On 12 December 2025, the FCA published Policy Statement PS25/23, finalising its framework for tackling non-financial misconduct (NFM) in financial services. The new rules come into force on 1 September 2026. For around 37,000 non-bank firms, this represents a significant expansion in regulatory scope and a hard deadline to get it right.
The centrepiece is a new conduct rule, COCON 1.1.7FR, which makes serious bullying, harassment, and violence an explicit breach of the FCA's Code of Conduct. But the implications run far deeper than a single rule. PS25/23 touches fitness and propriety assessments, senior manager accountability, investigation procedures, culture monitoring, and record-keeping. The message is clear: the FCA considers how firms treat their people to be as important as how they manage their money.
The challenge for most firms is not understanding the rules. It is evidencing compliance with them. Annual surveys, ad hoc investigations, and manager opinion are no longer sufficient. The regulator wants objective, continuous, auditable evidence that your culture is healthy and your people are protected.
Here are eight specific regulatory requirements under the new NFM framework, and how Solas OS helps firms meet them.
1. Detecting Serious NFM Before It Becomes a Formal Complaint (COCON 1.1.7FR)
The requirement: The new rule defines non-financial misconduct as unwanted conduct that violates a person's dignity or creates an intimidating, hostile, degrading, humiliating, or offensive environment. This aligns with the definition of harassment under the Equality Act 2010, but deliberately extends beyond protected characteristics to capture a broader range of workplace behaviours.
The problem: Most firms only learn about NFM when someone files a formal grievance or whistleblowing report. By that point, the damage is done: to the individual, to the team, and to the firm's regulatory standing. The FCA has made clear that unhealthy culture is a "red flag indicator of cultural failings" that triggers supervisory action. Waiting for complaints is not a strategy.
How Solas OS helps: Solas OS analyses anonymised communication metadata to detect the leading behavioural indicators of a toxic environment: patterns consistent with intimidation, isolation, exclusion from decision-making, and communication breakdowns between individuals or teams. These signals surface weeks or months before formal complaints materialise, giving compliance and HR teams the intelligence to intervene early. This is not surveillance of message content. It is pattern recognition across communication structures, turning vague cultural concerns into measurable, actionable data.
2. Proving Manager Accountability Under the Conduct Rules (COCON 2.1.2R)
The requirement: Managers are required to take reasonable steps to prevent harassment and other serious misconduct. Under COCON 2.1.2R, a manager who knew or could reasonably have known about NFM, and had the authority to intervene but failed to do so, is in breach of the due skill, care, and diligence conduct rule.
The problem: "Reasonable steps" is a subjective standard. Most firms cannot demonstrate what steps a manager actually took (or failed to take) because they have no objective record of management behaviour. When the FCA asks whether a manager intervened, the answer often comes down to competing narratives.
How Solas OS helps: Solas OS maps management communication patterns, team engagement levels, and the flow of information between managers and their teams. It reveals whether managers are accessible, responsive, and actively engaged with their people, or whether they are disconnected from the day-to-day reality of their teams. When a manager is flagged as having low engagement with a team experiencing elevated stress indicators, the firm has both the warning and the evidence to act before regulatory accountability becomes an issue.
3. Integrating NFM Into Fitness and Propriety Assessments (FIT Sourcebook)
The requirement: PS25/23 explicitly integrates NFM into the FCA's Fit and Proper assessment framework. Perpetrators of serious NFM can fail the fit and proper test. So can senior managers who fail to prevent known misconduct. Private conduct is relevant where it demonstrates a pattern of behaviour, a willingness to disregard legal or ethical obligations, or an abuse of a position of trust, provided there is a material risk of repetition.
The problem: Fitness and propriety assessments have traditionally been document-based: references, criminal record checks, and self-declarations. These processes are poor at detecting behavioural patterns, cultural red flags, or the kind of ongoing conduct that the FCA now considers relevant.
How Solas OS helps: Solas OS provides continuous behavioural intelligence that can inform fitness and propriety decisions with objective data. Rather than relying on periodic assessments and self-reporting, firms can draw on ongoing evidence of how individuals interact with colleagues, manage teams, and contribute to (or undermine) workplace culture. For senior managers and certification regime staff, this creates a data-informed baseline against which fitness and propriety can be assessed with far greater rigour than traditional methods allow.
4. Conducting Fair and Thorough Investigations
The requirement: Firms must conduct fair, thorough investigations when NFM is reported. The FCA expects documented findings, consistent disciplinary procedures, proportionate sanctions, and confidentiality protections. Investigations must be credible enough to withstand regulatory scrutiny.
The problem: Investigations into interpersonal misconduct are notoriously difficult. They often devolve into "he said, she said" disputes where subjective accounts conflict. Without objective evidence, outcomes depend on who is more credible or more senior, which is precisely the dynamic the FCA is trying to disrupt.
