FCA Releases New Rules And Draft Guidance In The Fight Against Non-Financial Misconduct

The Financial Conduct Authority's (FCA) long-awaited new measures for tackling non-financial misconduct (NFM) in financial services are (finally) here.

On 2 July 2025, the FCA published its final rules in Consultation Paper CP25/18 (the “Paper”), which:

• Includes a Policy Statement (PS) changing and extending its Code of Conduct (COCON) rules to non-bank firms from 1 September 2026; and
• Simultaneously launches a consultation on the need for, and content of, some proposed new sourcebook guidance to assist firms in applying COCON and the Fit and Proper Test for Employees and Senior Personnel (FIT) in relation to NFM. The Consultation closes on 10 September 2025.

In a nutshell, the rule changes:

• Confirm that from 1 September 2026, serious bullying, harassment or violence will amount to conduct rules breaches; and
• Mean that a larger pool of individuals in the financial services sector may be subject to enforcement related to NFM in a wider range of circumstances than is currently the case.

Who does this impact?

The new rules have broad scope and apply to all FCA-regulated firms with Part 4A permissions, and all staff who are subject to the FCA’s Code of Conduct rules (COCON). This will have particular impact for 37,000 non-banks (including asset managers) because the FCA is changing the scope of COCON for non-banks, in particular, to align with its scope for banks and ensure that its NFM rules will apply equally from 1 September 2026. The new COCON rules will not apply retrospectively.

Background & Context

As detailed in our previous posts (in October and November last year), in response to widespread criticism that the UK’s financial regulators (the FCA and PRA) had been slow to respond to the rising prevalence of NFM issues (which the FCA considers to encompass behaviour such as bullying, discrimination, and sexual harassment or misconduct).

Following a July 2021 Discussion Paper (DP21/2), the FCA launched a consultation (CP23/20) in September 2023 on a proposed new regulatory framework of rules and guidance on (a) Diversity and Inclusion (D&I) and (b) NFM in the financial sector. This was followed by its first ever NFM data collection exercise in February 2024, with 1,028 regulated firms compelled to provide information about NFM incidents, including key details about the incidents’ features, detection, handling, and outcomes.

Whilst the FCA’s response to its consultation took longer than anticipated and along the way it decided to drop its D&I proposals “in light of the broad range of feedback received, expected legislative developments and to avoid additional burdens on firms”, we are now able to discern the road ahead for firms, and the changes that will need to be made.

What does this Paper mean for the FCA’s approach to NFM?

In sum, the FCA is still driving cultural change around NFM, even if this Paper sees the regulator end up somewhere slightly different to the destination originally set.

Although no new regulatory framework on diversity and inclusion (D&I) has been introduced, and the measures regarding NFM have been scaled back from the initial proposals – for example, the regulator is not moving forward with changes to the Threshold Conditions that would have linked firms’ NFM practices to their suitability for regulated activities, nor is it amending the Senior Management Arrangements, Systems and Controls (SYSC) rules to require disclosure of NFM outside the workplace in regulatory references – the rule changes that have been implemented remain significant, as detailed below.

The FCA’s NFM regime addresses a wider range of misconduct than current employment legislation, and it remains committed to raising standards and accountability in this area.

Key changes and points of interest

1. The Policy Statement: What are the key changes and the new rules?

NFM / Conduct Rules will apply to non-banks:

• While there has been a disparity between the rules applying to banks and non-banks, the FCA is changing the scope of the Code of Conduct in non-banks, so that NFM rules will apply equally from 1 September 2026.
• Currently, COCON in non-banks relates to the firm’s SMCR financial activities (i.e. the activities in respect of which it holds regulatory permissions). By contrast, in banks, COCON applies to the performance of any functions related to any activities (regulated or otherwise). The upshot is that fewer NFM incidents in non-banks have constituted a breach of COCON than in banks – this will change. For Conduct Rules staff, COCON will apply to the performance of any functions related to the carrying on of the firm’s activities, whether regulated or not.
• There is a small carve-out: for firms that carry on businesses some of which involve SMCR financial activities and the others of which do not, conduct will be excluded from this new rule if it relates solely to the business that does not involve SMCR financial activities. The FCA’s draft guidance indicates that firms will need to have clear, structural separation between their SMCR and non-SMCR financial activities for this purpose (e.g. discrete HR functions responsible for each of its financial services and non-financial services businesses, rather than a single HR function spanning the firm’s entire workforce). In practice, this carve-out will be of limited use since it is unlikely that many firms will be structured this way, and firms seeking to re-structure deliberately to avail themselves of the carve-out may send a very mixed message about their NFM culture and values to staff.

Specifically including NFM within the scope of COCON rules:

• The FCA has changed the substantive scope of COCON to specify that it includes NFM: any “unwanted conduct” in relation to "colleagues" (defined to include fellow employees, employees of group companies, and contractors’ employees) will amount to a Conduct Rule breach if it is either violent or has the purpose or effect of (i) violating a person’s dignity, or (ii) creating an intimidating, hostile, degrading, humiliating, or offensive environment.
• While the above rule change explicitly applies only to non-banks, the FCA has stated that “NFM can amount to a breach of COCON in any firm” and the Paper includes flowcharts for identifying whether a COCON rule breach has occurred and may need to be reported.

