Clifford Chance

The Financial Conduct Authority ("FCA") has released its long-awaited updated rules on non-financial misconduct, alongside a consultation paper on proposed accompanying guidance about how those rules should be applied.

What is changing, and for which types of firms?

The new rules, which will come into force on 1 September 2026, confirm that serious bullying, harassment or violence amount to conduct rules breaches in respect of which the FCA may take enforcement action. This aligns rules which apply to non-banks with those which already apply to banks. Until now, in order to be able to take enforcement action for non-financial misconduct against individuals in firms which are not banks, the FCA has had to show that the conduct in question related to the firm's "SMCR financial activities" (i.e. the activities in respect of which it holds regulatory permissions).

What has been the FCA's stance on non-financial misconduct?

The FCA has made no secret of its wish to bring non-financial conduct clearly within the scope of its regulatory remit for all firms, and has taken assertive action through enforcement action preceding this rule change to advertise its commitment to doing so.

In September 2018, the FCA’s Executive Director of Supervision wrote to the Chair of the House of Commons Women and Equalities Committee to make clear that the FCA sees sexual misconduct as falling within the scope of the financial services regulatory framework. It has since regularly and clearly publicised its view that non-financial misconduct falls within its remit.

Public statements have been matched by enforcement activity. For example, the FCA has issued Final Notices in enforcement cases concerning Messrs Russell Jameson, Mark Horsey and Frank Cochran (5 November 2020), Mr Jon Frensham (17 September 2021), Mr Ashkan Zahedian (14 November 2022) and Mr Crispin Odey (3 March 2025). The cases pursued in respect of Messrs Jameson, Horsey, Cochran, Frensham and Zahedian related to criminal convictions for sexual and physical abuse. In the case of Mr Odey (which did not involve any alleged criminal conduct), the FCA's Decision Notice (which has been referred to the Upper Tribunal) refers to findings by the FCA of integrity breaches based on his actions concerning disciplinary and governance processes following allegations of sexual harassment made against him.

However, references to the Upper Tribunal have indicated that the actual extent of the FCA's jurisdiction over non-financial misconduct may not be as great as suggested in these Final Notices. In upholding the FCA's decision in Mr Frensham's reference to the Upper Tribunal, the FCA was criticised for making "speculative and unconvincing" attempts to link Mr Frensham’s personal lack of integrity to his professional integrity, which the Tribunal held the FCA must assess. In Mr Zahedian's case, the FCA focused on his personal character and the reputational impact of his conviction for grievous bodily harm, concluding that he lacked the integrity required to perform regulated activities. The FCA’s focus on Mr Zahedian’s personal character alone was widely regarded as being inconsistent with the need to show a link between personal and professional integrity established in Frensham. Given that Mr Zahedian did not escalate the case to the Upper Tribunal, this point was never tested.

We have tracked these developments as they have happened, for example in our detailed Clifford Chance briefing.

The net result of this case law was uncertainty, both about the exact parameters of the tests to be applied by the FCA when assessing integrity and about the scope of its regulatory remit concerning non-financial misconduct for non-bank firms.

The Upper Tribunal in its recent decision concerning James Edward Staley sought to bring some clarity on the meaning of "integrity". It acknowledged a 2023 Upper Tribunal decision which indicated that: "There is no strict definition of what constitutes acting with integrity; it is a fact specific exercise" but that a person can be said to lack integrity "if they either lack an ethical compass, or their ethical compass to a material extent points them in the wrong direction.". However, neither decision (nor any others which have come before the Tribunal to date) has answered remaining questions about when or how the FCA should take action in respect of personal misconduct by individuals.

In an attempt to address such questions, in September 2023, the FCA and the Prudential Regulation Authority (“PRA”) had published consultation papers (FCA CP23/20 and PRA CP 18/23, together the “Consultation Papers”) on a package of proposed amendments to specify the instances in which the regulators’ rules apply to non-financial misconduct and to provide greater consistency between the application of these rules for banks and non-banks.

Specifically, the FCA proposed to make amendments to its Handbook to explicitly address non-financial misconduct within the Code of Conduct Rules ("COCON"), Fit and Proper test for Employees and Senior Personnel ("FIT"), and Suitability guidance on the Threshold Conditions. The FCA also indicated that the Senior Managers and Certification Regime might be a key tool in addressing non-financial misconduct and cultural issues.

The Consultation Papers originally proposed addressing diversity and inclusion. On 11 March 2025, the FCA confirmed that it has decided not to move forward with such rules for financial firms. See further details on this in our RIFC Insights blog post.

In early 2024, following the Consultation Papers, the FCA sent a culture and non-financial misconduct survey to over 1,000 financial services firms to understand how firms detected and handled non-financial misconduct incidents over a three-year period. The survey responses have helped to inform the FCA's final rules now published.

