FCA broadens remit of Non-Financial Misconduct rules

In this article we look at the extension of rules on Non-Financial Misconduct to non-banking firms in the financial services sector.

This has been looming on the horizon since the Financial Conduct Authority (FCA) Consultation in 2023 and is aligned with the FCA Strategy 2025 to 2030 aiming to raise standards, increase accountability and build trust in financial services. On 2 July 2025, the FCA published its Policy Statement on the amendment of the Code of Conduct rules, covering Non-Financial Misconduct.

Whilst banks will already be familiar with the concept, it’s now the turn of the 37,000 or so non-bank regulated firms subject to the Senior Manager & Certification Regime (SMCR) to ensure that they appropriately manage incidents of Non-Financial Misconduct. From 1 September 2026, these firms will be subject to the same rules as banks, meaning that incidents of serious bullying, harassment and violence will need to be reported to the regulator from that date.  

The FCA sees this as important to deter wrongdoing that can harm individuals and contribute to an unhealthy workplace culture. For the FCA, it follows that a poor workplace culture; one that it describes as including a failure to tackle “toxic" behaviours, can facilitate further wrongdoing and regulatory breaches that result in consumer harm and damage to market integrity.  

Consultation on FCA Guidance

The FCA has also published proposals for new FCA Handbook guidance on Non-Financial Misconduct. This aims to make it easier for SMCR firms to interpret and consistently apply the FCA Code of Conduct (COCON) rules, and to clarify statutory and FCA requirements in respect of fitness and propriety. The FCA is conducting a 10-week consultation until 10 September 2025 on the draft guidance and plans to set out its final regulatory approach by the end of the year.

Who is covered? 

Any employee at an SMCR firm who is already covered by COCON will be covered. As a reminder, this includes Senior Managers, Certified Staff and all other of the firm’s employees and directors (save for the exhaustive list of ancillary staff identified by the FCA such as receptionists, post room staff, IT support and data controllers/processors). 

What has to be reported? 

SMCR firms are already required to report disciplinary action flowing from a breach of COCON to the FCA; and serious bullying, harassment and violence against a colleague in the workplace or in the course of employment would already be an HR issue for any employer.

With the extension of the rules on Non-Financial Misconduct, all SMCR firms will now also need to report disciplinary action (defined as written warning, suspension, deduction or recovery of remuneration or dismissal) to the FCA, if the action is as a result of unwanted bullying, harassment or violence towards a colleague, where the individual is ‘personally culpable’. 

Essentially, any ambiguity on whether in principle, disciplinary action in respect of Non-Financial Misconduct is reportable for all SMCR firms has been addressed.

What's not covered? 

The draft FCA Handbook text rather counterintuitively states that the behaviour will not be a reportable COCON breach if the employee thought that:

• there was a good and proper reason for their serious bullying, harassment or violence,
• the effect of the conduct was proportionate to the intended aim, or 
• if they did not intend to have a negative impact on their colleague and they were not ‘reckless’ about the way they behaved.   

This contrasts with the usual employment law-based approach, which requires employers to consider the impact on the victim of the behaviour rather than the intention of the person accused of misconduct. It’s easy to envisage this causing some practical difficulties for employers. At the very least, it’s likely to mean that employers are going to have to address the question of the employee’s intentions in any disciplinary hearing for Non-Financial Misconduct, if only to be able to justify any decision to report the employee to the FCA.  

Non-Financial Misconduct in a non-bank which is unrelated to the firm’s SMCR activities would not be within scope of any reporting requirements in respect of COCON. For example, if the HR business partner responsible for covering the firm’s support staff were dismissed for having bullied a member of the catering team, this would not be reportable to the FCA because these staff work on matters outside of the firm’s SMCR activities.

Similarly, for conduct rules staff, non-financial misconduct which is related to the employee’s private or personal life would not ordinarily be reportable to the FCA. However, such misconduct could be relevant to an employee’s fitness or propriety (see below).   

What are the consequences? 

• For firms, the FCA’s enforcement powers include the ability to: withdraw a firm’s authorisation, censure them or suspend a firm for up to 12 months from undertaking specific regulated activities and impose financial penalties.  
• For employees holding a Senior Manager Function or for Certified employees, non-financial misconduct could:
  • negatively impact whether their employer considers it appropriate to sign them off as fit and proper to carry out their role
  • be reflected in the employee’s Regulatory Reference on termination of employment, and 
  • result in a fine, suspension and/or ban from working in the financial services industry.

So how would this work in practice?

For example, a wealth manager, who is a certified person, routinely excludes a junior member of the team from client meetings and belittles their contributions. At off-site client drinks, the manager physically pushes the junior employee away ‘as a joke’. Following reports from shocked colleagues, the incident is investigated. It’s found that the manager’s actions were intentional and they are dismissed for bullying and violence against a colleague.

The firm would need to a) report the disciplinary action taken in respect of a non-financial misconduct breach of COCON to the FCA and b) reflect the issue in the manager’s regulatory reference.

What next?

Impacted firms have until 1 September 2026 to implement the revised COCON rules and procedures regarding the content of regulatory references.  

• Now is the time to review your existing policies and procedures to ensure that it’s clear that bullying, harassment or violence will not be tolerated and will potentially lead to disciplinary action, which could result in being reported to the FCA
• Similarly, with summer party season approaching, it’s a good opportunity to review and re-circulate any policies on conduct at social events and to consider whether any additional training is required
• Take steps to support a workplace culture that enables employees to feel comfortable and supported when they speak up. To this end, train your line managers and HR teams on the importance of identifying and escalating these matters. It’s also sensible to ensure that your grievance and whistleblowing policies are well advertised so that conduct issues come to your attention and can be dealt with promptly
• Review your policies and procedures in respect of disciplinary procedures and the provision of regulatory references to ensure that they are capable of dealing with the revised rules and that they set out a fair and consistent process

Please contact Chris Holme and Shadia El Dardiry for any tailored support or to address specific questions on these topics.