Tackling non-financial misconduct in financial services

Helpfully, the draft guidance clarifies that COCON does not apply to behaviour in personal or private life. It also includes examples to help firms judge the boundary between work and personal conduct and explains when behaviour falls outside of SMCR financial activities. It also confirms that conduct isn’t excluded from the scope of COCON just because it is banned by a firm’s own internal policies, or is harmful to a firm.

The proposed guidance seeks to clarify when bullying, harassment or violence may fall outside of the scope of COCON for non-banks, namely when behaviour clearly relates only to a part of the business that doesn’t carry on regulated or SMCR financial activities. To bring this to life, an example is provided where a firm separates its HR function into those dealing with staff in the financial service business and those dealing with staff in other parts of the business, confirming that the latter may fall outside the scope of COCON. Looking ahead, some firms may consider staff segregation to avoid the application of COCON, albeit behaviour such as bullying, harassment or violence would of course be likely to be caught under employment law in any event.

The guidance also gives some helpful clarity on the factors to consider when determining whether NFM breaches the conduct rules.

Firstly, it clarifies that subjecting a colleague to detriment for disclosing information to regulators or for using the firm’s whistleblowing procedures, would be a breach of Individual Conduct Rule 1 (‘you must act with integrity’).  This is unsurprising given the importance the FCA places on culture and psychological safety. This approach also aligns with rules around victimisation under employment law.

Secondly, it sets out the factors to consider when deciding if NFM breaches either Individual Conduct Rule 1 or Individual Conduct Rule 2 (‘you must act with due skill, care and diligence’). Factors to consider include:

1.Whether the NFM is ‘serious’, which might be the case depending on the repetition, duration and impact of conduct (which may involve looking at later actions as well), the seniority and vulnerabilities of those involved, and whether there have been prior warnings or criminality. This concept of ‘serious’ broadly aligns with the concept of ‘serious’ in the SRA sexual misconduct guidance, which the FCA has previously drawn on (see our previous insight), and which might be familiar to firms. It differs however to the concept of ‘serious’ in the FIT guidance – see below – which makes navigation of the various tests tricker for firms.

2.“All the circumstances of the case” which seems to include both a subjective and objective element being (i) the perception of the subject of the misconduct (e.g. if the subject didn’t perceive their dignity to be violated, there is no breach) and (ii) whether it was reasonable for the conduct to have the perceived effect (e.g. if it wasn’t reasonable, there is no breach). However, what is not clear is how firms should balance the subjective and objective elements of this test, and it may be prudent to take advice on this point, particularly as this overlaps with the test for harassment under employment law and so lessons may meaningfully be taken from that sphere.

3. Conduct may fall under COCON whether it’s a single act, repeated incidents, or ongoing behaviour, and can include physical violence as well as words, gestures, or communications.

However, both Rule 1 and Rule 2 also have additional and specific thresholds which may mean that NFM falls outside the scope of those rules:

• Rule 1 requires a lack of integrity (i.e. behaviour that is deliberate or reckless). NFM may therefore fall outside its scope if the staff member reasonably believed their actions were justified and proportionate or if the staff member did not intend to cause harm and were not reckless about the effect of the conduct (although repeated behaviour would make it more likely they intended or knew of the harm).

• Rule 2 requires a lack of due skill, care and diligence. NFM may therefore fall outside its scope if the staff member thought the conduct would have no ill effects and a reasonable person with the same skills would have thought the same and thought the conduct was justified.

The addition of this subjective element to the COCON test enables sufficient regard to context and reasonableness, which is welcome given that adverse findings have the potential to severely impact an individual’s career and livelihood.

The practical effect is that NFM will more likely be captured by Rule 2 than Rule 1 given the threshold in relation to Rule 1 is higher and has more subjective elements. In light of this, it may be that the seriousness test is more of a determining factor in relation to Rule 2.

Finally, it should be noted that the guidance gives some helpful examples of reasonable steps for senior managers to protect staff against NFM and flags that there will not be in breach of Individual Conduct Rule 2 if managers have acted reasonably. HR functions and senior managers should review these, particularly in light of the recent and upcoming changes to the duty to prevent sexual harassment.

The draft guidance explains how conduct, including NFM, forms part of the fit and proper test in FIT.

It makes clear that each assessment should be on a case by case basis and should include relevant factors such as the seriousness of the breach (the assessment of which differs to that under COCON, and seems to be broader than that of the SRA in its sexual misconduct guidance), timing of the breach, steps to address behaviours/competence issues/rehabilitation, remorse, absence of mitigating factors, past record, health and life events that might cause out of character behaviour, repetition and likelihood of recurrence, seniority and relevance of the breach to role. In this respect the list of mitigating factors is wider than that of the SRA.

It also gives clear guidance that, whilst COCON is limited to conduct related to a firm’s activities (and sometimes only to a part of its activities) an assessment of fitness and propriety should not be limited in that way; relevant conduct may occur outside work. The guidance on proximity here takes a similar approach to the SRA’s sexual misconduct guidance. Some key points:

• It specifically gives the example of violence or sexual misconduct against an individual in their private or personal life and explains that this might show there’s a risk of similar misconduct in relation to customers or counterparties or people in the firm and so is relevant.

• It states that breaches of law that would not otherwise be relevant might be relevant where repeated – for example, a minor driving offence might be relevant if frequently repeated.

• It explains that, even if there is no risk of misconduct in a person’s private life being repeated in their work for a firm, it may be relevant if it demonstrates a willingness to disregard ethical/legal obligations, abuse a position of trust or exploit the vulnerabilities of others, and/or it is sufficiently serious that it could undermine public confidence in the regulatory system/impact the FCA’s objectives.

The guidance also flags that generally a firm need not monitor the private lives of its staff subject to FIT; they need only look at private life if there a good reason to (such as an allegation being brought to their attention).

In these circumstances, whilst the FCA recognise that a firm will normally rely on formal findings (such as court findings) to assess whether wrongdoing in private life has taken place, a firm should nevertheless consider what steps it can reasonably take to assess the possible impact on fitness and propriety. Firms might, for example, ask for an explanation from the member of staff.

Helpfully, the guidance also clarifies the FCA’s approach to NFM on social media, noting that social media activity may be relevant to fitness and proprietary where it indicates a real risk that the person will breach the requirements and standards of the regulatory system. However there also seems to be an acknowledgement that social media is a grey and developing area, and that there is a balance to be had (as in employment law) between regulatory concepts and the laws relating to freedom of speech and expression. Indeed, the guidance specifically states that a person can lawfully express views on social media even if they are controversial or offensive without calling into question their fitness under FIT, even if colleagues are upset by those views.

Finally, the guidance makes clear that findings of bullying, harassment, victimisation or discrimination – whether by a tribunal, court, or upheld internal complaint – should be considered when assessing fitness and propriety. This will require FIT assessments to be aligned with HR processes, to ensure that any such findings are captured and considered.