The FCA has issued CP25/18: Tackling non-financial misconduct in financial services which starts the process of formalising non-financial misconduct in its rules.
WHAT IS IN CP25/18?
- A new rule for non-banks that misconduct such as bullying, harassment and violence is an FCA conduct issue in a broader range of circumstances. This is a final rule and will come into force on 1 September 2026.
- A consultation on proposed guidance on non-financial misconduct as an FCA conduct rule breach as well as guidance on the incorporation of non-financial misconduct into fit and proper assessments. The consultation closes on 10 September 2025.
This will be relevant to FCA-authorised firms and some aspects will also be relevant to PRA-regulated firms. The new rules are not relevant to payment service providers, e-money firms or financial market infrastructures unless they also have an additional Part 4A permission.
The FCA has had non-financial misconduct on its radar for a number of years including in its enforcement action against certain individuals. In September 2023 it consulted on an ambitious package of measures including new rules on non-financial misconduct and diversity and inclusion.
Since then the FCA has shown that it has been carefully listening to feedback from industry participants. Following significant criticism, the proposals on diversity and inclusion were quietly dropped in March 2025. The FCA is, however, continuing with its work on non-financial misconduct although it has pared back some of its original proposals. Notably the FCA is not taking forward its proposals for guidance on Suitability under the FCA's Threshold Conditions and the giving of regulatory references. Interestingly, the FCA has also said that it will "only proceed with the guidance if there is clear support for it".
We discuss the new non-financial misconduct rule and proposals in more detail below.
1 Changes to the FCA's Conduct Rules
New rule in COCON
Under a new rule in COCON, misconduct such as bullying, harassment and violence will be an FCA conduct issue in a broader range of circumstances. This includes where a member of a firm's conduct rules staff engages in conduct in relation to another person working for the firm which is unwanted and:
- has the purpose or effect of violating that other person's dignity;
- has the purpose or effect of creating an intimidating, hostile, degrading, humiliating or offensive environment for that other person; or
- is violent to the other person.
The definition of misconduct closely aligns with the definition of harassment in the Equality Act 2010 - which HR/People professionals will be familiar with – but is also broad enough to encompass more general bullying.
Misconduct is not limited to behaviour involving direct colleagues but is drawn more widely and also includes, for example, behaviour towards individuals who provide services to the firm or a member of its group.
This change will come into effect on 1 September 2026. The FCA states in the consultation paper that it is not intended to apply retrospectively and therefore firms are not expected to revisit any previous analysis of conduct rule breaches. It is, however, less clear how past behaviour which only comes to light once the rule is in force would need to be treated.
New guidance on non-financial misconduct
The FCA is also proposing further guidance on non-financial misconduct in COCON which, if adopted, would be expected to come into force at the same time. This guidance will be very important in interpreting how the rule will operate in practice as it is otherwise quite abstract and not, for example, explicitly limited to serious harassment.
In essence, the draft guidance proposes the following:
- Serious non-financial misconduct which relates to the firm's activities (both regulated and unregulated) and not solely to the staff member's private or personal life could potentially be a breach of Individual Conduct Rule 1 (You must act with integrity). The distinction between work and private life and the question of whether something is serious will require some judgement calls by firms.
- For managers, failing to prevent harassment and other kinds of misconduct could potentially be a breach of Individual Conduct Rule 2 (You must act with due skill, care and diligence - Acting with due skill, etc as a manager). This would be relevant both to the manager of the perpetrator as well as the manager of the victim and, if adopted, is likely to be a significant concern for staff in a managerial position.
The draft guidance also includes factors to consider when assessing non-financial misconduct and whether it is a breach of COCON. This includes examples of the boundary between work and private life and factors pointing towards conduct being serious.
The new rules would not apply to overseas firms but certain non-UK staff who perform roles in FCA-authorised firms (or PRA-regulated firms) may be in scope in certain circumstances. This would potentially include staff performing senior management functions or certified material risk takers who are based outside the UK as well as (on more limited basis) non-UK conduct rules staff of UK firms.
2 Changes to fit and proper assessments
Under the proposed guidance, non-financial misconduct would need to be considered as part of the fit and proper assessment which firms are required to carry out in respect of senior managers and certified staff such as material risk takers and heads of significant business units.
Notably, the scope of conduct would be broader for fit and proper assessments than for considering COCON breaches. For example, behaviour in the individual's private life would be in scope and behaviour would be relevant wherever in the world it occurs.
The key test for assessing whether a person is fit and proper would be whether the individual meets the requirements of the regulatory system. Therefore, breaches of the regulatory system (both inside and outside work would be relevant). However, an assessment would be made on a case-by-case basis and not all misconduct would result in the relevant person being considered not to be fit and proper. Relevant factors might include the seriousness of the breach; whether the breach involved dishonesty, breach of trust or violence; evidence of rehabilitation, and whether the breach was repeated or part of a pattern.
As regards breaches in a person's private or personal life, under the proposed guidance, a key point for firms would be whether the behaviour would suggest that a person is not fit and proper if the behaviour were repeated in the workplace. For example, behaviour involving dishonesty and a lack of integrity. Similarly, violence or sexual misconduct could show that there is a risk of similar misconduct in relation to colleagues, customers or counterparties and repeated minor breaches could suggest a general disregard for regulatory requirements. Even if there is no real risk of the conduct in question being repeated in the workplace, it could be relevant to fitness and propriety if it suggests a willingness to disregard ethical or legal obligations; abuse a position of trust; or exploit the vulnerabilities of others.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
