Sound governance starts with suitability of persons in highest and most critical managerial and internal control positions, including AND specifically considering their good repute, honesty and integrity, and independence of mind.

This is common sense, as well as regulatory requirements, at least for the financial sector firms in the EU. These requirements erupted after 2008, in the aftermath of the previous major financial market crises, within the new financial legislation packages. Supervisory bodies, like European Banking Authority (EBA) went on adopting guidelines for the procedure and criteria on how to evaluate suitability of top management and key function holders for the job – so called Fit & Proper guidelines. 

This aimed to create i.) assurance and ii) balance of: skills, knowledge, experiences and personal adequacy of members of the management bodies and key function holders (like compliance, internal audit, risk management and actuary). 

Because – we need the people, who are running and supervising the banks, insurance companies, investment firms etc. to be competent, responsible and ethical. 

Yes, we need a regulation to say this. Daaaa… 

If you are a compliance, HR or related professional included in the process of collecting, verifying and evaluating the data relevant to professional and personal suitability of key persons, you might resonate with the following. 

First of all, there are new regulatory Fit & proper guidelines in consultation process currently, which says that the topic is still today – a pressing issue for regulators and stakeholders. The guidelines were for the first time jointly prepared by two financial industry regulators, EBA and EMSA (European Securities and Market Authority). It is not new in concept, but there are new perspectives to consider which apply to the knowledge and experience criteria, like ESG and cyber security topics, as well as diversity (of mind and sex) and linkage to money laundering and terrorist financing risks. 

The newly proposed guidelines are also more specific regarding certain technicalities, like what needs to be a minimum content of the fit&proper questionnaire and respective persons’ CV, as well as internal fit&proper process, in order to assure better harmonisation around this topic across the financial sector in the EU.  

The consultation paper is open to comments until 25. May, 2026 and is available here: 

• https://www.esma.europa.eu/sites/default/files/2026-02/ESMA35-243228190-8034_Consultation_paper_joint_ESMA-EBA_guidelines_on_the_assessment_of_the_suitability_of_members_of_the_management_body_and_key_function_holders.pdf 

On the practical end, it is always most difficult to assess, mitigate and sometimes remove ‘ex post’ (unsuitable) situation. There is always the first time that you are going to assess suitability of senior leadership and key function holders. Meaning that there will be those already in position who were selected and appointed to top positions, without all the currently required criteria being ensured. 

There was the time when I had part in the first (and ongoing) assessment after adopting the new fit and proper requirements in an organization. I have also worked with a client, who was introducing fit&proper procedure for the first time… In both cases it was tempting to just leave the ‘old’ bosses as they were and enforce the new, often higher criteria, only for the new ones.    

Those in position would often want this to be the case, too. As – who else do you think adopts the new suitability policy and criteria in the first place? For the financial sector it’s not a question that this – perhaps uneasy – exercise has to be done, prior to nomination (‘ex ante’) and afterwards (‘ex post’). But there are organizations form other sectors, including the SOE (state owned enterprises), who find fit&proper requirements meaningful and necessary for their key persons, too. 

If you come from more mature corporate environment, where the overall governance is already in good shape, modelled by international standards, like OECD principles on corporate governance, and good examples, then this shouldn’t be an issue. 

For compliance (HR, legal etc.) colleagues who live and work in more difficult environments or less mature corporate governance setting, you might want to use steps and approaches listed below – to tackle the challenge of evaluating suitability of your bosses and fellow function heads, in case you are taking any practical part in the process. Auch.

• First, be aware of the situation and recognize that it is not going to be easy. Think of any objections and prepare arguments and responses. Decide what might be common grounds of everyone involved and what are the non-negotiables. 

• Be clear, with yourself and others involved, why is the process required and who is requiring it – to build authority and move potential resentment away from yourself personally. Communicate in advance: relevant reasons for conducting fit&proper assessment, communicate professionally and objectively the why, the what and communicate the how this process is going to take place. Repeat and communicate over on multiple occasions, such as management board sessions, compliance and ethics reports and work plan, designated preparatory workshop etc. 

• Influence, f you can and to the extent to which you are able – to adopt the (new) fit&proper requirements with basic, most important criteria, not with all-at-once and definitely not over-the-top. Now, this is going to be perceived differently by different stakeholders, so do create enough time and space to have a broad discussion during the process of adoption of fit&proper policies and procedures. However, do keep relevant practices, examples, benchmarks and regulatory requirements at hand – to use and advocate for – as a bare minimum. You can always upgrade latter, when everyone gets used to the change.

• Educate and train all the persons involved in the fit&proper process (conducting interviews, collecting, verifying and documenting relevant data), so that they are clear about all the steps of the process, their role, which data and how they need to be collecting, how to verify and document. Those might include compliance office, legal, HR and similar in-house personal. Or make sure to choose competent and experienced external advisors. 

• Use clean and simple standard formats and templates for both: the fit&p questionnaire and the data finding report; try to automate and digitalize as much as possible the data collection and documentation process. 

• If you are in position, assure or support that final decision-makers are also educated and trained on the fit&proper topic and that they will know how to examine, challenge and finally use all relevant data and make the final evaluation. These are the folks, who (will) have the mandate to eventually make the final decision and establish, whether or not an individual person of subject – is suitable on all the criteria of fit&proper requirements – and will then nominate (or keep) them on the key position, or not. 

• Implement an induction process and an adequate training on all requirements regarding skills, knowledge and traits relevant to your organization, to ensure the initial and ongoing suitability of members of the management body and other key persons. This will help close many suitability gaps, meaning that you do not need to always resort to rejecting or firing someone, if they don’t perfectly fulfil all the criteria. When possible and adequate, you can also work with the potential and build your key persons up. 

The fore-mentioned EBA and ESMA regulatory guidance therefore advice that entities establish training policies and provide for appropriate financial and human resources to be devoted to induction and training.

Organizations need to bear in mind that it is equally important – who the person coming into key position is, as well as – who is the person becoming or going to become, when given higher or different power of authority.