New rules on non-financial misconduct: what firms need to know

On 2 July, the FCA published its long-awaited Consultation Paper CP25/18 and Policy Paper on tackling non-financial misconduct (NFM). The paper:

• amends the Code of Conduct sourcebook (COCON) with new rules and guidance that will come into effect on 1 September 2026; and
• proposes new Handbook guidance in COCON and the Fit and Propriety Test for Employees and Senior Personnel sourcebook (FIT) on how firms should apply the new COCON rules so that they are applied consistently. The consultation closes for response on 10 September 2025.

The changes are being made by the FCA to address poor culture in financial services firms and to ensure that NFM, including bullying and harassment, does not go unchallenged.

Background

In September 2023, the PRA and FCA published consultation papers on diversity and inclusion in the financial sector (see our briefing here), building on a discussion paper they had published in July 2021 (see our briefing here). The proposals fell into two groups: amending rules relating to conduct and fitness and propriety to include NFM, and requirements on firms relating to diversity and inclusion (D&I) data reporting, strategies and targets.

Further to substantial concern from both MPs and industry, the FCA and PRA decided in March 2025 to withdraw the latter set of proposals relating to D&I, with the FCA noting that some of its proposed measures relating to D&I had been superseded by employment legislation (such as the proposed Equality (Race and Disability) Bill, see our briefing here), and the new duty on employers to prevent sexual harassment (see our recent briefing here) and industry initiatives.

The proposed amendments to COCON

The key change is the amendment to the scope of COCON, effective from 1 September 2026, which aims to more closely align the rules between banks and non-banks and bring more incidents into the scope of COCON.

Currently, for non-bank firms, COCON applies primarily only to conduct which is part of the SMCR firm’s financial activities (regulated activities or an activity carried out in connection to a regulated activity). For bank firms, the conduct rules apply to an individual’s conduct in relation to the activities of the firm of which they are an employee or a senior manager. They do not relate to a person’s actions in their private life if those actions are unrelated to the firm’s activities.

The proposed change, which is principally found in new COCON 1.1.7F, provides that NFM as defined in the rule (discussed below) when carried out towards a colleague is a matter for regulatory concern.

The draft rules go on to provide at COCON 1.1.7F(5) that if a firm carries on business – some of which involves financial activities and some of which does not – conduct is not within the scope of this new rule if it only relates to a business of the firm that does not involve SMCR financial activities. The FCA has proposed guidance to clarify this limitation (discussed more widely below). The draft guidance includes an example in the context of HR of how the new rule would apply depending on how the business of the firm is set up.    

If the firm’s HR function covers the firm’s entire workforce, without separating the parts that deal with the firm’s financial services business and its other business, the FCA guidance states that the activities of someone working in that function are within the scope of COCON. On the other hand, where the firm separates the part of its HR function that deals with those working in its financial services business from the part that deals with the other part of its business. In that case, the conduct of staff within the part of the human resources function that only covers the firm’s non-financial services business may be outside the scope of COCON.

The FCA has also made it clear that conduct in the private or personal life of staff is not relevant to COCON (but may still be relevant to fitness and propriety) and is consulting on guidance, in the form of a table at COCON 1.3.7G, setting out the types of conduct that might generally fall within the scope of NFM under COCON.

The rules will not apply retrospectively, so do not apply to historic NFM. 

Firms will need to consider carefully whether they would need to disclose allegations of NFM in a regulatory reference and should refer to the existing guidance in the Handbook as to what matters to include. This is likely to be a contentious area, as the FCA notes that some NFM may not be appropriate to disclose in a regulatory reference but may need to be disclosed in an SMF application. 

What is NFM?

The FCA considers NFM to be serious misconduct, and the new rules capture behaviour such as bullying, harassment and violence when carried out by a member of (in scope) staff against one of the specified individuals where the conduct has the purpose or effect of:

• violating the dignity of another person;
• creating an intimidating, hostile, degrading, humiliating or offensive environment for another person;
• conduct that is violent to another person.

The new rule in COCON specifies that such conduct must be serious. Concerns were raised during the consultation about the subjectivity of this term, and so in its draft guidance in COCON (see below), the FCA has provided factors that it will take into account when deciding if misconduct is serious enough to amount to a breach of COCON, including the duration of the conduct, whether it is repeated, and the seniority of the person committing the misconduct (paragraph 4.1.8E).

