Key takeaways

• Whilst the FCA has long maintained that "non-financial misconduct is misconduct and not an additional principle" it has now taken steps to strengthen its existing rules and adopt a consistent approach to NFM across banks and non-banks. The changes to COCON for non-banking firms make clear that serious NFM such as bullying, harassment and violence against colleagues is a matter of regulatory concern. 
• From 1 September 2026, the NFM rules extend to all firms authorised under Part 4A of the Financial Services and Markets Act 2000 and subject to the Senior Managers and Certification Regime (SMCR), meaning that approximately 37,000 non-banking firms (such as asset managers, investment advisers and fund managers) will be in scope. 
• COCON does not concern matters that occur in an individual's private or personal life; however, the FCA has clarified that such conduct would be relevant to an individual's fitness and propriety.
• The FCA is also consulting on proposed guidance, which includes an obligation to take steps to prevent NFM, and updates to FIT. 
• The consultation on the proposed guidance closes on 10 September 2025, with any Handbook guidance targeted for publication by the end of the year to give firms the opportunity to prepare for the changes and update their processes. 
• For more information or to discuss what this development means for you and your business, please get in touch with the authors or your usual Baker McKenzie contact.

In more detail 

The NFM rule change

The FCA has published its much awaited rules and draft guidance on NFM following its September 2023 consultation on Diversity and Inclusion in the Financial Sector (CP23/20). The regulator has long maintained that "non-financial misconduct is misconduct, plain and simple" but misalignment of the scope of the NFM rules between banks and non-banks has led to challenges in enforcing against NFM in much of the regulated population.

In its latest publication (CP25/18), the FCA sets out how it considers a failure to tackle NFM to be one of the clearest signs of a failing culture. The regulator expects that alignment of the NFM rules for banking and non-banking firms will help drive consistency of approach and enable robust action by firms, bringing more incidents of NFM in non-banks within scope (although the change will not apply to non-banks retrospectively).  

The new rule widens the scope of COCON in non-banks for NFM against colleagues. Under COCON, NFM will be a conduct issue where an individual subject to COCON engages in conduct that (i) has the purpose or effect of violating an individual's (B) dignity or creating an intimidating, hostile, degrading, humiliating or offensive environment for B; or (ii) is violent to B. The conduct must be directed towards fellow employees and employees of group companies and contractors to amount to a breach of COCON. The FCA notes that it is possible that other work-related behaviour, such as NFM towards clients or business contacts, may also breach COCON under the existing rules.

The definition of NFM under COCON aligns closely with the definition of harassment under section 26 of the Equality Act 2010 (with the express addition of violent conduct) but is not limited to conduct related to a relevant protected characteristic (i.e., sex, age, religion and belief etc.). However, specific characteristics of the subject of the misconduct may be relevant to whether the conduct is sufficiently "serious" according to draft guidance (see below). 

Proposed COCON guidance

The proposed guidance, which is subject to consultation, addresses: 

• Boundaries between work and private life, as conduct in an individual's private or personal life is entirely outside of the scope of COCON (though can be considered as part of assessments of fitness and propriety). Employers may face challenges in assessing whether conduct took place in an individual's private or personal life, particularly in borderline or blurred cases: for example, the FCA's proposed guidance indicates that misconduct in relation to another member of the firm at a purely social event may not be captured with the caveats that it could be in scope if: (i) organised by a manager and direct reports felt obliged to attend; or (ii) it was a continuation of a firm event; or (iii) conduct started at a firm event and continued at a separate event. 
• When conduct is outside of a firm's SMCR financial activities, as conduct that clearly only relates to a part of the firm's business that does not carry on regulated or other SMCR financial activities is excluded.
• Factors to consider when determining whether NFM breaches COCON, including whether: 
  • It was "serious", which takes into account factors such as whether the conduct was repeated or part of a pattern, the duration and impact of the conduct, the seniority of the perpetrator, the specific characteristics or vulnerabilities of the subject of the misconduct, previous warnings or disciplinaries for similar conduct and whether the conduct was criminal;
  • The conduct had the alleged effect. Guidance clarifies that all circumstances of the case should be considered, that the subjective perception of the subject of the misconduct is relevant, as is the question of whether it was objectively reasonable for the conduct to have the alleged effect. This aligns with the statutory language of the Equality Act in relation to harassment; and 
  • It relates to a breach of the Individual Conduct Rules, in particular Rule 1 (You must act with integrity) or Rule 2 (You must act with due skill, care and diligence). The proposed guidance states that an unreasonable belief that conduct was acceptable may amount to a breach of Rule 1. Further, a manager failing to take reasonable steps to: (i) prevent NFM as defined in COCON; (ii) deal appropriately with complaints of NFM as defined; or (iii) provide a safe environment for people to raise concerns, could be a breach of individual conduct Rule 2. This is similar to an employer's duty to take reasonable steps to prevent harassment, though notably under COCON a failure may point to a failure to act with due skill, care and diligence. 

