The FCA's final NFM guidance in PS25/23 introduces mandatory conduct rules covering bullying, harassment, and violence. SMCR firms have until September 2026 to comply.
On 12 December 2025, the Financial Conduct Authority published Policy Statement PS25/23, setting out final guidance on Non-Financial Misconduct (NFM) that will fundamentally reshape how UK financial services firms address workplace behaviour. With rules coming into force on 1 September 2026, SMCR firms now have a nine-month window to update their governance frameworks, HR policies, and conduct training programmes.
For compliance professionals, the message is clear: non-financial misconduct—including bullying, harassment, and violence—will be explicitly covered under the Senior Managers and Certification Regime's conduct rules. This marks a significant regulatory evolution, bringing workplace culture concerns firmly within the FCA's supervisory remit.
What Is Non-Financial Misconduct?
Non-Financial Misconduct refers to behaviours that breach professional standards but are not directly related to financial crime or market conduct. The FCA's guidance specifically addresses three core areas:
- Bullying: Repeated, unreasonable behaviour directed towards employees or groups that creates risk to health and safety or undermines professional dignity
- Harassment: Unwanted conduct related to protected characteristics (such as sex, race, disability, or age) that violates dignity or creates intimidating, hostile, degrading, humiliating, or offensive environments
- Violence: Physical assault or threats of violence in the workplace
Whilst these issues have long been covered by employment law and HR policies, the FCA's intervention signals that such conduct now carries regulatory consequences under the Senior Managers and Certification Regime.
The FCA's Regulatory Approach: PS25/23 Key Provisions
The final guidance, published in PS25/23, amends both the FCA's Conduct Rules (COCON) and the Fit and Proper test for Approved Persons (FIT). The consultation process revealed overwhelming industry support, with 95% of respondents agreeing with the FCA's proposed approach.
Scope and Application
From 1 September 2026, the rules will apply to all firms authorised under the Financial Services and Markets Act 2000 (FSMA) with Part 4A permission. This captures:
- Solo-regulated firms under the full SMCR
- Dual-regulated firms (those also regulated by the Prudential Regulation Authority)
- Core SMCR firms
- Enhanced SMCR firms
Notably, the guidance does not create new standalone rules but rather clarifies how existing Individual Conduct Rules apply to NFM scenarios. The FCA has made explicit that conduct such as bullying, harassment, and violence falls squarely within the scope of rules requiring individuals to act with integrity, due care, skill and diligence, and with proper regard for the interests of customers and market integrity.
Amendments to COCON and FIT
The FCA's amendments strengthen two key areas:
COCON (Conduct Rules): The guidance clarifies that Individual Conduct Rules 1-5 encompass NFM behaviours. This means that senior managers, certified persons, and conduct rules staff who engage in bullying, harassment, or violence may breach their regulatory obligations, potentially triggering enforcement action.
FIT (Fit and Proper Test): The FIT guidance now explicitly references NFM when assessing whether individuals are fit and proper to perform controlled functions. Firms must consider an individual's history of NFM when making appointments or conducting periodic assessments.
What This Means for Your Firm
The practical implications of PS25/23 extend across governance, human resources, training, and regulatory reporting functions. Firms that treat this as merely an HR matter risk missing critical compliance obligations.
Governance and Accountability
Under the SMCR, specific senior managers hold prescribed responsibilities. With NFM now explicitly within the conduct rules framework, the allocation of responsibility for workplace culture and conduct becomes a regulatory question, not just a management preference.
Senior Manager Functions (SMFs) may need updated Statements of Responsibilities to reflect accountability for:
- Oversight of NFM policies and procedures
- Escalation and investigation protocols for NFM allegations
- Training and awareness programmes
- Regulatory reporting of serious NFM incidents
The firm's Conduct Rules training must be expanded to cover NFM scenarios, ensuring all staff understand that regulatory obligations now extend to workplace behaviour.
HR Policy Integration
Many firms maintain robust HR policies addressing bullying and harassment. However, these policies must now align with regulatory requirements, creating a compliance overlay on traditional employment matters.
Key considerations include:
- Investigation Standards: NFM investigations may require higher evidentiary standards and documentation practices given potential regulatory implications
- Confidential Reporting Channels: Whistleblowing frameworks should explicitly cover NFM alongside financial misconduct
- Consistency with Conduct Rules: HR policies must reference the Individual Conduct Rules and explain how NFM breaches those standards
- Record-Keeping: Documentation of NFM incidents, investigations, and outcomes must meet regulatory retention requirements
Firms should conduct a gap analysis between existing HR policies and the FCA's NFM guidance, addressing any divergences before September 2026.
Training and Cultural Change
The FCA has consistently emphasised that regulatory rules alone cannot drive cultural transformation. Effective NFM compliance requires embedding behavioural expectations throughout the organisation.
