The consultation proposes extending the existing non-financial misconduct framework, already in place for banks, to all senior manager and certification regime (SM&CR firms). It includes a draft policy statement to amend the Code of Conduct (COCON) and a consultation on new guidance in both COCON and the fit and proper test sourcebooks. The FCA’s aim is to embed clear, consistent expectations around workplace behaviour, empowering individuals to raise concerns and helping firms foster inclusive, accountable cultures.
By clarifying how serious misconduct — such as bullying, harassment, or discrimination — should be treated under the regulatory framework, the FCA is reinforcing its message that poor behaviour isn’t just an HR issue, but a matter of regulatory concern. If adopted, the proposals could prompt firms to review their conduct and fitness frameworks, roll out refresher training (particularly for non-bank SM&CR populations), and reassess responsibilities across HR, compliance, and risk functions.
What’s new in CP25/18?
The FCA has proposed a new rule that expands the scope of COCON for non-bank firms, aligning it with the standards already applied to banks. This change reflects the regulator’s growing recognition that serious non-financial misconduct can undermine trust, damage culture, and harm consumers.
The new rule will come into force on 1 September 2026 and won’t apply retrospectively. Its aim is to drive consistency across the financial sector, giving firms greater confidence to take robust action against serious misconduct, regardless of whether it involves protected characteristics.
Importantly, the FCA has clarified that conduct rules are distinct from employment law. While there may be overlap, the regulatory framework is broader in scope, addressing behaviours that may not meet legal thresholds but still pose risks to firm culture and market integrity.
This development builds on the FCA’s long-standing view that culture is a material risk factor. From behavioural economics to psychological safety and diversity, the regulator has consistently challenged the notion that culture is a 'soft' issue. Instead, it sees poor culture, and the misconduct it enables, as a threat to the resilience and reputation of the financial system.
That said, the FCA has historically focused on financial misconduct, and CP25/18 marks a shift in outlook. In response to high-profile cases and societal expectations, the regulator broadened its lens to include non-financial misconduct. The consultation proposed two key changes:
- Expanding COCON to explicitly cover serious non-financial misconduct in non-banks
- Consulting on additional guidance in the COCON and fit and proper test sourcebooks to help firms interpret and apply the rules effectively
Together, these changes signal a more assertive regulatory stance on workplace behaviour – one that prioritises healthy, inclusive cultures as a foundation for good governance and consumer protection.
Additional handbook guidance
The FCA has proposed additional FCA Handbook guidance to support firms in interpreting and applying the new COCON rules on non-financial misconduct. This guidance aims to help firms address knowledge gaps and reduce uncertainty, particularly around behaviours, such as bullying, harassment, and discrimination. However, the FCA acknowledges that guidance can’t be exhaustive, and firms will still need to exercise their own judgement when assessing conduct and determining appropriate responses.
Enhancing COCON guidance
The revised COCON guidance includes several clarifications to help firms apply the new rules consistently. These include:
- Work v personal life: Firms aren’t expected to proactively monitor employees’ private lives, but must investigate if they become aware of behaviour that could impact fitness and propriety
- Scope of SM&CR: Examples are provided to clarify when conduct falls outside a firm’s regulated activities but may still be relevant
- Conduct rules 1 v 2: Guidance is offered to distinguish between breaches of these rules
- Assessing non-financial misconduct: Firms are encouraged to consider factors such as whether the behaviour was isolated or repeated, its duration, power imbalances, and any prior warnings
Updating the fit and proper test sourcebook
The FCA also proposes changes to the fit and proper test sourcebook to allow consideration of personal behaviour, including conduct outside the workplace. Individuals could be deemed unfit to hold regulated roles if their behaviour reflects poorly on their integrity or judgement. For example, repeated minor driving offences could raise concerns about a person’s willingness to comply with regulatory obligations.
These proposals raise important questions around privacy, proportionality, and legal boundaries, and the FCA has invited feedback to help strike the right balance between regulatory objectives and individual rights. Firms with experience managing complex misconduct cases may wish to engage with the consultation process.
Implications for firms
The policy and proposals in CP25/18 have far-reaching implications. To stay up to date, firms will need to revisit their training programmes, disciplinary policies and whistleblowing procedures. Internal departments like compliance, HR and legal teams will also need to collaborate more closely to ensure that investigations into non-financial misconduct are fair, proportionate, and legally robust.
For senior managers, the stakes are particularly high. Under SM&CR, they are already accountable for the culture in their areas of responsibility. If the consultation goes forward, they could be held personally accountable for failing to address non-financial misconduct – even if the behaviour occurs outside the workplace.
Similarly, compliance officers will need to ensure that their monitoring frameworks capture non-financial misconduct effectively. Firms may need to develop new metrics, integrate data from employee surveys and exit interviews, and ensure that cultural indicators are factored into risk assessments.
Meanwhile, risk professionals will need to consider how non-financial misconduct risks could crystalise into operational disruption, reputational damage or conduct issues. For example, through high staff turnover, regulatory action or consumer harm, which could also carry financial implications with a subsequent impact on financial stability.
Embedding strategic change
CP25/18 aims to make it easier for SM&CR firms to understand and consistently apply the conduct rules, with greater clarity over fitness and propriety. The FCA is already prioritising culture in its supervisory work, so firms should take early action to assess and improve their culture, in line with regulatory expectations. As a first port of call, a gap analysis of current policies and procedures will inform the future work plan. This should focus on the treatment and management of non-financial misconduct, looking at key areas, such as:
- how the firm defines, reports, investigates and escalates non-financial misconduct
- consistency and transparency of disciplinary outcomes
- accessibility and trust in whistleblowing procedures
- effectiveness of training programmes addressing non-financial misconduct.
As with anything culture related, choosing the right metrics (and monitoring them effectively) will be a key challenge. Firms need to think about the suitability of culture metrics and their use in decisions about promotions, bonuses, and succession planning. To achieve this, boards and senior managers must consider whether culture metrics are fit for purpose, reflect the real experience of employees and are informed by multiple data sources. This is particularly important given the potentially revised fit and proper test, and firms will need to work out how to capture and apply data for misconduct that occurs outside the workplace.
It’s also vital to consider what this means for senior managers in terms of SM&CR responsibilities and accountabilities. Firms will need to update the responsibilities map (where appropriate) and individual statements of responsibilities. It’s also vital to demonstrate and evidence how senior managers are addressing non-financial misconduct risks in practice, and the reasonable steps taken to discharge their responsibilities.
Next steps
The message from the FCA is clear – non-financial misconduct is a systemic risk, and firms need to take action to mitigate it. For firms, the proposed changes bring fresh challenges and new opportunities. Those that take culture and conduct seriously will be better placed to manage risk, attract talent, and maintain stakeholder confidence. Those that don’t may find themselves facing regulatory scrutiny and reputational damage.
The consultation closes on 18 September 2025, giving firms the opportunity to shape an effective and proportionate future regulatory approach.
For more information contact Tina Bhardwaj or Ali Crotch-Harvey.
