The UK’s Financial Conduct Authority (FCA) has released its Consultation Paper and Policy Statement (CP25/18) addressing non-financial misconduct (NFM) within the financial services sector.
Effective from September 1, 2026, these new rules extend the FCA’s Code of Conduct (COCON) to non-banking firms, aligning their regulatory obligations with those of banks and embedding NFM—such as bullying, harassment, and violence—into the regulatory framework.
The cornerstone of CP25/18 is the expansion of COCON to cover serious NFM in non-banking firms, such as financial advisors, asset managers, and fintechs, affecting approximately 37,000 additional firms.
As explained in a blog post by Steeleye, the FCA defines serious NFM as behaviors including bullying, harassment, and violence against colleagues, aligning closely with the Equality Act 2010’s definition of harassment, which emphasizes conduct that violates dignity or creates an intimidating environment.
This alignment aims to streamline interpretation by linking regulatory expectations to established legal standards.
From September 2026, substantiated cases of serious NFM will need to be reported through regulatory references, mirroring existing protocols for financial misconduct.
This measure targets “rolling bad apples”—individuals who evade consequences by moving between firms—by ensuring transparency in their conduct history.
The FCA emphasizes that firms must notify staff about these rules and ensure they understand their application, reinforcing accountability across all levels.
The FCA is also consulting on new Handbook guidance, open until September 10, 2025, to clarify how firms should apply COCON and assess fitness and propriety under the Fit and Proper (FIT) test.
Proposed guidance includes scenarios distinguishing workplace and personal conduct, examples of when NFM falls outside COCON’s scope, and factors determining the seriousness of misconduct.
For instance, misconduct at a firm-organized event would fall under COCON, but personal events typically would not, unless they impact an individual’s fitness for a regulated role.
This guidance aims to promote consistency while acknowledging the subjective nature of NFM assessments.
Following feedback from its 2023 consultation (CP23/20), the FCA has scaled back some proposals.
Notably, it has dropped planned changes to the Threshold Conditions and specific NFM guidance for regulatory references in the Senior Management Arrangements, Systems and Controls (SYSC) sourcebook, deeming existing rules sufficient.
Additionally, the updates from Steeleye pointed out that the FCA abandoned broader diversity and inclusion proposals from 2023, focusing solely on NFM.
The regulator also clarified that not all misconduct warranting internal disciplinary action will constitute a COCON breach, emphasizing that only deliberate or reckless behavior breaches Conduct Rule 1 (integrity), while other serious NFM may fall under Rule 2 (due skill, care, and diligence).
The FCA’s decision to rely on formal findings for assessing personal-life misconduct in FIT evaluations reflects a cautious approach, addressing concerns about overreach into private matters.
This adjustment responds to stakeholder feedback highlighting potential conflicts with employment and equality laws.
The FCA’s revised cost estimate, over 75% lower than initially projected, offers financial relief, allowing firms to reallocate compliance budgets.