FCA CP25/18: Tackling Non-Financial Misconduct in Financial Services

On the 2nd of July 2025, the Financial Conduct Authority (FCA) published Consultation Paper CP25/18 outlining new rule changes and proposals to address non-financial misconduct (NFM) in financial services. This further reinforces the regulatory standpoint that workplace behaviours such as bullying, harassment and violence can signal deeper cultural failings and can ultimately lead to consumer harm, poor market conduct and reputational risks. 
 

Background and Context

In September 2023, the FCA published Consultation Paper (CP) CP23/20, which proposed a new regulatory framework on Diversity and Inclusion (D&I). The CP also included proposals to "clarify and strengthen" expectations around NFM.

Whilst the FCA publicly announced on the 12th of March 2025 that it would not be taking forward its D&I proposals (following further consideration of its cost benefit analysis (CBA)), NFM has remained firmly on the agenda. 

The FCA's NFM proposals gained strong support during the D&I consultation period, and most respondents agreed that NFM was a regulatory issue, and 80% of authorised firms supported the FCA's proposed approach. The Treasury Select Committee (TSC) also welcomed more robust regulation in this area.
 

Summary of the Paper

There are two key elements to CP25/18:

  1. A Policy Statement extending the scope of Code of Conduct (COCON) to cover serious NFM in non-banks, aligning with the rules for banks and bringing more incidents into the scope of COCON.
  2. A Consultation on additional guidance for firms to interpret and apply rules consistently, particularly for COCON and FIT (Fit and Proper test for Employees and Senior Personnel Sourcebook).

CP25/18 applies to all FSMA (Financial Services and Markets Act) firms with Part 4a permission and staff in those firms who are subject to COCON. 

The implementation date for expanding the scope of COCON is 1 September 2026, and consultation closes on 10 September 2025 with finalised guidance expected before the end of this year.
 

1. Policy Statement: Code of Conduct (COCON)

Currently, there is an inconsistency between rules that apply to banks and non-banks. Whilst the scope of COCON is relatively wide for banks, for non-banks COCON applies primarily to conduct relating to the SMCR financial activities of the firm.

In CP23/20, the FCA proposed to change the scope rules for non-banks to make bullying, harassment and similar behaviour between staff subject to the wider scope rules that apply to banks. With strong support for the proposal, the FCA has now confirmed it will widen the COCON scope rules for non-banks to align the approach across all SM&CR firms and bring more instances of NFM into scope. 

As referenced above, the new rulecomes into effect on 1 September 2026. This change will not apply retrospectively. 
 

2. Overview of proposals for consultation

CP25/18 also sets out proposals for potential new FCA Handbook guidance in COCON and FIT. The purpose of the guidance is to make it easier for SM&CR firms to interpret and consistently apply the conduct rules, and to clarify statutory and FCA requirements for fitness and propriety. The FCA is seeking views on whether additional guidance is needed and on the form any such guidance should take.

 

Area

Prposed Changes (taken from CP25/18)

COCON Guidance

New guidance on the scope of COCON, including guidance and examples of:

  • The boundary between work and private life
  • When conduct is outside of a firm's SM&CR financial activities
  • When NFM may be out of scope as it relates to a non-financial services business of a firm
  • Breaches of Individual Conduct Rule 1 (integrity) versus 2 (due skill, care and diligence)
  • Factors to consider in determining whether NFM is serious enough to constitute a breach
  • “Reasonable steps” for Managers to protect staff against NFM.

FIT Guidance

Draft guidance on how various types of conduct, including NFM, are relevant to the FIT section of the FCA Handbook. This includes:

  • Regulatory breaches
  • Conduct connected to work
  • Behaviour in private or personal life
  • Social media and employee monitoring
  • Relevant to competence and capability.


Proposals not being taken forward

The FCA also confirmed that it would not be progressing its proposals to:

  • Extend the guidance on the Suitability Threshold Condition (in its COND Sourcebook) to make it clear that NFM is relevant to its assessment of firms’ suitability to undertake regulated activities
  • Update its guidance around regulatory references (in SYSC) to clarify that it might be necessary to provide information on NFM or misconduct outside of work as part of regulatory referencing.
 

What actions do firms need to take?

In response to CP25/18, firms should:

Review current COCON policies and map against the proposed broader scope for serious NFM. Whilst the extension of the rules apply to non-banks, banks should also gain assurance that their policies align to regulatory expectations;

  • Review broader speak-up channels (including Whistleblowing and grievances frameworks) and culture to ensure alignment with regulatory expectations
  • Assess disciplinary and conduct breach reporting frameworks to ensure consistency with the rule changes. Again, whilst this is primarily relevant for non-banks, this change serves as a prompt for banks to ensure that their arrangements are fit for purpose
  • Prepare training plans to ensure staff understand the new expectations. Refresher training should also be considered for banks
  • Respond to the FCA consultation, by 10 September 2025, using the online response form
  • Monitor for the final guidance publication by the end of 2025 and ensure that the updated rules have been implemented ahead of the 1 September 2026 deadline.
 

How BDO can support you?

Need help unpacking or implementing the changes? BDO can support you with:

  • Assessing current COCON and FIT frameworks to identify gaps against new rules and proposed guidance
  • Mapping the impact of the new rules on your policies, procedures and frameworks
  • Reviewing your speak up arrangements and culture to identify potential risk areas
  • Developing and delivering targeted training for Boards, Senior Managers, Certification Staff, HR and Compliance teams, and wider staff to embed understanding of the new COCON scope and rules.

For more information please contact Sasha Molodtsov, Partner, Financial Services and Jennifer Cafferky, Associate Director, Financial Services.