From 1 September 2026, the Financial Conduct Authority’s (FCA) Code of Conduct will extend its reach to cover bullying, harassment and violence across every FCA-authorised organisation in the UK.
According to Wordwatch, the expansion brings nearly 38,000 firms into the full scope of Non-Financial Misconduct (NFM) regulation for the first time — a landmark shift that reframes people management as a compliance imperative rather than a human resources concern.
For many firms, the policy groundwork is largely done. The harder challenge now is twofold: cultivating a workplace environment where harmful behaviour surfaces early and is handled sensitively, and ensuring there is a defensible, auditable evidence trail when an allegation eventually arises. These are distinct problems, and most organisations have only solved the first.
The firms genuinely ahead of the curve are not simply anticipating an FCA examination. By getting both the cultural and evidential layers right, they are simultaneously protecting their reputations, retaining talent, and transforming their relationship with employees from reactive crisis management to ongoing, proactive engagement.
Chris Reed and Andy Davies, who work daily inside the capture and surveillance estates of regulated organisations, have shaped their analysis around what compliance leaders are telling them right now. Their work surfaces a critical insight: readiness in 2026 means more than having the right policies on paper. It means being able to demonstrate, under scrutiny, what happened, when, and across which channels.
One of the most exposed blind spots concerns the population of employees most affected by the rule extension — those who are often the least monitored. The compliance perimeter is widening, and the monitoring infrastructure in many firms has not kept pace. This creates a meaningful gap between who the regulator now expects to see covered and who actually is.
The evidential bar is also higher than many compliance teams appreciate. When an NFM allegation lands, investigators will want to know not just what policies exist, but what the responsible manager could reasonably have known at the time. That shifts accountability away from documentation and towards demonstrable awareness — a subtle but significant change with real consequences for how oversight is structured. Three retrieval scenarios, in particular, continue to catch organisations off guard, including the question of legacy data and so-called “awkward channels” that sit outside standard monitoring frameworks.
The broader trajectory is clear: the industry is moving from reactive investigation to proactive cultural stewardship. For compliance and RegTech professionals, the September deadline is not the finish line — it is the moment the standard of proof becomes real.
To register for the webinar, click here.
Copyright © 2026 FinTech Global
