The Financial Conduct Authority (“FCA”) and Prudential Regulation Authority (“PRA”) (together, the “Regulators”) have issued consultation papers setting out draft rules to implement diversity and inclusion (“D&I”) reporting and disclosure requirements, amongst other things. The Regulators have collaborated on the draft rules to ensure consistent application to dual regulated firms.

Summary of proposals

The Regulators propose to require certain regulated firms to:

  1. report their average number of employees on an annual basis;
  2. collect, report and disclose certain D&I data;
  3. establish, implement and maintain a D&I strategy;
  4. determine and set appropriate diversity targets; and
  5. embed D&I as a non-financial risk in staff fitness and propriety assessments, conduct rules and governance structures, amongst other things.

The rules will be finalised in 2024 and reporting obligations will begin from twelve months after the publication of the final rules.  The reporting window will be a period of  three months from the reporting reference date. For example, if the final rules were published on 1 March 2024, the first reporting reference date would be 1 March 2025 and firms would have until 2 June 2025 to report their D&I data to the Regulators.

Why are the Regulators consulting on D&I?

For those who have questioned whether diversity and inclusion is a legitimate policy matter for financial Regulators, the FCA has stated the following: “[w]e have been clear that diversity and inclusion are regulatory concerns…We consider that greater diversity and more inclusion can improve outcomes for consumers and markets by reducing groupthink, supporting healthy work cultures, unlocking diverse talent and improving understanding of and provision for diverse consumer needs.” The PRA has concluded that a “...wider range of perspectives is likely to lead to a better understanding of the risks facing a firm and more effective and prudent decision making.”

Who is in scope of the proposed rules and how do they apply to UK based employees of overseas firms?

  1. The proposals apply to firms with a Part 4A FSMA permission (banks, insurers,  and funds) (“FSMA Firms”).  The full set of proposals will apply to the larger firms (those with over 250 employees) (“Large FSMA Firms”), while smaller firms (with 250 or fewer employees) (“Small FSMA Firms”) are subject to a less onerous regulatory regime.
  2. The proposals apply principally (with limited exclusions) only to employees that carry out their activities predominantly in the UK. For overseas firms (e.g. non-UK headquartered firms with a branch or subsidiary in the UK), the proposals apply only to activities of that branch or subsidiary that are carried out from “an establishment in the UK”.
  3. Non-part 4A FSMA firms (e.g. credit rating agencies, certain payment services institutions and certain e-money firms) are out of scope of these requirements. The FCA has stated that it may consult on equivalent rules for these firms at a later date.  For now, the FCA provides that it will “encourage firms to consider whether voluntarily adopting this new framework may be beneficial”.
  4. Certain proposals also apply to dual-regulated (PRA and FCA) CRR and Solvency II firms (principally banks and insurers) of any size.

What rules have been proposed and how do they apply to in-scope firms?

Policy Summary of Policy In-scope firms
Non-financial misconduct

Fitness and Propriety

  1. The Regulators propose to provide guidance on how non-financial misconduct forms part of the fit and proper test for the Employees and Senior Personnel (FIT) section of the FCA Handbook.
  2. The Regulators propose to explain that bullying and similar misconduct within the workplace is relevant to fitness and propriety and that similarly serious behaviour in a person's personal or private life is also relevant. In addition, they propose giving examples of non-financial misconduct, such as sexual or racially motivated offences.

Conduct Rules

  1. Currently the scope of the FCA conduct rules is restricted (except in the case of banks) to regulated activities, other so-called SM&CR financial activities and certain types of misconduct that could have serious effects. 
  2. The Regulators propose to expand the scope of the conduct rules to make clear that it covers serious instances of bullying, harassment and similar behaviour towards fellow employees and employees of group companies and contractors.
  3. Examples of conduct which will breach the rules include: (i) unreasonable conduct causing serious alarm or distress (ii) abuse of powers in a way that undermines or injures (iii) intimidating or violent conduct and (iv) seriously offensive, malicious or insulting conduct.

