UK Non-Financial Misconduct Regulation: FCA Publishes New Rules and Consults on Additional Guidance

The FCA has published a combined policy statement and consultation paper (CP25/18) on 2 July 2025 outlining new rules and proposed guidance on non-financial misconduct (NFM) for financial services firms.

The paper sets out amendments to the scope of the Code of Conduct sourcebook (COCON) in the FCA Handbook, while proposing additional guidance to support firms in applying the rules in COCON and the Fit and Proper Test for Employees and Senior Personnel sourcebook (FIT).

The paper builds on the FCA and PRA’s joint consultation in September 2023 (FCA CP23/20, PRA CP18/23) on proposing to expand diversity and inclusion rules. In March 2025, many of these original proposals – such as requiring firms to develop diversity and inclusion strategies, report demographic data, and set representation targets – were dropped. The regulations concluded that a separate regulatory framework would duplicate and overlap with existing and proposed legislation on diversity and inclusion reporting which would be confusing and create an undesirable regulatory burden. At the same time, the FCA reaffirmed its commitment to tackling serious NFM, which includes bullying, harassment, and violence in financial services firms.

This article sets out an overview of (1) the policy statement’s rule changes and (2) the proposed Handbook guidance.

Policy statement

Scope of COCON

Currently, COCON applies widely across banks’ businesses; however, for non-banks, COCON typically applies only to financial activities that fall within the scope of the Senior Managers and Certification Regime (SM&CR).

As an effort to promote consistent application of its rules, the FCA will extend the scope of COCON to apply to non-banking firms in the same way that it does to banks. As a result, serious instances of NFM at any regulated firm will constitute a breach of COCON.

While this new rule only widens the scope of COCON for NFM against colleagues, the FCA maintains that it is possible for other work-related conduct, such as against clients or business contacts, to breach COCON under the existing rules.

Definition of misconduct

The FCA has revised the definition of misconduct in COCON to reflect more closely the definition of harassment under the Equality Act 2010. The new definition captures unwanted conduct that has the purpose or effect of (i) violating a person’s dignity, or (ii) creating for them an intimidating, hostile, degrading, humiliating or offensive environment, as well as behaviour that is violent to another person. 

However, unlike the Equality Act 2010, the new definition is not confined to conduct related to protected characteristics, and the policy statement sets out a reminder that COCON is “distinct” from employment law.

This continued non-alignment with the employment law definition of harassment leaves space for complaints. An employee with less than two years’ service (who is therefore unable to bring a constructive unfair dismissal claim founded on a standalone bullying allegation which is not connected to a protected characteristic) could nevertheless allege that the perpetrator has breached COCON. Whilst this may not give the alleged victim a legal claim with potential compensation, it may still lead to disciplinary and/or regulatory sanctions against the alleged perpetrator and it is likely to give additional weight to grievances, increasing the burden on firms to investigate such allegations fully and as potential NFM.

Timeframe

The policy statement’s updated rules will apply to both banking and non-banking firms from 1 September 2026, and will not apply retrospectively (i.e. for firms which come within the scope of the rules from that date, the rules will not apply to acts occurring before that date).

Proposed Handbook guidance

Determining NFM

In CP25/18, the FCA states that it has updated its previous proposed guidance on COCON in CP23/20 so that it aligns more closely with employment law. For example, the proposed guidance now states that, where firms are determining what amounts to NFM, firms should take account of “all the circumstances of the case”, and “both subjective and objective factors”, in line with section 26(4) of the Equality Act 2010 which provides that conduct amounts to harassment where conduct violates a person’s dignity and it is reasonable for the conduct to have that effect. The proposed guidance also issues examples of non-breaches, such as where the subject of the NFM did not feel that their dignity had been violated, or it was unreasonable to consider the conduct to have had such an effect.

Additional examples

The FCA has provided additional examples of where NFM falls outside of the scope of COCON, such as examples of NFM which takes place in personal life or which relates to non-financial services business. The FCA has also provided examples of reasonable steps that managers should take to protect staff and to provide a safe environment.

Serious misconduct

In response to concerns that the use of the word “serious” is subjective and unclear, the FCA is proposing to add further guidance to FIT on factors for determining seriousness, such as whether the breach involved dishonesty, breach of trust or violence, and the vulnerability of those affected by the breach.

The fit and proper test

The proposed guidance sets out in more detail how NFM forms part of the “fit and proper test” in FIT. 

The guidance confirms that conduct in a person’s personal life is potentially relevant to an assessment of fitness and propriety. Two examples given are dishonesty and lack of integrity, and violence or sexual misconduct which may show that there is a risk of similar misconduct in relation to customers of the firm or other staff. It also goes on to state that repeated breaches of otherwise irrelevant standards or requirements may raise doubts as to whether the individual will follow the requirements of the regulatory system. For example, a minor driving offence will not normally be relevant to fitness and propriety but frequently repeated such offences may be.

It states that firms assessing whether a wrongdoing in private life has taken place should rely on formal findings (such as criminal convictions or court rulings), such that firms are not expected to monitor employees’ private lives to identify things relevant to their fitness.

However, the proposed guidance also states that, where a firm becomes aware of information about an individual’s private life that would (if substantiated) call into question their fitness and propriety, the firm should consider the steps that it can reasonably take to assess the possible impact. This might include, for example, asking for an explanation from the relevant member of staff.

Social media

The FCA also clarifies its approach to NFM on social media. It proposes guidance stating that social media activity will be relevant to a person’s fitness and propriety to the extent that the activity indicates a “real risk” that the person will breach regulatory requirements. Examples include threats of violence or clear involvement in criminal activity.

Next Steps

Comments can be made on the proposed Handbook guidance in CP25/18 here until 10 September 2025. The FCA intends to review the feedback and set out its final approach before the end of 2025.

Michael Popp, Trainee Solicitor, assisted in the preparation of this briefing.