More than five years after first discussing non-financial misconduct as a regulatory priority, the UK Financial Conduct Authority (the FCA) has published proposed rules and guidance for firms to follow on (i) the scope of non-financial misconduct and (ii) the FCA's expectations when non-financial misconduct is identified. While the guidance is in many ways more detailed than most were expecting, there is also a sense that the FCA has simply set out in writing the standards the vast majority of firms in the industry have already adopted where non-financial misconduct is concerned and so they are not really likely to advance matters. Documenting the expectations as the FCA proposes is, however, a welcome wake-up call for the small number of firms who have not yet embedded these values into their cultures. The proposals though also give rise to, or do nothing to alleviate, a number of tensions which, if left unanswered, will leave firms grappling with some complex and technical issues without the regulatory support that they should expect to receive.

The FCA's Consultation Paper, CP23/20: Diversity and inclusion in the financial sector – working together to drive change (the Consultation Paper), sets out or clarifies the FCA's expectations in a number of regards.

  • Clarifying that non-financial misconduct (which includes sexual or racially motivated offences) should be taken into account by firms when assessing the fitness and propriety of senior managers and certification staff. Most strikingly, the FCA has proposed amendments to FIT that put it beyond doubt that non-financial misconduct in a person's private or personal life should also be considered for these purposes.
  • Detailing amendments to COCON outlining: (i) what is meant by non-financial misconduct, to include bullying, harassment, discrimination and violence; (ii) the scope of what is meant by the workplace, with examples, for the purposes of determining whether there is a sufficient link between the behaviour and the workplace for COCON to be engaged; and (iii) factors indicating seriousness that would mean that non-financial misconduct amounts to a COCON breach.
  • Confirming that the FCA will consider non-financial misconduct, and specifically discriminatory practices, when assessing the suitability of a firm for threshold conditions purposes. Similarly, in CP18/23 – Diversity and inclusion in PRA-regulated firms, published at the same time as the Consultation Paper, the Prudential Regulation Authority (the PRA) confirmed that non-financial misconduct would be assessed when considering whether an individual could affect the safety and soundness of their firm in line with the PRA's statutory objectives.

Both the FCA and PRA also set out a number of proposals around diversity and inclusion data, strategies and targets. Further information can be found here.

Now that the dust has settled after the initial fanfare when the Consultation Paper was published, it is clear that the Consultation Paper proposals are not a silver bullet and that there are a number of nuanced and technical considerations with which firms are going to have to continue to grapple when allegations of non-financial misconduct are made. Three of the key themes from that perspective are set out below.

How should firms investigate non-financial misconduct?

It has been clear for some time that firms are expected to investigate allegations of non-financial misconduct. However, the FCA's proposals place an increased pressure on firms to investigate highly sensitive matters that until now will not have strictly been their responsibility to investigate. This is most obviously the case in relation to assessing actions outside work for the purposes of the fit and proper test. Non-financial misconduct should be a rare occurrence and firms will want to get their investigations right when concerns are raised. This will require resource and technical skills that firms (even large firms with dedicated compliance, HR and legal teams) rarely have. There will also be challenges for firms based overseas where non-financial misconduct is not treated as a regulatory risk in the same way as it is in the UK. It is difficult to see how the FCA's expectations can be met in many circumstances without external support and with the costs involved, particularly in the absence of guidance from the regulator on best practice for investigations.

Where concerns around non-financial misconduct are raised, the behaviour and circumstances involved can often be nuanced, with firms required to make findings based on subjective moral standards in a way that is not the case for other regulatory breaches. Some cases of sexual harassment or discrimination will be clear-cut, but behaviour that would amount to bullying for one person is simply unvarnished criticism to another. There may also be intergenerational or intersectional differences in how behaviour is perceived which HR will have to consider when investigating whether conduct has impacted the trust and psychological safety of the workplace. The disciplinary sanction, and finding of a conduct rule breach, can of course have career limiting effects. Having a robust and consistent decision-making process is necessary to protect both employees and firms.

On top of this, one of the FCA's proposals is that a person will not breach the honesty and integrity conduct rule in relation to certain behaviour where they did not know or intend (including a reckless intent) for their behaviour to have a negative impact on the subject. This will be all but impossible to investigate without relying on the testimony of a person under investigation and highlights a key risk for firms investigating non-financial misconduct. There will often be limited documentary or witness evidence of any misconduct with firms needing to balance two versions of events to reach a conclusion.

While not directly addressed in the Consultation Paper, firms should also be mindful of the need for investigations to be independent. This can be particularly challenging when considering allegations against senior individuals to determine if they continue to be fit and proper. This is most starkly demonstrated by Crispin Odey who is reported to have fired the executive committee of Odey Asset Management to avoid an investigation into allegations of sexual misconduct coming to light. This is clearly an extreme example but there are still questions for firms to consider around independence of investigators, particularly when the investigation team reports directly or indirectly to the person being investigated. External support in these circumstances can be invaluable in demonstrating to the FCA that the matter is being taken seriously with effort to add objectivity and integrity into the process.

