Financial services firms deal in commercially sensitive information as a matter of course: trading strategies, client portfolios, proprietary models, regulatory intelligence, and financial technology that took years and significant capital to build. NDAs play a specific role in this sector — supplementing the implied regulatory and common-law duties that already apply to FCA-regulated firms, and providing a clear contractual framework for commercial partnerships where those duties do not naturally extend.
NDASafe is a document preparation service, not a law firm. Our templates are legally reviewed against applicable UK law at the point of release, but every situation is different. Where significant value, unusual risk or a cross-border element is involved, take independent legal advice before you sign.
The existing confidentiality framework in financial services
Before an NDA is signed, several confidentiality obligations may already exist. UK banks and authorised deposit-takers owe a common-law duty of confidence to their customers (Tournier v National Provincial and Union Bank of England [1924] 1 KB 461). FCA-regulated firms are subject to data-handling requirements under SYSC, client confidentiality obligations under COBS, and data protection obligations under the Data Protection Act 2018 and UK GDPR.
An NDA operates alongside these obligations, not as a substitute. In a commercial relationship between two financial services firms — or between a financial firm and a technology supplier — an NDA provides a clear contractual definition of what is confidential, an agreed permitted purpose, a contractual remedy (injunction, damages) if the obligation is breached, and a duration that outlasts the underlying commercial relationship.
Common financial services NDA scenarios
| Scenario | Information shared | NDA type |
|---|---|---|
| Fintech partnership or API integration | Proprietary technology, API architecture, client insight, commercial terms | Mutual NDA — both parties disclose |
| Bank technology vendor assessment | Bank's technical architecture, security requirements, operational data | One-Way NDA (bank as disclosing party) or Mutual if vendor also discloses technology |
| Wealth manager engaging an external consultant | Client segmentation data, investment philosophy, fee models | One-Way NDA (wealth manager as disclosing party) or Freelancer NDA |
| Financial services M&A | Regulatory permissions, client book, P&L, capital structure | Mutual NDA — both sides disclose in deal process |
| Insurance firm and data analytics provider | Actuarial models, claims data, pricing algorithms | One-Way or Mutual depending on information flow |
| Asset manager and distribution partner | Proprietary fund strategies, performance data, investor profiles | Mutual NDA |
Fintech partnerships: the mutual NDA standard
Open banking, embedded finance, and payments partnerships are the most common NDA context in UK financial services today. When a bank or e-money institution engages a fintech to provide technology, data analytics, or a customer-facing product, both parties share commercially sensitive information from the outset: the fintech's proprietary code and methodology; the bank's client architecture, API specifications, and regulatory strategy.
The FCA's third-party risk management requirements (SYSC 8 and its operational resilience policy) require regulated firms to maintain appropriate governance over their technology suppliers. An NDA is part of that governance framework — but the regulated firm will also need a formal supplier due-diligence process and, for critical infrastructure relationships, compliance with applicable regulatory guidance.
The NDASafe Mutual NDA is appropriate for most fintech partnership conversations. Where the fintech is also building bespoke software under contract, the Freelancer NDA — which includes IP assignment provisions — provides a cleaner foundation, because it handles ownership of deliverables that a standard NDA leaves open.
The FCA and PRA have powers under FSMA 2000 to designate 'critical third parties' — technology or service providers systemic to UK financial services — and subject them to direct oversight. If your supplier relationship involves a designated provider, your NDA exists within a broader regulatory governance framework. Seek independent legal advice on how the regulatory regime interacts with your commercial confidentiality arrangements.
Trading strategies and proprietary models
A proprietary trading strategy — whether a quantitative model, a systematic approach, or a discretionary methodology — represents years of research, testing and refinement. The NDA definition of confidential information must explicitly include:
- Quantitative models and algorithms — the logic, parameters and source code of any systematic strategy.
- Backtesting and performance data — historical performance records that reveal how the strategy works.
- Risk management frameworks — position limits, drawdown controls, and exposure rules specific to the strategy.
- Research reports and analytical outputs — pre-publication research that informs the strategy.
- Technology architecture — the execution infrastructure, data feeds and latency optimisation that underpin performance.
Duration matters more here than in most commercial NDAs. The commercial life of a successful proprietary model may be a decade or more. Trade-secret survival provisions — protecting the strategy for as long as it remains secret — are more appropriate than a fixed two-year general term.
Financial services M&A
Acquisitions of FCA-regulated businesses carry additional confidentiality sensitivity. The target's FCA permission set — the breadth of regulated activities it can conduct — is commercially valuable and may not be publicly announced until the deal is closed. Senior manager profiles under the SM&CR, client book composition, and any ongoing FCA supervisory engagement are similarly sensitive.
An M&A NDA for a financial services deal should expressly cover FCA and PRA permissions and correspondence, SM&CR senior manager profiles, client book composition and AUM breakdown, regulatory capital position, and ongoing supervisory matters.
The standard guidance from the M&A NDA guide applies in full — mutual NDA, non-solicitation, non-circumvention, process existence as confidential — with additional categories of information specific to the regulated context.
Employees in financial services
Financial services employees — particularly relationship managers, fund managers, proprietary traders, and compliance officers — have access to commercially sensitive and legally protected information as a core part of their role. An employee NDA for financial services should cover: client lists and AUM data, trading strategies, risk models, compliance intelligence, and regulatory submissions.
Non-compete and non-solicitation clauses are standard in financial services employment, though they face the same reasonableness test as in other sectors (Tillman v Egon Zehnder [2019] UKSC 32). FCA-regulated individuals who are approved persons or senior managers should be aware that certain post-employment obligations may be imposed by the regulatory regime independently of any contractual restriction.
Any NDA used by or with an FCA-regulated firm must include an express carve-out permitting disclosure to the FCA, PRA, Financial Ombudsman, FSCS, and any other competent regulatory authority as required by law or regulation. A clause that purports to prevent a regulated firm from making required regulatory disclosures is void and potentially in breach of FCA Principle 11 (relations with regulators).
NDASafe Mutual, One-Way, Freelancer and Employee NDA templates include the standard regulatory and whistleblowing carve-outs required for FCA-regulated contexts. £29 each or £79 for all eight — editable Word documents, delivered instantly.