Chapter One · Free Preview

THE BIG WHY:
A CAREER-DEFINING RISK.

What has actually changed

From 1 September 2026, how your staff treat each other is a regulatory matter.
Not a policy aspiration.
A rule.
With enforcement consequences.

The centre of gravity of UK financial services regulation has moved. For a generation, conduct regulation was largely about the interface between a firm and its customers: suitability of advice, clarity of disclosures, fairness of charges, adequacy of controls, integrity of reporting. The FCA's remit now extends, explicitly and in writing, into how staff members behave towards one another.

Policy Statement PS25/23, published 12 December 2025, finalised a new rule in the Code of Conduct sourcebook numbered COCON 1.1.7FR. The FCA has confirmed the rule applies to all firms with a Part 4A permission under the Financial Services and Markets Act 2000. The practical population is approximately 37,000 non-bank Part 4A-authorised firms.

What the rule then says, in substance, is that serious bullying, harassment and violence between staff members can amount to a breach of Individual Conduct Rules 1 or 2 — and that a Senior Manager who fails to take reasonable steps to prevent such breaches in their area of responsibility is personally accountable for that failure.

HR and regulatory conduct have converged. It is the same facts. It is now four or five parallel legal processes.

Why this is personal

The Senior Managers and Certification Regime was designed, explicitly, to end the pattern of the pre-2008 era where catastrophic firm failures produced no individual accountability. Each Senior Manager is allocated a defined set of responsibilities through a Statement of Responsibilities.

If something goes wrong within that area, the regulator is entitled to ask the Senior Manager what they did to prevent it. The statutory Duty of Responsibility under section 66A(5) FSMA requires "such steps as a person in their position could reasonably be expected to take to avoid the firm's contravention occurring or continuing."

Until now, the "reasonable steps" test was applied primarily to financial matters. What PS25/23 does is confirm, unambiguously, that the same test is now applied to non-financial misconduct.

The narrow defence

"I didn't know" is available only to the Senior Manager who can show their systems of knowledge-gathering were themselves reasonable. Absence of information is a defence only if the absence is itself reasonable.

End of free preview

Continue reading all 170 pages

The Four Vectors of Personal Risk · TRACE Framework · Field Notes · Evidence Pyramid · Day-in-Court Checklist · 6 Appendices

Get the Full PDF →