including senior management) and to require an annual review of the implementation of the board diversity policy. Additionally, issuers are required to disclose and explain their board diversity policies (as well as any progress made in respect of these), including sharing a number of metrics such as how and when gender diversity will be achieved, the numerical targets and timelines proposed, and measures the company has adopted to develop a pipeline of potential successors to the board. The HKEX also has introduced various initiatives to help issuers adapt to these changes, including providing an online director training programme covering board diversity, and issuing detailed guidance for boards and directors. The HKEX also hosts an annual boardroom insight event to promote board diversity.

Also of note, financial services institutions must comply with employment legislation and regulations which may impose obligations in respect of D&I in the workplace.

The Equal Opportunities Commission (EOC), established in 1996, is a statutory body responsible for implementing ordnances regulating workplace discrimination and harassment. These ordnances include: the Sex Discrimination Ordinance (enshrining the prohibition of discrimination on the grounds of sex as well as pregnancy and marital statuses), the Disability Discrimination Ordinance, the Family Status Discrimination Ordinance and the Race Discrimination Ordinance (which also prohibits discrimination on the basis of colour, descent and national or ethnic origin). Effective from June 2021, Discrimination Legislation (Miscellaneous Amendments) Ordinance 2020 also categorises breastfeeding as a protected characteristic.

While there is no express requirement in any of the anti-discrimination ordinances for employers to implement D&I measures in the workplace. However, each of the anti-discrimination ordinances is supported by an underlying code of practice – guidance issued by the EOC on the practical steps employers should take to comply with their legal duties. Each code of practice recommends that employers implement a clear and comprehensive equal opportunities policy that contains certain key details (e.g., that employees know where to make complaints of discrimination or harassment), and that they conduct equal opportunities training on their respective grounds. While the codes of practice are technically non-binding as a matter of law, the EOC or a court will consider the extent to which an employer, including employers in the financial services sector, has complied with them for the purposes of determining liability.

Other schemes launched by the EOC include the Racial Diversity and Inclusion Charter for Employers, which offers a checklist of D&I policies and practices for business to facilitate the pursuit of D&I objectives. Additionally, the EOC has introduced the Equal Opportunity Employer Recognition Scheme to promote the values of equal opportunities, D&I in the workplace, and recognise the achievements of employers that demonstrate a commitment to implementing policies and practices on these values.
Etelka Bogardi, Partner
Singapore
[Updated 11.12.24]
While the D&I regulatory landscape in Singapore has been gradually evolving, there are still disparities in both stringency and regulatory reach.

While there remains no overarching legislation or regulatory framework in Singapore targeting D&I issues, one notable set of D&I stipulations is the requirement for all companies listed on the Singapore Exchange to:
• maintain a board diversity policy that addresses gender, skills and experience, and any other relevant aspects of diversity; and
• describe in its annual report its board diversity policy, including:
o the company’s measurable targets to achieve diversity on its board;
o the company’s accompanying plans and timelines for achieving the targets;
o the company’s progress towards achieving the targets within the timelines; and
o a description of how the combination of skills, talents, experience and diversity of its directors serves the needs and plans of the company.

These mandatory requirements are part of the Singapore Exchange Regulation’s Listing Rules on public disclosure through annual reports, and are supplemented by guiding principles in the Code of Corporate Governance (Singapore Code) and Practice Guidance issued by the Monetary Authority of Singapore (MAS). Since August 2018, the Singapore Code has provided, on a comply-or-explain basis, that the board of directors of listed companies should (among other things): (i) have diversity of thought and background in its composition to enable it to make decisions in the best interests of the company; and (ii) comprise directors who as a group provide the appropriate balance and mix of skills, knowledge, experience, and other aspects of diversity such as gender and age, so as to avoid groupthink and foster constructive debate. Listed companies may incorporate other aspects of diversity as are relevant for the company.

To take into account the unique characteristics of the banking and insurance industries, the MAS has also released Guidelines on Corporate Governance (Singapore Guidelines) for designated financial holding companies, banks, direct insurers, reinsurers and captive insurers incorporated in Singapore (collectively, Singaporean Financial Institutions). The Singapore Guidelines incorporate the Singapore Code (including the D&I requirements of the Singapore Code as mentioned above), as well as additional guidelines issued by the MAS to address the diverse and complex risks undertaken by Singaporean Financial Institutions and their responsibilities to depositors, policyholders and other customers. Among other things, the MAS expects and/or encourages Singaporean Financial Institutions (both listed and non-listed) to observe the Singapore Guidelines and disclose (in the Singaporean Financial Institution’s annual report or website) its board diversity policy and the progress made towards implementing it.

Recognising that flexible work arrangements are an increasingly important part of inclusive workplaces, the Singapore Ministry of Manpower also recently announced the Tripartite Guidelines on Flexible Work Arrangement Requests, which will come into effect on 1 December 2024 and require employers to fairly consider formal requests from employees for flexible work arrangements.

As mentioned above, there is currently no overarching law or regulation requiring companies in Singapore to either: implement D&I strategies/policies; or monitor, report, and/or disclose any D&I data to the regulators or the public. Companies in Singapore that wish to voluntarily collect and monitor D&I statistics of their employees (and prospective employees) should take the necessary precautions to avoid breaching other laws, particularly in relation to workplace discrimination and personal data protection (as elaborated upon below).

