Tackling non-financial misconduct in financial services – FCA publishes Policy Statement 25/23

The FCA has published its Policy Statement (PS25/23) on tackling non-financial misconduct in financial services. The Policy Statement follows on from the FCA’s consultation (CP25/18) on the same topic which closed on 10 September 2025. Under the policy statement included in the consultation, the FCA introduced a new rule, which will take effect on 1 September 2026, expanding the scope of COCON to non-banks (representing around 37,000 firms in addition to banks) to make clear that non-financial misconduct (NFM) is a regulatory concern and can amount to a breach of the Conduct Rules regardless of firm type. The consultation also included draft guidance to support firms in applying the regulator’s rules on NFM more consistently which the FCA committed to publishing if there was support for it. For further information, see our previous Law-Now article – FCA’s Consultation on Tackling Non-Financial Misconduct.

Confirming stakeholder support for such guidance, PS25/23 publishes the final guidance having taken into account consultation feedback. The guidance, which will also come into force on 1 September 2026, aims to help firms make fair and consistent decisions and take decisive action in relation to NFM. PS25/23 states that it brings the FCA’s policy work on NFM to a close, and the regulator’s focus will now turn to tackling it in practice.

Below we take a closer look at what is outlined for firms in the FCA’s final position.

Changes to address areas of feedback

The FCA has amended various aspects of the draft guidance in response to feedback. This includes adding flow diagrams to help firms apply COCON consistently, providing for closer alignment between the guidance and employment law principles and clarifying that managers’ accountability in relation to NFM is relative to their knowledge or authority. The FCA also clarifies that firms are not expected to investigate trivial or implausible allegations when assessing fitness and propriety in the context of NFM.

COCON

Respondents to the consultation asked for additional guidance, case studies and examples to support consistent application of the NFM rules. Although the FCA has made a small number of changes in response to this feedback, PS25/23 emphasises that firms will need to exercise judgement in decision-making in every case and it is not possible to address the wide range of potential situations arising through case studies and examples because every case is unique. Flow diagrams have however been added to aid decision-making.

1. Alignment with employment law

In response to feedback about even closer alignment between the guidance and employment law principles to reduce the compliance burden on firms, PS25/23 states that there is no parallel in employment law for the NFM rules and determining whether NFM is in breach of the individual conduct rules (e.g. whether someone has failed to act with integrity). As such, the FCA has responded to the feedback by seeking to further align the guidance with employment law where possible. This includes adding an example demonstrating that the purpose of NFM is equally important as its effect – each of which form part of the relevant test for employment law purposes. The example states that an individual can breach COCON even if their hostile and intimidatory communication is intercepted before it reaches the intended subject.

2. Managers’ responsibility to protect staff from NFM  

While there was support in the feedback for the draft guidance on managers’ responsibility to protect staff from NFM, there was concern that it placed too great an onus on managers which could have unintended consequences in terms of individual legal liability for NFM.

In its response to that feedback, PS25/23 reiterates the difference between employment law and the regulatory framework under which managers are held to account for their conduct, competence and decisions. The guidance has, however, been amended to make clear that the FCA would not expect a manager to be held responsible for failing to stop NFM if they could not have reasonably known about it or did not have authority to act in the particular case.

3. Definitions and terminology

Various respondents sought clarity in relation to the definition of NFM, and PS25/23 confirms that NFM is very widely defined, being “essentially any misconduct not of a clearly financial nature” such as bullying and harassment. While it confirms that the new rule covers sexual harassment, it does not expand the scope of COCON in non-banks to cover other forms of conduct prohibited under the Equality Act such as discrimination and victimisation. It nevertheless suggests that firms should consider whether misconduct of that kind could amount to a COCON breach.

4. Scope

Some respondents sought clarity in relation to the expanded scope of the new rule for non-banks. In response, PS25/23 explains that a table of scenarios has been added to the final guidance to illustrate the way the exclusion in the new rule applies. It outlines that conduct would be out of scope where the perpetrator and the subject work in a function that does not deal with the financial services business of the firm. It also refers to flow diagrams, and a decision tree, included in the final guidance to help firms determine whether conduct is in scope of COCON.