How do the proposals tie in with other obligations firms have?

As any firm which has been required to consider unacceptable behaviour will know, the issue of whether or not to take disciplinary action requires a consideration of both regulation and employment law. There is little, if any, recognition of the overlay between these two, sometimes competing, sets of obligations in the Consultation Paper. When firms investigate their employees, the fairness of the investigation will be particularly critical where the investigation results in dismissal. This is something that is not recognised by the FCA.

In contrast, in relation to regulatory references, the FCA expects firms to have given individuals the opportunity to comment on information contained in a reference.1 However, the FCA often expresses a view that misconduct needs to be investigated quickly with swift action taken to mitigate the risk to the firm of the behaviour in question. It can be difficult to do this and still take the necessary time to investigate to a standard that would be expected by an employment tribunal. This is often particularly true for misconduct outside the workplace.

Where non-financial misconduct is concerned, firms will also need to consider the duty of care they owe to their employees to create a safe work environment. Again, this is something that is aligned with the FCA's proposals, but it is also a requirement that can lead to tension with the need to investigate fairly. A failure to hit the right balance could see firms faced with liabilities following claims before the employment tribunal, even if they are meeting the FCA's expectations.

Tensions between the proposals and other obligations can be seen beyond the world of employment law. In Frensham v. FCA2,the Upper Tribunal found that it was wrong of the FCA to have prohibited Jon Frensham from working in the financial services industry on the basis of the attempted sexual grooming of a child, because there was insufficient link between that offence and Mr Frensham's workplace and so it was wrong for the FCA to use the offence as a basis for finding him to lack fitness and propriety. This decision gave firms and their employees the expectation that a link between non-financial misconduct and the workplace is necessary before fit and proper considerations can be engaged.

In what appears to be an attempt to address this, in the Consultation Paper, the FCA sets out proposals on bringing non-financial misconduct committed outside the workplace within the scope of the fit and proper test in certain circumstances. It is difficult to see these changes as anything other than an attempt to deal with the Frensham decision and the FCA has not explained how the contradictions can be resolved. There is also a lack of helpful guidance on how firms can apply the proposed standards in practice (see further below).

How can firms resolve the proposed different treatment of conduct rules staff and those subject to the fit and proper test?

Only non-financial misconduct that occurs within the workplace can amount to a conduct rule breach and even then it must be sufficiently serious. The proposals outline a number of factors that go to the seriousness of misconduct, including the seniority of the people involved, the duration and whether it forms part of a pattern of behaviour. For conduct rules staff, the key issue that firms are likely to encounter is around the exact scope of the workplace. The FCA's proposals provide examples and guidance on this but there is still a lack of clarity, in particular for remote workers and those who use personal devices for work purposes. Firms are under regulatory pressure to get this right but, without further guidance, they will be left to reach their own conclusions.

In contrast, under the proposals in the Consultation Paper, the fit and proper test applicable to certification staff and senior managers will cover non-financial misconduct outside the workplace where

(i) there is a risk that the behaviour could be repeated within the workplace; or (ii) the misconduct could damage public confidence in the financial system in the UK. In theory, the former is easier for firms to apply – an individual who has committed fraud outside the workplace could repeat the conduct within the workplace. There will still be real challenges for firms to investigate and gather evidence on misconduct in employees' private and personal lives that the FCA does not seem to appreciate.

The greater challenge for firms in this regard though will be in applying the public confidence ground. In addition to the problems around investigating employees' personal lives, firms are also faced with a lack of clear guidance on what could damage public confidence in the financial system. The proposals provide that behaviour that is "disgraceful or morally reprehensible or otherwise sufficiently serious" would be caught, but that there is no need for the misconduct to "cause direct and discernible damage to public confidence". Even the largest of financial institutions do not have access to the level of intelligence and insight that the FCA does and it is not fair to expect firms to make this determination.

A final point to raise here is the need for firms to consider that misconduct in the private lives of conduct rules staff could yet become relevant in the future, if the individual wishes to move into a certified or senior manager role. This is perhaps most clearly demonstrated in relation to regulatory references, where firms are required to set out known information relevant to the assessment of whether an individual is fit and proper. For serious misconduct, this requirement dates back more than six years. Where firms are aware of, but have not had cause to investigate, allegations of misconduct in an individual's private life that pre-dates the Consultation Paper proposals coming into force, they may need to consider whether they are obliged to retrospectively investigate the concerns to ensure the reference is both fair and in line with their regulatory obligations. There will also be a need to consider whether any firms need to make any record-keeping adjustments to be able to launch such investigations should the need arise, which will bring in questions of data protection and privacy.

The FCA's consultation is open until 18 December 2023 with the final rules expected to be published next year before the rules would come into force 12 months later, in 2025. There are clear gaps in the current proposals that need to be fixed to give firms the confidence they need when dealing with non-financial misconduct. If the FCA does not put the required parameters in place, the industry will likely find itself in the position of having to collectively work through these issues without regulatory guidance. We could well see the FCA having to play catch-up again.