Regarding workplace discrimination, the Singapore Government is planning to implement new Workplace Fairness Legislation (WFL), which is expected to come into force in 2026 or 2027. The upcoming WFL will apply to all companies with 25 employees or more and prohibit them from making any adverse employment decision in respect of the following five sets of characteristics (the Protected Characteristics): (i) age, (ii) nationality, (iii) sex, marital status, pregnancy status, caregiving responsibilities, (iv) race, religion, language, and (v) disability and mental health conditions, in all stages of employment (i.e., pre-employment (recruitment), in-employment (e.g., promotion, performance appraisal, training selection) and end-employment (e.g., dismissal) stages). The WFL will also expand the range of enforcement levers available against the companies and persons responsible to include remedial action and financial penalties (in addition to the existing enforcement lever of curtailment of work pass privileges), which will allow more calibrated action to be taken against offenders.

Workplace discrimination based on characteristics other than the Protected Characteristics will remain covered by the existing Tripartite Guidelines on Fair Employment Practices (TGFEP), which are non-legally binding recommendations that set out the overarching principles of fair employment based on merit (such as skills, experience or ability to perform the job). Companies should therefore ensure that their existing policies and practices align with both the TGFEP and the WFL, and that information (in particular, information within the scope of Protected Characteristics) collected by the company for D&I purposes is not misused – or perceived to be misused – as a basis for workplace discrimination.

From a personal data protection perspective, companies should avoid any unnecessary collection of personal data of employees (and prospective employees) solely for D&I purposes, as the obligations under the Singapore Personal Data Protection Act 2012 relating to the collection, usage, transfer and protection of personal data would apply to any such personal data obtained.
Wilson Ang, Partner

Clare Chia Ming Lee, Associate Director Ascendant Legal  
Japan
[Updated 11.12.24]
Although D&I issues appear on the regulatory agenda, Japan has yet to pass any legislations specifically targeting the financial services sector.

Regardless of sectors, all companies listed on the Tokyo Stock Exchange (TSE) are subject to the Corporate Governance Code, as revised on 11 June 2021 (the Code). The Code provides that:
• company boards should be constituted so as to achieve diversity of, among others, gender, international experience, work experience and age (Principle 4.11 of the Code);
• companies should promote diversity of personnel, including active participation of women (Principle 2.4 of the Code);
• companies should present their policies and voluntary and measurable goals for ensuring diversity in core human resources, such as the promotion of women, foreign nationals and midcareer hires and disclose the status of implementation (Supplementary Principle 2.4.1 of the Code); and
• companies should present their policies regarding human resource development and internal environment development to ensure diversity as well as the status of implementation (Supplementary Principle 2.4.1 of the Code).

It should be noted however that the Code has adopted a “comply or explain” approach; compliance with the Code is not compulsory, but if a company determines not to comply with the Code, it then must explain the reason for such non-compliance (see e.g. Rule 436-3 of the Securities Listing Regulations of TSE).

Companies in the financial services sector must also comply with their D&I obligations under generally applicable law, such as:
• the Labour Standards Act (Act No. 49 of April 7, 1947, as amended), which prohibits (i) discrimination on the basis of a worker’s nationality, creed or social status (Article 3) and (ii) unequal pay between men and women (Article 4);
• the Act on Equal Opportunity and Treatment between Men and Women in Employment (Act No. 113 of July 1, 1972, as amended), which prohibits (i) discrimination on the basis of a worker’s sex in various matters related to work including recruitment (Article 5), assignment, promotion, training, benefits etc. (Article 6) and (ii) disadvantageous treatment due to a worker’s marriage, pregnancy, childbirth (Article 8) and response to sexual harassment (Article 11) and requires employers to take necessary measures for female workers during their pregnancy and after their childbirth;
• the Act on the Promotion of Women’s Active Engagement in Professional Life (Act No. 64 of September 4, 2015, as amended), which requires (i) employers with more than 100 full-time employees to regularly publicise information regarding women’s active engagement in professional life in their business and (ii) employers with more than 300 full-time employees to disclose the wage gap between male and female workers (Article 20; the Ministerial Order on the Plan of Action for General Employers based on the Act on the Promotion of Women’s Active Engagement in Professional Life, as amended);
• the Act on Advancement of Measures to Support Raising the Next-Generation Children (Act No. 120 of July 16, 2003, as amended), which will require, following the amendment to come into effect in 2025, (i) employers with more than 100 full-time employees to formulate an action plan and set an monitor numerical targets in respect of childcare leave etc and (ii) employers with more than 300 full-time employees to publicise the status of childcare leave taken by the employees (Article 12);
• the Act on Employment Security of Elderly Persons (Act No. 68 of May 25, 1971, as amended), which requires (i) employers having the mandatory retirement age under 65 years of age to either abolish such mandatory retirement age, raise it to 65 years of age or introduce a continuous employment system in order to secure employment up to the age of 65 (Article 9) and (ii) employers having the mandatory retirement age of 65 or older but under 70 to endeavour to secure employment up to the age of 70 (Article 10-2);
• the Act to Facilitate the Employment of Persons with Disabilities (Act No. 123 of July 25, 1960, as amended), which requires employers to employ a certain number of qualifying disabled workers calculated at a certain rate (currently 2.5% for private companies) (Article 43); and
• the Act on Promotion of the Understanding of Citizens about Diversity in Sexual Orientation and Gender Identity (Act No. 68 of June 23, 2023, as amended), which requires employers to promote their employee’s understanding of diversity in sexual orientation and gender identity and cooperate with the relevant measures of the national or local government (Article 6).

