An In-Depth Walkthrough of the FCA's Non-Financial Misconduct (NFM) Policy Statement and Consultation Paper (CP25/18)

The FCA's combined Policy Statement and Consultation Paper, CP25/18, is a pivotal document for the financial services industry. At over 80 pages, it is both dense and dual-purpose: it finalises unchangeable rules while simultaneously seeking fresh views on draft guidance. For busy compliance, risk, and HR professionals, digesting its content and understanding its practical implications is a significant undertaking.

This guide is designed to be your companion to the paper. We will walk you through the entire document, chapter-by-chapter, providing not only a summary of the contents but, more importantly, helping you prepare an analysis of what it means for your firm. Below, a high-level summary table gives you an immediate overview, followed by a deeper, section-by-section analysis to equip you for the practical implementation ahead.

If you would like a high-level overview of CP25/18 from the FCA,  check out our blog: FCA Finalises Non-Financial Misconduct Rules: What’s In, What’s Out, and What It Means.

Prefer to listen? Take this blog on the go with our AI-generated podcast by listening here.

Key Areas of the Document

Chapter-by-Chapter Summary

Foreword (page 4)

In the foreword, Sarah Pritchard, the FCA's Deputy Chief Executive, establishes the regulator's position that a firm's culture is intrinsically linked to its conduct. Key points include:

• Warning Signs: Non-financial misconduct, such as bullying and sexual harassment, is identified as a clear warning sign of a failing culture within a firm.

• Consequences of Inaction: The FCA states that failing to address these toxic behaviours can lead to the departure of skilled staff, prevent employees from speaking up, undermine performance, and ultimately enable financial misconduct.

• Regulatory Role: A key role for the regulator is to prevent "rolling bad apples" -individuals with a history of serious NFM moving between firms without their past misconduct being disclosed.

• Rule Alignment: The paper confirms a rule change to align the standards for NFM between banks and non-banks, addressing a current discrepancy. This is intended to give non-banks greater confidence in taking action against NFM.

• Call for Guidance: In response to feedback from a previous consultation (CP23/20), the FCA is now consulting on whether additional guidance would be helpful for firms.

Chapter 1: Summary - The Key Takeaways (pp 5‑9)

This chapter is arguably the most critical for firms, as it moves beyond discussion and sets out the final, unchangeable COCON rule that non-banks must prepare to implement.

• Core Policy Decision: The FCA is confirming final rules to extend existing non-financial misconduct (NFM) regulations from banks to cover non-banks. This is detailed in Chapter 2.

• New Consultation: The FCA is also consulting on whether additional Handbook guidance is needed to help firms apply the rules on NFM consistently. These proposals are in Chapter 3.

• Proposals Dropped: A significant development is the confirmation that the broader Diversity & Inclusion (D&I) proposals from the previous consultation (CP23/20) are not being taken forward. The paper also explicitly drops proposed changes to the Threshold Conditions (COND) and Senior Management Arrangements, Systems and Controls (SYSC) sourcebooks.

• Revised Cost-Benefit Analysis (CBA): The estimated cost to the industry has been dramatically reduced.

  • The original NFM package was estimated to cost £303m for implementation and £180m ongoing.

  • The final rule change is now estimated at just £25m for implementation and £15m ongoing.

  • If the new guidance is also adopted, the total cost would be £75m for implementation and £40m ongoing.

• Target Audience: The changes apply to all firms regulated under the Financial Services and Markets Act (FSMA) with a Part 4A permission, and their staff who are subject to the Code of Conduct (COCON).

• Regulatory Justification: The FCA links tackling NFM to all three of its operational objectives and its secondary objective of promoting UK growth and competitiveness. It believes healthy cultures deter wrongdoing, prevent consumer harm, attract talent, and foster innovation.

• Key Deadlines:

  • The new COCON rule will come into force on 1 September 2026.

  • The consultation on the new draft guidance closes on 10 September 2025.

Chapter 2: Policy Statement on COCON - The Final Rule Explained (pp 10‑16)

In this chapter, the FCA effectively passes the baton to the industry, launching a fresh consultation on detailed guidance and explicitly asking firms whether it is needed.

• The Specific Rule Change: The FCA is amending the scope of COCON for non-banking firms. Previously, COCON for non-banks was primarily linked to the firm's "SMCR financial activities". The new rule, COCON 1.1.7FR, widens this to make it clear that serious NFM - specifically bullying, harassment, and violence - against colleagues is a regulatory matter, aligning the rules for banks and non-banks.

• Rationale for Change: The primary driver is to create a consistent approach across all SM&CR firms and give non-banks greater confidence in taking decisive action when NFM occurs. The FCA notes there was strong support for making it clearer that serious NFM can be a breach of the conduct rules.

• Response to Industry Feedback: The FCA acknowledges receiving 37 substantive comments on its COCON proposals, with concerns centred on potential divergence from employment law, lack of clarity, and the risk of unfair outcomes. In direct response, the FCA has revised the wording of the final rule to align more closely with employment law, aiming to aid interpretation and reduce legal risk for firms.

• Clarifying the Scope of COCON:

  • Private Life: Conduct in an individual's private or personal life is entirely out of scope of the COCON rules. This is a statutory limitation under FSMA. However, such conduct can still be relevant to Fitness and Propriety (FIT) assessments.

  • Territorial Scope: There is no change to the existing rules on territorial scope.

  • Retrospectivity: The new rule is not retrospective and will only apply from its commencement date of 1 September 2026. Firms are not expected to conduct a retrospective analysis of past cases unless it becomes clear they misinterpreted the rules in force at the time.

