10 min read

D&I in the Financial Services sector: FCA & PRA consultation proposals aimed at moving the dial

Read more

By Ceri Fuller & Hilary Larter


Published 10 November 2023

The Facts

On 25 September 2023, the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) published consultation papers which propose a range of measures aimed at improving diversity and inclusion (D&I) in the financial sector. This alert looks at the measures aimed at improving D&I.  Please see our separate alert here on the aspect of these consultations which address proposed changes and clarifications in respect of non-financial misconduct.

FCA consultation: "diversity and inclusion in the financial sector - working together - working together to drive change" (CP 23/20)

For firms with 251 or more employees (large firms) and firms of any size that fall within the scope of the retained EU law version of the Capital Requirements Regulation (575/2013/EU) (UK CRR) or the Solvency II Directive (2009/138/EC) (Solvency II), there are several proposed new requirements.

D&I Strategies

CP 23/20 reports that there was broad support for the idea of requiring firms to put in place and publish a D&I policy, acknowledging that many firms already have such a policy in place. The proposal goes further and requires the publication of a D&I strategy covering the following points as a minimum:

  • the firm’s D&I objectives and goals;
  • a plan for meeting those objectives and goals and for measuring progress;
  • a summary of the arrangements in place to identify and manage any obstacles to meeting the objectives and goals; and
  • ways to ensure adequate knowledge of the D&I strategy among the staff.

CP23/20 also proposes that firms report annually on inclusion measures on a 5-point scale of strongly agree to strongly disagree including a neutral option.  The measures are whether employees feel:

  • safe to speak up if they observe inappropriate behaviour or misconduct;
  • safe to express disagreement with or challenge the dominant opinion or decision without fear of negative consequences;
  • their contributions are valued and meaningfully considered;
  • they are subject to treatment (for example actions or remarks) that had made them feel insulted or badly treated because of their personal characteristics;
  • safe to make an honest mistake; and
  • that their manager cultivates an inclusive environment at work.

The paper acknowledges that data on inclusion must be captured on an anonymous and voluntary basis and should always include a response option to ‘prefer not to say’. Responses to the questions on inclusion would also need to be reported in three layers of the board, senior leadership, and all employees. 


CP 23/20 acknowledges that there were mixed views about setting targets, in part due to the challenges of tracking progress against targets in the absence of full and accurate diversity data. Nonetheless, the proposals include a requirement to set targets in order to address underrepresentation within the board, senior leadership and the employee population as a whole. The targets should be based on the prevailing diversity profile of the firm, and particular demographic characteristics will not be mandated, which is a departure from the previous focus on gender and ethnicity.

In practice, firms will find it challenging to set targets based on other characteristics, such as sexual orientation or religion, given the heightened sensitivity around the processing of this information on an identifiable basis, and the resulting lack of data about a firm's diversity profile based on these characteristics.

Data Reporting

There will be new requirements for large firms to collect and report data across a range of demographic characteristics as part of an annual return. The FCA will use the data in these returns to produce a regular aggregated disclosure report to allow firms and stakeholders to track and compare progress. The mandatory characteristics include age, sex or gender, ethnicity and disability; the voluntary characteristics in scope include gender identity, socio-economic background and carer responsibilities. As with most data collection exercises covering these types of characteristics, the paper recognises that individuals cannot be compelled to provide this information.

Data Disclosure

There is a separate proposal for firms to make public disclosures on their D&I data to increase transparency and to facilitate comparisons between firms. This data will mirror the data covered in the reporting requirements, but will be expressed in percentages rather than in whole numbers.

Risk and Governance

New guidance will be introduced to underline that D&I issues represent non-financial risk and should be treated as such within a firm's governance structures. Firms will be given significant flexibility on how to approach this risk to match their existing governance structures. However, despite this flexibility, a broad range of functions may need to be involved including risk, internal audit, HR and corporate responsibility.

PRA consultation: "diversity and inclusion in the PRA regulated firms" (CP 18/23)

The PRA's CP 18/23 is relevant to PRA-authorised banks and insurance firms, building societies, and PRA-designated UK investment firms.

Firm-wide Strategies

The proposals set out a requirement for firms to publish a firm-wide D&I strategy covering matters such as core values, the culture that it is trying to create, clear objectives and goals for improving D&I in the firm, and a plan for meeting these. The expectations on the role of risk and control functions in supporting the strategy is also covered.


The largest firms will be required to set their own diversity targets where they identify that there is an underrepresentation. However, there will be minimum targets for representation of women and ethnic minorities, if underrepresentation is identified.

Board Governance

Firms will be required to have and publish a strategy specifically promoting D&I on the board. The proposals also cover succession planning and responsibilities for D&I on the board and on board committees.

Individual Accountability

In a significant move, the proposals in CP 18/23 set out the expectation that responsibility for D&I is allocated to the relevant senior management functions, with this reflected in statements of responsibilities, and that measures for accountability are put in place. Further, objective findings of patterns of behaviour such as bullying, discrimination, and harassment can be considered as part of fitness and propriety assessments.


A new rule is proposed requiring firms to internally monitor diversity and inclusion for the purposes of taking appropriate action where necessary. It will be left to firms to determine which aspects of monitoring are most relevant to their business with regard to employment, data protection and equality laws.

Regulatory Reporting

The largest firms will be required to report certain diversity and inclusion data alongside information on the targets that they have set for themselves.


The largest firms will also be required to disclose information on the targets that they have set for themselves, the demographic diversity of their organisation, and the outcome of inclusion surveys.

The proposals relating to targets, regulatory reporting and disclosure will only apply to UK CRR and Solvency II firms and firms with 251 or more employees.

Although many of the larger firms are already taking a number of the steps described above, the prescriptive nature of the new requirements will require careful consideration to ensure compliance.

What does this mean for employers?

The proposals are well-developed and it is expected that the fundamentals of the new requirements will remain relatively unchanged by the time of final publication.

While plenty of good work is going on in firms, these proposals require more. There is also the structural change to consider for PRA regulated firms in respect of accountability for D&I being allocated to senior management functions.  For now there's a need to:

  • understand what is being proposed,
  • consider how what your organisation is doing now falls short of these proposals and what will need to change;
  • prepare for annual reporting of employee numbers; and
  • start to work up or refine your D&I strategy with these proposals in mind.

A similar version of this article first appeared in the November 2023 issue of PLC Magazine.