H.1.4 – Non-Financial Misconduct | UKGI Compliance Manual

The rules and principles which apply

On 12 December 2025, the FCA published its final guidance on Non‑Financial Misconduct (NFM) in financial services in Policy Statement PS25/23 confirming that the scope of COCON will be expanded to more closely align the rules on Non-Financial Misconduct (NFM) between banks and non‑banks. This means incidents of ‘work‑related’ NFM in the general insurance sector will be within scope of COCON with effect from 1^st September 2026.

Serious misconduct such as bullying, harassment and violence is a matter of regulatory concern, and the FCA believe that the expansion of the conduct rules to incorporate NFM will help promote healthy and inclusive workplace cultures and deepen trust in financial services, in line with their current five-year strategy.

‘NFM’ refers to the types of serious misconduct described in the new rule at COCON 1.1.7FR and includes a wide range of behaviour, essentially any misconduct not of a clearly financial nature. Broadly behaviour relating to bullying, harassment and violence which is ‘work related’ is regarded to be in scope of NFM. The rule clarifies that the context of serious NFM is:

“Behaviour that has the purpose or effect of violating colleagues’ dignity or which creates an intimidating, hostile, degrading, humiliating or offensive environment for, or is violent to colleagues.”

The effect of the new rule does not create a separate new conduct rule under COCON 2 for individuals or senior managers but does expand what can constitute a breach of the existing conduct rules to incorporate instances of NFM. For example, NFM may result in a breach of Individual Conduct Rule 1: You must act with integrity or Individual Conduct Rule 2: You must act with due skill, care, and diligence.

It can also result in a breach of the Senior Manager Conduct Rules, particularly if a Senior Management Function (SMF) fails to have appropriate safeguards in place to protect employees and deal with potential NFM that may occur (including notifying the regulator of such breaches).

How this may affect firms

The group of individuals in relation to whom serious misconduct can give rise to a breach of COCON is broad, it covers all of a SMCR firm’s employees and includes members of a firms group, service providers, contractors, and consultants. It does not however include ancillary roles such as receptionists; cleaners etc. as defined in COCON 1.1.2.

NFM is only in scope of the COCON rules if it is ‘work related,’ however NFM in an individual’s personal or private life may also be relevant to the fitness and propriety of senior individuals covered by the FIT rules (see Section A.6.3).

For clarity if a firm carries on business which includes both regulated and non-regulated activities, the scope of the NFM conduct rule will only apply to those activities which are SMCR financial activities. This is most likely to apply within a secondary intermediary where financial services are not the main business activity.

NFM is likely to be a COCON breach for any conduct rules staff member if:

the staff member was present on the firm’s premises,
the conduct occurred when the staff member was working on the firm’s business,
the conduct involved a client, a professional acquaintance, another member of the firm’s staff or someone the staff member had dealt with on behalf of their firm,
the conduct was committed using work equipment or by involving the firm’s staff,
the conduct arose in a business context, including an official or an informal event organised or supported by the firm or in which the firm participates, whether it is held at the firm’s premises or at another location,
the conduct occurred at an event that is not organised by the firm but which the firm requires the individual to attend, such as a training course, the position of the conduct rules staff member as a conduct rules staff member of the firm helped them to carry out the conduct,
The staff members position at the firm helped them to carry out the conduct; or
the purpose (misguided or not) of the conduct was to benefit the firm.

COCON 1.3.7 (effective 1/09/2026) provides examples of where conduct is likely to be in or out of scope and firms may wish to consider documenting decisions of whether or not to classify NFM as a COCON breach by reference to these factors.

Social Media

Misconduct relating to material published on a personal social media account (including sending it on a personal messaging app) may fall into the scope of COCON, however this is an example of how it is not possible to give a definitive answer to a scenario based on a single element. Factors to take into account are:

whether the material is directed at a fellow member of the workforce (if it is, that points towards the conduct being within scope),
whether there is another connection between the individual publishing the material and the subject of the misconduct that is not based on their work with their firm (if there is such a connection, that may point away from the application of COCON),
whether it is part of a course of conduct that includes other incidents that are more closely connected with an individual’s work at the firm,
whether the content of the social media posts is related to work at the firm; or
whether the individual has published the post using a work-issued device.

The fact that a post is uploaded during working hours or while on the firm’s premises is not a strong factor pointing towards the application of COCON, however, if the conduct takes place over the firm’s systems (for instance through the firm’s e-mail system) it is likely to be within the scope of COCON.

Examples could include threats of violence, or clear involvement in criminal activities, or conduct that shows a material risk that they will carry out bullying or harassment at work, this means that firms are not required to investigate allegations about private life social media activity that are trivial, implausible, non‑material, irrelevant to fitness or where the conduct is unlikely to be repeated at work in a way that would breach regulatory standards.

How NFM may apply to the individual conduct rules

Individual Conduct Rule 1 – Integrity

In order for the NFM to breach Individual Conduct Rule 1 the misconduct must involve a lack of integrity which involves an element of intention, recklessness or ‘turning a blind eye’, for example subjecting a fellow member of the workforce to significant detriment for complying with another of the conduct rules or for using the firm’s whistleblowing procedures.

Misconduct in relation to a fellow member of the workforce falls outside the scope of Individual conduct rule 1 if the conduct rules staff member thought that:

there was an appropriate reason for the conduct; and
the conduct and its intended effect were proportionate to the intended aim of the conduct; or
did not intend to have an effect on the subject of the misconduct of the kind described in COCON 1.1.7FR(4), did not know that they were doing so and was not reckless about the effect of their conduct.