Rules aligned with Employment law, but (deliberately) different – and wider:

• The substantive changes to COCON also mean that the definition of NFM in the new COCON rules will be more aligned with the duty to protect workers from sexual harassment (under the Worker Protection (Amendment of Equality Act 2010) Act 2023) and the employment law test for unlawful harassment and the definition of ‘harassment’ under the Equality Act 2010 (EA).
• Significantly, however, while the EA limits harassment to conduct that is related to a “relevant protected characteristic” (e.g. age, race, sexual orientation, disability, religion or belief, etc.), the FCA has deliberately chosen not to limit NFM by reference to such characteristics, and therefore its NFM and Conduct Rules regime addresses a wider range of misconduct.

NFM considerations for fitness and propriety assessments:

• Helpfully for firms, the FCA is clear that conduct in one’s personal or private life will be beyond the scope of COCON – the FCA is specifically consulting on the guidance it will provide to firms about where to draw the line between personal and professional for COCON purposes, which currently includes a non-exhaustive list of criteria and scenarios.
• Importantly, conduct in one’s personal/private life will still be relevant and in scope for ‘fitness and propriety’ assessment under FIT, and the draft guidance sets out in detail how NFM will form part of that assessment. The FCA is clear that NFM-related issues in personal/private life should be considered for FIT purposes even where the conduct does not amount to a breach of standards that are equivalent to those required under the regulatory system, and/or where there is little risk of that behaviour being repeated in their work environment. While firms would not be expected actively to enquire or probe into employees' personal/private lives, in cases where firms do become aware of information which – if substantiated – would call into question the employee’s fitness and propriety, they should consider whether/what they can do to assess its impact. The FCA explains the link to fitness and propriety on the basis that "willingness to disregard ethical or legal obligations, abuse a position of trust or exploit the vulnerabilities of others" can be indicative of conduct which, if sufficiently serious, could undermine public confidence in the regulatory system and/or the FCA’s statutory objectives.

2. The Consultation: What input is the FCA seeking?

• The FCA is seeking input on the draft Handbook guidance it proposes to include in COCON and FIT (set out in Appendix 2 to the Paper, here). The FCA has left itself the option to decide against including the guidance altogether: “We will only take this guidance forward if there is clear support for us to do so.”
• The new draft guidance is essentially a revised version of the draft guidance that was included in the CP23/20 consultation, which has been amended based on feedback received during that consultation. Key elements include guidance on:

• Timeline: The Consultation is open until 10 September and the FCA aims to set out its regulatory approach by the end of the year. Any Handbook guidance is scheduled to be published by the end of this year, giving firms enough time before 1 September 2026 comes around to update their processes.

Some Observations

Culture

In this Paper, the FCA continues to flag that when they investigate poor market conduct, they often “find cultural failings within firms”. They are focused in on what they see as one of the “clearest warning signs of a failing culture” – behaviour such as bullying and sexual harassment – going unchallenged.

Measuring outcomes and success

While the FCA expects the rule changes to lead to an increase in notifications about conduct rule breaches involving NFM, it is quick to recognise and highlight the nuances of measuring success in changing culture. In particular, the FCA notes that the number of rule breaches “is not in itself a clear indicator of firm culture,” and explains by way of example that (perhaps counterintuitively) a high number of reported incidents may reflect a healthy speak-up culture, while a lower volume may signal the opposite and thus indicative or symptomatic of a problematic culture more broadly.

Next Steps: What to do now

Although the draft guidance remains subject to change, firms should consider whether to engage in the consultation, and also use the COCON rule changes as an opportunity to start preparing for the 1 September 2026 deadline, which – at this early stage – can include:

• Identifying and engaging with internal stakeholders to determine how best to integrate the Conduct Rule changes into existing policies and procedures, and planning key responsibilities and milestones. The COCON changes will likely require updates to a range of existing procedures, including for certification, performance reviews, disciplinary processes, referencing, and breach reporting. This means that it will be important to work with multiple stakeholders from a cross-section of functions (e.g. HR, Legal, Compliance, Risk, and senior management).
• Assessing what communications and training updates may be required for staff, since it will need to cover key areas such as: the expanded scope of the Conduct Rules; the organisation’s values and its policy in relation to NFM; and whistleblowing policy and procedures.
• Assessing your corporate culture. It is also important to start thinking about how you assess culture at your organisation – and no, an employee engagement survey isn’t going to cut it! All too often these are reductive, give firms false confidence, and are not designed with sufficient nuance to allow patterns of behaviour to be determined (and addressed). Instead, think about capturing the stories and lived experiences of your people, looking to spot pockets of behaviour that make people uncomfortable – and doing this before it becomes a legal and regulatory concern.

While the FCA’s NFM rules tackle an important facet of culture, firms need to take a holistic approach to nurturing an overall organisational culture that ultimately drives business success and reduces risk. This not just about policies and procedures; amongst other elements, it’s about how leaders live the values of the organisation, how incentive models drive behaviour, and what stories people tell themselves and others about how the organisation reacts to misconduct of any type, including NFM.

Dealing with NFM and culture is an inherently complex and specialised area.