For professionals in the financial services sector, the boundary between work and personal life is becoming increasingly porous. The recent media storm around a seemingly innocuous cuddle at a Coldplay concert (an extra-marital hug between a US tech company’s CEO and its HR chief) demonstrates that even non-criminal behaviour in a personal context can carry serious reputational and professional consequences.
Both individuals lost their jobs, and their former employer has faced scrutiny. The company in question, Astronomer, recently published a statement on the incident saying “Our leaders are expected to set the standard in both conduct and accountability, and recently, that standard was not met”. In the modern age, what happens at home (or a concert) does not always stay there, particularly when it comes to regulatory expectations.
The FCA’s approach
In the UK, financial services professionals regulated by the Financial Conduct Authority (FCA) may have to report allegations of personal misconduct, even if the conduct has no apparent link to their professional duties. Allegations arising in divorce proceedings, child custody disputes, or other contentious private legal matters which are, in of themselves stressful times in a person’s life, can quickly escalate to rulings in litigation, or even a criminal investigation. These developments raise difficult questions: when does personal conduct become a regulatory concern? Where is the line drawn between a person’s private life and their ability to perform their role? And how far should firms go in monitoring the private lives of their employees?
On 2 July 2025, the FCA published its long-awaited approach to non-financial misconduct (NFM). This includes a Policy Statement amending the Code of Conduct (COCON) to explicitly bring serious personal misconduct into scope, and a consultation on new guidance for both COCON and the Fit and Proper Test for Employees and Senior Personnel (FIT).
The FCA’s aim is clear: to raise standards, increase accountability, and build public trust in financial services after some recent high-profile controversies in respect of senior finance professionals. Under the new regime, substantiated misconduct, such as bullying, harassment, or violence, can trigger regulatory consequences, even when it occurs outside the workplace. While the FCA previously treated this as implicit in the rules for banks, it is now extending this explicit framework to 35,000+ non-bank firms.
The FCA’s expanded rules clarify what constitutes NFM, how it should be assessed, and when it must be reported. Historically, the scope of COCON has been a source of uncertainty, leading to inconsistent approaches between firms and disagreements between the FCA and the Upper Tribunal over whether certain private behaviours justify prohibition. The Frensham and Zahedian cases illustrated this tension, especially when assessing how personal integrity, character, and reputation interact with regulatory fitness.
What constitutes non-financial misconduct?
The new draft COCON guidance outlines conduct that is within and outside scope. While conduct purely in someone’s private life is generally out of scope, it may still be relevant for the purposes of the FIT test. For example, harassment or violence outside work may not breach COCON but could indicate that the individual lacks the integrity or reliability required to remain fit and proper.
Importantly, the FCA proposes that firms document decisions not to treat an incident as a COCON breach. The guidance sets out factors for assessing whether private conduct is relevant to regulatory obligations, including whether it reflects a disregard for ethical or legal duties, an abuse of trust, exploitation of vulnerability, or could damage public confidence in the regulatory system.
The FIT guidance provides examples. A single minor driving offence is unlikely to be relevant, but repeated breaches might be. Similarly, misconduct in a private context, such as dishonesty or abusive behaviour, may be taken as a sign that the individual is not fit to uphold standards in a regulated environment, regardless of whether that behaviour occurs at work.
Looking ahead
These developments carry serious implications. Professionals and the firms that employ them must now grapple with the potential regulatory fallout from personal life events. This includes deciding whether a duty to self-report (or to report an employee) has been triggered, and how to manage reputational risk.
Navigating parallel criminal and regulatory proceedings can be particularly stressful. A person under investigation must respond appropriately in both arenas, balancing their legal position with the reputational stakes of a regulated role.
The message is clear: personal integrity is no longer a purely private matter for those in financial services. Professional and personal boundaries are blurring, and the FCA is watching both sides of the line.