D&I has also been on the agenda for the Financial Services Agency, which published reports on gender diversity in the start-up ecosystem in July 2022 and the outcome of an online survey they conducted in December 2023. The reports did not, however, recommend many ‘hard’ measures such as quotas, although it referred to introducing gender-balanced guidelines in connection with events and gender-related requirements for government-funded loans and investments. The bulk of recommendations focused instead on creating a supportive ecosystem for female entrepreneurs, such as raising awareness of the issue and providing education and mentorship.

Useful links:
Japan’s Corporate Governance Code
Japan Financial Services Agency – Open Policy Lab Initiative
Akihiko Takamatsu

Saori Takahashi
Australia
[Added 11.12.24]
While the financial services sector itself does not have an overarching regulatory framework governing D&I, certain regulatory bodies seek to govern D&I more broadly.

All companies listed on the Australian Stock Exchange (ASX) (including certain financial services) are subject to the ASX Council’s Corporation Governance Principles and Recommendations (ASX Recommendations) requiring them to
• Implement and disclose a diversity policy.
• Set measurable objectives for achieving gender diversity in the composition of its board, senior executives and workforce generally and report on progress towards achieving those objectives, including disclosing the respective proportions of men and women on the board, in senior executive positions and across the workforce generally.
• If within the S&P/ASX300, have a measurable objective for achieving gender diversity in its board of not less than 30% of its directors of each gender within a specified period.

The ASX Council’s commentary also suggests that listed entities should implement KPIs for senior executes on gender participation within their areas of responsibility and advises entities to reduce the risk of ‘groupthink’ by retaining a diverse nominations committee beyond simply gender.

The proposed next edition of the ASX Recommendations includes the insertion of recommendation which defines gender diversity as a balanced board of at least 40% women / 40% men (and any gender for the remaining 20%) for entities in the S&P/ASX 300 Index.

These recommendations enliven the responsibility of companies in enhancing D&I in practice, which is consistent with the Workplace Gender Equality Act 2012 (WGE Act). The WGE Act requires certain non-private sector entities to submit annual reports to the Workplace Gender Equality Agency, which include disclosure of the workforce’s and board’s gender composition.

As Australian investors increasingly take a holistic view of sustainability concerns in relation to investment portfolios, large financial institutions have emphasised the importance of wide diversity profiles within its workforce and board. Of note, a former Deputy Chair of APRA opined that the increasing technicality and broadening of issues in the financial sector has illustrated the necessity of boards comprising a diverse range of backgrounds and perspectives to support better decision-making and strategies in line with stronger financial performances. This is particularly so in response to the growing diversity of sustainable investing products and strategies.
Helen Taylor

James Morris
  EMEA  
Belgium
[Updated 11.12.24]
See “EU” section below – at this stage there do not appear to be any Belgium-specific D&I projects executed or envisaged by the Belgian FSMA or the National Bank of Belgium. Anna Carrier, Director
EU
[Updated 11.12.24]
NOTE: the below is relevant to all EU Member States, in addition to any D&I initiatives by local financial services regulators.

EU financial regulations have continued to impose requirements aimed at increasing D&I in the financial sector. There are various issues to consider in this context:
• The Capital Requirement Directive IV (CRD IV) requires banks to consider the diversity of their management bodies when recruiting new members and to implement a diversity policy. In addition, significant institutions (in terms of their size, internal organisation and the nature, scope and complexity of their activities) are required under the CRD IV to set a target for the representation of the underrepresented gender in the management body and to take measures to increase their numbers. The European Banking Authority (EBA) and Member State competent authorities are also required to benchmark diversity practices in institutions’ management bodies and collect information on the gender pay gap of members of the management body.