How Solas OS helps: Solas OS provides an objective, time-stamped behavioural record that can support investigations with data rather than relying solely on testimony. Communication patterns, collaboration shifts, and changes in team dynamics around the period in question can corroborate or challenge claims. This does not replace the human judgement required in investigations, but it provides an evidential foundation that makes outcomes more defensible and less susceptible to bias or power imbalances.
5. Identifying and Mitigating Risk Factors (Risk Assessment)
The requirement: Firms should identify scenarios where employees may be reluctant to raise concerns about NFM. This includes assessing power dynamics, reporting barriers, and vulnerable employee populations. Mitigation measures must be implemented.
The problem: Power dynamics and reporting barriers are invisible in traditional HR data. You cannot see them in an org chart, a headcount report, or an engagement survey. Employees who feel unable to speak up are, by definition, unlikely to tell you they feel unable to speak up.
How Solas OS helps: Solas OS maps the real influence and communication networks within your organisation, revealing power dynamics that formal structures obscure. It identifies individuals or teams that are isolated, excluded from information flows, or dependent on a single dominant figure for access and recognition. These are exactly the conditions the FCA highlights as risk factors for unreported NFM. By making these hidden dynamics visible, Solas OS enables firms to target interventions where they will have the greatest impact: strengthening reporting channels, redistributing access, and ensuring no individual or team exists in a bubble where misconduct can go unchallenged.
6. Building and Evidencing a Healthy Culture
The requirement: The FCA's February 2025 culture guidance establishes that healthy firm culture is characterised by openness, accountability, inclusivity, and ethics. Firms need to demonstrate, not just assert, that their culture meets these standards. The FCA treats unchallenged bullying, harassment, or discrimination as evidence of cultural failure.
The problem: Culture is the hardest thing in an organisation to measure. Most firms rely on annual engagement surveys with poor response rates and well-known biases (social desirability, recency, fear of identification). These provide a snapshot at best, and a misleading one at worst.
How Solas OS helps: Solas OS replaces subjective survey data with continuous, objective metrics on organisational culture. It tracks collaboration patterns, psychological safety indicators, communication inclusivity, and team resilience as they manifest in daily work. The result is a C-suite dashboard that shows cultural health across the entire organisation over time, not a once-a-year survey score that everyone knows is unreliable. This provides the auditable, ongoing evidence the FCA expects when it asks firms to demonstrate a healthy culture.
7. Maintaining Auditable Records and Reporting
The requirement: Firms should maintain records of NFM incidents reported, investigations conducted, actions taken, policy communications, and training participation. The FCA currently has 76 open supervisory cases tagged as NFM-related, signalling active regulatory attention.
The problem: Many firms track NFM incidents in spreadsheets, email threads, or disconnected HR case management tools. There is no single source of truth, no trend analysis, and no way to demonstrate to a regulator that the firm has a systematic approach to identifying and responding to conduct issues.
How Solas OS helps: Solas OS creates a continuous, time-stamped record of organisational behavioural health that complements traditional incident tracking. Rather than waiting for incidents to be logged, the platform provides trend data showing whether cultural indicators are improving or deteriorating over time. When the FCA asks for evidence of proactive management, firms can present longitudinal behavioural data alongside their incident records, demonstrating that they are not merely reacting to complaints but actively monitoring and managing the conditions that give rise to misconduct.
8. Preparing for September 2026 and Beyond
The requirement: The 1 September 2026 deadline applies to all FCA-regulated firms. Implementation requires policy review, staff training, system updates, governance changes, and risk assessments. Post-implementation, the FCA will transition to active supervision of how firms are tackling NFM in practice.
The problem: Most firms are starting from a position where their NFM infrastructure is reactive and document-based. Building a genuinely proactive approach to culture and conduct in under a year requires more than updated policies. It requires new sources of data and new ways of using them.
How Solas OS helps: Solas OS can be deployed ahead of the September 2026 deadline to establish a behavioural baseline for your organisation. This baseline becomes the foundation for demonstrating continuous improvement once the rules are in force. Rather than scrambling to assemble evidence before an audit, firms generate compliance-relevant data as a natural byproduct of daily operations. The platform integrates with existing communication infrastructure and requires no employee behaviour change, meaning deployment is fast and adoption is seamless.
The Bigger Picture
The FCA's NFM framework is not an isolated regulatory initiative. It sits alongside the Senior Managers and Certification Regime, the Consumer Duty, operational resilience requirements, and the FCA's broader focus on firm culture as a driver of good outcomes. Firms that treat NFM compliance as a standalone project will find themselves building parallel systems for problems that share a common root: the gap between what organisations know about their people and what they can prove.
Solas OS closes that gap. By turning everyday workplace signals into continuous, objective, auditable behavioural intelligence, it provides the evidential foundation that the FCA's new rules demand, not just for NFM, but across the full spectrum of conduct and culture requirements that define modern financial services regulation.
The days of gut feel management are over. September 2026 is the deadline. The question is whether your firm will be ready with data, or still relying on instinct.