Authorisation/Licencing in the UK

  1. The Regulators propose expanding the suitability criteria for authorisation assessments.
  2. The Regulators propose to include consideration for offences relating to a person or group's demographic characteristics (such as sexual or racially motivated offences) and tribunal or court findings that the firm, or someone connected with the firm (such as a director), has engaged in discriminatory practices.
All FSMA Firms
Data Reporting: average employee numbers
  1. The Regulators propose that all FSMA Firms (excluding Limited Scope SM&CR firms) are required to report their average number of employees using the same single data return on the existing RegData platform.
  2. The definition of employee under the FCA Handbook is broad and could include secondees and certain contract workers.
All FSMA Firms (excluding Limited Scope SM&CR firms)
D&I Strategies
  1. Firms in scope must develop an evidence-based D&I strategy that takes account of their current progress on diversity and inclusion.
  2. The D&I strategy will contain, as a minimum: (i) the firm's D&I objectives and goals (ii) a plan for meeting those objectives and goals and measuring progress (iii) a summary of the arrangements in place to identify and manage any obstacles to meeting the objectives and goals (iv) ways to ensure adequate knowledge of the D&I strategy amongst staff.
  3. A firm's board would be responsible for the maintenance and oversight of the firm's D&I strategy.
  4. The D&I strategy must be freely accessible on the firm's website.
Dual regulated (PRA and FCA) CRR and Solvency II firms (principally banks and insurers) of any size and Large FSMA Firms (excluding Limited Scope SM&CR firms)
Data Disclosure
  1. Large FSMA Firms must annually collect and report to the Regulators in numerical figures, data across a range of demographic characteristics (see further detail in section 5 below).
  2. The data collected must then be disclosed publicly, except in percentage form rather than numbers.

Large FSMA Firms

(excluding Limited Scope SM&CR firms)


Target Setting
  1. Large FSMA Firms will be required to set targets to address underrepresentation in their firms.
  2. The Regulators would normally expect firms to set at least one target for each of the board, its senior leadership, and the employee population as a whole (which includes the board and senior leadership). Boards and senior leadership based overseas are excluded.
  3. The Regulators propose that firms publicly disclose their targets and their progress towards them annually.
Risk and Governance
  1. New guidance will be issued for Large FSMA Firms to make clear that matters relating to D&I are to be considered as a non-financial risk and treated appropriately within the firm's governance and risk structures.
  2. The Regulators have stated that it is essential that D&I is not seen as a ‘tick box' compliance issue.
  3. The Regulators want to give firms significant flexibility to implement this proposal in a way that is aligned with their internal governance structures. Therefore, the Regulators are not proposing to prescribe how firms consider these risks.

What information must Large FSMA Firms report on their D&I targets?

Large FSMA Firms will publish on an annual basis their targets along with progress toward achieving them with the following data broken down at each level of board, leadership, and general employees:

  1. demographic breakdown for targets (and inclusion targets, if any);
  2. percentage progress achieved;
  3. year target was set;
  4. anticipated year of achievement;
  5. firm's current level of representation of each target (%); and
  6. rationale for targets.

What information must Large FSMA Firms report on the demographic breakdown of their workforce?

The FCA and PRA expect Large FSMA Firms to deliver an annual aggregated disclosure report based on the data that firms report to the FCA covering the following metrics (at board, senior leadership and employee levels):

Mandatory disclosures Voluntary disclosures
1. Age 1. Sex and Gender

2. Sex or Gender (firms are required to report on either Sex or Gender. Firms may choose to report on both Sex and Gender on a voluntary basis.)

2. Gender identity
3. Disability or long term health condition(s)  3. Socio-economic background
4. Ethnicity 4. Parental responsibilities
5. Religion 5. Carer responsibilities
6. Sexual Orientation  

Employees can choose  (or indicate that they prefer) not to provide information on any of the above categories.

On inclusion, the Regulators propose that Large FSMA Firms report annually on the following measures based on whether employees consider:

  1. They are safe to speak up if they observe any inappropriate behaviour or misconduct;
  2. They are safe to express disagreement with or challenge the dominant opinion or decision without fear of negative consequences;
  3. Their contributions are valued and meaningfully considered;
  4. They are subject to treatment (for example actions or remarks) that had made them feel insulted or badly treated because of their personal characteristics;
  5. They are safe to make an honest mistake; and
  6. That their manager cultivates an inclusive environment at work.

This data should be reported on a five-point scale of strongly agree to strongly disagree, including a neutral option.

Visit us at

Mayer Brown is a global services provider comprising associated legal practices that are separate entities, including Mayer Brown LLP (Illinois, USA), Mayer Brown International LLP (England & Wales), Mayer Brown (a Hong Kong partnership) and Tauil & Chequer Advogados (a Brazilian law partnership) and non-legal service providers, which provide consultancy services (collectively, the "Mayer Brown Practices"). The Mayer Brown Practices are established in various jurisdictions and may be a legal person or a partnership. PK Wong & Nair LLC ("PKWN") is the constituent Singapore law practice of our licensed joint law venture in Singapore, Mayer Brown PK Wong & Nair Pte. Ltd. Details of the individual Mayer Brown Practices and PKWN can be found in the Legal Notices section of our website. "Mayer Brown" and the Mayer Brown logo are the trademarks of Mayer Brown.

© Copyright 2023. The Mayer Brown Practices. All rights reserved.

This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.