The Financial Conduct Authority (FCA) has long insisted that “non-financial misconduct is misconduct.” That phrase, repeated across speeches and policy statements, reflects the regulator’s conviction that culture, integrity, and behaviour are inseparable from financial soundness. In 2025, the FCA translated that principle into formal rulemaking, finalising changes to the Senior Managers & Certification Regime (SMCR) and opening consultation on detailed guidance. For firms in capital markets and treasury, the message is unambiguous: managing workplace behaviour is now a regulatory risk, not just an HR matter.
SM&CR was introduced in the wake of the financial crisis to strengthen individual accountability across financial services. Its rollout was phased: banks and PRA-regulated firms in 2016, insurers in 2018, and all FCA solo-regulated firms in 2019. The regime rests on three pillars. The Senior Managers Regime requires clear responsibility mapping and regulatory pre-approval for key roles. The Certification Regime obliges firms to assess the fitness and propriety of staff performing significant functions annually. And the Conduct Rules apply to most employees, setting baseline standards of honesty, integrity, and due skill, care, and diligence. Together, these pillars are designed to ensure that individuals cannot hide behind collective responsibility and that poor conduct is identified, sanctioned, and prevented from recurring.Why Non-Financial Misconduct Has Become Central
For much of the past decade, SMCR enforcement has concentrated on financial misconduct – market abuse, mis-selling, risk management failures. Yet scandals around bullying, harassment, and discrimination have demonstrated that non-financial misconduct can be equally corrosive to trust and integrity. Tribunal cases have also highlighted gaps. The Frensham judgment, in particular, clarified that misconduct in private life is not automatically a regulatory matter unless a clear nexus to financial services is established. The FCA’s latest steps are designed to bring clarity, ensuring that firms and individuals understand exactly where the line is drawn.
The New COCON Rule: What Changes in 2026
The FCA’s policy statement (CP25/18) introduces a new Conduct Rule for non-banks, effective 1 September 2026. From that date, serious workplace misconduct – bullying, harassment, violence, and comparable behaviour in a work-associated environment – will be explicitly treated as a breach of the Conduct Rules (COCON). Banks were already captured through existing rules, but the change harmonises treatment across all regulated firms. Alongside the rule, the FCA launched a consultation on guidance, designed to help firms interpret boundaries and apply the framework consistently. That consultation runs until September 2025, giving firms one year to prepare before the rule goes live.Fitness and Propriety: Beyond the Workplace
The FCA’s position on private life conduct is more cautious. The new COCON rule is limited to workplace-related behaviour, but fitness and propriety assessments (FIT) remain broader. Firms are still required to assess whether an individual is of “honesty, integrity, and reputation,” and conduct outside of work may be relevant if it undermines those qualities. Criminal convictions, serious online abuse, or attempts to conceal misconduct can all be relevant to FIT. The key is evidence and justification: firms must document how and why behaviour is, or is not, relevant to a regulatory assessment. This record-keeping applies across certification, regulatory references, and senior manager approvals.
The Compliance Gap: Where Firms Stand Today
The FCA’s 2024 wholesale markets survey illustrates the gap between expectations and reality. Detection of misconduct still relies overwhelmingly on whistleblowing and grievance channels, with limited use of proactive monitoring or surveillance. Disciplinary action is inconsistent: fewer than half of substantiated cases lead to meaningful sanctions, and remuneration adjustments are rare. Where adjustments are made, they tend to involve unvested variable pay rather than clawback of awards already granted. Governance arrangements are also weak. More than a third of firms reported that boards do not receive management information on misconduct, and some firms admitted they lack a whistleblowing policy altogether. This patchy landscape is precisely what the FCA wants to address before 2026.
What Regulators Expect to See in Practice
What supervisors want is not rhetoric but proof. Firms are expected to have whistleblowing and disciplinary policies that are up to date and demonstrably followed. They should maintain an investigations playbook that shows how allegations are handled, from intake through evidence gathering to outcome. Boards should receive management information covering case volumes, types, resolution times, and themes, enabling oversight and challenge. Fitness and propriety records should show how non-financial misconduct factored into certification decisions. Regulatory references must include substantiated misconduct findings, consistent with FCA rules. And reporting obligations must be met through REP008 returns for conduct rules breaches and Form C or D notifications for senior managers. Regulators will expect to see this evidence during supervisory reviews.
Preparing for 2026 and Beyond
For firms, the next year is a transition period. Training needs to be refreshed so that all Conduct Rules staff understand their obligations. HR and compliance teams should update checklists to ensure workplace misconduct is assessed as a potential COCON breach from September 2026. Management information should be expanded so that boards can monitor trends and themes in behaviour. Remuneration policies should be updated to include malus and clawback mechanisms linked to non-financial misconduct. Above all, firms should recognise that non-financial misconduct is a regulatory risk, requiring governance, documentation, and accountability structures equal to those applied to financial risk.
The FCA’s reforms move SMCR from principle to prescription. By formalising the treatment of non-financial misconduct, the regulator has closed an important gap. For firms in capital markets and treasury, the implications are clear. Workplace misconduct must be detected, investigated, and reported with the same seriousness as financial failings. Fitness and propriety assessments must be evidence-based and documented. Governance structures must support board-level oversight. And by 1 September 2026, every firm must be able to demonstrate that its approach to non-financial misconduct is embedded, consistent, and compliant. Those that act early will not only avoid supervisory pressure but also protect their reputation, staff, and senior managers from the consequences of being left behind.
For an in-depth examination of the latest rules and how firms are responding, check out A-Team Group’s webinar “Managing Non-Financial Misconduct under SMCR” on October 9, where a panel of industry experts will discuss best practices for meeting the new expectations.
Subscribe to our newsletter
