On 12 December 2025 the Financial Conduct Authority ("FCA") published a Policy Statement (PS 25/23) setting out finalised guidance on when non-financial misconduct ("NFM") may be a breach of the FCA's Conduct Rules or the Fit and Proper standard. The guidance is implemented in the form of amendments to the COCON and FIT sections of the FCA Handbook which will technically come into force from 1 September 2026, giving firms time to implement any necessary changes to internal policies and procedures and to provide training to staff. Nevertheless, we recommend that firms facing incidents of NFM should take account of the FCA's guidance now, not wait for the technical implementation date.
The guidance is designed to help firms make fair, consistent decisions and take decisive action when standards are breached. No guidance can cover every scenario, and firms will always need to exercise judgement. The FCA has confirmed that it will now focus on how firms are tackling non-financial misconduct in practice.
We commented on the FCA's July 2025 consultation on the draft guidance in our client note. Though the broad thrust of the final guidance is the same as that consulted upon, the FCA has reordered the content with additional headings and has added further examples and decision flow charts intended to aid understanding. There is also some new clarificatory text, reflecting certain feedback in the consultation. This includes that witnesses of NFM can be impacted by it in a way that breaches the Conduct Rules even if the NFM was not specifically directed at them.
We summarise the final guidance in this note.
What type of NFM is covered?
The term "non-financial misconduct" can refer to any misconduct not of a clearly financial nature. The FCA's guidance covers bullying, harassment and violence as defined in new rule COCON 1.1.7FR : " unwanted conduct that has the purpose or effect of violating a person's dignity or creating an intimidating, hostile, degrading, humiliating or offensive environment for the individual or conduct that is violent to the individual."1
The fact that the guidance only explicitly covers bullying, harassment and violence does not mean that other types of NFM cannot also be Conduct Rule breaches or impugn the fit and proper standard. Indeed, paragraph 2.20 of the FCA's Policy Statement comments that although the guidance does not cover other forms of conduct prohibited by the Equality Act, such as discrimination and victimisation, firms should consider whether misconduct of these kinds, and other forms of NFM, may nevertheless be a potential breach of the Conduct Rules.
Guidance on NFM in breach of the Conduct Rules
The Conduct Rules do not cover behaviour in private and personal life. Paragraphs 1.32 -1.37 of the final COCON text give guidance on when behaviour may be regarded as in the work context as opposed to being in private and personal life. One example given is whether material published on a personal social media account of a conduct rules staff member could be relevant. This depends upon the specific circumstances such as whether the material is directed at a fellow member of the work force.
"Harassment of a fellow member of the workforce" is now explicitly added to the non-exhaustive list of examples of conduct that may breach individual conduct rule 1 (lack of integrity) or individual conduct rule 2 (due skill, care and diligence) (COCON paragraphs 4.1.1 and 4.1.3 respectively).
Acting with due skill, care and diligence as a manager explicitly includes trying to prevent bullying and harassment. It will be a breach of individual conduct rule 2 if a manager (which is not limited to line managers) fails to:
- Intervene to stop such behaviour where appropriate if the manager knows or should reasonably have known of it
- Appropriately operate the firm’s policies, systems and controls to detect and prevent such behaviour
- Take seriously or to deal appropriately with complaints of bullying or harassment
- Take reasonable steps to provide a safe environment for people to raise concerns about such treatment
The manager will only breach Conduct Rule 2 if the manager's behaviour was not reasonable, for example the FCA will take into account whether a manager has the authority to take action in a particular case. However, notwithstanding that a firm may allocate responsibility for fair treatment of its staff to a particular senior manager or central function, this does not absolve other managers of their regulatory responsibilities.
The specific guidance on when bullying and harassment or similar behaviour may be a breach of conduct rule 1 or 2 is now grouped together in Section 4.3 of COCON. The guidance sets out factors to take into account in determining whether the behaviour can potentially constitute a conduct rule breach including the seriousness of the behaviour, its effect and its purpose.
