Governance Starts With Behaviour
By 2026, UK financial firms must prove workplace conduct is governed as rigorously as financial risks.
The Financial Conduct Authority (FCA) is raising the bar on workplace behaviour, making it clear that misconduct, whether financial or not, now cuts to the heart of regulatory risk. This transformation hits capital markets and treasury firms with new responsibilities, requiring them to overhaul their approaches to governance, training and disciplinary action. By September 2026, companies will need not just words but hard evidence that non-financial misconduct is being managed with the same diligence as fraud or market abuse.
Culture And Conduct Now Sit At The Centre Of Regulation
For years, regulatory focus revolved around financial wrongdoing: insider trading, market manipulation or careless risk management. Yet, painful lessons from harassment, bullying and discrimination scandals have exposed just how damaging bad culture can be, not only to employees, but also to a firms’ reputation and the integrity of markets at large. The FCA’s mantra, non-financial misconduct is misconduct, is a direct response to these realities. It underlines that culture and behaviour aren’t separate from financial soundness but foundational to it.
As the regulator watched financial firms struggle with repeated scandals, it became clear that ignoring workplace behaviour invites bigger risks — from regulatory investigations to public backlash. Bad conduct spreads when senior leaders tolerate bullying, discrimination or intimidation, trust erodes and business risks multiply. This is why, going forward, the FCA expects firms to treat HR failures as compliance failures and to make governance, transparency and accountability central to their risk strategies.
SMCR: The Regime That Redefined Individual Accountability
The Senior Managers & Certification Regime (SMCR) was designed to end the era when responsibility could be pushed around and bad actors could hide behind anonymous teams. Its three main pillars - Senior Managers Regime, Certification Regime and Conduct Rules — cover all employees in regulated firms - from boardroom to branch.
- Senior Managers Regime: Demands explicit responsibility mapping, requiring key management roles to have regulatory pre-approval and crystal-clear job descriptions
- Certification Regime: Firms must annually assess whether staff in significant roles are fit, i.e., competent, honest and reliable, before allowing them to continue in their positions
- Conduct Rules: Set out baseline standards, such as honesty, integrity, due skill, care and diligence, apply to nearly everyone
This regime ensures accountability is no longer collective or diffuse. If failure occurs, the regulator can trace it to individuals, sanction poor performance and demand change.
Why Non-Financial Misconduct Is Now a Regulatory Risk
Historically, breaches of SMCR centered on financial matters. But, serious incidents of harassment, discrimination and bullying have shown that the damage these behaviours cause is real and sometimes, greater than financial missteps. Court cases like the Frensham judgment clarified that conduct in private life isn’t regulated automatically: the FCA only steps in if there’s a strong link to an individual’s role or financial sector reputation.
The Frensham judgment is a UK tribunal case from 2021 involving a financial adviser whose criminal offense outside of work led the FCA to seek a ban. The ruling clarified that for regulatory action to be taken on private misconduct, there must be a direct, evidence-based connection between the behaviour and the person’s fitness for their regulated role. The judgment set the principle that not all private wrongdoing automatically justifies enforcement; relevance to professional integrity and openness with the regulator are key.
However, the FCA wants that line to be clearer. Its new approach ensures that workplace misconduct — actions that undermine the culture and integrity of a firm — are directly in scope for regulatory discipline.
FCA’s New Conduct Rule
From 1 September 2026, the new Conduct Rule (from policy statement CP25/18) rolls out to non-banks, so all regulated firms, including investment houses, brokers and treasury teams, face explicit obligations. Bullying, harassment, violence or similar behaviour linked to work contexts will be treated as conduct rule breaches under COCON, expanding rules that banks have faced for years. The FCA’s accompanying guidance (consultation open until September 2025) will help firms draw boundaries and manage grey areas, giving them time to adjust policies and procedures.
The COCON rule or Code of Conduct, sets out standards of behavior for staff in UK financial services firms regulated by the Senior Managers and Certification Regime. It requires all relevant employees, including managers, certified staff and many non-regulated roles, to act with honesty, integrity, due skill, care and diligence in their professional activities. From September 2026, serious workplace misconduct, such as bullying, harassment or violence, will explicitly be considered a breach of the COCON rule, reinforcing the responsibility of firms and their staff to maintain a trustworthy and ethical environment.
This means HR teams must flag workplace incidents as regulatory events, compliance officers need to track cases against conduct rules and management information must flow seamlessly to the board for oversight.
Assessing Fitness and Propriety
The new COCON rule tightly targets job-related behaviour. Yet, fitness and propriety (“FIT”) assessments used in staff certification remain much broader. Regulators expect firms to ask:
is this person of honest character, integrity and good reputation—both at work and, in serious cases, in private life?
Convictions, egregious online behaviour or efforts to conceal past misconduct can all affect a FIT assessment.
Documentation is essential. Firms must now show how an individual’s behaviour is relevant to regulatory fitness. Every certification decision, every regulatory reference and every approval for a senior manager must be backed with reasoned evidence.
Spotting The Compliance Gap
Recent FCA surveys of wholesale markets highlight troubling gaps. Most companies still depend on whistleblowing and grievance channels to surface misconduct. Few use proactive surveillance or monitoring and disciplinary action is patchy; less than half of investigated cases result in severe sanctions and it’s rare for pay to be clawed back from misbehaving staff. Where penalties exist, they usually affect bonuses not yet paid, rather than reclaiming awards already delivered.
