Beyond the Balance Sheet: Operationalising Non-Financial Misconduct under SMCR

The integration of Non-Financial Misconduct (NFM) – encompassing behaviours such as harassment, discrimination, and bullying – into the Senior Managers and Certification Regime (SMCR) marks an important step in UK financial services regulation. A webinar, Managing Non-Financial Misconduct Under SMCR, hosted by A-Team Group, offered senior practitioners insights into operationalising these expectations, covering legal alignment, technological support, and proactive governance.

The event, sponsored by NICE Actimize, highlighted that while firms recognise the challenge, many remain at the middle and early stages of consistent policy application. An opening audience poll indicated 50% of respondents at mid-stage with policies in place but not yet consistently applied while 40% are just starting at the policy review stage.

Regulatory Clarity vs. Legal Enforceability

Whilst the FCA is setting the expected standards, actual enforcement hinges on employment law, highlighting the need to update contracts, codes, and processes to allow regulatory expectations to be legally enforced.

Defining the Boundaries of Fitness and Propriety (F&P)

Recent regulatory discourse confirms that F&P assessments must look beyond the office environment – a challenge the audience poll surfaced as defining the boundary between workplace and private life.

• A panellist used a simple office teaching scenario to illustrate how perceptions of misconduct differ. If one grape disappears from a bunch on shared desk, most people will ignore it; but if an entire bunch regularly goes missing, colleagues begin to view the behaviour as theft. The example was intended to spark internal discussion about where personal thresholds lie and to help teams agree on acceptable standards of behaviour and the point at which repeated actions become a matter of integrity and non-financial misconduct.
• Another example recalled a well-known FCA case involving a certified individual who avoided paying train fares totalling about £43,000 over several years. The repeated evasion – rather than the act itself – was viewed as evidence of a sustained disregard for rules and obligations. The case has since become a reference point in discussions of fitness and propriety, showing that patterns of dishonest conduct outside work can indicate a lack of integrity relevant to regulated roles.
• A case in which a chief executive of a regulated firm arrived at a public venue armed with a machete and became involved in an altercation. The incident, though unrelated to financial activity, was treated as a serious breach of integrity and resulted in the individual being prohibited from the industry. The example served to highlight that certain forms of violent or criminal conduct – however detached from the workplace – can directly undermine the trust required of senior managers under SMCR.

Technology, Fragmentation, and Process Overhead

Firms are increasingly looking to technology for proactive detection, moving away from relying solely on grievances or whistleblowing portals, which a panellist warned can leave firms dealing with reputational and regulatory risks if issues are detected too late.

Governance and Compliance Readiness

For firms operating internationally, achieving a harmonised global policy is possible but must factor local employment law. An explicit employee code of conduct provides a global baseline, even where local regimes differ, with local subsidiaries still subject to local rules.

Board level reporting should be aggregated to protect confidentiality; panellists advocated focusing on themes, actions, and the evolving risk assessment, and involving the legal team in shaping the reporting format. Supervisors also look for senior management visibility at training and regular attestations alongside policy updates and case logs.

Panellists described a “building blocks/points” approach where minor infractions accrue points with thresholds triggering consequences (e.g., malus or clawback), just as points lead to a driving ban. Transparency is critical – publish the rules and share anonymised examples of application – and maintain a near miss log to evidence learning and proportionality to boards, auditors, and supervisors.

COCON September 2026

Looking ahead, senior management must ensure compliance readiness by September 2026, when the new conduct rule (COCON) for non banks comes into effect. Banks are already subject to conduct rules, but the COCON harmonises expectations across all FCA regulated firms including broker-dealers and advisors. Priorities include:

• Conducting a comprehensive gap analysis, comparing current conduct-rules monitoring against the forthcoming non-financial misconduct requirements. This diagnostic step provides a clear baseline for prioritising investment and remediation.
• Refreshing policies, procedures, and employment contracts to ensure that disciplinary actions tied to NFM are legally enforceable. Compliance expectations may be set by the regulator, but firms must still anchor them in sound employment law to withstand challenges.
• Updating fitness and propriety questionnaires to capture new behavioural dimensions – including participation in investigations and indicators of management style – so that assessments of integrity are both evidence-based and contemporaneous.

Finally, while ‘tone from the top’ is critical, panellists stressed that culture is transmitted day to day by the real change-agents, middle managers and desk heads.