The FCA introduces non-financial misconduct rules: Here's what companies need to prepare by September 2026

The Financial Conduct Authority’s Policy Statement PS25/23, Tackling Non-Financial Misconduct in Financial Services, confirms a clear direction of travel for regulated firms. Serious behaviour such as bullying, harassment, discrimination, violence and sexual misconduct can no longer be treated only as internal HR issues. It may affect whether a person is fit and proper to perform a regulated role.

The new requirements come into force on 1 September 2026. Firms still have time to prepare, but the practical work should start now.

For many organisations, that means reviewing how they assess conduct risk before hiring, during certification and throughout employment. It also means asking a harder question: would employees feel safe enough to report misconduct before it becomes a regulatory, legal or reputational issue?

What is the FCA changing?

For several years, the FCA has emphasised the importance of healthy workplace cultures and the role culture plays in reducing harm to consumers and markets. PS25/23 essentially reinforces this position by providing greater clarity on how companies should consider non-financial misconduct when applying the Conduct Rules and assessing whether individuals are fit and proper to perform regulated roles.

With the new rules and guidance taking effect on 1 September 2026, companies have a limited window to review their recruitment, certification and Fitness & Propriety (F&P) assessment processes to ensure they remain fit for purpose in an evolving regulatory environment.

The FCA’s message is direct. Misconduct towards colleagues or others may be relevant when assessing an individual’s suitability to work in financial services.

That creates a broader compliance challenge. Firms need policies that define unacceptable behaviour, screening processes that support informed decisions, and internal reporting channels that allow concerns to surface early.

What does non-financial misconduct (NFM) mean in the context of financial services?

Non-financial misconduct (NFM) includes behaviour that is not of a clearly financial nature such as bullying, harassment and violence. Where NFM is serious and goes unchecked, it can harm individuals, firms and confidence in financial services.

Examples of misconduct highlighted by the FCA include:

• Bullying
• Harassment
• Sexual misconduct
• Violence
• Discrimination
• Serious abusive or intimidating behaviour

Where this behaviour goes unchecked, it can damage individuals, weaken trust inside the organisation and raise questions about management oversight.

The key shift is that firms should no longer see these issues only through an employment lens. Serious conduct concerns can also affect regulatory risk, certification decisions and Fitness and Propriety assessments.

Whistleblowing channels will become more important for financially regulated companies

Screening and due diligence help firms assess risk before someone joins the business. They do not solve the whole problem.

Many conduct issues emerge during employment. Some are visible to colleagues long before they appear in formal complaints, investigation records or management reports. Without a trusted whistleblowing process, those concerns may stay hidden until the harm is greater.

A clear whistleblowing process helps firms limit exposure to non-financial misconduct by giving employees and other stakeholders a safe route to report concerns. It also gives the organisation a better chance to identify patterns, investigate fairly and act before misconduct becomes embedded.

This matters for FCA-regulated firms because culture is rarely measured by policy documents alone. Regulators will look at whether firms have systems that work in practice. A speak-up process that employees trust is one of the strongest indicators that the organisation takes conduct seriously.

What makes a whistleblowing process effective?

A whistleblowing policy is useful only if people believe it will protect them.

An effective process should make it clear what can be reported, who can report, how reports are handled and what protections apply. It should also support confidential or anonymous reporting where appropriate.

Anonymity is especially important in cases involving bullying, harassment or abuse of power. Employees may fear retaliation, career damage or being dismissed as difficult. If the reporting process feels informal, exposed or dependent on a single manager, many people will stay silent.

That silence creates risk. Firms cannot manage misconduct they never hear about.

Veremark’s whistleblowing platform gives organisations a secure channel for receiving and managing whistleblowing reports and workplace complaints. It is designed to support confidential reporting, with end-to-end encryption and security controls that help strengthen trust in anonymity. For regulated firms preparing for the FCA’s new expectations, this can form part of a wider conduct risk framework.

