The FCA's final guidance on non financial misconduct is more than a clarification exercise. By formally linking workplace behaviour and certain off duty conduct to regulatory standards, the regulator has tightened the supervisory net around culture, personal conduct and managerial responsibility.
From September 2026, firms will be expected to treat issues such as bullying, harassment and discriminatory behaviour as potential regulatory concerns rather than purely internal HR matters. Although the FCA has softened aspects of its original consultation, the guidance still represents a meaningful expansion of regulatory reach – and one that requires firms to exercise difficult judgment calls in sensitive areas. Understanding why the FCA has moved in this direction, and how firms can respond defensibly, will be critical in the months ahead.
The regulatory logic behind the FCA’s approach
The FCA’s starting point is that culture is a conduct risk. In its view, environments that tolerate bullying, harassment or discriminatory behaviour undermine effective challenge, silence whistleblowers and increase the likelihood of poor decision making. These cultural failures, the FCA argues, can ultimately translate into consumer harm or market integrity issues.
Embedding NFM into the Conduct Rules (COCON) and Fit and Proper (FIT) assessments allows the regulator to intervene earlier, before issues crystallise into financial or prudential failings. It also aligns with the FCA’s post SMCR focus on individual accountability and behavioural risk, giving supervisors and enforcement teams greater latitude to engage where behaviour raises wider regulatory concerns.
How the final guidance reshapes expectations
Following significant pushback during consultation, the FCA has refined its position. The final guidance narrows scope in several important respects.
First, it introduces a seriousness threshold. Only conduct that seriously violates an individual’s dignity or creates an intimidating, hostile, degrading or offensive environment is intended to engage regulatory standards. Ordinary workplace disagreements and minor incidents should remain outside scope.
Second, the FCA has softened its stance on managerial accountability. Managers are only expected to act where they reasonably should have known about misconduct and had the authority and opportunity to intervene. This is intended to avoid unfair hindsight based assessments.
Third, the FCA has placed guardrails around private life conduct. Behaviour outside work is relevant only where it poses a realistic and material risk to workplace standards or undermines integrity. There is no presumption that personal conduct will automatically translate into regulatory unfitness.
These refinements improve proportionality, but they do not eliminate complexity. Firms are still required to make difficult judgment calls, often in highly sensitive circumstances.
Where the guidance creates practical tension
Regulatory judgement without bright lines
The guidance relies heavily on the concept of “reasonable judgment”. Firms must decide when behaviour crosses the seriousness threshold, whether it engages regulatory standards, and how far to investigate allegations.
This flexibility allows context to be considered, but it also creates uncertainty. Without clear bright line tests, firms face the risk of inconsistent decision making and potential second guessing by the FCA. For many compliance teams, this is uncomfortable territory.
Blurring the boundary between professional and personal conduct
The extension of FIT assessments into aspects of private life is one of the most contentious elements of the guidance. In particular, social media activity is expressly referenced where it creates a material risk of workplace misconduct or undermines integrity. Whilst the FCA has stated that it does not expect firms to proactively monitor employees’ personal lives, it does expect reasonable investigation where concerns are raised. This places firms in a difficult position, balancing regulatory expectations against privacy, data protection and employment law considerations.
Managing accountability in the absence of clear tests
Although the FCA has narrowed managerial responsibility, the obligation to take “reasonable steps” remains undefined. In practice, this may encourage over escalation and defensive documentation, particularly among senior managers operating in a high scrutiny environment.
There is a real risk that fear of regulatory criticism drives process heavy responses, rather than thoughtful, proportionate intervention.
Practical steps to reduce regulatory exposure
With the implementation date approaching, firms should focus on defensible preparation rather than abstract debate.
• Policies should clearly articulate what types of behaviour are likely to engage COCON or FIT considerations, aligned to the FCA’s seriousness threshold.
• Training should focus on recognising genuinely regulatory relevant misconduct, understanding limits of accountability, and avoiding unnecessary escalation.
• Care is needed when assessing personal conduct, including social media activity, to ensure relevance, materiality and consistency.
• Given the subjective nature of many decisions, firms should record why conduct was or was not treated as regulatory in nature. Clear reasoning will be critical if decisions are later challenged.
Evolution in conduct regulation
The FCA’s NFM guidance reflects a broader evolution in conduct regulation. Behaviour, culture and integrity are no longer viewed as peripheral influences but as matters capable of engaging regulatory standards in their own right.
Whether this approach delivers safer markets or simply greater uncertainty will depend on how proportionately it is applied and how thoughtfully firms respond. What is clear is that treating the guidance as a minor technical update would be a mistake. The regulatory perimeter has shifted, and firms will need to adapt their governance, training and judgment accordingly.