Regulatory training programmes must evolve to include:
- NFM scenario-based learning for all conduct rules staff
- Enhanced training for senior managers on their accountability for workplace culture
- Specific modules for HR and compliance teams on investigating and reporting NFM
- Regular refresher training to reinforce behavioural standards
Training content should move beyond policy recitation to explore real-world scenarios, decision-making frameworks, and the intersection between employment law and regulatory obligations.
Regulatory Reporting Considerations
Whilst the FCA has not introduced specific NFM reporting obligations, existing SMCR reporting requirements may capture serious NFM incidents. Firms must consider whether NFM allegations or findings trigger:
- Regulatory References: When providing employment references for certified individuals, firms must disclose conduct rule breaches, which may now include NFM
- Breach Reporting: Material breaches of conduct rules must be reported to the FCA; serious NFM incidents may cross this threshold
- Notifications: Changes to an approved person's fitness and propriety due to NFM must be notified within required timeframes
The interplay between internal disciplinary processes, employment law obligations, and regulatory reporting requires careful coordination between HR, legal, and compliance functions.
Preparing for September 2026: A Nine-Month Action Plan
With the implementation deadline nine months away, firms should adopt a structured approach to achieving compliance. The following action plan provides a roadmap for SMCR firms:
Months 1-3: Assessment and Planning (January - March 2026)
- Conduct Gap Analysis: Review existing HR policies, conduct rules frameworks, and training materials against PS25/23 requirements
- Assess Governance Structure: Determine which SMF holds responsibility for NFM oversight and whether Statements of Responsibilities require updating
- Review Historical Incidents: Analyse past NFM cases to identify patterns, policy gaps, and training needs
- Establish Project Governance: Create a cross-functional working group including compliance, HR, legal, and senior management
Months 4-6: Policy Development and Training Design (April - June 2026)
- Update Policies: Revise HR policies, conduct rules frameworks, and whistleblowing procedures to incorporate NFM guidance
- Develop Training Materials: Create NFM training modules for different audiences (senior managers, certified persons, conduct rules staff, HR teams)
- Enhance Investigation Protocols: Establish procedures for NFM investigations that satisfy both employment law and regulatory requirements
- Review Regulatory References Process: Update reference templates and processes to capture NFM-related conduct breaches
Months 7-9: Implementation and Testing (July - September 2026)
- Deliver Training: Roll out NFM training across all relevant populations before the September deadline
- Update Systems: Ensure HR systems, compliance monitoring tools, and training records can capture and track NFM-related data
- Communicate Changes: Brief all staff on updated policies, reporting channels, and behavioural expectations
- Test Readiness: Conduct table-top exercises simulating NFM scenarios to test investigation, escalation, and reporting processes
Looking Ahead: NFM as a Supervisory Priority
The FCA's publication of PS25/23 reflects a broader regulatory trend towards holding financial services firms accountable for workplace culture. The regulator has signalled that NFM will feature in supervisory activities, with potential enforcement action for serious breaches or systemic failings.
Firms should view NFM compliance not as a tick-box exercise but as an opportunity to strengthen organisational culture, reduce legal and reputational risks, and enhance employee wellbeing. The organisations that embed NFM considerations into governance, risk management, and training frameworks will be best positioned for the evolving regulatory landscape.
The nine-month implementation window provides sufficient time for thoughtful preparation, but firms that delay action risk last-minute compliance gaps. Starting now allows for proper consultation, testing, and refinement of new policies and procedures.
How MEMA Consultants Can Help
MEMA Consultants specialises in FCA compliance advisory services, with particular expertise in the Senior Managers and Certification Regime. Our team can support your NFM implementation through:
- Gap analysis against PS25/23 requirements
- Policy development for NFM frameworks aligned with SMCR obligations
- Training delivery through our regulatory training services, including bespoke NFM modules
- Governance review of SMF responsibilities and Statements of Responsibilities
- Implementation project management to ensure timely readiness for September 2026
The introduction of explicit NFM guidance represents a significant development in UK financial services regulation. With the right preparation, firms can meet their obligations whilst building stronger, more inclusive workplace cultures.
Contact MEMA Consultants today to discuss your NFM compliance strategy and ensure your firm is ready for 1 September 2026.
This article provides general guidance on the FCA's Non-Financial Misconduct rules. Firms should seek specific compliance advice tailored to their circumstances. MEMA Consultants is an independent compliance consultancy and is not affiliated with the Financial Conduct Authority.
MEMA Regulatory Team
The MEMA Regulatory Team includes ex-FCA supervisors and Big 4 consultants with deep expertise across all aspects of UK financial services regulation and compliance.
Need regulatory support?
Our team can help with FCA authorisation, compliance outsourcing, and regulatory change implementation.
Book a consultation