CRD VI, which amends CRD IV, came into force on 9 July 2024. CRD VI includes new provisions on the integration of environmental, social and governance risks in, in-scope institutions’ governance structures. Under the new rules, in-scope institutions should have, as part of their robust governance arrangements and processes, an improved risk management framework, robust strategies, policies, processes and systems for identifiying, measuring, managing and monitoring environmental, social and governance risks over the short, medium and long term. In-scope institutions will be required to test their resilience against scenarios that reflect the impact of social changes and associated public policies on the long-term business environment. The new rules need to be transposed by the Member States in their national laws, and will apply from 11 January 2026.
• The Equality, Diversity and Inclusion Charter by the European System of Central Banks (ESCB) and the Single Supervisory Mechanism (SSM) was developed in 2022 in collaboration with Member State central banks and Member State competent authorities. The Charter is a voluntary set of shared principles, which will guide the signatories when they harness the diversity of their teams and increase the inclusiveness of their working culture and further a common vision for, and commitment to, equality, diversity and inclusion.
• Similar to those rules for banks, the Investment Firms Regulation (IFR) requires investment firms to disclose certain aspects of their remuneration policy and practice, including aspects related to gender neutrality and the gender pay gap.
• The EU has included obligations to provide diversity reporting as part of the corporate disclosures that large companies need to make under the Accounting Directive. The Corporate Sustainability Reporting Directive (CSRD) amended the Accounting Directive to introduce requirements for in-scope companies to report against the EU sustainability reporting standards (ESRS). With regard to social disclosures, the CSRD will require in-scope firms to disclose, among other things, the following social and human rights factors: equal treatment and opportunities for all, including gender equality and equal pay for work of equal value, training and skills development, the employment and inclusion of people with disabilities, measures against violence and harassment in the workplace, and diversity. The detailed disclosure requirements were published in the EU Official Journal in December 2023. The first reporting requirements will become applicable for large undertakings that are also public interest entities, that exceed an average of 500 employees during the financial year and public interest entities that are parent undertakings of a large group that exceed an average of 500 employees during the financial year, on the condition that they are already subject to the Non-Financial Reporting Directive. They will need to report against the ESRS in 2025 for the 2024 financial year. In 2024, a Regulation was adopted to postpone the deadline for the European Commission to adopt sector-specific reporting standards and standards to be used by certain non-EU companies by two years to 30 June 2026, meaning that sector-specific reporting has been postponed for the same period.
• The Corporate Sustainability Due Diligence Directive (CSDDD) was published in the EU Official Journal on 05 July 2024. The CSDDD sets out a horizontal work to foster the contribution of businesses operating in the single market to the respect of the human rights and environment in their own operations and through their value chains, by identifying, preventing, mitigating and accounting for their adverse human rights, and environmental impacts, and having adequate governance, management systems and measures in place to this end. CSDDD also introduces directors’ duties to set up and oversee the implementation of due diligence and to integrate it into the corporate strategy. In addition, when fulfilling their duty to act in the best interest of the company, directors must take into account the human rights, climate change and environmental consequences of their decisions. Where companies’ directors enjoy variable remuneration, they will be incentivised to contribute to combating climate change by reference to the corporate plan. The CSDDD will apply to companies in the EU and non-EU companies with more than 1000 employees and worldwide turnover of more than EUR 450 million; and franchises with a turnover of over EUR 80 million if at least EUR 22.5 million was generated by royalties. CSDDD becomes applicable to large companies with over 5000 employees and third-country undertakings with turnover of over EUR 1.5 bn. on 26 July 2027, and will be fully applicable for all in-scope companies from 26 July 2029.
• The Sustainable Finance Disclosure Regulation (SFDR) requires the disclosure of information about D&I policies for asset managers and investors. It aims among others to promote transparency in D&I within the financial sector and its main provisions have applied in Member States since 10 March 2021.
• The EBA and the European Securities and Markets Authority (ESMA) have issued joint guidelines on the assessment of the suitability of members of the management body and key function holders (the Joint ESMA and EBA Guidelines). The Joint ESMA and EBA Guidelines provide guidance on how diversity should be taken into account in the process of selecting board members.
• Separate Joint EBA and ESMA Guidelines on the suitability assessment of members of management covering issuers of asset-referenced tokens (ARTs) and crypto-asset service providers (CASPs), and Joint EBA and ESMA Guidelines on the suitability assessment of shareholders and members, whether direct or indirect, with qualifying holdings in issuers of ARTs and in CASPs were published on 27 June 2024. The Joint ESMA and EBA Guidelines provide guidance on how diversity should be taken into account in the process of selecting the management body here as well. The Joint Guidelines will become applicable six months after the publication of the Joint Guidelines in all EU Official Languages.

Useful links:
• EBA/ESMA Guidelines on the assessment of the suitability of members of the management body and key function holders can be accessed via this link.
• EBA/ESMA Guidelines on the suitability assessment of members of management covering issuers of ARTs and CASPs, and Joint EBA and ESMA Guidelines on the suitability assessment of shareholders and members, whether direct or indirect, with qualifying holdings in issuers of ARTs and in CASPs can be accessed via this link.
Anna Carrier, Director
France
[Updated 11.12.24]
In relation to D&I French financial regulatory bodies have placed increasingly stringent obligations on French financial institutions.

The French Financial Markets Authority (AMF) has issued specific guidelines for listed companies, encouraging D&I in governing and supervisory bodies. For example, in June 2023, the AMF published their summary findings of a study reviewing compliance with non-financial contractual commitments by asset management companies on Environmental, Societal and Governmental/Socially Responsible Investment (ESG/SRI) funds. The AMF has also been keen to understand the practical application of these obligations and examples of best practice.

The French Prudential Supervisory and Resolution Authority equally plays a key role in overseeing D&I practices in the French financial sector. It may request information and reports from companies to ensure compliance with legal requirements.

Trade regulatory bodies have also stipulated the introduction of D&I initiatives. The Corporate Governance Code of Listed Corporations states that one of the tasks of the board of directors of any member entity is to ensure that the executive officers implement a policy of non-discrimination and diversity, to include targets for balanced representation of men and women in governing bodies.

D&I directives are also mandated legislatively. For example, according to Article L225-18-1 of the French Commercial Code: “The proportion of directors of each gender may not be less than 40% at the end of the next General Meeting called to vote on appointments, in companies which, for the third consecutive financial year, employ an average of at least two hundred and fifty permanent employees and have net sales or total assets of at least 50 million euros. In these same companies, where the Board of Directors has no more than eight members, the difference between the number of directors of each sex may not exceed two. Any appointment made in breach of the first paragraph that does not remedy the irregularity in the composition of the Board is null and void.” Banking and other financial institutions should also note the application of other statutory corporate governance requirements as well as other relevant corporate and employment laws and regulations in respect of this.

