Menu
undefined undefined
My dashboard
My Content
My products (0) My insights (0) My events (0) My contacts (0)

Flash SMCR+ View - FCA's Non-Financial Misconduct Handbook Guidance

New FCA guidance effective from 1 September 2026

15 December 2025

Publication

Loading...

Listen to our publication

0:00 / 0:00

At least the FCA didn’t wait until Christmas Eve to publish its final Policy Statement and guidance on non-financial misconduct (NFM). As our 12 December advent surprise we received Policy Statement (PS25/23) confirming the new FCA Handbook guidance primarily relating to non-financial misconduct will come into force on 1 September 2026. The final guidance closely follow the July 2025 consultation (CP25/18), but with targeted clarifications and some changes in response to industry feedback. Overall, we think this is positive for the industry and is to be welcomed. The FCA has clearly listened to feedback and made changes accordingly. However, firms will still need to exercise their judgement and the FCA’s guidance still leaves ambiguity as to what exactly is, and is not, in scope.

Key Points & Timeline

  • 1 September 2026: The new COCON rule for non-banks, and FCA Handbook guidance on NFM for all SMCR firms, come into force on 1 September 2026 and will only apply to misconduct occurring from 1 September 2026. This timing may be disappointing for banks, who are currently having to scope all NFM into the Conduct Rules without clear, in force, guidance from the FCA as to what is in scope. Firms who seek to apply them before this date are at risk of being challenged by individuals. It is hard to see what this means for banks given that NFM is already covered by the Conduct Rules but with no guidance. We think in practice banks will want to have regard to the new guidance but without relying on it formally.
  • FCA Handbook guidance: The new FCA Handbook guidance aims to provide firms with practical clarity on scope, seriousness, and the boundary between work and private life. Some of it is certainly helpful, although, as the FCA has noted before, it is unlikely to support firms with every scenario they face.
  • Targeted amendments: The FCA has made targeted amendments to the draft FCA Handbook guidance in response to consultation feedback, but the overall approach remains similar to the proposed in CP25/18. The FCA references receiving “a lot of constructive feedback”… In particular, the FCA has provided new examples and flow diagrams to support firms in applying COCON consistently, it has clarified that managers’ accountability is relative to their knowledge and authority, it has withdrawn or amended guidance that risked imposing disproportionate burdens on firms, and it has confirmed that firms are not expected to investigate trivial or implausible allegations, or breach privacy law, when assessing fitness and propriety (F&P). Whilst these are improvements, it is likely to take some time for firms to align their practices to the new guidance.
  • What should firms be doing now? firms should use the lead time to:
    • Review and update their relevant SMCR, culture, governance, disciplinary, investigation, and conduct frameworks (as applicable);
    • Ensure governance and escalation processes are robust and well-documented; and
    • Issue refreshed training to their staff on what conduct is now within scope of the Conduct Rules. In the FCA’s “next steps”, the FCA clearly expects firms to run some form of education exercise, as they specifically reference the duty on firms under section 64B of FSMA 2000 to notify Conduct Rules staff about the rules and what they mean for them.
  • FCA’s next steps: The FCA will now focus on supervision and implementation, not further policy development in this area.

1. Background and Context

The FCA’s work on NFM has rumbled on for years, but we finally have the last of the FCA’s guidance on this matter - hopefully for some time! When the FCA introduced their new NFM related rules in the summer, it asked firms if they wanted additional NFM FCA Handbook guidance and said it would only publish this if firms wanted it. Apparently 95% of the 79 respondents agreed, so the FCA is now providing this final guidance. The two firms that did not agree argued that the FCA should not regulate matters subject to employment law.