Governance is inconsistent too. Over a third of firms report that boards don’t receive clear management info about misconduct, while some have no whistleblowing policies at all. This fragmented approach leaves firms vulnerable, both to further incidents and to regulatory scrutiny.
Regulators Want Evidence And Oversight
The FCA is explicit about its expectations. Supervisors don’t want rhetoric or box-ticking; they want proof, systems and documentation. Here’s what compliance should look like by 2026:
- Up-to-date whistleblowing and disciplinary policies, regularly reviewed and demonstrably implemented
- A well-defined investigations playbook or manual showing how allegations are assessed, evidence is gathered and outcomes decided
- Robust management information delivered to boards, showing misconduct volumes, types, timelines and emerging themes
- Complete certification records showing how non-financial behaviour factored into employment decisions
- Regulatory references for staff moves or promotions, including substantiated misconduct even if non-financial
- Transparent reporting: REP008 returns for conduct rule breaches, plus Form C or D notices for changes involving senior managers
- Supervisory reviews will expect to see each step documented and justified, with clear oversight from senior leadership
Preparing for Change
The next year is a transition period. Training needs to reach all staff subject to Conduct Rules, making their new obligations explicit. HR and compliance teams need updated checklists, ensuring that workplace misconduct is assessed for COCON relevance after September 2026. Boards must receive improved information for oversight—tracking behaviour trends, disciplinary themes and case outcomes.
Pay and reward policies should be revisited, too. Firms must link variable compensation to conduct, allowing for malus (reduction before payout) and clawback (reclaiming after payout) when serious non-financial misconduct is found.
Most importantly, companies should embed non-financial misconduct as a formal regulatory risk—giving it the same governance, documentation and strategic attention as financial or market risks. This may require new roles, such as Conduct Risk Officers or dedicated misconduct committees.
Implications For Capital Markets And Treasury Firms
These reforms mark a decisive shift from regulatory principle to prescription. Industry can’t rely on broad intentions or informal efforts. Every aspect, such as detection, investigation and reporting of workplace behaviour, must be managed as rigorously as a trading error or compliance failure.
Fitness and propriety checks must lean on documented evidence, not gut feeling or disconnected assessments. Oversight by boards must be active and informed, with management information serving as a real tool for monitoring and improvement.
By September 2026, every regulated firm needs defensible systems, comprehensive training and auditable records demonstrating that their approach to non-financial misconduct is consistent, compliant and part of their culture. Those that move early stand to benefit, not only by reducing regulatory risks, but by building workplaces defined by integrity, trust and strong leadership.
Strategies to Ensure Readiness
For firms aiming to be ahead of the curve, some practical steps include:
- Carrying out thorough gap analyses, benchmarking current practice against FCA expectations
- Auditing whistleblowing and investigation processes, closing any loopholes
- Training managers and staff, not just on the rules, but on the culture the FCA wants to see
- Using data analytics to identify patterns of behaviour and emerging risks early
- Tightening governance so that case information is available at board level for oversight and challenge
- Documenting every significant conduct decision, especially where employees are promoted, sanctioned or referenced for new roles
Through these measures, firms can ensure that their culture is a strength, not a vulnerability, and that they can demonstrate this if ever challenged by regulators or courts.
From Compliance Burden To Competitive Strength
The FCA’s reforms reflect a growing recognition that integrity and professionalism are inseparable from commercial performance. Firms that take non-financial misconduct seriously are likely to be safer, more trusted and more successful, guarding staff morale and employer reputation along the way. While meeting new rules may feel burdensome at first, the right systems and culture can help firms thrive, not just survive, in a higher-stakes regulatory era.
By September 2026, capital markets and treasury firms will need to provide real evidence, not just promises, that workplace behaviour is governed, tracked and managed in line with FCA expectations. Early action is the best way to avoid trouble, build trust and protect both people and performance in the years to come.
The FCA’s tightening of non-financial misconduct rules signals a global shift in expectations for bank culture and accountability.
For banks in the USA, these changes, while specific to UK regulation, underscore the rising importance of workplace behaviour and will likely influence US regulators and multinational banks with UK operations to adopt similar standards, especially as the FCA establishes a presence to foster regulatory cooperation.
In the DACH region, banks operating in London or serving UK markets will need to meet FCA requirements, aligning their conduct oversight with UK norms and possibly setting trends for local regulators in Germany, Austria and Switzerland to address non-financial risks with greater rigor.
Asian banks with UK ties or those expanding into global capital markets, will be directly affected by the FCA’s rules, meaning non-financial misconduct must be managed proactively wherever operations touch the UK and the regulator’s new APAC presence may prompt local authorities to raise their own standards around culture, conduct and governance.
Written by
Mithun Sridharan
Founder, LinkPress™
Mithun is a strategist, advisor, educator, and speaker focused on helping leaders make better decisions in environments shaped by change, complexity, and emerging technology. His work brings together leadership, management consulting, digital transformation, and artificial intelligence in a way that is practical, grounded, and commercially relevant.
Related Posts
How To Promote AI Literacy?
AI literacy empowers all employees to use, question, and responsibly govern AI systems.
Mithun Sridharan Principles-based AI Governance
Principles-based AI governance ensures responsible, ethical, and adaptive oversight of advanced technologies.
Mithun Sridharan POSEC Model
Aligning corporate capabilities with executive priority
Mithun Sridharan