IUA Circular 014/26
Tackling non financial misconduct (FCA - PS25/23)
Date: 13 February 2026
Interest Groups: IUA member contacts, Legal and Regulatory, Human Resources and Compliance interests
Subject: An update on the Financial Conduct Authority's approach to tackling non-financial misconduct in the insurance sector.
IUA Contact: Nafisah Hussain, Acting Director of Public Policy 44 (0)20 7617 5442 or 44 (0)7936 927967
Downloads accompanying this circular:
IUA Non-Financial Misconduct Summary Note
On 12 December 2025, the FCA published the final Policy Statement (PS25/23) and guidance on the tackling of non-financial misconduct (NFM) in the financial services (FS) sector.
Background:
In July 2025, the FCA advanced its efforts to address NFM in Consultation paper (CP25/18). This paper announced the expansion of the FCA's conduct rules (COCON) to capture that severe misbehaviour (e.g., bullying, harassment, and violence) constitutes a regulatory concern for all organisations under the SMCR, not exclusively banks. The FCA solicited comments on proposed supplementary guidance to assist SMCR firms in interpreting and uniformly applying these conduct rules, as well as clarifying the requirements for fitness and propriety.
In December, the FCA published its final guidance on non financial misconduct (NFM) in financial services (FS) in Policy Statement PS25/23. This new guidance will come into force on 1 September 2026, alongside changes to the Handbook.
In PS25/23, the FCA announced it will now focus on “how firms are tackling NFM in practice” and that this guidance brings the policy work on NFM to a close. These likely signals that no more guidance will be issued by regulators on NFM in the near future. Despite the additional guidance, there is a lot of work left for firms to interpret and tailor their interpretation of the rules. The FCA itself emphasises that “no guidance can cover every scenario and that firms will always need to exercise judgement”.
Whilst the FCA has not rules out direct enforcement interventions on NFM, it would likely focus on “serious breaches” (see 2.1 in PS25/23) and might use this as a deterrent. If the FCA decided to intervene, it might possible that it would focus on the most major breaches related to poor firm culture instead of minor individual cases[1].
Looking ahead, firms will likely need to have in place the right MI, including early warning capabilities, reporting, and data management capabilities to identify the source of NFM in a timely manner. They will also need robust processes in place to take appropriate action following the new framework. Firms will also need to have processes in place to update the Board on the implementation. Right sizing the framework is also expected to be a challenge for smaller firms.
The following note and attachment – provide resources on the key changes in the PS compared to CP25/18. The IUA is also liaising with the LMA and LIIBA to organise the final webinar in our NFM series on 16th March 2026 from 11.30-12.30. Details of this will follow soon in a separate email and will be posted at the IUA's Education Hub.
The FCA made key amendments in the PS to reflect industry feedback:
COCON
New examples, clarifications and flow diagrams to apply COCON consistently.
•The FCA has onboarded some of the decision trees and flow diagrams included in the Consultation (see Appendix attached on Handbook diagrams).
•It also clarified that, for mixed firms (i.e., running FS & non-FS business), if the perpetrator or the victim is part of the FS business of the firm – the conduct is in scope of the rules. However, the conduct would be out of scope if both individuals worked in a separate function that did not deal with the financial services business at all.
•The PS also confirms that COCON rules apply only to work-related issues only.
•However, significant margin of interpretation remains for “softer” work contexts: e.g., special contexts for training, afterparty… Firms will need to determine their own approach to these in their NFM policies, which might be a highly iterative process.
•The FCA also explains that it does not expect any retrospective application of the rules on misconducts that happened before 1 September 2026.
•Minor incidents are not major misconduct (and potential further simplification under SMCR).
Clearer alignment with employment law.
•The FCA clarified that it used the words ‘bullying’ and ‘harassment’ in the CP as shorthand terms to describe unwanted conduct that has the purpose or effect of violating a colleague’s dignity or creating an intimidating, hostile, degrading, humiliating or offensive environment for them.
•Where possible, the FCA revised the guidance to further align with relevant provisions in employment and equality law. For example, an example clarifies that the purpose of the conduct is as important as its effect (i.e., even if hostile communication on NFM is intercepted before it reaches its target, it is still a breach).
•The PS also clarifies that NFM covers bullying and harassment including sexual harassment, but not other aspects forming part of the Equality Act (e.g., discrimination or victimisation).
•The FCA clarifies that SC4 is still requiring personal life information under the SMCR for Fit & Propper assessment.
Clarifying that managers’ accountability is relative to their knowledge and authority.
•In response industry feedback, the FCA revised the guidance to make it clearer that it would not expect a manager to be held responsible for failing to stop NFM if they could not reasonably have known about it.
FIT
On FIT, the guidance will supplement firms’ own processes and assessment in place to help them better identify what is in scope from an NFM perspective.
Scope clarifications
•As a reminder, the scope of FIT requirements is broader than COCON as it covers issues outside the workplace.
•The FCA made it clear that Senior Manager staff may be required to disclose information about their private or personal life under SC4 if it would be material to an assessment of their fitness and propriety.
•The FCA clarified in the PS that investigations including private life investigations should be in line with the law – and should not be carried out if other regulatory/legal body are better placed to carry them out.
•Conduct in private life is relevant to fitness and propriety if it shows there is a material risk that the individual will breach regulatory standards and requirements. The FCA clarifies that material risk cannot be speculative risk.
•The FCA removed the provision that if a misconduct case has not been fully clarified – the firm still has to report to the FCA. Firms had mentioned it may lead to litigation risk.
Clarifications on the private life and social media investigations
•The FCA clarified that firms are not expected to investigate trivial or implausible allegations or breach privacy law when assessing fitness and propriety.
•New guidance state that the FCA does not expect firms to investigate allegations relating to someone’s private life if they are trivial and would not impact the individual’s F&P, or even if true, the allegations would not show a material risk of the person breaching the standards of the regulatory system.
•Minor incidents of poor workplace behaviour that do not have the purpose or effect described in the new rule (eg ‘violating dignity,’ ‘degrading,’ ‘humiliating’) will not be considered breaching the rules.
•New paragraph included at FIT 3.21G(4) outlines that if a person’s social media activity does not indicate a material risk of them breaching relevant requirements then it’s unlikely to be relevant to their FIT.
•The FCA remove/refined some contentious drafting from the CP (such as an example focused on minor driving offences) to lessen misinterpretation risks and unnecessary burdens on firms.
•However, the regulator raised that repeated minor breaches can be relevant where they show a pattern of disregard for law or ethical obligations.
[1] “Preventing the development of workplace cultures that facilitate further wrongdoing and regulatory breaches that harm consumers and damage market integrity.”