Navigating the Non-Financial-Misconduct Changes: A Summary of FCA PS25/23
Navigating the Non-Financial-Misconduct Changes: A Summary of FCA PS25/23
The FCA’s Policy Statement PS25/23 – Tackling non-financial misconduct in financial services: Guidance in the Code of Conduct (COCON) and the Fit and Proper test for Employees and Senior Personnel (FIT) sourcebooks (published on the 12 December 2025) marks a decisive step in strengthening expectations of workplace culture, conduct and individual accountability across the sector.
Primarily, PS25/23 finalises FCA Handbook guidance clarifying how serious non-financial misconduct (NFM) including bullying, harassment and violence can amount to a breach of the FCA's Code of Conduct (COCON), and how it should inform assessments of fitness and propriety (F&P).
Importantly, the FCA is not simply underscoring the importance of culture and conduct within regulated firms - it is providing firms with tools to apply the rules more consistently, more defensibly, and with clearer linkage between NFM outcomes and regulatory consequences. PS25/23 applies to all Financial Services and Markets Act 2000 (FSMA) firms with a Part 4A permission, and staff in those firms who are subject to COCON or FIT.
Why PS25/23 matters: a more consistent and actionable framework
The FCA’s direction of travel is clear: firms must be able to demonstrate that they can identify, assess, manage and escalate serious NFM in a way that aligns not only with internal policies, but with regulatory outcomes.
For non-banks, PS25/23 reinforces the rule change, expanding the scope of COCON so that NFM towards colleagues is within scope when it occurs in relation to the performance of an individual’s role - not only when linked directly to financial services activities.
Whilst the scope rule change does not directly impact banks, the FCA’s additional guidance will still be relevant and useful to banks and will help inform assessments of whether NFM constitutes a breach of the Conduct Rules, and whether it has bearing on F&P.
The Regulator’s approach is intended to support more consistent outcomes across the industry, reduce uncertainty for decision-makers, and improve firms’ ability to take decisive action when standards are breached.
Implementation date: 1 September 2026
The FCA has confirmed that the relevant rule change and new guidance will take effect from 1 September 2026, giving firms time to operationalise change, particularly where HR and compliance frameworks, “people processes” and Senior Managers and Certification Regime (SM&CR) governance intersect.
What changed from the consultation? (Consultation vs final PS25/23)
The FCA’s final approach broadly preserves the consultation’s intent, but includes targeted refinements to increase usability, clarity, and alignment with employment law considerations.
Key changes from consultation to final PS25/23
| Area | Consultation feedback | FCA response | Changes |
|---|---|---|---|
| Additional guidance | Many respondents requested additional guidnace, case studies and examples to support consistent application. | The FCA emphasised that each case of NFM is unique and case studies and guidance cannot cover all scenarios. | A small number of changes have been made - including new examples to illustrate the scope of COCON and further guidance to support the application of the new rule. This includes a suite of flow diagrams demonstrating how COCON applies and the process for assessing whether NFM breaches the FCA's rules. |
| Alignment with employment law | Some respondents requested further alignment to employment law, raising concerns around divergence increasing firm burdens. | The FCA highlighted the differences between its rules and employment law. For example, the conduct rules, for which there is no parallel concept in employment law. | Where possible, the FCA has further aligned the guidance to employment law – such as including an example to demonstrate that the purpose of the conduct is as important as its effect. |
| Manager's responsibility | Some respondents raised concerns that guidance placed disproportionate liability on individual managers. | The FCA noted that under SMCR, managers in regulated firms are already held individually accountable for their conduct, competence, and decisions. The guidance aims to place that accountability in the context of NFM which specifying limitations. | The guidance has been revised to clarify that managers would not be held responsible had they not reasonably known about the NFM or if they did not have the authority to act in the particular case. |
| Scope of COCON | Several respondents asked the FCA to clarify elements of the guidance relating to the scope of COCON. For example, the exception (COCON 1.1.7FR(5) that states that conduct is not within the scope of the new rule if it only relates to a business of the firm that does not involve SMCR financial activities. | The FCA reiterated that, historically, the scope of COCON was narrower for non-banks – and limited to activities of a firm that were related to regulated activities or other SMCR financial activities. The new rule expands the scope to make bullying, harassment, and similar behaviour between staff subject to the wider rules. | The FCA has added a table of scenarios to illustrate the exclusion at exclusion at COCON 1.1.7FR(5). In essence, the conduct will be in scope if either the perpetrator or the subject deals with the financial services business of the firm. The conduct would be out of scope if both individuals worked in a separate function that did not deal with the financial services business at all. |
