Last week, the FCA published its long-awaited policy statement containing amendments to the FCA's Code of Conduct ("COCON") aimed at combatting non-financial misconduct ("NFM"). NFM can amount to a breach of FCA rules in any firm. However, it more commonly breaches COCON in a bank rather than a non-bank. The amendments to the rules announced last week will apply to non-banks, the aim being to align the approach to NFM across financial services in the UK. The amendments will come into force on 1 September 2026 and guidance is still being consulted on. The FCA aims to set out its final regulatory position by the end of 2025.
The FCA's policy statement on non-financial misconduct was finally published on 2 July 2025, nearly two years after publication of the original consultation. As the Treasury Select Committee stated in 2024, "it is shocking to hear how prevalent sexual harassment and bullying, up to and including serious sexual assault and rape, still are in financial services, and how poorly firms handle allegations of such behaviours." The FCA's new rules go some way to addressing these concerns and are a welcome step in the right direction, but there is still more to be done.
Of the FCA's initial proposals, only amendments extending the scope of COCON to include NFM for non-banks have been finalised in this policy statement. Guidance on the new scope of COCON and examples of NFM which may fall within its scope, as well as guidance on how NFM may be relevant to the fit and proper test, are the subject of further consultation.
Policy Statement: Amendments to COCON
COCON was originally implemented as part of the Senior Managers and Certification Regime ("SM&CR") in 2016 to drive up behavioural standards and increase individual accountability in the wake of the financial crisis. The FCA's latest extension of COCON will apply to non-banks and clarifies that the following "unwanted conduct" can amount to a conduct rule breach:
- Violating a person's dignity;
- Creating an intimidating, hostile, degrading, humiliating or offensive environment; or
- Violent conduct.
Such conduct may amount to a breach of COCON if it is:
- Towards a colleague; and
- Relates to the part of a non-bank's business that conducts SM&CR financial activities.
While the new rules explicitly apply to non-banks, the FCA has stated that NFM can amount to a breach of COCON in any firm.
In response to concerns about the intersection between the FCA's proposals and UK employment law, the FCA has explicitly stated that COCON is separate from employment law and employers' internal disciplinary codes. While the regulator has amended the wording of the rule to align more closely with employment law in response to concerns raised to the initial proposals, the FCA has reiterated that they are not limiting the rule to conduct related to a 'relevant protected characteristic'; the FCA's new rule is deliberately wider and has been drafted to cover a wider range of workplace misconduct relevant to the FCA's statutory objectives.
The amended rules which come into force on 1 September 2026 will not apply retroactively and will not apply to payments, e-money firms, regulated investment exchanges or credit rating agencies. If further guidance is published, the FCA aims to do so by the end of this year so that firms have time to amend their existing policies and procedures prior to 1 September 2026.
Consultation on NFM Guidance
'Seriousness'
Concern was expressed by many in response to the FCA's original proposals that the requirement for NFM to be "serious" to breach a conduct rule was too subjective. The FCA has not removed the requirement for the misconduct to be "serious" under the new proposals. The regulator has explained that it does not intend minor incidents of poor workplace behaviour to fall within the scope of the new rules, rather the misconduct must have had a significant negative effect, for example that it is violating or humiliating, to do so.
The FCA has also clarified that not all misconduct for which a firm might take disciplinary action will amount to a breach of COCON and seriousness is not the determinative factor when assessing whether NFM is a breach of Individual Conduct Rule 1 (acting with integrity) ("ICR 1") or Individual Conduct Rule 2 (acting with due skill, care and diligence) ("ICR 2"). For NFM to breach ICR 1, the misconduct needs to be deliberate or reckless and if not, it is likely to breach ICR 2.
Subjective and objective assessments of NFM
The FCA has also included in the proposed guidance that it is necessary to take into account all the circumstances of each potential instance of NFM and consider both subjective and objective assessments of potential misconduct when determining whether there is a breach of ICR1; the perception of the subject of misconduct and whether it was reasonable for the conduct to have had that effect. Accordingly, there would be no conduct rule breach if the subject of the misconduct did not feel that their dignity had been violated, for example, or it was unreasonable to consider the conduct to have such an effect.
Reasonable steps
The proposed guidance also includes examples of failing to take reasonable steps to prevent NFM that would amount to a breach of ICR 2 by a manager. These include failing to intervene to stop harassment in the workforce, failing to take seriously or deal with complaints of such behaviour and failing to operate the firm's policies, systems and controls to detect it.