Proposed FIT guidance 

The proposed FIT guidance provides clarity on when NFM will be relevant to the assessment of fitness and propriety. 

The scope for NFM to be relevant to FIT is broader than when NFM will amount to a COCON breach, as it expressly includes NFM that takes place in an individual's private or personal life and shows there is a risk the person will breach (or if the conduct were repeated in their role would breach) the requirements of the regulatory system. Examples of NFM that guidance suggests will be relevant to FIT include: 

• Dishonesty and lack of integrity; 
• Violence or sexual misconduct; 
• Criminal offences resulting in a custodial sentence; 
• Any behaviour demonstrating a willingness to disregard ethical or legal obligations, abuse a position of trust or exploit the vulnerabilities of others; 
• Conduct which could undermine public confidence in the regulatory system or impact the FCA's statutory objectives; and 
• Minor offences if repeated, such as driving offences. 

Following concerns raised regarding whether there is an expectation on firms to monitor individuals in their private lives, the guidance clarifies that firms: 

• Are not expected to proactively monitor staff but should take action when they become aware of potential issues, such as asking for an explanation from the individual; 
• Will normally rely on findings of courts, tribunals, regulators, etc. in determining whether an individual has committed wrongdoing in their private life (although the FCA will not necessarily limit its assessments of fitness and propriety in this way); and 
• Need not monitor social media activity of staff subject to FIT unless there is good reason. However, the FCA also explains that a person's social media activity may indicate a risk the person will breach requirements of the regulatory system (for example threats of violence or clear involvement in criminal activities), and firms will need to consider taking action if they become aware of these indications. 

Firms will therefore need to determine what reasonable steps they can take when they become aware of matters that have occurred in an individual's private life in considering whether the conduct is relevant under FIT. 

Going forward

The NFM rules in relation to bullying, harassment and similar behaviour between staff will extend to all SMCR firms from 1 September 2026, and firms should begin preparing now to account for adjustments they may need to implement. The rule change will not apply retrospectively. 

The consultation period on the proposed guidance closes on 10 September 2025; the FCA intends to finalise any guidance it decides to take forward in good time before the NFM rule change takes effect.

The updates provide helpful clarity; however, the draft guidance will be important in interpreting the rules and there is still scope for ambiguity with the FCA placing significant onus on firms to determine matters for themselves. The change to the COCON rules is pared back from those proposed in September 2023, with the FCA acknowledging and responding to some of the feedback it received through consultation, including to more closely align the rules with employment law in response to concerns that divergence from employment and equalities law would increase the risk of unfairness and potential legal challenge. Given the alignment of NFM under COCON with harassment under the Equality Act 2010, case law in this area may be helpful in understanding the scope of NFM and when conduct may be said to not meet the threshold.

Interestingly, despite FCA commentary regarding the need to "prevent rolling bad apples" (i.e., people moving between firms without prior serious NFM being disclosed) the FCA has dropped planned guidance to remind firms they may need to disclose NFM in a regulatory reference, leaving the onus on firms to determine how to approach this issue and whether the conduct in question was sufficiently serious to include.