In July 2025, the Financial Conduct Authority (FCA) confirmed a new rule would be implemented to align the Conduct Rules in banks and non-banks for cases involving serious non financial misconduct (NFM). This rule comes in to force on 1 September 2026 and confirms that serious behaviours such as bullying, harassment, and violence should be recognised as matters of regulatory concern. Alongside this, the FCA launched a consultation proposing new guidance to help firms assess NFM for the purposes of the Conduct Rules and fitness and proprietary (F&P) assessments.
There was an overwhelmingly positive response to the consultation, with 95% of respondents supporting the need for further guidance from the FCA on how to treat serious non-financial misconduct. As a result, finalised guidance had now been published through Policy Statement PS25/23. Only minor amendments have been made to the draft guidance published in July. The key points are summarised below.
Regulated firms with a Part 4A permission under the Financial Services and Markets Act 2000 (FSMA) have time to prepare before the new rules and guidance takes effect on 1 September 2026. They will not apply retrospectively.
Key points in the COCON guidance
- New examples are now included.
The new rule in COCON 1.1.7FR clarifies that serious personal misconduct (including bullying, harassment and similar behaviour between staff) may constitute a regulatory breach. This expands the previous scope of COCON for non-banks which was traditionally limited to regulated activities. The final guidance includes helpful examples and flow diagrams to clarify the remits of the new COCON rules.
One new example relates to staff in a social occasion organised by a staff member in a personal capacity. If the misconduct takes place after a firm event at a separate location, it may still fall within COCON if it is a continuation of the first event. However, COCON may not apply if the connection between the event and the firm’s activities has been lost.
Firms have the primary responsibility to prevent NFM and deal with it when it occurs. The FCA recognises that its guidance is not exhaustive and each case of NFM is unique. As such, the FCA will rely on a firm’s judgement about whether misconduct is serious enough to warrant a breach of the FCA’s rules.
- Managers’ accountability does not extend to matters they could not reasonably have known about.
The final rules address concerns raised during the consultation process that individual managers may face disproportionate liability in fostering healthy workplace cultures, particularly if they had not known that NFM had taken place. The FCA clarifies that it would not expect a manager to be held responsible for failing to stop NFM if they could not reasonably have known about it. The term ‘manager’ is not limited to a line manager as it may vary from firm to firm, however the FCA has confirmed that it will not hold a manager accountable if they did not have authority to act in a particular case.
- Regulatory references must disclose non-financial misconduct.
The FCA has confirmed that NFM should be included in regulatory references to ensure past misconduct is disclosed when individuals change firms. Most firms were already doing this, but this now clarifies the situation.
- More guidance on when misconduct is ‘serious’ has been provided.
The FCA has confirmed that the threshold for ‘serious’ misconduct is aligned with the threshold for harassment in the Equality Act 2010. The draft guidance has been slightly amended, to include removal of “whether the subject of the misconduct has specific characteristics or vulnerabilities”. Other factors pointing to seriousness such as duration, repetition and impact, seniority of the alleged perpetrator, past warnings or pattens of behaviour and whether the behaviour would justify dismissal, remain.
- Historic NFM should be dealt with in accordance with versions of the FCA Handbook in force at the relevant time.
The new rule and guidance are not retrospective and incidents occurring before 1 September 2026 should be dealt with in accordance with the FCA’s handbook in force at the relevant time.
Key points in the FIT guidance
- Behaviour in private life can become a regulatory.
Even when COCON does not apply (which is often the case where the matter relates purely to conduct that is outside the scope of their work), the FCA clarifies that private life conduct is relevant to F&P if the conduct reveals a material risk (i.e. one that is not remote or speculative) that the individual will breach regulatory standards, public confidence or could reasonably be repeated at work. FIT sets out factors to which the FCA and firms should have regard to when assessing whether an individual is fit and proper to perform their role.
- Firms are not expected to investigate trivial allegations.
The FCA has added guidance to help firms assess whether they need to take steps to investigate allegations about an individual’s private life. For example, it has clarified that from a regulatory perspective, firms are not expected to investigate trivial or implausible allegations or allegations that would not be relevant to F&P, regardless of the outcome. Firms are also not required to look into allegations that would be more appropriate for the relevant law enforcement or other authorities to investigate. Firms may still choose to investigate the matter as an HR or disciplinary matter, if this is warranted.
Private life conduct which is unlikely to be repeated at work may be relevant to F&P if its seriousness may threaten public confidence in the financial services sector.
- Social media activity is relevant to F&P if it indicates a material risk of a regulatory breach.
Firms are not required to proactively monitor their employees’ social media accounts. The FCA has clarified that the materiality threshold for social media is consistent with other private life conduct (i.e. social media activity will be relevant to F&P if it indicates a material risk that will breach regulatory requirements). Individuals may therefore lawfully express their views on social media without being challenged about their F&P. However, the FCA notes that lawfully expressed views may still be relevant where there is a material risk that such views could be repeated in the workplace in a way that breaches the conduct rules.
- Repeated minor breaches of the law can become regulatory issues.
Repeated minor breaches of the law in private life reveal a disregard for the law and may carry over to reflect an individual’s compliance with the FCA rules. The FCA has decided against using minor motoring offences as an example in the final guidance after feedback stated that it may impose unintended burdens on firms. The FCA reminds firms of their ongoing obligations when assessing whether the nature and frequency of offences may reflect on an individual’s honesty, integrity, and overall F&P.
How should firms prepare?
Ahead of the implementation date on 1 September 2026, firms should review and update internal policies and procedures and consider providing training to staff to ensure they understand the new conduct requirements. Robust reporting systems should be implemented to allow employees to report suspected misconduct. The new rules are likely to involve increased costs around investigations and ongoing monitoring. Nonetheless, financial services firms should consider communication campaigns on NFM, accepted behaviour at the workplace and how NFM will trigger workplace investigations, disciplinary processes and FCA notifications.
Related links:
Key Contacts
The content of this article is for general information only. It is not, and should not be taken as, legal advice. If you require any further information in relation to this article please contact the author in the first instance. Law covered as at December 2025.