UK Financial Conduct Authority Finalises Non-Financial Misconduct Framework: What Firms Need to Do Now

The UK Financial Conduct Authority (FCA) has finalised its regulatory framework on nonfinancial misconduct (NFM) with the publication of Policy Statement PS25/23 in December 2025. The FCA’s policy work in this area is complete, and attention now turns to implementation and supervisory scrutiny.

The final package confirms that serious workplace misconduct, including bullying, harassment, and violence, is firmly within scope of FCA regulation, with direct implications for conduct rule breaches, fitness and propriety assessments, and regulatory references.

Who is affected

The changes apply to all FCA-authorised firms and individuals subject to the Code of Conduct (COCON) and the Fit and Proper test (FIT). In practice, this brings nonbank Senior Managers and Certification Regime firms, including investment firms, asset and fund managers, and insurers into much closer alignment with banks, for which such NFM standards already apply.

New COCON rule: expanded scope from 1 September 2026

The FCA has made a new COCON rule extending the circumstances in which serious NFM will constitute a conduct rules breach for nonbanks. The rule captures unwanted conduct towards a member of the workforce that

• violates dignity,
• creates an intimidating, hostile, degrading, humiliating or offensive environment, or
• is violent in nature.

The rule comes into force on 1 September 2026 and does not apply retrospectively. Serious breaches must be reported to the FCA and may result in enforcement action against firms and / or FIT implications for individuals.

Final guidance: clarity, not expansion into private life

The FCA has finalised detailed Handbook guidance in both COCON and FIT. In particular:

• Private or personal life remains outside the scope of COCON (unless there is a material risk that the individual will breach regulatory standards and requirements).
• Conduct at firm- or client-organised events may still be work-related.
• Manager accountability is proportionate and limited by knowledge and authority.
• Not all poor behaviour meets the regulatory seriousness threshold.

Crucially, the FCA’s framework is not intended to duplicate or displace employment or criminal law. Regulatory conclusions may be reached independently of employment outcomes, meaning that conduct may still give rise to a regulatory breach even where employment claims are settled or no criminal conviction follows.

Fitness and propriety: confirmed approach

The final FIT guidance confirms that firms are not expected to monitor employees’ private lives or social media and should not investigate trivial or implausible allegations. Conduct outside work is relevant only where there is a material risk of future regulatory breaches or where it is sufficiently serious to undermine public confidence in the UK’s financial system and financial services industry.

What firms should be doing now

Firms, working with their compliance and HR teams, should consider the following actions.

• Complete a final review of internal policies and procedures to reflect the new COCON rule and the FCA’s finalised COCON and FIT guidance, ensuring that NFM is clearly embedded within disciplinary, escalation, and governance frameworks.
• Confirm that conduct rule breach identification and reporting processes appropriately capture NFM under the expanded scope, including clarity on thresholds for seriousness and when formal disciplinary action will trigger regulatory notification.
• Review regulatory reference processes to ensure that NFM is considered consistently and lawfully, with appropriate documentation of judgement and proportionality.
• Embed the final rules and guidance into day-to-day practice, ensuring that conduct rules staff
  • understand when workplace behaviour can have regulatory consequences
  • are clear on the boundaries between work-related conduct and private life
  • receive practical, role-specific guidance on expected standards
• Take all reasonable steps to promote understanding, including integrating the rules into onboarding processes, delivering targeted manager training, and providing periodic refreshers to reinforce expectations over time.