On September 1, 2026, the UK financial services landscape will undergo its most significant shift in accountability since the introduction of the Senior Managers & Certification Regime (SM&CR). Following years of consultation, the FCA is introducing explicit rules and guidance regarding Non-Financial Misconduct (NFM).
In a recent webinar, Fox Williams experts Sona Ganatra, Marian Bloodworth, and Sebastian Sayer unpicked the nuances of these changes and the heavy “judgment calls” firms must now prepare for.
Why now?
Historically, the FCA Handbook was silent on NFM. Firms relied on high-level speeches and inconsistent enforcement actions that were often overturned by the Upper Tribunal.
”The FCA has repeatedly stated that it views non-financial misconduct through the regulatory lens and not just as a matter of employment law or a private matter,” noted Ganatra.
The new guidance provides a formal regulatory definition, centering on bullying, harassment, and violence.
Key regulatory frameworks:
- COCON (Code of Conduct): NFM now explicitly falls under Individual Conduct Rule 1 (Integrity) and Rule 2 (Skill, Care, and Diligence).
- FIT (Fitness and Propriety): Conduct such as bullying and harassment is now a core factor in assessing whether an individual is “fit and proper” to perform their role.
Who and what is covered?
The new rules apply specifically to firms with Part 4A permissions under FSMA. While payment services and e-money firms are currently excluded, the speakers noted these firms may adopt the rules voluntarily due to the “direction of travel” of the regulator.
The work-life boundary
The FCA has confirmed that conduct toward colleagues is within scope if it occurs in relation to the performance of the individual’s role.
| Scenarios | Regulatory Scope |
|---|---|
| Work events | Training, award ceremonies, and workshops are firmly in scope. |
| Social events | Events organized by the firm are in scope. If organized by a manager, the “power dynamic” may bring it in scope even if it’s a personal invitation. |
| The afterparty | Highly fact-specific. If it’s a “continuation” of the first event, it may still fall under COCON. |
| Social media | Proactive monitoring is not required. However, activity showing “material risk” (for example threats or harassment) is relevant to FIT. |
The “seriousness” threshold
The FCA focuses on serious misconduct. However, it has declined to provide a definitive legal definition, stating that firms are “best placed” to assess individual cases.
Factors for assessing seriousness:
- Purpose v effect: A breach can occur even if a hostile email is intercepted before it reaches the victim, provided the purpose was to harass.
- Seniority: Misconduct by a senior individual toward a junior is viewed more severely.
- Duration and impact: Is it an isolated incident or a pattern of behavior?
Managerial accountability
A point of “consternation” during the consultation was the potential for managers to be held liable for the actions of others.
- Failure to prevent: A manager may breach COCON if they fail to intervene or provide a safe environment for raising concerns.
- Reasonable steps: Managers are not responsible if they “couldn’t reasonably have known” or lacked the authority to act.
- SMF disclosure: Senior Managers must now proactively disclose NFM in their private lives if it affects their Fitness and Propriety (F&P).
Practical tips from the legal experts
Employment partner Marian Bloodworth emphasized that firms are now essentially “acting as a regulator.” She provided several practical steps for firms to take before the September deadline:
- Establish an audit trail: Document who made a decision, what was consulted, and why a certain threshold of seriousness was reached. “It is a lot harder to satisfy the FCA if there is nothing to show how a decision was reached,” says Bloodworth.
- Educate and train: Managers must be “alive” to what constitutes an NFM allegation, similar to how they treat whistleblowing or discrimination today.
- Rigorous investigation: The consequences, such as negative regulatory references, are so severe that investigations must be “objective and rigorous.”
- The “look-back” test: Take a disciplinary case from the last year and test it against the new 2026 guidance. Would you have reached the same decision?
The cost of inaction
While formal enforcement against firms may be rare, the supervisory cost of failure is high. Firms perceived to have a “toxic” culture can expect intensive, weekly scrutiny from the FCA. ”You will face very intensive, supervisory activity… weekly, fortnightly calls from the FCA quizzing you about what you’ve done… folks really don’t want to be in a position where the FCA has lost trust with them,” stated Sebastian Sayer.
The panel concluded that because “culture risk is conduct risk,” the FCA is using these rules to force a permanent shift in the “worst behaviors” the industry tolerates.