The FCA has made it clear: non-financial misconduct is now a core conduct risk. Serious behaviours such as bullying, harassment, intimidation, and violence must be identified, assessed, and managed with the same rigour as traditional compliance risks.
This shift in the way the FCA view non-financial misconduct is not about "bad apples". This is a systemic risk that arises from normalised shortcuts, muted challenge, and weak consequences. Leadership matters: when senior figures breach standards without consequence, compliance becomes optional.
The FCA’s Policy Statement PS25/23: Tackling non-financial misconduct in financial services and the regulator's guidance on non-financial misconduct set out how firms should manage culture and conduct risk. Key takeaways include:
Culture and conduct manifest in everyday behaviours, micro-cultures, tolerated shortcuts, and the speed of escalation. Profit-first mindsets, protected "rainmakers," or repeated minor breaches such as expense misuse or casual harassment can suppress challenge and amplify conduct risk.
Firms claiming a "great culture" without evidence, such as Management Information (MI), case trends, escalation timelines, surveys, exit interviews, or seniority-based outcomes, expose themselves to regulatory scrutiny.
To comply with FCA non-financial misconduct expectations, firms should:
Strengthen speak-up channels
Track not just volume but timeliness, perceived fairness, and follow-up actions.
Hybrid working increases the need for culture and conduct oversight. Firms should codify expectations for virtual meetings, chats, and social channels (monitor exclusion, inappropriate language, and retaliation) and ensure escalation processes are clear for junior staff.
Case Snapshot: BrewDogBrewDog illustrates how cultural and governance issues can become serious organisational and reputational risks when growth outpaces controls. The business, founded in 2007 and known for its rebellious "punk" branding and innovative crowdfunding model, has faced sustained criticism over workplace culture, employee treatment, and leadership conduct. These are issues that have ultimately contributed to its dramatic downturn. |
Firms should implement:
Firms cannot outsource culture. It is important for companies to maintain inventories of all contractors, suppliers, and client-facing partners in order to assess their conduct policies and escalation routes. From there, they can document interventions where misconduct arises.
Companies need to treat non-financial misconduct as a governance mandate. Dashboards should track:
Bullying, harassment, and whistleblowing reports
Expense violations and other conduct indicators
Training completion and scenario performance
Exit interview themes, turnover, and repeat offenders
Outcome consistency across teams, functions, and seniority
Act on patterns with coaching, training, leadership changes, or structural fixes. Document actions, especially where high-performers create risk.
Update policies and the FCA Code of Conduct to cover off-site and online interactions
FCA non-financial misconduct is no longer optional. Culture is a control, and inconsistency amplifies risk. Regulators expect firms to detect, assess, act, and learn. Cross-functional governance, consistent enforcement, third-party oversight, and robust measurement transform culture into a strategic asset; protecting people, sustaining trust, and reducing legal, financial, and customer harm.
Non-financial misconduct (NFM) covers misconduct that is not financial in nature. It includes bullying, harassment, violence, and other inappropriate behaviours that impact workplace conduct and culture.It is not limited to discrimination linked to protected characteristics under the Equality Act; non-discriminatory bullying or harassment is also in scope. Not every instance of poor behaviour constitutes a breach, but repeated, serious, or impactful misconduct can cross the threshold.
With the UK government emphasising lighter, faster, less prescriptive regulation, more responsibility shifts to firms to manage culture and conduct proactively. The FCA’s latest rules and guidance (effective 1 September) make clear that NFM will be treated like any other compliance risk. Firms are expected to identify, assess, and manage these risks and demonstrate reasonable steps taken to prevent and address misconduct.
From 1 September, the FCA will treat NFM under COCON (conduct rules) and FIT (fitness and propriety) for all SMCR firms, with non-banks seeing a significant expansion of scope. The FCA is also removing the Form H/REP008 conduct rule breach return, but this is not a relaxation of standards—firms still need strong oversight and evidence of adherence to the conduct rules. Anticipated later SMCR changes are largely process-related, not a rollback of roles or responsibilities.
This shows how 'win at all costs' mindsets can damage reputation, governance, and long-term value. BrewDog’s ‘punk’ brand became intertwined with allegations of toxicity, illustrating that culture is not just an HR issue, but a reputational and governance risk. The key lesson: strategy will override policy unless compliance and conduct expectations are hardwired into everyday decisions and leadership actions.
Both. Effective management requires joint ownership and close coordination among HR, Compliance, Legal, Risk, and line
management. Many firms are creating conduct or standards committees that combine these functions. Transparency, consistency, and clear decision rights are crucial; committees should be tightly scoped with defined decision-makers to preserve confidentiality and speed.
Act quickly, take ownership, and be consistent. Steps include: prompt triage and fair investigation; alignment among HR, Compliance, and Legal; applying consequence management frameworks proportionately; documenting the rationale; and communicating outcomes internally with a level of detail that educates without breaching confidentiality. Make clear when regulatory references will reflect misconduct and ensure the individual is informed.