2. Handbook Guidance: What’s Been Confirmed?

  • The New Rule: No changes are being made to the FCA’s new rule applicable to non-banks, which comes into force 1 September 2026. It confirms that NFM in relation to a colleague will be within scope of the Conduct Rules when it occurs in relation to the performance of the individual’s role. The FCA is keen to repeat that the new rule will align the bank and non-bank position. There is, however, new guidance confirming that banks should consider relevant parts of the new rule as guidance (see page 59 of the PS).
  • Majority of the Guidance: The majority of the draft FCA Handbook guidance remains the same. On that basis, we’ve sought to highlight where there are key changes, and where there are points that have not changed that firms hoped would be.
  • Misconduct towards clients: The FCA has made it clear that it considers client-related misconduct to already be within scope of COCON under the current rules, which is why the focus of the new rule for non-banks and the FCA Handbook guidance is on misconduct in relation to colleagues.
  • Senior Managers: Senior Managers will need to disclose information about their private / personal life under Senior Manager Conduct Rule 4 (SCR4) if it would be material to an assessment of their F&P. The FCA has said this has long been their expectation and have removed wording from the current FCA Handbook guidance in COCON to avoid confusion.
  • No-retrospective effect: The FCA has said the guidance does not have retrospective effect. No retrospective analysis is required by firms, but if it does come to the attention of a firm that they have incorrectly determined a Conduct Rule breach previously they should rectify this and notify the FCA. So the risk of past employees challenging past decisions remains.

3. Handbook Guidance: What’s Not Changed?

No Definition of NFM: The lack of a clear overarching definition of NFM, in our view, still confuses the guidance provided. For example, new COCON 4.3 provides “specific guidance on harassment” (not NFM more broadly). COCON 4.3.1G states that behaviour against a colleague that can be described as “bullying, harassment, being offensive or insulting or causing distress and similar behaviour” may be a breach of Individual Conduct Rule 1 (integrity) (ICR1) and Individual Conduct Rule 2 (due care, skill and diligence) (ICR2). This is very broad. However, the FCA Handbook guidance also references that the starting point is to consider whether the misconduct falls within scope of the new rule (COCON 1.1.7FR), which is broadly limited to harassment, bullying and violence (this is arguably narrower than COCON 4.3.1G). Later, the FCA explicitly states that behaviour described in COCON 4.3.1G “is only capable of coming in scope of COCON if it is of a kind described in COCON 1.1.7FR”…Further, the rule does not expressly expand the scope of COCON to cover discrimination or victimisation which does not amount to bullying, harassment and/or violence. However, very unhelpfully the FCA’s response to the feedback on their draft COCON guidance states “However, firms should consider whether misconduct of these kinds, and other forms of NFM, may nevertheless be a potential breach of the conduct rules”…Confused as to what’s in and out of scope, yet? On balance we think firms can take a view that from a Conduct Rules perspective the FCA is focused on harassment (including sexual harassment), bullying and violence but that they also need to consider other forms of NFM by reference to general principles.

  • No Case Studies: Despite being asked, the FCA is not going further to provide worked examples/case studies of how their rules and guidance apply in practice. The FCA has emphasised that responsibility sits with firms to prevent and deal with NFM when it arises and case studies will not cover every scenario.
  • Non-Exhaustive Guidance: The FCA is keen to remind firms that the guidance cannot be exhaustive and a “…firm’s judgement will always be essential”.