However firms should take care to ensure that there is a genuine and reasonable justification for any decision made in this regard as unreasonable belief that conduct is justified may itself show a lack of integrity, for example, the fact that the individual carrying out the conduct in question believes that sexual harassment is not blameworthy is not a reason for Individual Conduct Rule 1 not to apply.

Individual Conduct Rule 2 -Due, skill, care, and diligence

Conduct excluded from rule 1 may instead fall under rule 2 if it involves a lack of due skill, care and diligence. A conduct rules staff member will not breach the rule if a reasonable person with the skills that the staff member carrying out the conduct has and ought to have:

would have thought that the conduct would not have the effects described in COCON 1.1.7FR(4) on the subject of the conduct; or
would have thought that the conduct was justified.

While this defence could plausibly apply on more than one occasion, firms should bear in mind that repeated instances of the same misconduct could make it less likely that the conduct rules staff member did not know that it would have the effects described in COCON 1.1.7FR(4) and If they have been warned about the behaviour or someone has complained to them about it, it is less likely that they could reasonably think that it is justified.

The FCA have included a number of flowcharts within the updated guidance in COCON to assist firms with applying COCON.

Senior Management Accountability

The scope of COCON is not limited to conduct that is authorised by the firm or carried out with a view (misguided or not) that it is for the firm’s benefit. Conduct is not excluded from the scope of COCON just because the firm forbids it (for instance, in a staff handbook) or because it is calculated to harm the firm.

Therefore, senior managers have a responsibility to try to prevent harassment and other kinds of misconduct that breaches COCON. What a senior manager should do in a particular situation will depend on the exact facts and a senior managers’ accountability is relative to their knowledge and authority. Therefore an SMF will not be in breach of Senior Management Conduct Rule SC2 for example, if they have acted reasonably and there will often be a number of different reasonable courses of action that can be taken in a particular case.

The following is a non-exhaustive list of examples of conduct by a manager that would breach Senior Management Conduct Rule SC2:

failing to take reasonable steps to protect staff against misconduct of that kind, including failing to:
- intervene to stop such behaviour where appropriate if the manager knows or should reasonably have known of it,
- appropriately operate the firm’s policies, systems, and controls to detect and prevent such behaviour; and
- (if the manager has sufficient authority to do this) set up and maintain such policies, systems, and controls.
failing to take seriously or to deal appropriately with complaints of misconduct of the type referred to in COCON 4.1.8-AG; and
failing to take reasonable steps to provide a safe environment for people to raise concerns about such treatment.

In considering whether a manager has breached SC2, the FCA will take into account whether it was reasonable for the manager to take action in the circumstances and whether there were any limits or constraints on the manager’s ability to act. For example:

the relevant policies and processes may be set elsewhere in the firm or its group,
whether or not the manager has the authority to take action in the particular case may be relevant; and
it may be the firm’s policy that the firm’s human resource’s function deals with allegations of misconduct.

A firm may allocate responsibility for fair treatment of its staff to a particular senior manager, however if it does so, this does not absolve other managers of their regulatory responsibilities.

Senior Managers must also be aware that while the conduct rules are concerned only with matters of conduct which are work related , the requirements of FIT are not limited in this way, therefore NFM in a senior managers private or personal life can be relevant to and taken into account by firms which assessing fitness and propriety. This topic is covered in further detail in Section A.6.3.

Investigation and reporting of NFM related conduct rule breaches

In determining whether any NFM constitutes a conduct rule breach firms must make an assessment which takes into account all the circumstances of the case including the seriousness, effect, and purpose of the misconduct. Factors which may indicate whether the misconduct is serious may for example include:

whether the conduct is repeated or part of a pattern,
the duration of the conduct,
the size of the impact on the subject of the conduct (the rule applies to effects which are serious and marked, and not to those which are, though real, of lesser consequence),
the seniority of the person whose conduct is in question,
the difference in seniority between the person whose conduct is in question and the subject of the conduct and whether the person whose conduct is in question has control or influence over the other’s career,
mitigating and aggravating factors even if they take place subsequently,
whether the person whose conduct is in question has been warned or disciplined for similar conduct by the firm, a previous employer, the police, or a regulator,
whether the person whose conduct is in question has previously undertaken not to do the act or engage in the behaviour in question; and
whether the conduct is criminal (particularly if it is of the kind described in new guidance (effective 1/09/2026) under FIT 1.3.22G (Offences)) or would justify dismissal.

Whether or not misconduct has been the subject of a formal complaint is not generally relevant to the seriousness of that conduct. The fact that it has been the subject of such a complaint may be relevant evidence, for instance in helping to show what the effect of the conduct was.

If the effect of the misconduct is that the subject does not perceive their dignity to have been violated, or any of the other things referred to in COCON 1.1.7FR(4)(a) to have occurred, or if it was not reasonable for the conduct to be regarded as doing so, then this is unlikely to be a breach.

However firms should also note that a conduct rule breach whose purpose is to violate dignity or to cause any of the other effects referred to in COCON 1.1.7FR but that does not actually have that effect can still be a breach, for example, a person may breach COCON if they send a hostile and intimidatory communication that is intercepted by the employing firm before it is received by the person to whom it is sent. NFM can also still be a breach of COCON if it is targeted at someone else or it is not targeted at anyone, this means for example that, a person’s conduct can breach COCON by reason of its effect on a witness to that conduct.

Whether it consists of a single incident, several incidents or a course of conduct, physical acts cover a wide range of behaviour, it is not limited to words, communications, and gestures, for example, it can also cover physical violence.

Failure to properly investigate and report conduct rule breaches, including instances of NFM is likely to constitute a breach of Senior Manager Conduct Rule SC4 which requires SMF’s to disclose appropriately any information to the FCA of which they would reasonably expect notice.

Further information on reporting breaches of the conduct rules can be found in Section A.6.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.