Global Site
Argentina Aruba Barbados Bolivia Brazil Canada Cayman Islands Chile Colombia Costa Rica Curacao El Salvador Guatemala Honduras Mexico Paraguay Peru Puerto Rico Saint Martin Suriname United States Uruguay Venezuela
Australia Cambodia China Hawaii Hong Kong India Indonesia Japan Macau Malaysia Maldives Mongolia Myanmar Nepal New Zealand Pakistan Philippines Singapore South Korea Sri Lanka Taiwan Thailand Vietnam
Albania Andorra Armenia Austria Azerbaijan Belgium Bulgaria Croatia Cyprus Czech Republic Denmark Estonia Finland France Georgia Germany Greece Hungary Ireland Italy Kazakhstan Kosovo Latvia Lithuania Luxembourg Malta Moldova Netherlands Norway Poland Portugal Romania Serbia Slovakia Slovenia Spain Sweden Switzerland Tajikistan Turkey Ukraine United Kingdom Uzbekistan
Algeria Angola Bahrain Egypt Ghana Israel Jordan Kenya Kuwait Lebanon Liberia Mauritius Morocco Mozambique Nigeria Oman Qatar Saudi Arabia Senegal Sierra Leone South Africa Tanzania Togo Tunisia Uganda United Arab Emirates Yemen
Contact us
home Insights
person walking along a garden path aireal view

Beyond optics

Why CP25/18 should be a wake-up call for financial services

Nerina Wright, Senior Manager, Consulting
Isaac Alfon
12/09/2025
person walking along a garden path aireal view

This insight, intended for senior leaders in risk, compliance, HR, and Diversity, Equity and Inclusion (DEI) roles, explores the FCA’s CP25/18, which marks a turning point in how financial services firms must approach culture, conduct, and compliance. By reframing non-financial misconduct (NFM) as a regulatory issue, the consultation paper signals a shift from symbolic DEI efforts to structural accountability.

For risk and compliance leaders, this is not just a cultural challenge, it is a call to embed inclusion into the heart of governance, risk, and control frameworks. Inclusive cultures are no longer optional, they are essential for regulatory fitness, reputational resilience, and long-term value.

A cultural shift with compliance consequences

The Financial Conduct Authority’s (FCA) consultation (CP25/18) explicitly reframes non-financial misconduct (NFM) for financial services. Behaviours such as bullying, harassment, and violence become regulatory issues rather than just HR matters, marking a cultural shift and a milestone in compliance and risk management.

While the FCA stepped back from its broader DEI proposals outlined in CP23/20, narrowing the scope to NFM has left many in financial services questioning what this means in practice. This shift may prompt a review of existing policies, but the most effective response lies in embedding processes for identifying, avoiding, and managing NFM within risk and control frameworks.

A market gap?

CP25/18 clarifies expectations for insurers, making behaviours like discrimination, bullying, harassment, and violence clear breaches of conduct standards rather than purely employment issues. Despite the FCA’s focus on leadership accountability, its own analysis reveals governance gaps: 38% of firms don’t provide boards with NFM management information, and 33% lack formal structures for disciplinary decisions. This highlights a growing regulatory expectation amid lagging governance maturity.

By embedding NFM into the Code of Conduct (COCON) and Fit and Proper Test (FIT), the FCA signals that potentially toxic behaviour is a conduct, and as a result, a regulatory risk. This has serious implications for risk functions, including potential enforcement action, reputational harm and talent loss.

  • Conduct risk frameworks must explicitly address NFM.
  • Regulatory references must prevent ‘rolling bad apples’, individuals with a history of misconduct moving between firms.
  • Fitness and propriety assessments must consider behavioural integrity alongside technical competence.

Responses to the Culture and non-financial misconduct survey findings show the scale and complexity of the issue. Bullying and harassment (26%) and discrimination (23%) were the most reported types of misconduct, while 41% fell into the ‘other’ category, highlighting the challenge of categorising personal misconduct.

The FCA has made clear that healthy workplace cultures are vital to market integrity, and firms should use available data to benchmark practices, in doing so, placing leadership accountability at the centre of its expectations. CP25/18 emphasises that senior managers' boards must take ownership of culture and conduct, ensuring that serious misconduct is not tolerated or overlooked. The expectation is that NFM considerations are embedded into governance structures, with clear escalation routes and accountability mechanisms to support effective oversight and response.

