Fit and proper as a personal risk topic
In practice, the “fit and proper” requirements for senior managers and key function holders at credit institutions are still often viewed as a mere formal prerequisite for appointment. In reality, they have long evolved into an ongoing supervisory obligation with significant personal implications. With the intensified European governance agenda, the supervisory exchange of information on the fitness and propriety of members of management bodies and key function holders, and the consistent administrative practice of the Austrian Financial Market Authority (FMA), it has become clear that fit and proper is no longer just an institution-level issue. It directly affects the individuals involved. Senior managers and key function holders are therefore increasingly under the personal scrutiny of supervisors, with potentially far-reaching consequences for their position and their future careers.
Supervisory framework and expectations
The relevant requirements result from the interaction of national banking supervision law and European rules. Key reference points include the Austrian Banking Act (BWG), the Capital Requirements Directive (CRD), EBA and ESMA guidelines on suitability assessments, the ECB Guide to fit and proper assessments, the EBA Guidelines on internal governance, and supervisory practice within the Single Supervisory Mechanism. All pursue a common objective: ensuring that credit institutions are managed by individuals who are professionally competent, personally reliable, and capable of adequately managing risks.
“Fit” – Professional competence as an ongoing obligation
Professional suitability is often misunderstood. It is not limited to formal qualifications or past experience, but requires a genuine and up-to-date understanding of the specific institution. Senior managers must be able to understand the business model, sources of income, and key risk types, including capital and liquidity requirements, risk management and control systems (also with regard to ESG risks), governance structures, and core regulatory obligations. Particular importance attaches to organizational responsibility. Clear allocation of responsibilities, effective control functions, and documented and lived processes are expected; the mere existence of policies is not sufficient.
“Proper” – Personal reliability and integrity
Personal reliability goes beyond technical competence and relates to integrity, lawfulness, independence of mind, and a sense of responsibility. Senior managers must demonstrate that they take regulatory requirements seriously, address problems openly, and communicate transparently with supervisors. This includes identifying and managing conflicts of interest and setting a clear tone from the top. In practice, personal reliability is increasingly assessed based on actual conduct. Repeated or serious compliance deficiencies, delayed responses to known weaknesses, or hesitant communication with supervisors can quickly give rise to doubts about personal suitability.
FMA Practice: Personalisation of supervisory breaches
A key practical trend is the FMA’s growing tendency to address supervisory breaches directly at the level of individual senior managers. Deficiencies in AML/CTF frameworks, governance, capital management, or regulatory reporting are no longer treated solely as institutional issues. Instead, the FMA regularly examines whether such shortcomings can be attributed to inadequate management or oversight by senior managers. This personalization often occurs gradually, starting with findings from on-site inspections or ongoing supervisory procedures, followed by questions as to who was responsible, what information was available to management, and whether appropriate measures were taken. The transition from an organisational shortcoming to a personal allegation is often fluid.
Consequences for Senior Managers
The potential consequences are significant. In addition to administrative penal proceedings, supervisory measures directly linked to personal suitability may be imposed. Doubts about reliability can lead to enhanced requirements, conditions, or, in extreme cases, an order to remove an individual from office. Particularly serious is the fact that such findings may remain relevant for future appointments and can substantially restrict professional mobility, as already reflected in the guidelines on inter-authority information exchange on fitness and propriety.
Dealing with allegations in practice
Against this backdrop, the way supervisory allegations are handled is critical. From a senior manager’s perspective, a structured and early approach is advisable. This starts with a precise legal analysis: Is there in fact a breach of a specific supervisory obligation? Can it be attributed personally to the individual, or is it an institution-level organizational deficiency? What information was available to management at which point in time? On this basis, communication with the FMA is key. While cooperation is required, personal responsibilities must be clearly delineated and argued on solid legal grounds. Careless statements or premature concessions can seriously weaken one’s position. At the same time, remediation measures are often necessary to address weaknesses and demonstrate to the supervisor that risks are taken seriously.
Role of specialized advice
In this complex environment, specialized legal advice plays a crucial role. It supports the assessment of allegations, the development of a coherent defence and communication strategy, and representation in supervisory and administrative penal proceedings. The aim is to minimize personal liability and suitability risks without undermining the necessary willingness to cooperate with the supervisory authority.
Conclusion
Fit and proper is no longer a static requirement, but an ongoing test for senior managers. Those who understand supervisory expectations, address risks early, and respond in a structured and legally sound manner can significantly reduce personal consequences. In light of current supervisory practice, this is a topic that should concern both senior management and in-house legal teams alike.