Non-bank firms, their directors and insurers: mind the (non-financial misconduct) gap!

Earlier this month the FCA published its final policy statement and consultation paper CP25/18 introducing a new rule, COCON 1.1.7R, extending existing rules on non-financial misconduct (NFM) from banks (only) to non-banking firms. The FCA has also made clear that firms will be required to report serious substantiated NFM to the FCA and include the same in regulatory references to prevent "rolling bad apples" within the industry.

These changes reflect the priority and focus of the FCA on clamping down on behaviours such as bullying and harassment (which qualify as NFM), which is a trend we have identified previously (Directors beware: Key legal shifts in 2024 and what’s ahead for 2025).

The changes will be in force from 1 September 2026 and will not apply retrospectively.  The FCA has chosen this date as it lines up with the conduct rule breach reporting period for most firms.

What this means, in practical terms, is the NFM rules which previously only applied to banks will now extend to another 37,000 Senior Managers & Certification Regime firms with Part 4A permission.  Those will include investment firms, insurers and insurance brokers, wealth managers and IFA's and consumer credit firms.

Whilst there has been comment from some quarters on the FCA overstepping its remit, CP25/18 makes it clear that the FCA's regulatory framework complements rather than replaces the applicable criminal and employment law protections in this area.

Indeed, the FCA has explained that its focus on NFM is not a moral crusade but a practical and necessary one in order to support its statutory objectives; protecting consumers, the integrity of the UK financial system and promoting effective competition.  The FCA's COO, Emily Sheppard, emphasised in speech earlier this year that culture drives conduct, and the FCA is a conduct regulator.

In addition to the rule changes, the FCA is seeking views on additional Handbook guidance to assist firms in meeting their obligations under the rules.  The consultation is open until 10 September 2025.  The guidance includes when serious NFM is in scope, practical examples, and addressing the boundary between work and private life.  It also sets out what are reasonable steps for managers to take in order to prevent or address NFM.  The guidance has been drafted to align more closely with employment law and the FCA has tried to reduce the subjective nature of existing guidance.

From a risk/exposure perspective, the implementation of the rule changes is clear: regulatory focus on NFM will extend to far more firms than previously.  That means more scrutiny on more businesses and the directors and officers who lead them.  We can foresee an increase in the volume of regulatory investigations into firms' and individuals' compliance with the rules/their implementation, as a well as increased internal and regulatory investigations into individuals accused of NFM behaviour.  Those investigations may be career-impacting (or potentially career-ending) with legal representation costs reflecting the same.  There may also be a "knock-on" effect to increased volumes of employment claims targeting individuals and/or their firms.

Directors and firms falling within scope from 1 September 2026 will need to be mindful of these (increased) potential exposures and ensure with their brokers that any insurance in place – including D&O and EPL – adequately caters for the same.  Similarly, insurers will want to explore and be comfortable with the completeness and adequacy of the processes and range of "culture controls" in place at insurers, including systems, training and reporting structures.  Those will not simply be "nice to haves"; they will be essential.