On July 2, 2025, the Financial Conduct Authority (FCA) published its latest package of measures on non-financial misconduct (NFM), a landmark step in turning workplace behaviour into a regulatory matter. The paper combines a policy statement, confirming changes to the FCA’s Code of Conduct (COCON) and a consultation on additional guidance for both COCON and the Fit and Proper Test for Employees and Senior Personnel (FIT).

For businesses, this means toxic workplace behaviour is no longer just an HR issue. It is a regulatory risk that can result in sanctions, reputational harm and potential loss of business.

What has changed?

1. COCON expansion to non-banks
   From September 2026, the same standards already applied in banks will extend to approximately 37,000 additional regulated firms, including financial advisers. This means behaviours such as bullying, harassment or workplace violence towards colleagues will be regulatory breaches, not just internal disciplinary matters.
2. Senior manager accountability
   The FCA’s new guidance makes clear that senior managers could breach their duty to act with “due skill, care and diligence” if they fail to prevent or address misconduct. Examples include:
   • not intervening to stop harassment
   • failing to operate systems and controls to detect and prevent misconduct
   • mishandling complaints
   • not ensuring staff feel safe to raise concerns

Significantly, senior managers will not be liable where they have acted reasonably and proportionately. Firms can help shield leaders by ensuring they have robust policies, training and reporting mechanisms in place.

1. Personal conduct matters
   The FCA is consulting on draft guidance clarifying that misconduct in personal life, including social media use, can affect fitness and propriety assessments.
   • Threats of violence, exploitation of others or clear criminal activity online may call into question whether someone is fit to work in a regulated role.
   • However, merely holding controversial or offensive views will not usually trigger regulatory scrutiny.
2. Appointed representatives (ARs)
   Principal firms will be accountable for ensuring their ARs meet fit and proper standards. Misconduct in ARs could expose the principal firm to regulatory consequences if standards or oversight fall short.

Why is the FCA doing this?

The FCA has been explicit that a failing culture is a red flag for financial misconduct. When bullying or harassment go unchallenged, staff are less likely to speak up about other wrongdoing, such as fraud, mis-selling or conflicts of interest. In the FCA’s words, unchecked toxic behaviour “drives away good people, undermines performance, damages growth, and enables financial misconduct.”

The regulator is also attuned to reputational risk. Consumers, employees and shareholders increasingly make choices based on whether a firm is seen as a “good citizen.” Public scandals around misconduct can cost firms talent, clients, and investor confidence.

What firms need to do now

While the final rules on NFM apply from September 2026, the FCA’s expectations are already clear. Firms that wait risk being caught unprepared. Steps to consider include:

• Policy review and alignment
  Update codes of conduct, whistleblowing procedures and disciplinary policies to reflect that NFM is a regulatory matter. Ensure clarity on boundaries between regulated and unregulated activities, particularly for firms with diverse operations.
• Training and awareness
  Equip staff, especially senior managers, with training on what constitutes NFM, how to respond to concerns, and how their actions or inaction will be judged by the FCA.
• Governance and oversight
  Strengthen escalation routes, record-keeping and investigation processes. Firms should be able to evidence that they acted promptly and proportionately in response to issues.
• Culture checks
  Conduct internal assessments of workplace culture, including anonymous surveys or focus groups, to identify risks before they escalate.
• Scenario testing
  Apply the FCA’s examples to real-life situations your firm has encountered. This can reveal gaps in policies or inconsistencies in how incidents are managed.
• Engage with the consultation
  Responses to the draft guidance are due by September 10, 2025. This is an opportunity for firms to influence how the FCA applies the rules, especially around complex boundaries such as private life and hybrid regulated/unregulated businesses.

The right balance

While the rules will inevitably increase reporting and compliance burdens, they are also an opportunity. Firms that handle NFM well will not only reduce regulatory risk but also build stronger, safer, and more attractive workplaces.

That said, there is a fine line:

• Over-reporting could erode employee trust
• Under-reporting could damage client trust and reputation

The FCA recognises this tension and expects firms to take a balanced, reasonable approach. The real test will be whether firms can embed these standards without creating a culture of fear or bureaucracy.

The FCA’s latest measures reflect a wider regulatory trend in which culture and conduct are business-critical issues. For regulated firms, whether global banks or small advisory practices, the days of treating workplace behaviour as purely “HR matters” are over.

By September 2026, all regulated firms will need to prove they are addressing non-financial misconduct head-on. The firms that succeed will be those that move beyond compliance and genuinely foster cultures of integrity, accountability and respect.

Don’t miss our course Intro to FCA regulation. It explores how the FCA regulates conduct, the principles it sets for business, and the standards and process it provides in the FCA handbook. Try it now.