Useful links:
• The study published by the AMF on compliance with non-financial contractual commitments by asset management companies on ESG/SRI funds can be accessed via this link.
• The corporate governance code of listed corporations can be accessed via this link.
Sebastien Praicheux, Partner

Roberto Cristofolini, Partner
Germany
[Updated 17.12.24]
The D&I regulatory landscape in Germany consists of both general requirements regarding diversity and inclusion imposed by federal legislation, as well as obligations imposed by regulatory bodies such as the Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht or BaFin). In addition, as a Member State, Germany is subject to EU D&I rules and regulation.

Two important pieces of federal legislation governing D&I are the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz or AGG) and the Second Act on the Promotion of Management Positions (Zweites Führungspositionen-Gesetz or FüPoG II). Both contain specific provisions to enforce D&I, for instance, a key provision of FüPoG II is that if a board of a listed company consists of three or more members, at least one member must be a woman.

Supervised institutions are also subject to sector-specific D&I rules. The German Banking Act (KWG) contains statutory provisions regarding gender-neutral remuneration and a prohibition on gender inequality in pay – as per Sec. 25d (5) Sentences 2 and 3 of the KWG. In addition, the KWG, per section 25d para. 11 No. 2, obliges supervised entities to set targets to promote the under-represented gender and to develop corresponding strategies.

In accordance with its administrative practice set out in related guidance notices (Merkblatt zu den Geschäftsleitern gemäß KWG, ZAG und KAGB and Merkblatt zu den Mitgliedern von Verwaltungs- oder Aufsichtsorganen gemäß KWG und KAGB), BaFin expects supervised institutions to formulate and implement diversity guidelines for their management board and their administrative and supervisory bodies. To set an example, BaFin has signed the ESCB & SSM Equality, Diversity and Inclusion Charter. By signing the Charter, the European System of Central Banks (ESCB) and many supervisory authorities that are part of the Single Supervisory Mechanism (SSM) for banks in the eurozone have shown their commitment to diversity, equal opportunities, and inclusion.

As from 29 June 2025, consumer banking services will be subject to the German Accessibility Strengthening Act (Barrierefreiheitsstärkungsgesetz or BFSG) and a related regulation (Verordnung zum Barrierefreiheitsstärkungsgesetz or BFSGV). The BFSG and BFSGV, which transpose Directive (EU) 2019/882 (European Accessibility Act) into national law, introduce new requirements regarding the accessibility of products and services for persons with disabilities. In particular, the BFSG and the BFSGV will establish common accessibility requirements for certain banking and financial services.
Michael Born, Counsel
Italy
[Updated 12.12.24]
D&I has become an increasingly important concern to Italian businesses engaged in financial services, insurance and banking activities. With specific reference to the promotion of women’s presence within management bodies of listed companies, on 14 June 2024, a memorandum of understanding has been agreed between the Institute for the Supervision of Insurance (IVASS), the Bank of Italy, the Italian Companies and Exchange Commission (CONSOB) and the government body for equal opportunities.

In addition to initiatives that have been independently undertaken by entities, there have also been a number of sector specific regulatory and legislative developments, which are addressed below.

IVASS has not yet implemented any specific D&I initiatives and research into D&I initiatives has been limited. However, the IVASS notebook number 22 of 2022 contains a survey conducted to measure the proportion of women on the board of directors of Italian insurance companies (of the 109 businesses surveyed, the average percentage of women on each board was 17%).

The Bank of Italy has also pursued a regulatory agenda to promote D&I. In particular, it has issued Circular No. 285/2013 (Italy Circular) to implement European Union (EU) prudential supervisory reforms. Of note to D&I, the Italy Circular provides that as a minimum, 33% of members of the management and control bodies of a bank must be women.

CONSOB has imposed D&I obligations on entities within its regulatory remit including companies listed on the Italian stock market. These obligations include D&I policies contained in the corporate governance code adopted by Italian listed companies.

D&I requirements have also been enacted via legislation. The most notable development is represented by the Golfo-Mosca Law (Law 120/2011) which is aimed at ensuring a more balanced representation of genders within the governance bodies of Italian companies with shares listed on regulated markets, in Italy or other EU countries, as well as of unlisted companies controlled by public administrations. Law 120/2011 provides that at least 40% of the members of the board of directors must belong to the least represented gender. To note, according to CONSOB, in 2023, women represented 43% of the directors and 41% of mandatory auditors in Italian listed companies. Besides, women are usually appointed as independent directors.

Consideration should also be given to an additional statutory requirement. Pursuant to Italian labour law, employers are prohibited from making any inquiries, including through third parties, into their employees’ political, religious or trade union views, as well as investigating any details not relevant to the assessment of an employee’s professional aptitude. Therefore, any data-gathering initiative by supervisory authorities in the diversity and inclusion field should take into account these and other limitations, such as any statutory or regulatory data protection obligations.

Useful links:
• MoU of 14 June 2024: link
• IVASS notebook no. 22: link
• Bank of Italy circular no. 285/2013: link
• CONSOB 2022 report on corporate governance: link
• Golfo-Mosca Law (L. 120/2011): link
Pietro Altomani, Counsel
LuxemburgThe Law of 5 April 1993 on the financial sector, as amended, (the LFS), which governs the activities of credit institutions and professionals of the financial sector in Luxembourg, stipulates, in Article 38-2(8), that credit institutions must account for a broad set of qualities and competences when recruiting members to the management body and, to that end, they must implement a policy promoting diversity within the management body of that institution.  

