The Financial Conduct Authority (FCA) has now published its (long-awaited) update on non-financial misconduct (NFM). The draft rules and guidance are intended to help regulated firms address the risks arising from NFM, whether arising in work or in an employee's private life.
The FCA has stated that addressing NFM is a core mechanism to tackle cultural failure within firms. It states: "Failure to tackle toxic behaviours drives away good people, prevents staff from speaking up and undermines performance. It damages growth and enables financial misconduct".
What are the significant changes?
1. Expanding the scope of the Code of Conduct (COCON).
COCON comprises the FCA's rules regarding individual conduct within regulated firms. In these finalised changes, the FCA has made clear that issues of bullying, harassment and similar behaviour between staff may be a breach of COCON by both the perpetrator and a senior manager who fails to prevent it. It also introduces, and aligns, the benchmark for this conduct with relevant employment legislation – mirroring part of the Equality Act 2010's definition of harassment but also explicitly flagging violent behaviour.
The associated guidance supports firms in determining the boundary between work and private life and when NFM is within scope of COCON. Consideration is given to NFM in the context of social events, industry events and even social media use.
2. Fit and Proper test for Employees and Senior Personnel (FIT)
Regulated firms must also assess the fitness and propriety of certain employees, particularly senior managers and certification function holders. This assessment is conducted in accordance with FIT.
The draft amendments to FIT clarify how firms (and the FCA) should approach NFM in an employee's private life including in relation to criminal behaviour, online behaviour or other behaviour which may damage confidence in the financial services sector. Firms are not expected to monitor employees' private lives but are expected to handle appropriately information that comes to their attention.
Don't miss a thing, subscribe today!
Stay up to date by subscribing to the latest Employment, Pensions, Immigration and Compliance insights from the experts at Fieldfisher.
Subscribe nowWhat are the timings?
The new rules and guidance will apply from 1 September 2026. A consultation on the drafts is open for responses until 10 September 2025, with the FCA intending to set out their final approach before the end of 2025.
How should firms now determine whether conduct constitutes NFM according to COCON?
Serious instances of conduct between staff which has the purpose or effect of violating the dignity of the victim (or of creating an intimidating, hostile, degrading, humiliating or offensive environment for the victim, or is violent) is within scope. This is unless the conduct takes place in the perpetrator's personal life – it may still be caught by FIT even so. Conduct at industry events, certain social events (such as post-work event after parties) and between employees on social media are all potentially within scope. A manager may breach COCON by failing to take reasonable steps to intervene.
Our previous experience with FCA-regulated firms: how might the new rules and guidance have been applied?
A regulated business employed a senior manager who was accused of a course of inappropriate conduct both on and off-site, including during business travel and via text message. Our view is that the new guidance clarifies such conduct is within an individual's professional life, breaches COCON and falls to be notified to the FCA and included in a regulatory reference.
A more nuanced example arose in another case involving allegations of discrimination and bullying at the office. COCON now provides guidance on how to assess the seriousness of the conduct and requires a firm to take a holistic approach: one size does not fit all.
What else is there to consider when dealing with such issues?
A lot of the attention around the draft consultation is given to high-level issues and its broader significance. Without downplaying these, we believe that regulated firms need to understand the key issues: what is a breach; what are firms required to tell the regulator and when; what should firms include in a regulatory reference? Our view is firmly that the proposed changes would materially impact on the judgments firms must make at every stage of the process.
Is there now more certainty when defining NFM?
The additional clarity brought by the new guidance is welcome, but it has in turn spelled out the complexity and finely-balanced nature of the considerations now faced by HR, compliance and in-house legal functions contemplating allegations of NFM by or involving staff.
We recommend firms begin reviewing their current HR, compliance and regulatory frameworks and processes in light of the draft guidance. If you need support in making these changes and addressing issues relevant to COCON and FIT when they arise, please contact Tom Saville or Sam Clyndes.