The FCA’s consultation contains two key developments. First, the FCA has confirmed that it will broaden the scope of conduct that falls within the FCA’s Code of Conduct (COCON) for non-banks effective 1 September 2026. Secondly, the FCA is consulting on further draft proposed guidance about when non-financial misconduct may breach COCON and potentially call into question an individual’s fitness and propriety.
Extending the scope of COCON for non-banks
Historically, the application of the FCA’s Code of Conduct (COCON) to non-banks has been narrower than for banks, covering only activities that fall within the definition of “SMCR financial activities” or those that could affect the integrity of the UK financial system, the firm’s ability to meet Threshold Conditions, or its compliance with financial resource requirements.
However, from 1 September 2026 this will change. From this date, the scope of COCON for non-banks will be expanded to explicitly cover “unwanted conduct” that violates an individual’s dignity or creates an intimidating, hostile, degrading, humiliating, or offensive environment. Any conduct involving violence towards another individual will also be expressly included.
Proposed draft guidance: When might non-financial misconduct breach COCON?
The FCA’s proposed draft guidance seeks to clarify when non-financial misconduct will fall within the scope of COCON.
The FCA is consulting on this proposed draft guidance. The consultation will close on 10 September 2025 and the FCA will aim to publish its final guidance by the end of the year, which will take effect on 1 September 2026.
What factors should be considered to determine if non-financial misconduct might fall within the scope of COCON?
The FCA’s proposed draft guidance offers a non-exhaustive framework for determining whether non-financial misconduct falls within the scope of COCON. The context of the behaviour is key. Factors the FCA proposes firms should consider include whether the conduct took place on firm premises or when an employee was working on firm business, and if the conduct involved clients, colleagues, or professional contacts. In addition, the FCA has proposed that the use of work equipment, the involvement of colleagues, and whether the incident occurred at a business event (official or informal) are also relevant factors to consider.
Setting boundaries: What counts as conduct occurring in an employee’s private life?
The FCA recognises the complexity of drawing the boundary between private and professional conduct and has included some short case studies in its proposed draft guidance to help firms to navigate this boundary. For example, one case study clarifies that misconduct towards a colleague while travelling to a work event is likely to be caught by COCON, whereas a misconduct towards a family member when the employee is remote working may not. However, the FCA is clear: even if misconduct in an employee’s private life does not breach COCON, it may still be relevant to their fitness and propriety.
Alignment with employment law
Following feedback on their original guidance, the FCA has tried to align some of their proposed draft guidance with employment law. For example, the FCA’s proposed draft guidance states that firms should consider the perception of the person affected by the alleged misconduct – if they did not feel their dignity was violated, or if it would be unreasonable to consider the conduct as such, the FCA states that a breach of COCON on the grounds of non-financial misconduct is unlikely. This draws on the definition of harassment in section 26 of the Equality Act, which focuses on unwanted conduct which has the purpose or effect of violating a person’s dignity or creating an intimidating, hostile, degrading, humiliating or offensive environment.
Importantly, the FCA:
- Overlays an objective lens of reasonableness in terms of how the relevant conduct is interpreted for regulatory purposes; and
- Does not limit non-financial misconduct to conduct related to a “relevant protected characteristic” (age, disability, gender reassignment, race, religion or belief, sex and sexual orientation) as is the case in the Equality Act.
The FCA clearly states that the Conduct Rules are separate and distinct from employment law (and employers’ internal disciplinary codes) and that its view of non-financial misconduct is deliberately framed more widely than the definition of harassment in the Equality Act. This approach is similar to the FCA’s approach to whistleblowing, which draws on but is broader than the employment law definition.
Consequently:
- Disciplinary action may be warranted for misconduct (including in a non-work setting) that would not amount to a breach of COCON.
- Misconduct may amount to a breach of COCON (and/or of firms’ internal policies) which would not constitute harassment under the Equality Act.
Integrity and diligence: What kind of non-financial misconduct will breach these requirements?
The FCA proposes providing further clarity on what may constitute a breach of Individual Conduct Rule 1 (“You must act with integrity”). The FCA has proposed that conduct will not breach this rule if the employee reasonably believed there was a “good and proper reason” for their actions and the effects were proportionate, or if any negative impact was unintended and not reckless. However, the FCA has noted that repeated misconduct may undermine the credibility of such beliefs. The FCA has also introduced as examples of a lack of integrity retaliation against a colleague for whistleblowing or co-operating with relevant regulators pursuant to Individual Conduct Rule 3 or retaliating against a Senior Manager for self-reporting relevant issues to the FCA or the PRA pursuant to Senior Manager Conduct Rule 4.
For all employees, the FCA’s proposed draft guidance on what may breach Individual Conduct Rule 2 (“You must act with due skill, care and diligence”) focuses on bullying and harassment and, in particular, on suggested criteria for determining the severity of such misconduct (e.g. repeated or a pattern of misconduct, the seniority of the perpetrator).
For managers, the FCA is proposing to set the bar quite high under Individual Conduct Rule 2. Failing to take reasonable steps to protect employees from non-financial misconduct, to operate effective policies and controls, or to deal appropriately with complaints may constitute potential breaches of Individual Conduct Rule 2 according to the FCA’s proposed draft guidance.
Fitness and propriety: The impact of non-financial misconduct
Events occurring in an employee’s private life
Most of the FCA’s proposed draft guidance about fitness and propriety focuses on when events in an employee’s personal life may impact their fitness and propriety. This is an area where the FCA has faced significant challenges when bringing enforcement action against individuals for non-financial misconduct. The FCA introduces the following concepts to help firms assess the potential relevance of events in an employee’s personal life to their fitness and propriety:
- Whether their conduct shows that there is a risk that they will breach regulatory requirements.
- Whether, if repeated in the role for which their fitness and propriety is being assessed, their conduct would breach regulatory requirements.
- Sexual or violent misconduct may show that there is a risk of the employee engaging in similar misconduct towards clients, customers, counterparties and/or colleagues.
- Even if there is no or a low risk of the employee repeating their misconduct in their work, it may still impact their fitness and propriety if it demonstrates a willingness to disregard ethical or legal obligations, abuse a position of trust or exploit the vulnerabilities of others, and is sufficiently serious that it could undermine public confidence in the regulatory system or impact the FCA’s statutory objectives.
The FCA’s proposed guidance confirms that firms are not expected to monitor employees’ private lives, but should investigate where there is a “good reason” – for example, if credible allegations arise that could impact fitness and propriety. The FCA acknowledges the practical limitations firms may face in investigating private matters, suggesting reliance on criminal convictions or findings by courts and tribunals where appropriate. Nevertheless, firms should take reasonable steps to assess the impact, such as seeking explanations from employees.
Criminal convictions, particularly those resulting in custodial sentences (even if suspended), are likely to be considered serious enough to impact fitness and propriety. However, the nature of the offence, the time elapsed, the individual’s explanation, and any evidence of rehabilitation should all be considered.
Social media and additional factors
The FCA specifically addresses social media, recognising that employees are entitled to lawfully express views even if they are controversial or offensive without calling their fitness and propriety into question. However, the FCA’s proposed draft guidance states that social media activity indicating a “real risk” of an employee breaching regulatory requirements such as threats of violence or evidence of criminal activity could still impact their fitness and propriety.
The FCA also proposes to expand the list of factors that may impact fitness and propriety, including an employee resigning at their employer’s request (particularly where linked to integrity issues), findings by a tribunal or court about bullying, harassment, victimisation, or discrimination, and upheld internal complaints relating to such misconduct.