The Luxembourg Supervisory Authority of the Financial Sector (Commission de Surveillance du Secteur Financier, the CSSF) is the competent authority responsible for verifying that the above requirements are met. To understand the degree to which policies promoting diversity had been implemented, the CSSF conducted a survey in April 2023 reviewing diversity figures within the management bodies of 46 less significant credit institutions (LSIs). The CSSF has noted that market practice in respect of D&I has been slow to evolve. In the survey, the CSSF reported that:  

– 24% of LSIs reported that they had no diversity policy in place.
– Nearly 6% of LSIs with a diversity policy did not take into account the gender criteria, although it is mandatory pursuant to Article 38-2(8) of the LFS, read in conjunction with point 102 of the Joint ESMA and EBA Guidelines.
– 40% of LSIs did not implement career planning aspects and measures aiming to ensure equal treatment and opportunities for staff of different genders, as provided for in point 107 of Joint ESMA and EBA Guidelines.
– Of the 32 LSIs with a diversity policy promoting diversity in terms of gender, 26 had little or even no representation of the under-represented gender within their management bodies (between 0 and 23%).  

The CSSF has stated that market members must accelerate the implementation of D&I policies in order to comply with the regulations in force. The CSSF has also stressed that D&I policies must also take into account other diversity criteria (beyond gender) such as age, geographical and ethnic origin, and educational and professional background.  

The CSSF has made it clear that it will closely monitor progress in implementing D&I initiatives by regularly conducting surveys and checks and that, if following an injunction issued to the relevant LSI, the CSSF notes the absence of any D&I policy, it will take strict measures which include imposing sanctions (administrative or other) for breach of the legal and regulatory provisions governing D&I in Luxembourg.  

Useful links:  
– CSSF a survey in April 2023 reviewing diversity figures within the management bodies of 46 less significant credit institutions – link  
Claire Guilbert, Partner
Netherlands
[Updated 11.12.2024]
The AFM
The Dutch Authority for the Financial Markets (Autoriteit Financiële Markten, the AFM), responsible for supervising inter alia investment firms, has explicitly stated on its website that investment firms need to ensure that their recruitment, training and diversity policies are in line with the Joint ESMA and EBA Guidelines.

The AFM points out that in the past, a diversity policy typically included aspects such as age, gender, geographical distribution, education and experience. According to the Joint ESMA and EBA Guidelines, a diversity policy should now also include aspects such as origin, colour, ethnicity, religion, disability or sexual preference. In addition, it has been clarified that the firm’s policy should include measures to achieve this diversity, such as career planning, training, active reintegration of employees after leave and anti-discrimination measures. These measures should be extended beyond the management board.

The AFM expects investment firms to implement diversity policies that address the appointment of new board members, training, the preparation of employees for management positions and board diversity and take into account the Joint ESMA and EBA Guidelines. However, the diversity policy may be implemented proportionately, with the AFM expecting an investment firm with, for example, 200 employees to have a more comprehensive diversity policy than one with only 5 employees.

In addition, the AFM expects investment firms, when seeking regulatory approval for the appointment of new directors or supervisory board members, to demonstrate how the diversity policy has been taken into account in considering the appointment of the prospective director or supervisory board member and in relation to the board as a collective.

The AFM highlighted in its 2025 Trend Monitor report that the financial sector must consider the accessibility of financial services for consumers with lower digital skills, diverse cultural backgrounds, or limited proficiency in Dutch. This need arises from increasing population aging and growing diversity in the Netherlands. The AFM expressed concern that accessibility to financial products and services is declining for certain consumer groups. This decline may lead to underutilization of financial services, resulting in potential exclusion, underconsumption, and heightened vulnerability. Notably, the risk of exclusion from basic services, such as payment systems, is increasing among various consumer demographics. To address these challenges, the AFM supports initiatives aimed at preventing exclusion and enhancing the financial well-being and resilience of consumers.

DNB
In addition, the Dutch Central Bank (De Nederlandsche Bank, DNB), which is responsible for supervising inter alia credit institutions, has stated on its website that it believes it is important to ensure diversity in the financial sector. This is because differences in knowledge, experience, age, gender and background provide management and supervisory boards with a broad view and new perspectives. DNB emphasises that its suitability assessment process explicitly takes diversity into account to ensure that candidates who do not have an explicit financial background or experience in the financial sector can also successfully pass the suitability assessment.

Useful links:  
– AFM, ‘AFM wijst op aanvullende eisen diversiteitsbeleid voor beleggingsonderneming’, 15 March 2023 –link.  
– DNB, ‘Initial assessment – diversity and collectivity’, 23 February 2017 –link.  
Floortje Nagelkerke, Partner

Nikolai de Koning, Counsel
South Africa
[Updated 11.12.24]
In South Africa, the regulatory approach taken by legislative, regulatory and supervisory bodies towards D&I centres on the concept of financial inclusion.

In 2011 a Policy Paper called, “A Safer Financial Sector to Serve South Africa Better” (Policy Paper), set out the South African Government’s approach to reforming financial sector regulation to better serve the country and its citizens. Financial inclusion is set out as a key policy priority. To give effect to the proposed reforms, the Financial Sector Regulation Act, 2017 (FSR Act) was introduced.

