New guidance is coming into force on 1 September 2026
The FCA has finalised new guidance that explicitly integrates non-financial misconduct (NFM) into two existing regulatory frameworks. Both the Code of Conduct Sourcebook (COCON) and the Fit and Proper Test (FIT) are being expanded to take into account misconduct including bullying, harassment, and discrimination. The new guidance, coming into force on 1 September this year, has important practical implications for financial services firms.
What does PS25/23 mean for financial services firms?
When it comes to due diligence and hiring, under the updated regulation a clean financial and regulatory record will no longer be sufficient in order for a firm to remain compliant. Behavioural conduct now matters too when assessing fitness and propriety.
It also means that allegations of bullying, harassment and improper conduct must be actively considered during ongoing employee assessments (the annual FIT). Allegations that include NFM can’t be overlooked by firms when annually recertifying staff. This means a history of workplace misconduct is no longer just a culture and reputational concern, it’s a regulatory one, and firms will need to update their processes to reflect the change.
A blind spot you need to close
PS25/23 changes what the yearly FIT assessment is required to cover. Until now, FIT has leant heavily on financial and regulatory track records: sanctions, regulatory findings, and criminal convictions. Now NFM (substantiated or even credibly alleged) is formally part of the picture.
This raises an important question for firms – does it leave blind spots in your data? This kind of information about a prospective hire is unlikely to appear in a regulatory database. It’s more likely to be uncovered from adverse media, litigation findings and court records. Firms that want to run PS25/23-compliant assessments will need to expand where they look rather than simply update their policy documentation.
The regulatory direction of travel
The new guidance from the FCA hasn’t arrived in isolation. It follows years of FCA work on culture and conduct, including the broader diversity and inclusion consultation CP23/20, which was ultimately narrowed in scope in March 2025. What remained, and what has now been codified, is a firmer, more specific focus on misconduct that causes direct harm. It’s likely that further regulation will follow, so firms that build robust, repeatable processes for assessing non-financial misconduct now will be better protected as expectations develop.
Action to take now
With six months until PS25/23 comes into force, there’s time to act, but not to wait. Updating internal processes to remain compliant will require new information sources, new workflows, and the ability to demonstrate a consistent, documented approach to the FCA. That six months will go by fast.
Xapien gives financial services firms a fast, repeatable way to research individuals as part of their FIT assessments. Our platform searches the entire indexed internet, watch lists, corporate records, news archives, and sanctions lists, surfacing the kind of behavioural and reputational signals that screening databases don’t hold. Every finding is cited, every source is on record, and every report follows the same process. When the FCA asks how you assessed fitness and propriety, that’s the paper trail you want to have.
If you’d like to talk about how we can support PS25/23-compliant due diligence, get in touch.
