In a decisive move to embed cultural reform across the financial services sector, the Financial Conduct Authority (“FCA”) is looking to contain within its supervision of non-financial misconduct (“NFM”) all solo-regulated firms. This initiative, recently confirmed in Consultation Paper CP25/18, represents a major shift in the FCA’s supervisory lens elevating personal conduct in the workplace and in the private sphere to a matter potentially subject to regulatory supervision.
For smaller asset managers solely regulated by the FCA this change introduces complex challenges and new expectations that reach beyond traditional compliance frameworks.
The Regulatory Context: From Culture to Conduct
One of the FCA’s consistent areas of focus has been on a firm’s culture—shaped by values, leadership, and behaviour—which it considers central to positive outcomes for markets and consumers alike. The inclusion of NFM within the scope of the COCON rules represents a natural extension of this philosophy.
Under the revised rules, the FCA will formally regard serious bullying, harassment (including sexual harassment), and workplace violence as potential breaches of conduct and integrity expectations—regardless of whether the misconduct is financial in nature.
CP25/18 in More Detail
- Final rule confirmed: The FCA will extend the Code of Conduct (“COCON”) in non-bank firms to explicitly capture serious bullying, harassment, and workplace violence—bringing COCON in non-banks into alignment with the existing regime in banking firms. This takes effect 1 September 2026, to align with conduct-rule breach reporting cycles.
- Consultation focus: The paper additionally seeks feedback on whether supplementary Handbook guidance is necessary to support firms in applying the broadened rules under COCON and the Fit and Proper (“FIT”) regime.
- Scope: CP25/18 applies to all FSMA Part 4A-authorised firms and staff subject to COCON – all solo-regulated asset managers, advisers, and similar non-bank entities.
Key Affected Populations Include:
- Senior Managers: will be held responsible for not only their conduct, including NFM, but also for cultivating inclusive and respectful working environments.
- Certification Staff: NFM considerations are to be included in assessments for fitness and propriety.
- Conduct Rule Staff: All employees involved in financial services activities subject to conduct rules with the revised guidance clarifying that for NFM to breach Conduct Rule 1 (integrity) requires deliberate or reckless misconduct. In the absence of those factors, NFM is likely to be a breach of Rule 2 (due skill, care and diligence).
What the FCA Expects and the Final Rule: COCON 1.1.7FR
- Expanded definition: The rule introduces a new provision COCON 1.1.7FR stating that serious non-financial misconduct, specifically bullying, harassment and violence against colleagues constitutes a conduct rule breach.
- Minimum threshold: Misconduct must be considered “serious” and does not include trivial or isolated minor incidents.
- Work-context limitation: The rule applies only to misconduct connected to SMCR financial activities. NFM clearly outside a firm’s regulated activities is out of scope; for example the conduct of an HR team may fall outside this boundary. Similarly, conduct in an individual’s private life is out of scope of the COCON rules due to a statutory limitation under FSMA. However, such conduct can still be relevant to FIT assessments
The FCA notes that while approaches to these new rules should be proportionate, inaction is not an option.
Scope of Conduct: COCON
The FCA outlines guidance to help firms determine when behaviour falls within rule coverage. Firm’s should consider:
- whether the conduct occurred within an individual’s professional remit or outside it.
- the perception of the person subjected to misconduct, and, more specifically, whether it was reasonable for that person to feel violated.
- the seriousness of the incidents, including factors such as their number, duration, impact, seniority, vulnerability of affected person, previous warnings, and whether the misconduct is criminal.
Managers’ Obligations under Senior Management Conduct Rule 2
The draft guidance highlights scenarios where managers breach SC 2 by neglecting to prevent or respond to NFM, including:
- Failing to intervene in harassment,
- Ignoring or mishandling complaints,
- Not operating adequate systems, controls, or policies to detect NFM.
Senior Managers, the Certification Regime and Fitness & Propriety (“FIT”)
Proposed guidance clarifies how NFM outside work can impact an individual’s fitness and propriety:
- Private-life misconduct: Firms are not expected to proactively monitor personal lives; however, if serious misconduct comes to light, they should take steps assess possible impacts.
- Relevance to work position: misconduct in private or personal life is less relevant where there is little or no risk of it being repeated at work. Instead, the FCA says that conduct may be relevant if it shows a willingness to disregard ethical or legal obligations, abuse a position of trust or exploit others’ vulnerabilities.
- Social media posts: Are only relevant if content suggests a real risk of future regulatory breaches.
The extension of NFM rules under COCON sends a powerful signal about the FCA’s long-term vision for culture-based regulation. For small asset managers, the challenge lies in translating these principles into proportionate and defensible practices. But for those who act early—by aligning governance, revising policies, and training staff—the new rules may serve not just as a compliance hurdle, but as an opportunity to strengthen culture and mitigate broader reputational risks.
Please reach out to us to learn how we can support you in staying informed about key regulatory updates such as this.