One of objectives of the FSR Act, is the establishment of a regulatory and supervisory framework that promotes financial inclusion. To pursue this (and other objectives), the FSR Act has established a “twin peaks” regulatory model, to be carried out by the Financial Sector Conduct Authority (FSCA), and the Prudential Authority (PA). Both the FSCA and the PA are mandated to promote financial inclusion.

As part of the implementation of the twin peaks model and addressing the financial inclusion objectives set out under priority three of the Policy Paper, the National Treasury developed a financial inclusion policy for South Africa, titled “An inclusive financial sector for all” (Policy). The Policy establishes the overarching policy for financial inclusion in South Africa and sketches the approach to its implementation. In order to help guide the implementation of the Policy, the National Treasury has proposed the following set of principles (the Principles):

• Principle 1: Access for all, and responsible use of financial services according to the user’s need. Financial inclusion requires that unreasonable or unfair barriers to access are removed, so that a variety of financial services are available to all.
• Principle 2: Promote competition and market-based solutions, encouraging diversity in service providers.
• Principle 3: The drive for financial inclusion is balanced with and supported by the objectives of financial stability, integrity and market conduct.
• Principle 4: The informal sector is an important transformation and empowerment tool in facilitating the transition to formality.
• Principle 5: Promote technological and institutional innovation in support of financial system access and usage, addressing infrastructure weakness.
• Principle 6: Promote proportionality in regulation and supervision – regulation and supervision should be proportionate to the risks posed by a financial institution.
• Principle 7: Encourage coordination across stakeholders with clear lines of responsibility and accountability.
• Principle 8: Improve data to make evidence-based policy and measure impact, applying a “test and learn” approach, recognising that implementation requires that appropriate and reliable data be available to support the policy’s design and supervision, and the measurement of its impact over time.

The Principles have also been incorporated into the financial inclusion strategies of the FSCA.

Useful links:
• Financial Inclusion Strategy – link
• Prudential Authority – Regulatory Strategy 2021 – 2024 – link
• National Treasury – An Inclusive Financial Sector for All – link
Desiree Reddy, Director
UAE
[Updated 16.12.24]
The Abu Dhabi Global Market (ADGM) Authority has publicised a Gender Equality Initiative which identifies clear objectives to reduce unconscious gender bias in the hiring process, promotes the UN Women’s Empowerment Principles (WEPs), and encourages registered entities to follow the guidelines of the WEPs. The ADGM has also created a Gender Equality Working Group which supports the UN Sustainable Development Goals to enhance gender equality across the workplace, promoting the involvement of women and girls as a necessary foundation for a peaceful, prosperous and a sustainable world. However, the ADGM’s financial services regulator, the Financial Services Regulatory Authority, has not introduced any D&I requirements or undertaken any consultations.

Neither the Dubai International Financial Centre (DIFC), nor its financial services regulator, the Dubai Financial Services Authority (DFSA), have introduced any D&I requirements or undertaken any consultations.

By contrast, in certain circumstances, firms are required to make a number of D&I disclosures to the Dubai Virtual Asset Regulatory Authority (VARA). During VARA’s licensing process, it determines the environmental, social and governmental (ESG) disclosure requirements required of each virtual asset service provider (VASP), assigning it one of three disclosure levels. Where a firm is required to comply with a mandatory ESG disclosure level, the most stringent set of requirements, it must publish an annual ESG report. This report must include information relating to how the firm identifies and assesses risks and opportunities relating to D&I. The report must also summarise how material opportunities relating to D&I are factored into its overall business strategies. Such firms must also make publicly available, via their website, up-to-date information related to the D&I initiatives undertaken the firm.

In 2021, the Emirates Securities and Commodities Authority (SCA) amended its Corporate Governance Guide to require listed companies to appoint at least one female board member. The SCA also requires listed companies to set policies on gender diversity and its objectives and actions to meet these objectives.

In 2021 the UAE Central Bank (CBUAE) entered into a Memorandum of Understanding with Aurora50. The partnership between the CBUAE and Aurora50 aims to enhance and accelerate gender diversity in boardrooms and increase female representation on boards of UAE companies. The CBUAE’s Consumer Protection Regulation requires CBUAE-licensed financial institutions to establish an anti-discrimination code of conduct and prohibits decision-making on the sale of products or services on the grounds of family status, gender or on being a member of a minority group.
Matthew Shanahan, Partner

Hasanali Pirbhai, Associate
United Kingdom
[Updated 11.12.24]
D&I has been a concern for regulators over a number of years. Despite progress, research has shown that there is more to be done to improve diversity and inclusion in the financial sector.

Firms are already subject to various requirements and guidance relating to D&I which derive from:
• The Joint ESMA and EBA Guidelines.
• Rules and guidance set out in the Financial Conduct Authority (FCA) Handbook and Prudential Regulation Authority (PRA) Rulebook.
• Existing papers, speeches, statements, Business Plans etc.
• Requirements on listed companies.

Through its D&I work, the FCA is looking to achieve the following four outcomes:
• Healthier firm cultures.
• Reduced groupthink.
• New talent unlocked.

• Greater understanding of and provision for diverse consumer needs.
On 25 September 2023, the FCA and PRA published consultation papers on their approach to D&I (CP23/20 and CP18/23). Responses were due by 18 December 2023.