4. Handbook Guidance: What’s New in COCON?

  • Flow Charts: The FCA has published a series of new flow charts showing how COCON applies, including in relation to the territoriality of the regime. These are split where necessary by firm type. Broadly the logic of these looks sound, although we may have made some tweaks to make them a bit clearer. See pages 49-55 of the PS. There is also a flow chart on when harassment will be within scope of COCON (see pages 63-70) – a lot of it repeats previous flow charts, and the last one as to whether it may be a ICR1 or ICR2 breach is very high level.
  • Scope of COCON: The FCA’s additional guidance for non-banks on “SMCR financial activities” largely remains the same, save for new examples for firms with “mixed businesses” whereby the FCA outlines when COCON will apply to the internal audit function (see page 46-48). What is clear is that the FCA expects COCON to be applied broadly and conduct relating to those working for firms whose business is providing financial services will be within scope. Firms with both a ‘financial services business’ and ‘non-financial services business’ (e.g., technology business) will need to separate functions clearly into one part that covers the ‘financial services business’ and one part that covers the ‘other non-financial services’ part of the business to be able to descope certain individuals’ misconduct from COCON.
  • Examples of misconduct amounting to an ICR1 breach and ICR2 breach: The FCA has inserted that “harassment of a fellow member of the workforce” is an example of misconduct that may breach either Conduct Rule.
  • Managers: The FCA has clarified that references to “managers” in Individual Conduct Rule 2 are not limited to line managers, so accountability should be interpreted broadly by reference to knowledge and authority. The FCA has revised when a manager may be in breach of ICR2 to include more objectivity. The FCA has said that a manager may breach ICR2 if they fail to intervene to stop relevant misconduct where appropriate if they knew or “should reasonably have known” of it (i.e., they will not be in breach for failing to stop NFM if they could not reasonably have known about it). Previously it just referenced a scenario where the manager “should have known”. The FCA has also included reference to the manager’s authority to take action as a relevant factor to take account of when assessing if it was reasonable for the manager to take action or if there were constraints on their ability to act.
  • Framing of when NFM is within scope of COCON or not: Previously, the FCA’s draft Handbook guidance was confused and hard to follow. The FCA has now separated examples of misconduct that might amount to a breach of ICR1 and ICR2, from when “harassment” will fall within scope of the new rule (COCON 1.7FR). The FCA then goes into more detail on when misconduct may amount to a breach of ICR1 or ICR2. The FCA (as mentioned above) has said “harassment” must be in scope of the new rule to be within scope. It’s worth noting that the FCA also says they use the terms “harassment” and “bullying” as shorthand for misconduct falling within scope of COCON 1.1.7FR, the new rule. For deciding whether misconduct is within scope of the new rule, firms should consider (i) its seriousness, (ii) its effect, (iii) its purpose, and (iv) other factors listed. The FCA confirms that the seriousness threshold for misconduct falling within the scope of the new rule is aligned with the threshold for harassment in the Equality Act. While much of the guidance remains the same, there is new guidance on the purpose and subject of the misconduct. On purpose, the FCA has outlined that even if there is no effect on an individual (i.e., the firm intercepts an intimidatory communication) it may still be a breach of COCON. On the subject of the misconduct, the FCA has stated that misconduct may still be a breach even if it is targeted at someone else (i.e., if it has an effect on a witness to the conduct).
  • ICR1: Most of the guidance as to when ICR1 will be breached is the same, but the FCA has inserted some new wording and tweaked other elements. In particular, the FCA has stated “A person does not show a lack of integrity merely because they act without due care. A lack of integrity involves an element of intention, recklessness or turning a blind eye (for example, being aware that something is likely but avoiding confirming it).” This latter part about turning a blind eye does seem to conflict with the guidance in relation to ICR2, where managers turning a blind eye would potentially breach ICR2, not ICR1…
  • ICR2: There’s a new section on when misconduct will fall within scope of ICR2 more broadly. It is not as clear as it might be but reiterates misconduct is only a breach of ICR2 where it involves a lack of skill, care and diligence.

5. FCA Handbook Guidance: What’s New in FIT?

  • Overview: Broadly, the changes to FIT remain the same, save for some key changes highlighted below, and the guidance being peppered with references to matters needing to be “material” to be relevant.
  • Minor driving offences: Thankfully the FCA has removed reference to repeated minor driving offences being an example of a lack of F&P. Those with 9 points will be breathing a sigh of relief…!
  • New FCA Handbook guidance on relevant conduct in someone’s personal and private life: The FCA has said that someone’s private conduct may be relevant if it demonstrates a willingness to disregard “legal or ethical obligations”, but that it shouldn’t be assumed that just because someone does something in their private life there is a material risk they will repeat it at work, and only “material” risks that someone’s conduct may amount to a breach of the regulatory requirements are relevant. A remote and speculative risk is not sufficient.
  • Monitoring behaviour: There’s new guidance stating that the FCA does not expect firms to investigate allegations relating to someone’s private life if (i) they are trivial and wouldn’t impact the individual’s F&P, (ii) even if true, the allegations wouldn’t show a material risk of the person breaching the standards of the regulatory system, or (iii) the allegation is implausible.
  • Social media: There’s an additional paragraph included at FIT 3.21G(4) outlining that if a person’s social media activity doesn’t indicate a material risk of them breaching relevant regulatory requirements then it’s unlikely to be relevant to their F&P.

We are already working with clients to update their SMCR and disciplinary materials and training ahead of 1 September 2026. If you would like to discuss how we can support you then please get in touch.

This document (and any information accessed through links in this document) is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of the contents of this document.

Related insights

This website uses cookies and other similar technologies to ensure you get the best experience on our website. Please review our cookie policy and our data protection privacy notice for more information on how the data that is collected is used.