How companies should prepare for September 2026

The implementation date may seem some distance away, but firms that begin reviewing their processes now will be better placed to respond.

The FCA’s guidance signals an expectation that firms actively assess conduct, integrity and culture when making recruitment, certification and Fitness and Propriety decisions. For many organisations, this means reviewing whether existing processes provide enough visibility of conduct-related risks.

Questions firms should consider include:

• Do current screening and due diligence processes provide enough insight into potential conduct concerns?
• Do Fitness and Propriety assessments properly consider integrity, honesty and reputation?
• Are there clear procedures for escalating and assessing allegations of serious misconduct?
• Is there a trusted whistleblowing process for employees to raise concerns safely?
• Are conduct issues recorded and reviewed consistently across the employee lifecycle?

Addressing these questions now can help firms prepare for implementation while showing a proactive approach to regulatory expectations.

Implications for Recruitment and Fitness & Propriety Assessments

The changes are likely to influence how companies approach hiring decisions, certification reviews and ongoing assessments of staff conduct.

Many organisations are already reviewing their existing frameworks to determine whether they have sufficient processes in place to identify conduct-related risks before and during employment.

Questions companies may wish to consider include:

• Are current screening and due diligence processes providing sufficient insight into potential conduct concerns?
• Do Fitness & Propriety assessments adequately consider indicators of integrity, honesty and reputation?
• Are there clear procedures for escalating and assessing allegations of serious misconduct?
• Is there consistency in how conduct issues are recorded and reviewed across the employee lifecycle?

Addressing these questions now can help companies prepare for implementation while demonstrating a proactive approach to regulatory expectations.

Enhanced Due Diligence: A Growing Area of Focus

While the FCA has not prescribed specific screening requirements, some regulated companies are exploring whether additional due diligence measures could provide valuable context when assessing conduct, integrity and reputational risk.

Examples include:

Adverse Media Searches Media screening can help identify publicly reported allegations, investigations or incidents that may warrant further review as part of a wider assessment process.

Risk-Based Social Media Screening Where conducted lawfully and proportionately, social media screening may provide additional insight into behaviours that could present conduct or reputational risks.

Civil Litigation Searches Civil court records may reveal disputes or findings that could be relevant when assessing integrity, judgement or patterns of behaviour.

It is important to note that these measures are not mandated by the FCA. Rather, they are being considered by some organisations as supplementary tools to support existing recruitment and F&P frameworks.

The Importance of Proportionality

Any enhanced screening programme should be carefully designed to ensure it is proportionate, risk-based and compliant with applicable employment, privacy and data protection laws.

Companies should avoid adopting a "one size fits all" approach and instead consider factors such as:

• The nature and seniority of the role
• Regulatory responsibilities attached to the position
• The level of potential conduct risk
• Legal and data protection obligations
• Transparency and fairness within the recruitment process

A balanced approach enables organisations to strengthen risk management while maintaining compliance and supporting positive candidate experiences.

How Veremark Can Help

As firms prepare for the FCA’s new requirements, many are reviewing whether their current screening, due diligence and internal reporting processes provide enough visibility of conduct, integrity and reputational risks.

Veremark supports regulated organisations with screening solutions that complement recruitment, certification and Fitness and Propriety frameworks. These include adverse media searches, risk-based social media screening, civil litigation checks and financial regulation checks, helping firms obtain additional context when making hiring and risk management decisions.

Veremark also provides a whistleblowing solution for organisations that need a secure, confidential process for receiving and managing reports. For firms concerned about exposure to non-financial misconduct, this helps close a critical gap: the gap between having a conduct policy and giving people a trusted way to report when that policy is breached.

With 1 September 2026 approaching, now is the time to review your current approach and identify where improvements are needed.

To discuss how your organisation can prepare for the FCA’s non-financial misconduct requirements, contact Veremark to learn how we can support your screening, compliance and whistleblowing processes.