The FCA’s proposals in CP23/20
In CP23/20, the FCA proposes a framework which would establish minimum standards and give firms a better understanding of what is expected of them in relation to D&I from a regulatory standpoint. The proposed framework is also intended to help ensure greater consistency and transparency across the sector on firms’ approaches to D&I, and to support the objectives of the FCA’s Consumer Duty as well as its D&I priorities.

CP23/20 sets out proposals to better integrate non-financial misconduct considerations into staff fitness and propriety assessments, Conduct Rules and the suitability criteria for firms to operate in the financial sector. It also proposes to require certain firms to:
• Collect and report data about D&I to the FCA on an annual basis.
• Collect, report and disclose certain D&I data to the public on an annual basis.
• Establish, implement and maintain a D&I strategy.
• Determine and set appropriate diversity targets.
• Recognise a lack of D&I as a non-financial risk.

The proposals apply differently to firms depending on their number of employees, their categorisation under the Senior Managers and Certification Regime and whether they are dual-regulated. To reduce regulatory burden, smaller firms with fewer than 251 employees would be exempt from many of the requirements.

The FCA originally intended to review the feedback and develop final regulatory requirements for publication in a Policy Statement in 2024. In May 2024, the FCA confirmed to a Treasury Committee that it has paused the diversity and inclusion proposals set out in its recent consultation (on the basis that the FCA needs more time to consider the proposals given the complexity of the matters that the regulator is seeking to address and the potential impact the proposals could have on businesses and diversity and equality more broadly across the sector) but will be pressing ahead with other aspects relating to non-financial misconduct in the meantime. When a Policy Statement on the broader diversity and inclusion elements is published in due course, the FCA proposes that the implementation date for such changes would be 12 months after publication of the Policy Statement, in order to give firms time to prepare.

The PRA’s proposals in CP18/23
In CP18/23, the PRA proposes rules and expectations aimed at improving D&I in PRA-regulated firms, which can support better firm governance and decision-making and thereby advance the PRA’s objectives. The proposals, developed in parallel with the FCA, build on the ideas discussed in the regulators’ earlier joint discussion paper published in July 2021.

The proposals in CP18/23 are informed by many of the suggestions made by the respondents to the joint discussion paper, with the PRA noting that as there is no single means of improving D&I, firms need to take a holistic approach. On that basis, the measures set out in CP18/23 are intended to recognise that developing and maintaining a diverse and inclusive culture requires organisation-wide commitment.

CP18/23 includes chapters setting out proposed rules relating to:
• Firm-wide D&I strategies.
• The setting of diversity targets by the largest firms.
• Board governance.
• Individual accountability for D&I.
• Monitoring D&I.
• Regulatory reporting in relation to D&I data.
• Disclosure of information on targets for the largest firms.

Useful links:
• FCA CP23/ 20 – link
• PRA CP18/ 23 – link
• Norton Rose Fulbright – DE&I hub – link
Hannah McAslan-Schaaf, Counsel  
  North America  
Canada
[Updated 24.11.24]
Securities Regulations
Corporations listed on the Toronto Stock Exchange, including those that are federally regulated financial institutions, are required pursuant to Canadian securities regulations to disclose annually to shareholders information about the representation of women on their boards of directors and in executive officer positions. They are also required to disclose whether they have adopted targets for the representation of women and/or a written policy relating to the identification and nomination of women directors, as well as the extent to which the representation of women on the board and in executive officer positions is considered when identifying candidates to the board and making officer appointments. To the extent a company has targets and/or policies in place, it is required to disclose their particulars. But if it does not have targets or policies, then it its required to disclose why not.

Securities regulations also require disclosure of whether the corporation has adopted term limits for directors or other mechanisms of board renewal and details of such policies. If the corporation has not adopted mechanisms of renewal, it must disclose why not. 

Corporate Legislation
The Canadian federal government amended the Bank Act, the Insurance Companies Act, and the Trust and Loan Companies Act in June 2024 to adapt and apply the Canada Business Corporations Act (CBCA) diversity disclosure requirements for directors and senior management at federally regulated financial institutions. Although adopted (refer to Bill C-69), the amendments are not yet in force. They will come into force at an undisclosed future date to be determined by the government once the regulations required to support the amendments are in place. The details of the requirements will be set out in the regulations. Until the regulations are published, it is useful to consider the CBCA requirements as we anticipate that the disclosure requirements for federally regulated financial institutions will be similar.

The CBCA requires public federal corporations to disclose annually to their shareholders the number and proportion of (i) women, (ii) indigenous people, (iii) people with disabilities, and (iv) visible minorities (collectively, the Designated Groups) among its senior management and on that corporation’s board of directors. The corporation is required to disclose information similar to that required under securities regulations as described above, but in respect of the four Designated Groups rather than just women.

While the CBCA diversity requirements only apply to public companies, it is unclear if the federal government will introduce these measures to all federally regulated financial institutions or those that are widely held.

Useful links:
Securities regulation Form 58-101F1 – link
Bill C-69 – link (refer to Part 4, Division 40)
Bank Act amendments not in force – link
Department of Finance Canada 2022 consultation – link
The 2023 federal budget – link  
Norton Rose Fulbright briefing note ‘CBCA diversity disclosure guidance’ – link  
Andrew Grossman, Partner

Katherine Prusinkiewicz, Partner