During the earlier consultation, concerns were raised that the proposals relating to harassment diverged from the definition of harassment in employment law, and that terms such as ‘offensive’ were used which are not defined in law. The FCA has taken on board this criticism and has aligned its guidance more closely with employment law, but has not limited its rules to conduct relating to a protected characteristic.

Although the new rules widen the scope of COCON in non-banks only for NFM against colleagues, the FCA notes in its feedback that it is possible for other work-related conduct to breach COCON under the existing scope rules. For example, this could include misconduct towards clients and business contacts.

FCA Guidance

The FCA is also consulting on proposals to add new guidance to COCON and assessing fitness and propriety under FIT. This guidance is relevant to banks and non-bank firms.   

The guidance is intended to make it easier for SM&CR firms to:

• interpret and apply the conduct rules in a consistent way, and
• clarify statutory and FCA requirements for fitness and propriety, including relating to misconduct in the private lives of members of staff.

The guidance is a revised version of the draft consulted on in the 2023 CP. The consultation on the guidance is open for 10 weeks, closing on 10 September 2025. 

The proposed guidance includes the factors that a firm should consider when assessing whether conduct would be within the scope of COCON as well as specific guidance on examples that might breach specific conduct rules.

For example, the consultation proposes to extend the guidance on Conduct Rule 1, which covers acting with integrity, so that it expressly includes subjecting a fellow member of the workforce to detriment for being open and co-operative with the regulators under rule 3 COCON 2.1 or rule SC4 in COCON 2.2 or using the firm’s whistleblowing procedures. 

When assessing whether an individual has breached this Conduct Rule, the firm must consider whether, as well as finding that the individual was personally culpable for their actions, the conduct is also within scope of COCON. If it is, the firm must then consider the factors that would indicate that the individual has not acted with integrity. 

Helpfully, the FCA has also proposed guidance in FIT, which firms can use to assess whether a breach under COCON is sufficiently grave as to warrant the individual not being fit and proper. Whilst COCON is generally limited to conduct related to the firm’s activities, this is not so when assessing fitness and propriety, and proposed new guidance in FIT addresses when a firm should consider behaviour in an individual’s private or personal life for this purpose. We consider that this should be a useful starting point for firms when navigating these issues.

What proposals have the FCA dropped?

 As noted above, the PRA and FCA decided not to proceed with some of their proposals relating to D&I earlier this year.

The FCA has also decided not to take forward its proposed amendments to its guidance on the Suitability Threshold Condition in the COND sourcebook relating to discriminatory practices in firms and whether these were relevant to its assessment of their suitability to undertake regulated activities.

The FCA has also decided not to update the guidance around regulatory references in SYSC as it considers the rules and guidance relating to regulatory references in SYSC 22 are already sufficiently clear.

Key takeaways

Despite stepping back on its D&I proposals, the Policy Statement represents a significant regulatory shift, reinforcing its commitment to tackling NFM. By seeking greater alignment of expectations for banks and non-bank firms, the FCA makes clear that personal behaviour, even when not directly linked to financial misconduct, can impact fitness and propriety assessments, regulatory references and reporting obligations. This development underscores the FCA’s broader strategy to secure cultural change and enhance trust in the financial sector.  

It seems likely that once its new rules are in place in September 2026, the FCA will take a renewed interest in this area and will be looking to ensure that firms are taking effective action when there are instances of NFM. For firms, the implications are both cultural and operational. Senior management will need to ensure that internal policies, training and disciplinary procedures have been updated to reflect the new rules and are sufficiently robust to detect, address and report relevant NFM. Specifically, policies should clearly define unacceptable behaviours and the consequences of breaches. This is likely to involve a review of governance frameworks, whistleblowing mechanisms, and HR practices to ensure alignment with regulatory expectations and that allegations of NFM are investigated fairly and consistently.

In the meantime, the FCA is seeking feedback on whether its proposed guidance will assist firms to understand and prepare for the new rules. Given the complexity of assessing NFM, particularly where conduct may fall outside the scope of the Equality Act 2010, the consultation process offers a valuable opportunity for firms to shape any final guidance and clarify areas of potential uncertainty.

This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.

© Farrer & Co LLP, July 2025