Following publication of the FCA’s Policy Statement: Tackling non-financial misconduct (NFM) in financial services (PS25/23), we take a look at what it means for firms and what actions they should be taking as we move towards 1 September 2026 when the new Code of Conduct (COCON) rule; the new COCON guidance and the new guidance on the fit and proper test (FIT) all come into effect.

What is changing?

From 1 September 2026, the scope of COCON will be wider in non-banks than it is now and more in line with the existing scope for banks. This will be achieved through a new rule, COCON 1.1.7FR, coming into effect for non-banks (the New Rule).  In broad terms, the New Rule covers certain types of NFM by an employee towards a colleague and it will apply where either the perpetrator or the subject of the conduct works in a part of the business that deals with financial services. It is no longer necessary for these types of conduct to form part of, or to be for the purpose of, the non-bank’s financial services activity for them to be in scope of COCON. 

The types of NFM referenced in the New Rule are serious unwanted conduct that: (i) has the purpose or effect of violating the subject’s dignity or creating an intimidating, hostile, degrading, humiliating or offensive environment for them; or (ii) is violent towards them.

The New Rule for non-banks (together with the associated COCON guidance) is also intended to act as guidance for banks so that banks can use it to help them determine whether bullying, harassment or violence towards a colleague is a breach of Individual Conduct Rules 1 (integrity) and 2 (skill, care and diligence). The COCON guidance also provides insight as to the FCA’s expectations of managers and reasonable steps for them to take to protect staff against NFM and respond appropriately when it occurs.  The new FIT guidance is intended to help all regulated firms assess whether an individual is fit and proper to perform their role, including in relation to behaviour in their private life and on social media which would not amount to a COCON breach.

Has the FCA made changes following Consultation feedback?

A number of changes have been made to the COCON and FIT guidance from the version on which the FCA consulted. These include:

  • Relevance to banks: Making it clear that guidance on the New Rule for non-banks is relevant to banks even though the scope rule change does not apply to them.
  • Purpose and effect: Further aligning the guidance with employment law including by adding an example to demonstrate that the purpose of conduct is as important as its effect (the example given is that a hostile and intimidatory communication intercepted before it reaches the intended subject could still give rise to a breach of COCON).
  • Managers: Revising the guidance for managers to make it clearer that the FCA would not expect a manager to be held responsible for failing to stop NFM if they could not reasonably have known about it or did not have authority to act in the particular case.
  • Firms with FS and non-FS business: Adding some scenarios to illustrate where conduct in non-banks will be outside scope of the New Rule because it only relates to a business of the firm that does not involve regulated financial services activities.
  • Personal life/ work life boundary: Adding some examples to illustrate the boundary between work-related conduct which is in scope of COCON and behaviour in private or personal life which is outside scope, including with regards to use of social media.
  • Disclosures: New guidance making it clear that senior manager conduct rules staff may be required to disclose information about their private or personal life if it would be material to an assessment of their fitness and propriety.
  • Territorial scope: Clarifying that the New Rule does not change the territorial scope of COCON (which means that conduct outside the UK may not be in scope if it is carried on by an individual who is neither an SMF nor a material risk taker, even if it is directed towards a colleague in the UK).
  • Investigations: Adding guidance to help firms assess whether they need to take steps to investigate allegations about an individual’s private life including confirming that firms are not expected to investigate trivial or implausible allegations or those that would be more appropriately investigated by the authorities.
  • Seriousness:  Aligning the seriousness threshold for the New Rule with the threshold for harassment in the Equality Act, adopting language such as “violating the dignity of the subject” “degrading” and “humiliating”.

What is the position between now and 1 September 2026?

The FCA has confirmed that neither the New Rule nor the new guidance will come into effect until 1 September 2026. This means that, in the meantime, the scope of COCON in non-banks remains narrower than it will be after 1 September 2026 and any NFM occurring before then will only be in scope if it is for the purpose of, or forms part of, the firm’s financial services activity.

However, where conduct is already in scope for banks and non-banks the new COCON guidance may provide firms with a useful steer and the FIT guidance is described as a ‘clarification’ of the FCA’s current approach and so may help with any ongoing assessments (although there is no need to revisit any past assessments).   

Which individuals could be impacted?

Firms may wish to consider the potential impact of the changes on a number of different stakeholder groups including:

  1. Senior managers who are expected to take reasonable steps to prevent and react to NFM.
  2. Internal investigators and decision-makers who are called upon to consider potential instances of NFM such as those on the Conduct Committee or those carrying out fit and proper assessments.
  3. Staff within scope of the conduct rules who need to avoid perpetrating any NFM.
  4. Staff who need to know how to report any instances of NFM.
  5. The firm’s governing body with responsibility for oversight over its compliance with regulatory requirements in respect of NFM. 

What steps should firms take before 1 September 2026

Firms may wish to use the opportunity afforded by the pre-implementation period to take stock of their compliance framework with regards to NFM and to consider the extent to which enhancements can be made. The updated guidance includes new tables and scenarios that firms might find particularly helpful for this purpose. Activities to be included in the firm’s implementation plan may include:

  • A review of internal policies and procedures and gap analysis against the New Rule and/ or guidance including:
    • any guidance on appropriate conduct such as may be found in the employee handbook or other internal materials;
    • any guidance for those dealing with potential instances of NFM and having to make decisions with regards to compliance by colleagues;
    • ‘speak up’ guidelines such as examples of matters that should be reported.
  • Updating relevant materials to reflect the gap analysis.
  • A review of management information in relation to NFM and how best to ensure that relevant governing bodies are adequately equipped to deliver effective oversight with regards to NFM including enabling them to spot any trends or patterns.
  • Training for the different internal interest groups that may be impacted including helping individuals to understand the role they play in maintaining a healthy culture and how they can meet the FCA’s expectations.
  • Stress-testing of internal policies and procedures against a range of scenarios to assess whether they would be fit for purpose after 1 September 2026, including carrying out ‘fire drills’ for certain staff members who may be called upon to react to allegations of NFM. 

In addition, monitoring decisions by the FCA including enforcement outcomes can help provide further insight into their approach. Feeding back lessons learned to staff can also act as a reminder of their responsibilities and the consequences of getting it wrong.