| Work versus private lives | Some respondents requested more guidance on the boundary between work and private life. | The FCA emphasised that under section 64A of FSMA, private or personal life is entirely out of scope of its power to make and enforce conduct rules for individuals. The NFM guidance does not seek to change this position. The guidance rather provides scenarios where conduct outside the workplace may be closely connected to work to fall within the scope of its rules (e.g., misconduct at a training event). | Additional examples provided by respondents have been added to the guidance to support decision-making, particularly around social occasions and social media. However, again, the FCA emphasised that scenarios and guidance cannot and should not be exhaustive, and firms must exercise appropriate judgement. |
| Specific characteristics or vulnerabilites | Some respondents raised concerns about one of the factors in the draft guidance for assessing whether conduct met the seriousness threshold. This consideration was ‘whether the subject of the misconduct has specific characteristics or vulnerabilities, particularly if this is a factor in the conduct in question.’ | The FCA noted that it previously consulted on a different version of the guidance, which respondents noted equally raised challenges for implementation, as it required firms to make ‘quasi-legal’ judgments. | Having considered the feedback, the FCA made the decision to remove the proposed factor relating to specific characteristics or vulnerabilities. |
| Investigating unproven allegations | A number of respondents asked for more guidance about how/when to investigate events in an individual’s private life and noted the costs and legal risks of such investigations. | The FCA clarified that firms are not expected to investigate trivial or implausible allegations or those more for law enforcement agencies or other authorities. The FCA also clarified that firms do not need to investigate allegations which, even if substantiated, would not link to F&P. | Additional guidance has been added to help firms assess whether they need to take steps to investigate allegations about an individual’s private life. In summary, conduct in private life is relevant to F&P if it shows there is a material risk that the individual will breach regulatory standards and requirements. |
| Social media | Some respondents asked for more guidance on when firms would be expected to respond to allegations about social media activity in private life. | The FCA emphasises that firms ‘are not required to investigate allegations about private life social media activity that are trivial, implausible, non material, irrelevant to fitness or where the conduct is unlikely to be repeated at work in a way that would breach regulatory standards.’ | The guidance has been updated to clarify that the materiality threshold for social media activity in private lives is consistent with other private life conduct as described in the row above. |
What firms should do now?
With the 1 September 2026 implementation deadline approaching, firms should act early to ensure compliance and avoid fragmented or inconsistent responses to NFM cases. The FCA has also made clear that PS25/23 brings its policy work on NFM to a close, and the Regulator will now focus on “how firms are tackling NFM in practice”, which will likely lead to increased supervisory attention and challenge in relation to NFM.
To ensure preparedness, firms affected by these changes should:
- Review PS25/23 in full, including the final COCON and FIT guidance and practical examples
- Conduct a structured gap analysis of current policies, procedures and practices versus the PS (including investigation, escalation, disciplinary and broader “people” impacts)
- Engage all relevant internal stakeholders (e.g., Compliance, HR, Legal, Risk, Conduct teams and Senior Management) to ensure a coordinated approach to implementation
- Develop a clear action plan (including owners, timelines, training, governance, controls, reporting) to ensure full compliance by 1 September 2026
Download our Gap analysis template
How BDO can support you
Need help unpacking or implementing the changes? BDO can support you to:
- Conduct a gap analysis to assess your current arrangements and identify gaps against the new rule and guidance.
- Map the impact of the new rules on your policies, procedures and frameworks, and provide assurance on the effectiveness of your systems and controls.
- Review your speak up arrangements and culture to identify potential risk areas.
- Develop focused management information dashboards to facilitate effective oversight of conduct and culture.
For more information please contact Sasha Molodtsov, Partner, Financial Services and Jennifer Cafferky, Associate Director, Financial Services.