The FCA and PRA consult on boosting diversity and supporting healthy work cultures

On 25 September 2023, the FCA and PRA announced consultations on proposals to introduce a new regulatory framework on Diversity and Inclusion (D&I) in the financial sector, including clarity on the regulators’ approach to the treatment of non-financial misconduct, such as sexual harassment, as misconduct for regulatory purposes.

The proposals are not surprising given the regulators’ comments about embedding non-financial misconduct into fitness and propriety assessments in their 2021 discussion paper, and given the recent criticism of the FCA about willingness to act in the context of high-profile cases of alleged non-financial misconduct. If implemented, they will pose a number of challenges for regulated employers, and will require a change in current practice.

Consultation closes on 18 December 2023, with final rules planned for publication in 2024 and the rules coming into force 12 months after publication.

Non-financial misconduct

The FCA proposes that, for firms of all sizes, non-financial misconduct will become an integral part of the Conduct Rules, Fit and Proper assessments and the suitability criteria for firms to operate in the financial sector (Threshold Conditions).

The Conduct Rules for staff (COCON) would be expanded to make clear that they cover serious instances of bullying, harassment and similar behaviour towards fellow employees and employees of group companies and contractors. Conduct relating (purely) to an employee’s private or personal life would be out of scope, and not every instance of misconduct towards a fellow member of the workforce would amount to a breach (the rules will provide examples of sufficiently serious misconduct). The FCA may be expected to take disciplinary action in relation to serious instances of bullying, harassment and other similar behaviour, or multiple instances that are collectively particularly serious. Breaches of COCON may also lead to an individual being considered not fit and proper, resulting in the FCA withdrawing approval and/or prohibiting the individual.

The FCA intends to add guidance on how non-financial misconduct should be incorporated into regulatory references. The proposals would amend the Handbook to reflect the FCA’s view that non-financial misconduct is misconduct and not an additional principle. The aim is to give firms the reassurance needed to take decisive and appropriate action against employees for instances of non-financial misconduct.

D&I strategies and reporting

For large (251+ employees) firms and for CRR and Solvency II firms of any size, there are additional proposals to drive positive change in firm cultures and encourage more inclusive environments. This includes requiring firms to:

• Establish, implement and maintain an evidence-based D&I strategy.
• Collect and report certain D&I data covering a range of demographic characteristics. Age, sex or gender, disability, ethnicity, religion and sexual orientation would be mandatory characteristics for reporting.
• Determine and set appropriate diversity targets. Firms would be required to set their own diversity targets where they identify underrepresentation, including targets for the board, the senior leadership and the employee population as a whole.
• Recognise D&I matters as a non-financial risk in governance structures.

The challenge ahead

Few would disagree with the FCA Chief Executive’s comments in the consultation paper that “For UK financial services to be competitive and for the companies in it to be well run with healthy work environments, its vital they attract, retain and promote the best talent” and “Increasing levels of diversity within firms can help attract and unlock talent, supporting the sector’s international competitiveness.”

But the reporting requirements being consulted on would require a substantial increase in the scope of demographic data that must be collected and reported on. Larger firms are of course well acquainted with the requirement to report on a relatively limited data set relating to its workforce as a result of the UK gender pay gap reporting, but the proposals pose a much bigger challenge to employers (who will be mindful of their obligations under the GDPR) from a data privacy perspective. And of course there will be practical challenges for employers who have not previously collected substantial D&I data if their employees prefer not to provide it - the FCA recognises that firms will need to build up trust within the organisation beforehand and that datasets may be incomplete.

On non-financial misconduct we are likely to see firms seeking more clarity on precisely what conduct outside the workplace/normal course of work will go to fitness and propriety. We’ve seen a clear direction of travel in recent years towards a more expansive interpretation of relevant misconduct, but views still differ widely in the sector on where the lines ought to be drawn when it comes to conduct with no direct connection with the financial activities required in the day job. Regulated firms are likely to welcome clarification that violence and sexual/racially motivated misconduct will all be captured, but we can expect a lively discussion about just how wide the net should be cast over conduct that will trigger a reporting requirement.