FCA conduct rules: What changes before September 2026

Shifts are coming: firms are refreshing conduct and fitness checks after the FCA published final guidance on serious non-financial misconduct, affecting banks and non-banks from 1 September 2026 , here’s what leaders should update now to avoid regulatory headaches.

Essential Takeaways

• New scope: The Code of Conduct will cover serious non-financial misconduct in non-bank firms where the conduct touches the firm’s financial services business, so more firms must act.

• Practical test: Firms must assess seriousness by frequency, duration, seniority and impact, and weigh purpose and effect when deciding if conduct meets the regulatory threshold.

• Record and escalate: Expect greater supervisory scrutiny , firms should tighten documentation, decision-making notes and escalation paths; investigations will feel more complex.

• Fit and proper implications: Private life conduct, social media and cumulative minor breaches can affect fitness and propriety; dishonesty, violence and sexual misconduct carry particular weight.

• Get ready now: Update policies, align HR/compliance/legal, refresh training for managers and stress-test FIT procedures ahead of September 2026.

What exactly has changed and why it matters now

The FCA has cemented its intention to treat serious workplace misconduct as a conduct and prudential concern, not just an HR issue, so the tone here is firmer and a little more clinical , think clear expectations and closer oversight. According to the FCA, the new guidance clarifies how bullying, harassment, violence and related behaviours feed into the Code of Conduct and the Fit and Proper regime. That matters because it widens regulatory exposure for non-bank firms and raises the stakes for senior staff who may be judged both on individual breaches and on their handling of complaints.

Practical tip: map the parts of your business where conduct could reasonably affect financial services activity and identify roles that now fall explicitly in scope.

How firms should judge “seriousness” in practice

The guidance gives firms a non-exhaustive framework to assess whether a behaviour crosses the regulatory threshold: consider seriousness (including seniority and duration), the effect on the victim or workplace, and the apparent purpose of the behaviour. Single incidents can be serious, and conduct that wasn’t targeted at a named person can still be in scope , so context is everything.

Practical tip: adopt a short checklist for initial triage of complaints that captures frequency, impact, seniority and any aggravating or mitigating factors to ensure consistency across cases.

Where employment law and regulatory scrutiny collide , and how to navigate it

The FCA is careful to say its assessments sit alongside criminal and employment law, not instead of them, but that won’t make life simpler for investigators. Firms will often need to run parallel processes, manage confidentiality, and think about regulatory risk as distinct from disciplinary remedies. Expect to spend more time documenting why a regulatory threshold was or was not met.

Practical tip: create a standard operating interface between HR, legal and compliance so responsibilities, timelines and reporting lines are clear from the outset.

Fitness and propriety: private lives, social media and the cumulative picture

The guidance asks firms to take a holistic, risk-based view of fitness and propriety. That means private life issues can be relevant where they indicate material risk of repetition, social media conduct may be considered, and patterns of minor misconduct can aggregate into a material concern. Offences involving dishonesty, fraud, violence and sexual misconduct will attract particular attention in FIT decisions.

Practical tip: review your fitness-and-propriety templates to capture cumulative conduct and to document judgments about private-life relevance; avoid blanket rules and record the reasoning for each assessment.

Operational fixes firms should prioritise before September 2026

This is an implementation moment. Firms should move beyond policy statements to operational readiness: update disciplinary and escalation frameworks, refresh manager training on conduct and psychological safety, and run mock investigations to test decision-making and audit trails. The FCA has signalled more supervisory focus on culture, so demonstrating consistent application and good governance will pay dividends.

Practical tip: run a table-top exercise with HR, compliance and legal to stress-test two or three realistic scenarios, record decisions, and use that file to refine your policies.

It’s a small change that can make every investigation and fitness decision clearer and more defensible.

Join us for Credit Week 2026!