More generally, CP25/18 will impact risk and compliance management, and firms will be expected to ensure that appropriate measures are in place as outlined below.

  • Individual conduct frameworks that explicitly account for NFM.
  • Regulatory references and the application of the senior manager regime are robust enough to prevent ‘rolling bad apples’.
  • Fitness and propriety assessments consider behavioural integrity, not just technical competence.

D&I in the shadows: what the FCA’s narrow focus means

NFM is often the lived experience of exclusion. Bullying, microaggressions and harassment disproportionately affect ethnic minorities, women, LGBTQ+ individuals and other historically excluded groups. When these behaviours go unchecked, they erode psychological safety, undermine trust, and drive employee attrition, especially among underrepresented talent. By treating NFM as a conduct issue, the FCA is aligning regulatory expectations with cultural accountability.

While CP25/18 marks progress in how non-financial misconduct is treated from a regulatory perspective, it also signals a narrowing of the FCA’s broader inclusion agenda. Proposals from CP23/20 have been paused, and some firms may interpret this as a shift in focus, potentially deprioritising the cultural and behavioural work that underpins inclusive and respectful workplaces. This ambiguity is itself a risk. Firms that treat inclusion as optional may inadvertently create the very conditions that lead to the misconduct CP25/18 is designed to address. The consequences are not just reputational. They may also invite regulatory scrutiny under the conduct rules now being reinforced. It must be clearly understood that building cultures which are inclusive, fair and future-fit is not a discretionary goal. It is a regulatory imperative.

Firms should move beyond a narrow focus on NFM and adopt a risk-based approach to inclusion that supports broader cultural and governance objectives. 

  • Integrating inclusion into enterprise risk management (ERM) frameworks.
  • Developing business-relevant inclusion metrics and linking them to risk appetite and board-level reporting.
  • This includes using misconduct data to identify cultural hotspots, uncover systemic risks and highlight wider challenges to inclusion.
  • Training risk and compliance teams to recognise exclusionary behaviours as risk indicators.

This is not just about avoiding fines. It is about protecting value by winning the war on talent. This includes fostering cultures where NFM is less likely to occur, and more likely to be addressed when it does.

The road ahead: Culture as a compliance imperative
The alignment of legal and regulatory frameworks, from the Equality Act 2010 to the Home Office’s Diversity and Inclusion Strategy, reinforces that culture is compliance, not just a moral imperative. CP25/18 reframes inclusion as a matter of fitness and propriety, not just fairness and is a reminder that what we tolerate becomes our culture and our risk. 

Where next?

There are several practical steps that can be taken to support an effective implementation of CP25/18.

  1. Adopt a data-driven approach. Use your NFM management information to identify cultural hotspots.
  2. Conduct a gap analysis to assess risk management frameworks against CP25/18 expectations. 
  3. Review existing governance structures for handling NFM cases, including documented outcomes, accountability, lessons learnt and board reporting.
  4. Train leadership and equip risk teams to identify and respond to NFM as a regulatory risk.

Finally, culture does not change by accident. Top-down stewardship is essential to embedding expectations with respect to NFM. When boards and senior leaders model accountability and set clear expectations, they create the conditions for trust to grow, for misconduct to be addressed and cultural change that leads to an inclusive workforce and becomes a lived reality. 

How can Crowe help?

Through our practical and experienced team in risk management and DEI in insurance, Crowe continues to support clients in setting their own agenda to address these challenges in a pragmatic and effective manner.

If you're looking to strengthen your culture and resilience strategy, speak to Crowe about how we can help you take the next step.

Contact us

Alex Hindson
Alex Hindson
Partner, Head of Sustainability
+44 (0)20 7842 7326

Insights

UK Sustainability Reporting Standards
Important update on UK Sustainability Reporting Standards.
Climate Risk Management expectations for banks and insurers
What you need to know about the PRA’s review of SS 3/19 (CP10/25).
Solvent Exit Requirements
PRA’s Solvent Exit Planning requirements urge insurers to plan early, before exit barriers become critical.

Related services

Risk and Governance