FCA finalises guidance on non-financial misconduct

What does this mean?

The PS finalises guidance intended to help firms interpret the rules governing NFM within COCON and FIT, following broad industry support. The guidance explains how behaviours such as bullying, harassment and violence can breach conduct rules and affect fitness and propriety.

The FCA acknowledges that firms will still need to make judgements on a case-by-case basis but aims for the guidance to give firms confidence to act in order to drive greater consistency across the market, while also supporting wider objectives on culture, accountability and trust under the Senior Managers and Certification Regime (SM&CR).

Scope 

The guidance applies to all firms with a Part 4A permission under FSMA. Additionally, the FCA notes that while the PRA is not taking forward any of the proposals in CP18/23, the PRA will expect dual‑regulated firms to consider the FCA's guidance when assessing staff fitness and propriety. 

COCON guidance

For COCON, the final guidance maintains the core position that serious bullying, harrassment and violence between colleagues can breach Individual Conduct Rules 1 and 2, and that this applies to both banks and non-banks. Compared with the draft guidance in CP25/18, the FCA has: 

• Clarified the “seriousness” threshold. The final guidance stresses that not all poor behaviour will breach COCON: there must be sufficiently serious conduct (e.g. ‘violating dignity’, ‘degrading’, ‘humiliating’). Within the Policy Statement, there is a list of factors to consider when assessing the seriousness (e.g, pattern, duration, impact, seniority and whether conduct is criminal). The FCA also removed the proposed factor referring to “specific characteristics or vulnerabilities”, which respondents found vague and thought would be hard to operationalise. 

• Confirmed senior manager disclosure expectations. The FCA has confirmed that staff subject to senior manager conduct rules may need to disclose relevant private-life matters where they are material to fitness and propriety, without extending COCON into private life itself. 

• Clarified scope regarding staff’s private or personal life. The final guidance includes more details setting out examples of when a staff’s private or personal life may or may not be relevant to COCON.

Additionally, the FCA says that managers are expected to take reasonable steps to prevent and respond to NFM, but the FCA has clarified that accountability is linked to what a manager should have reasonably known and the authority they hold to act. 

FIT guidance 

The final FIT guidance confirms the core message from the consultation that private-life conduct, including social-media activity, can be relevant to assessments of fitness and propriety. It also further clarifies when this may be the case.

The FCA removed or refined some of the most contentious drafting consulted on (such as an example focused on minor driving offences) to lessen misinterpretation risks and unnecessary burdens on firms, while still signalling that repeated minor breaches can be relevant where they show a pattern of disregard for law or ethical obligations.

Other key messages include:

• No duty to monitor private lives. The FCA states explicitly that firms generally do not need to monitor staff’s private lives. However, FIT assessments should not be constrained by COCON’s narrower scope, and behaviour in private life or non-regulated roles may still be relevant where it creates a non-remote, non-speculative risk of breaching regulatory standards or undermining public confidence. Violence, sexual misconduct, dishonesty and repeated disregard for legal requirements are highlighted as particularly significant.

• Clarity that the materiality threshold for social media conduct is consistent with other private-life conduct. The final guidance confirms the FCA’s view that firms are not required to proactively monitor employees’ social-media accounts. Social-media activity in private life becomes relevant only where it indicates a material risk of regulatory breaches, for example threats of violence, clear criminal involvement, or indications of workplace bullying or harassment. 

   

  The FCA has also removed the term “offensive” to make clear that the lawful expression of controversial views will not, in itself, call fitness into question. However, lawful views may still be relevant where there is a material risk that they could be repeated in the workplace in a manner that would breach the conduct rules.

• Stronger steer against trivial or implausible investigations. The final text makes clear firms are not expected to investigate allegations that are trivial, implausible, non-material, better examined by law-enforcement or would not affect fitness even if true. It also reminds firms that any investigation must comply with privacy, employment and other applicable laws.

• Reframed approach to unproven allegations. The FCA has deleted a sentence suggesting firms should report allegations they cannot substantiate. It instead emphasises that existing notification rules already require disclosure of certain matters (for example, ongoing investigations into a Senior Management Function holder) and that the FCA treats unproven allegations with caution.

What do firms need to do?

The individual and sensitive nature of NFM incidents, coupled with the non-exhaustive nature of the guidance provided by the FCA, means firms should not seek to find all answers in the new guidance. Instead, firms should be prepared to make their own judgements on what is right in the specific circumstances. 

To help with this, firms should have a clear and consistent definition of NFM that can be applied in codes of conduct, HR policies, whistleblowing procedures and any other relevant policies and processes. The definition should reflect the FCA’s focus on serious misconduct in the form of bullying, harassment and violence. 

Firms should also take proactive steps to prevent NFM occurring in the first instance, including setting clear leadership expectations, promoting strong tone from the top, reviewing relevant policies and processes from their perspective, and embedding cultural and learning initiatives that reinforce appropriate behaviours.

Firms should also evaluate how they identify, triage and escalate instances of NFM. This should include:

• the approach to determining when misconduct meets the threshold of “serious” and so constitutes a Conduct Rule breach

• how to filter out trivial, implausible or non-material allegations

• ensuring relevant cases are escalated where they may affect fitness and propriety or regulatory references

• reviewing misconduct reporting, whistleblowing and ‘speak up’ processes to ensure they are sufficiently robust and operate in a culture which enables their use in practice. 

Firms may also need to revisit how existing HR and legal processes (e.g. disciplinary processes) are connected to these, and how the relevant teams work together. 

Firms should ensure they are clear about the ways in which employees' conduct in their private or personal life may be relevant to their fitness & propriety and have clear criteria for making such assessments. Social media policies may need reviewing to mitigate misconduct risks and ensure employees understand the potential employment-related consequences of their private use of social media.

Finally, firms should consider what staff communications and training are necessary ahead of September 2026 to ensure they meet their obligation to ensure that staff in scope of the Conduct Rules are aware of the rules and expectations. Additional training may be needed for HR staff on the new guidance, for example around applying the seriousness and materiality tests, and any changes to internal policies and processes.

Next steps

The new COCON and FIT guidance takes effect on 1 September 2026, alongside the new NFM rule in COCON.