5. Boundary between work and private life

The final guidance includes scenarios where there may be a sufficient connection between work and misconduct outside work to bring it in scope of COCON such as misconduct at a training event or award ceremony. PS25/23 emphasises that conduct in someone’s private or personal life is entirely out of scope of the conduct rules. The final guidance also makes clear that senior managers may be required to disclose information about conduct in their private or personal life under SC4 (You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice) where it is material to their fitness and propriety.

6. Serious misconduct

The draft guidance referred to ‘serious’ misconduct and some respondents sought clarity on what that meant in practice. The response states that whether misconduct is serious enough to amount to a breach of the rules on NFM is a matter to be reasonably adjudged by a firm taking account of the wording of the new rule, the factors set out in the guidance and guidance on the meaning of the words ‘serious’ and ‘significant’ set out in SYSC and SUP. The FCA will treat a firm’s judgement about whether misconduct is serious enough to amount to a breach as complying with COCON, provided that a firm’s judgement is reasonable.

7. Historic NFM

PS25/23 makes clear that the new rule does not have retrospective effect and NFM that occurs before 1 September 2026 should be addressed in line with the version of the Handbook in force at the time.

FIT

PS25/23 states that the FCA has preceded to publish a revised version of the FIT guidance given this provides additional clarity around the FCA’s expectations and requirements.

1. Investigating unproven allegations about private life

In terms of investigating allegations about private life, PS25/23 confirms that it has added guidance to help firms assess whether such investigation is appropriate. The final guidance makes clear that the FCA would not expect a firm to investigate trivial or implausible allegations or allegations that would not be relevant to fitness and propriety. In response to feedback about notification obligations, the FCA has clarified that even unproven allegations may be notifiable to the FCA (on Form D) and that it would treat such information with all due caution and update it once the outcome is known.

2. Social media

While respondents welcomed the draft guidance on social media, some respondents asked for more guidance on when firms would be expected to respond to allegations about social media activity outside of work. The FCA has clarified that a person’s social media activity in their private life will be relevant to their fitness and propriety if it indicates a material risk that they will breach regulatory standards and requirements, such as threats of violence. It emphasises that firms are not expected to investigate allegations about social media activity in a person’s private life that are trivial, implausible, non-material, irrelevant to fitness and propriety or where the conduct is unlikely to be repeated at work in a way that engages the NFM rules.

As regards social media activity involving the lawful expression of views that are controversial or offensive, the FCA has amended the guidance to reduce the risk of it being too narrowly interpreted and to make clear that expressing a controversial view on social media outside of work may be relevant to fitness and propriety (such as where the conduct may be repeated at work in a way that would breach the conduct rules). 

3. Ethical obligations

Regarding feedback about the risk of subjectivity in relation to conduct in a person’s private life that demonstrates a willingness to disregard ethical or legal obligations, PS25/23 states that the guidance is clear enough that repeated misconduct in private life (objectively assessed) can show a lack of regard for ethical considerations which is a key part of acting with integrity.

4. Repeated minor breaches

There was feedback on the draft guidance about how repeated incidents of minor misconduct in private life can be relevant to a person’s fitness and propriety and the reference to repeated minor driving offences in that context especially as firms will not often know about such offences. The FCA has decided not to use that example in its final guidance but makes clear its expectation that firms exercise reasonable judgement about what kind of offences and what level of repetition might demonstrate a lack of fitness and propriety.

Comments

The proposed changes to COCON guidance are intended to ensure firms are sufficiently equipped to make fair and consistent decisions to maintain an inclusive and healthy workplace culture.

The new rule and the final guidance will take effect on 1 September 2026 which gives firms time to prepare for the changes by ensuring familiarity with and adherence to the new guidance. Firms are reminded of their duty under section 64B FSMA to notify conduct rules staff about the conduct rules and take all reasonable steps to make sure they understand how they apply to them. Clear and well implemented workplace policies and procedures, training and reporting channels will all go towards ensuring compliance with the regulatory requirements and mitigating the risk of regulatory intervention. If you would like to discuss any aspect of the new guidance or your firm’s approach to tackling non-financial misconduct, please get in touch with your usual CMS contact.