• Process Flowcharts: The FCA has included two flowcharts to guide firms' decision-making.

  • Flowchart 1 provides a general framework for identifying any potential conduct rule breach and determining if it is reportable.

  • Flowchart 2 offers additional, specific factors for identifying whether work-related NFM falls within the scope of the new rule, COCON 1.1.7FR.

• Regulatory References: The FCA confirms it will not amend Question G on the regulatory reference template, which asks about any other information relevant to a FIT assessment. It deems this question fundamental to the purpose of a reference. The FCA reminds firms that extensive guidance on providing fair and accurate references already exists in SYSC 22.

Chapter 3: Consultation on New Guidance - Seeking Feedback (pp 17‑26)

This chapter outlines proposed new guidance for the COCON and FIT sourcebooks. The FCA is explicitly seeking views on whether this guidance is needed and on its revised wording.

• Purpose of the Guidance: If implemented, the guidance aims to make it easier for firms to interpret and apply the conduct rules and FIT requirements consistently, especially in complex cases.

• Proposed COCON Guidance: This draft guidance has been significantly revised based on feedback from CP23/20. It aims to:

  • Align with Employment Law: It introduces a new test for determining if conduct had a negative effect, considering both the subjective "perception of the subject" and an objective test of whether it was "reasonable for the conduct to have had that effect".

  • Clarify 'Serious' Misconduct: The FCA has removed the unhelpful list of examples of serious misconduct and instead provided more guidance on the factors to consider when determining seriousness.

  • Distinguish Rule 1 and Rule 2 Breaches: The revised guidance clarifies that a breach of Rule 1 (integrity) requires deliberate or reckless misconduct. In the absence of those factors, NFM is likely to be a breach of Rule 2 (due skill, care and diligence).

  • Provide More Examples: New material has been added with more examples and scenarios to illustrate the boundary between work and private life.

• Proposed FIT Guidance: This draft guidance clarifies how NFM is relevant to assessments of an individual's fitness and propriety. Key clarifications include:

  • NFM in Private Life: The guidance states clearly that firms are not expected to proactively monitor employees' private lives or social media. However, if information that could call fitness into question comes to the firm's attention, they should consider what reasonable steps can be taken to assess it, such as asking the individual for an explanation.

  • Reliance on Formal Findings: The guidance clarifies that when assessing wrongdoing in private life, a firm will normally rely on formal findings, such as criminal convictions or the findings of a court or regulator.

  • Replacing Subjective Language: Terms like 'disgraceful or morally reprehensible' have been replaced with more neutral language to help firms apply the standard consistently.

  • Social Media: The guidance notes that while a person can lawfully express controversial or offensive views on social media in their private life, such activity becomes relevant to their fitness if it indicates a real risk that they will breach regulatory standards (e.g., through threats of violence or clear involvement in crime).

Chapter 4: COST-BENEFIT Analysis (CBA) - The Financial Impact (pp 27‑34)

This chapter details the significant revision of the policy's cost to the industry.

• Reasons for Cost Reduction: The FCA outlines three primary reasons for the dramatic fall in cost estimates:

  • Improved Methodology: The firm population in scope has fallen from ~45,000 to 37,805, and the FCA has used a more granular, employee-based scaling methodology instead of a simple large/small firm split.

  • Changes in the External Environment: Legislative changes since 2022, such as the Worker Protection Act, mean firms may have already made investments in related areas.

  • Reduced Policy Scope: The decision to drop the proposals for COND and SYSC accounted for approximately half of the original total costs.

• Drivers for 75 % reduction vs 2023: Dropping COND/SYSC, refined firm‑size scaling, and investment already sunk since #MeToo.

• Benefits of the Rule and Guidance: The FCA expects the new rule to increase accountability, deter misconduct, and help counter 'rolling bad apples' by ensuring NFM breaches are included on references. The proposed guidance is expected to bring additional benefits by reducing uncertainty, supporting firms in complex cases, and lowering the risk of inconsistent outcomes for individuals. Most firms in the follow-up engagement exercise felt the higher cost of guidance would be outweighed by its benefits.

Chapter 5: Proposals Not Taken Forward - What's Been Dropped and Why (pp 35‑36)

In a move that will bring considerable relief to many firms, this chapter confirms that several of the more burdensome original proposals are not being taken forward, reflecting a more targeted final approach from the regulator.

• COND Proposals Dropped: The FCA is not proceeding with its proposal to extend the guidance on the Suitability Threshold Condition in COND to make it clearer that NFM is relevant to a firm's suitability to be authorised. This decision was made after considering feedback and the updated CBA.

• SYSC Proposals Dropped: The FCA is also not proceeding with the proposed updates to the guidance on regulatory references in SYSC.

• Reasoning: The FCA has concluded that the existing rules and guidance in SYSC 22 are sufficient. These existing rules already require firms to disclose conduct rule breaches for which disciplinary action was taken and any other information they reasonably believe to be relevant to a FIT assessment.

Annexes and Appendices

• Annex 1: Compatibility statement: Asserts that the proposals are compatible with the FCA's legal requirements under FSMA and the Equality Act 2010.

• Annex 2: List of non-confidential respondents to CP23/20: Lists the 257 organisations and individuals who responded to the previous consultation.

• Annex 3: Abbreviations used in this paper: Provides a glossary of abbreviations.

• Appendix 1: Made rules (legal instrument): This is the final legal text of the rule that will come into force on 1 September 2026.

• Appendix 2: Draft Handbook text: This contains the draft text for the proposed new guidance, which is the subject of the current consultation and may change.