Only serious NFM can be a breach of COCON. The factors that the FCA will take into account when deciding whether misconduct in relation to a fellow member of the workforce is serious enough to amount to a breach of COCON include: whether the conduct is repeated or part of a pattern; the duration of the conduct; the size of the impact on the subject of the conduct (the rule applies to effects which are serious and marked, and not to those which are, though material, of lesser consequence); the seniority of the person whose conduct is in question; the difference in seniority between the person whose conduct is in question and the subject of the conduct and whether the person whose conduct is in question has control or influence over the other’s career; whether the person whose conduct is in question has been warned or disciplined for similar conduct by the firm, a previous employer, the police or a regulator; whether the person whose conduct is in question has previously undertaken not to do the act or engage in the behaviour in question; and whether the conduct is criminal or would justify dismissal.
There is, however, no "get out of jail free card" by reason of being a first offender, as the guidance explicitly states (COCON 4.3.17) that single instances of NFM are capable of being a breach of COCON.
In assessing the effect of the NFM all of the circumstances of the case must be taken into account including the (subjective) perception of the subject of the misconduct and also the objective question whether it was reasonable for the conduct to have had that effect.
The purpose of conduct as well as its effect is relevant to assessing whether it is of the type that can be a conduct rule breach. COCON covers conduct whose purpose is to violate dignity or to cause any of the other relevant effects even if the conduct does not actually have that effect. For example, a person may breach COCON if they send a hostile and intimidatory communication that is intercepted by the employing firm before it is received by the person to whom it is sent.
Lack of integrity
COCON 4.3.19 emphasises that NFM can only breach Conduct Rule 1 if it involves a lack of integrity. A person does not show a lack of integrity merely because they act without due care. A lack of integrity involves an element of intention, recklessness or turning a blind eye (for example, being aware that something is likely but avoiding confirming it).
There will not be a lack of integrity if the conduct rules staff member (1) thought that there was an appropriate reason for the conduct and that the conduct and its intended effect were proportionate to the intended aim of the conduct; or (2) did not intend to have a bullying or harassing effect, did not know that they were doing so and was not reckless about the effect of their conduct. However, that belief should be reasonable. For example, the fact that the individual carrying out the conduct in question believes that sexual harassment is not blameworthy is not a reason for Individual Conduct Rule 1 not to apply.
Lack of due skill, care and diligence
If the NFM did not involve a lack of integrity but did involve a lack of due skill, care and diligence then Conduct Rule 2 may have been breached. For example, there will not be a breach of Conduct Rule 2 if a reasonable person with the skills that the conduct rules staff member carrying out the NFM has and ought to have would think that the conduct would not have the relevant adverse effects or would think that the conduct was justified.
Guidance on NFM in breach of the fit and proper standard
NFM in private or personal life can be relevant to the fit and proper assessment, even if there is little or no risk of it being repeated in their work for the regulated firm. Such behaviour will breach the fit and proper standard if it demonstrates a willingness to disregard ethical or legal obligations, abuse a position of trust or willingness to exploit the vulnerabilities of others and/or it is sufficiently serious that if the person were permitted to work at a firm it could undermine public confidence in the regulatory system or otherwise impact the FCA's statutory objectives. A custodial sentence, even if suspended, is likely to mean that the matter is sufficiently serious, though this is subject to consideration of other relevant matters including how old the offence is and rehabilitation since the date of the offence.
Firms are not expected to monitor the private lives of relevant staff to see whether there is anything relevant to fitness. They only need to consider matters in private life in a fit and proper assessment if there is good reason to, for example the firm becomes aware of an allegation which, if true, would call into question the individual's fit and proper status. The FCA would not expect a firm to investigate allegations that are trivial or that the firm reasonably considers are implausible or which are of a nature that, even if true, would not impact a fit and proper assessment. The guidance recognises that even if the firm is aware of an allegation it may have limited ability to investigate it beyond asking the individual for an explanation.
There is explicit guidance relating to the use of social media in the private lives of staff who are subject to the fit and proper standard. There is no requirement to monitor purely private life social media activity that does not take place through the firm's systems. However, if a firm becomes aware of activity on private life social media that indicates a material risk that the person will breach the requirements and standards of the regulatory system, then the activity will be relevant to the fit and proper status of the individual. Examples include threats of violence or clear involvement in criminal activities.
[1] This rule, which comes into force from 1 September 2026, was discussed in our previous client note on this topic. Though this rule does not apply to banks, the guidance, including the cross reference to this rule, applies to both banks and non-bank firms.
How can we help?
For further information or advice about the matters covered in this note, please approach any of our listed contacts. Our team has deep experience and expertise in advising financial institution clients on dealing with incidents of NFM and culture-related issues.
