The FCA’s Long-Awaited Rules on Non-Financial Misconduct Are Finally Here

On 2 July 2025, the FCA published its long-trailed final rules on non-financial misconduct (NFM) in Consultation Paper CP25/18 (the “Paper”). The measures confirm a long-debated point: misconduct that goes beyond financial wrongdoing—such as bullying, harassment, or violence—will now be explicitly treated as a regulatory breach.

The Paper contains:

• A Policy Statement extending the FCA’s Code of Conduct (COCON) rules to non-bank firms from 1 September 2026; and

• A simultaneous consultation on new guidance to help firms apply COCON and the Fit and Proper Test for Employees and Senior Personnel (FIT) in relation to NFM. The consultation closes on 10 September 2025.

In short, the FCA has decided to draw a harder line:

• From September 2026, serious bullying, harassment or violence will be conduct rule breaches.

• A far broader population of individuals in financial services will fall under NFM enforcement scope.

Who Will This Impact?

The new rules apply to all FCA-regulated firms with Part 4A permissions and all staff who are subject to COCON.

For the 37,000 non-banks (including asset managers), the changes are particularly significant. The FCA is aligning the COCON regime for non-banks with that of banks, removing a longstanding disparity. As a result, NFM rules will apply equally across the sector from September 2026. Importantly, the rules do not apply retrospectively.

Why Now? A Quick Look Back

This isn’t new territory.

• 2021: The FCA floated ideas in Discussion Paper DP21/2.

• 2023: Consultation CP23/20 proposed new frameworks for diversity & inclusion (D&I) and NFM.

• 2024: The FCA ran its first ever NFM data collection from 1,028 firms.

But criticism persisted: regulators were moving too slowly while cases of misconduct were mounting. Notably, the FCA has now dropped its formal D&I proposals, citing feedback and legislative overlaps, and instead focused on NFM.

The result? A more pragmatic, but still substantial, change in direction.

What Do the New Rules Actually Do?

1. Level Playing Field for Banks and Non-Banks

• Until now, COCON in non-banks only applied to regulated activities. For banks, it applied across all functions.

• From September 2026, COCON will apply in non-banks to any functions relating to the firm’s activities—not just regulated ones.

• There’s a carve-out for firms with clearly separated SMCR and non-SMCR businesses, but this is expected to have limited practical use.

2. Explicitly Bringing NFM into Scope

• NFM is now clearly written into COCON.

• Any unwanted conduct towards colleagues—defined broadly to include employees, contractors, and group company staff—may constitute a breach if it involves violence, or if it violates dignity or creates an intimidating, hostile, degrading, humiliating, or offensive environment.

• The FCA makes clear: NFM can amount to a breach of COCON in any firm.

3. Wider than Employment Law

• Employment law links harassment to “protected characteristics” (age, race, sex, religion, etc.).

• The FCA goes further—NFM covers misconduct regardless of characteristics. This is a deliberate widening of scope.

4. Fitness and Propriety (FIT) Still Extends Beyond the Workplace

• COCON won’t cover personal life conduct.

• But FIT does: private-life misconduct may still render an individual unfit, especially where behaviour suggests disregard of ethical obligations or abuse of trust.

The Ongoing Consultation

The FCA is seeking feedback on proposed Handbook guidance to clarify:

• How firms should apply COCON to NFM incidents.

• How personal/private life conduct should be considered in FIT assessments.

The consultation closes 10 September 2025. Final guidance is expected by year-end.

Cultural Signals

The FCA continues to frame NFM as a cultural risk issue. Poor behaviour left unchallenged is viewed as “one of the clearest warning signs of a failing culture.”

Interestingly, the FCA cautions against misreading data:

• High volumes of NFM reports could indicate a healthy speak-up culture.

• Low volumes could mean under-reporting and weak culture.

What Should Firms Do Now?

With the 1 September 2026 deadline still more than a year away, firms have breathing space. But preparation should start early.

Practical steps include:

1. Engage stakeholders across HR, Legal, Compliance, Risk, and senior management to plan responsibilities and milestones.

2. Update policies and processes—certification, performance reviews, disciplinary measures, regulatory references, and breach reporting will all be affected.

3. Revise training and communications to explain:

   • the expanded scope of Conduct Rules,

   • the firm’s stance on NFM, and

   • how to raise concerns safely.

4. Re-assess corporate culture. Move beyond engagement surveys—capture lived experiences, stories, and early warning signs before they escalate into legal or regulatory issues.

5. Consider responding to the consultation. This is a rare opportunity to influence the FCA’s final guidance.

   
   

Final Thoughts

The FCA’s latest Paper is less ambitious than its 2023 proposals, but it is still a watershed moment for the UK financial services sector.

By explicitly embedding non-financial misconduct into the regulatory framework, the FCA is underscoring a simple truth: misconduct of any kind erodes trust, damages culture, and undermines market integrity.

For firms, the message is clear—start preparing now. The countdown to September 2026 has begun.