New rules introduced and guidance proposed

As expected, the FCA has now included specific reference in COCON to non-financial misconduct, which covers serious instances of bullying, harassment or violence towards "colleagues" (the definition of which includes fellow employees, employees of group companies and contractors).

The scope of the revisions now made to the substance of COCON differ from the FCA's original proposals. The original suggestion that “seriously offensive, malicious, or insulting conduct” and “unreasonable and oppressive conduct causing serious alarm or distress to a fellow member of the workforce” should be covered has been replaced with an indication that "conduct that has the purpose or effect of violating [colleagues'] dignity" or which "[creates] an intimidating, hostile, degrading, humiliating or offensive environment for" or "is violent to" colleagues will be in scope. This responds to feedback that the original wording did not mirror relevant employment and equality law concepts and that some elements of it did not have a clear legal definition. The FCA has therefore amended the language to more closely align it with relevant legal concepts and definitions (although the FCA has been careful to make clear that this definition is not limited by those definitions or concepts, and that it has been framed to cover a wider range of workplace misconduct that it considers relevant to its regulatory remit).

The latest consultation paper setting out proposed guidance accompanying the revised rules is an updated version of guidance on which the regulators have already consulted. It reflects feedback from that exercise and recognises the potential breadth of these provisions and the room for subjectivity when assessing the seriousness of misconduct.

It also makes clear that COCON does not cover individuals' private and personal lives and that the FCA does not expect firms to monitor employees' private lives to identify anything relevant to fitness. The proposed guidance contains a non-exhaustive list of criteria and scenarios aimed at assisting firms with identifying where individuals' work and personal and private lives begin and end for these purposes. For example, misconduct by a Conduct Rule staff member in relation to a fellow member of the workforce at a social occasion organised by their firm would be in scope, but misconduct in relation to a fellow member of the workforce at a social occasion organised by them in their personal capacity would not be in scope. Distinguishing between events organised in a personal capacity and work events will be difficult in some cases and will present challenges for firms seeking to investigate potential breaches.

Although the consultation paper and proposed guidance now published indicate that firms are not expected to actively enquire into employees' personal or private lives, it states that where firms do become aware of information which, if substantiated, would call into question employees' fitness and propriety, firms should consider what they can do to assess this possible impact, noting that misconduct in a person’s personal or private life may be relevant to an assessment of fitness and propriety. It adds that this may be the case even where it does not involve a breach of standards that are equivalent to those required under the regulatory system and/or there is little or no risk of that behaviour being repeated in their work for their firm. The FCA had previously indicated that this will be the case if the individual's behaviour is “disgraceful or morally reprehensible or otherwise sufficiently serious”. However, the proposed guidance is now drafted in more neutral terms. It now refers to "willingness to disregard ethical or legal obligations, abuse a position of trust or exploit the vulnerabilities of others" as indicators of conduct which, if sufficiently serious, could undermine public confidence in the regulatory system or otherwise impact on the regulator's statutory objectives (and which may therefore have a bearing on an individual's fitness and propriety).

What this means in practice for enforcement

By codifying previously unwritten rules on non-financial misconduct, the FCA has gone some way to alleviating the uncertainty emerging from enforcement activity to date.

The updated rules and proposed guidance underline that the FCA is not required to demonstrate a link between personal and professional integrity when pursuing enforcement action against a regulated individual.

The amendments to COCON will enable the FCA to take action against a broader range of individuals and in a broader range of situations than has been the case to date. However, increased clarity will not necessarily lead to increased numbers of enforcement cases. Particularly bearing in mind its commitment to efficiency and to selecting cases with maximum deterrent effect, it is to be expected that the FCA's focus will, for the time being at least, remain principally on senior individuals.

Impact on compliance systems and controls

The amended rules may prompt additional scrutiny of not only specific incidences of non-financial misconduct, but of the measures maintained by firms to set and communicate expectations in this area. The release of the updated rules and proposed guidance is an opportune time for firms to review, evaluate and update as necessary their arrangements they have in place.

Certification, appraisal, disciplinary, referencing and reporting processes may all be impacted by these developments and may require some revisions or additions. Firms will also wish to consider which additional training may be needed and which steps it may be appropriate for them to take to ensure that Senior Managers' responsibilities for these areas and the "reasonable steps" they are taking to discharge them are clearly understood and recorded. Relevant governance approaches may also need to be revisited, including interaction between internal stakeholders such as HR, Legal, Compliance, Risk and ultimately the Board.

We examine the practical implications of these rule revisions and proposed guidance in our Clifford Chance briefing.