Fitness and Propriety
The difficulty in assessing the boundary between an individual's work and private life was the subject of much commentary in response to the initial consultation in 2023. Conduct relating to an individual's private or personal life is outside the scope of COCON.
However, it may be relevant in the context of fitness and propriety assessments. The FCA's proposed guidance clarifies that it does not expect firms to monitor employees' private lives, rather firms can rely on formal findings such as criminal convictions when assessing whether wrongdoing has taken place in an employee's private life. If a firm becomes aware of allegations that would, if substantiated, raise questions about an individual's fitness and propriety, they should consider what steps they can take to assess the impact of the alleged behaviour and, where appropriate, ask for an explanation from the individual.
Conduct in an individual's private life may be relevant to fitness and propriety if it demonstrates a willingness to disregard ethical or legal obligations, abusing a position of trust or exploiting vulnerabilities. The FCA has explicitly stated that its statutory objectives are key when deciding whether something is relevant to fitness and propriety; upholding public confidence so that trust in financial services is maintained is of pivotal importance, so behaviour inconsistent with that is relevant to an assessment of fitness and propriety. Terms such as "moral soundness" and "disgraceful" have been removed from the guidance in response to concerns that the terms were too subjective.
The FCA has confirmed that social media activity may be relevant to fitness and propriety. An individual can, in principle, lawfully express views in their private life which may be controversial, or which may even upset their colleagues, without calling into question their fitness and propriety. However, if social media activity indicates "a real risk" that the individual will breach requirements of the regulatory system, that will be relevant to their fitness and propriety. Examples given by the FCA include threats of violence or clear involvement in criminal activity.
NFM and enforcement
The FCA has reiterated, as it always does, that it considers a range of factors when deciding whether to investigate. NFM is no exception and in the consultation paper published last week, the regulator explicitly stated that it considers whether action, or potential action, arising from an investigation would be an impactful deterrent. The FCA has shown that it is not afraid to use examples of NFM to support findings that an individual has breached ICR 1 in several recent high-profile cases under the current rules. It seems likely, therefore, that the regulator will take enforcement action in the most serious cases of NFM in the future.
However, in keeping with the FCA's recent 5-year strategy, we are likely to see more frequent regulatory action to combat NFM using supervisory, rather than formal enforcement, powers. The aim of the rule changes is to drive cultural change in the financial services industry by demonstrating that NFM will not be tolerated in the way it may have been in the past. When announcing the policy statement and consultation last week Sarah Pritchard, deputy chief executive of the FCA, stated that "behaviours like bullying or harassment going unchallenged is one of the reddest flags – a culture where this occurs can raise questions about a firm's decision making and risk management." We are likely, therefore, to see firms' policies and procedures for dealing with NFM come under scrutiny by the FCA. The regulator may issue further surveys and could even conduct in-person visits to assess a firm's culture.
Comment
It has long been the case, both in the US and the UK, that unwanted conduct violating a person's dignity, which creates an intimidating, hostile, degrading, humiliating or offensive environment or violent behaviour, is unacceptable and should not be tolerated in the workplace. To that extent, the FCA's amendments to the rules are far from a radical step. The explicit inclusion of these unacceptable behaviours in the text of COCON is undoubtedly a step in the right direction, however, the real difference will be made through the guidance that is still being consulted on. If finalised, the guidance should assist firms in their application of the rules and promote consistency across financial services in the UK.
The FCA has explicitly reminded firms of their duty to notify conduct rules staff about the new rules and take all reasonable steps to ensure they understand how they apply. Firms should, therefore, reconsider their policies and procedures for addressing NFM now, determining whether any enhancements may be necessary and scheduling updates for after any guidance is published accordingly. While the guidance is still being consulted on, firms can use the results of the FCA's non-financial misconduct survey, for example, to guide their assessment of systems and controls. Training on the new rules should also be implemented and the tone from the top should promote a culture in which NFM is not tolerated. While the new rules do not come into force until September 2026, it is clear that the FCA's aim is to drive cultural change as soon as possible. That does not happen overnight, and firms should act to put themselves in the best possible position on the implementation date.
1. A section of the FCA Handbook
2. CP 23/20 Diversity and inclusion in the financial sector – working together to drive change
4. CP 25/18 Tackling non-financial misconduct in financial services is due to close on 10 September 2025
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
