Culture as Control: Non-Financial Misconduct and the New Regulatory Standard

Kroll’s Alternatives and Asset Management Conference 2026 underscored that culture is no longer an abstract concept in financial services. It is now a measurable, governable and enforceable dimension of regulatory risk. This was highlighted in a panel "Culture and Non-Financial Misconduct— Key Considerations for Compliance Officers" that discussed how non-financial misconduct (NFM) has moved from the domain of HR into the core of regulatory supervision, governance and senior accountability.

For firms, the key challenge is to demonstrate that existing frameworks operate effectively in areas where judgement, consistency and reputational risk intersect.

 

The Regulatory Reframing of Behavior

The Financial Conduct Authority’s (FCA) approach to NFM has evolved steadily. Behavior that calls into question integrity, judgement or leadership suitability is now a regulatory concern, whether it occurs inside or outside the workplace.

This reframing has practical consequences. Conduct such as harassment, bullying or abusive behavior is assessed through the lens of conduct risk, governance and accountability.

The implication is structural. NFM is no longer episodic. It is embedded within:

• Fitness and propriety assessments
• Conduct Rule obligations
• Regulatory notifications and references
• Firm-wide culture and governance

Culture, in this context, becomes part of the control environment.

 

Scope and Threshold: Clarity with Complexity

Recent updates to the FCA’s Conduct Rules (COCON) clarify that work-related misconduct, including harassment or behavior creating a hostile environment, may fall within regulatory scope. However, not all misconduct constitutes a breach. The defining threshold is seriousness.

Firms must evaluate:

• Severity and impact
• Duration and repetition
• Seniority and power imbalance
• Intent and awareness

These assessments require structured judgement. There is no checklist that eliminates discretion.

 

Divergent Outcomes in Practice

Consider two firms facing similar allegations of repeated inappropriate behavior by a senior employee:

• Firm A treats the matter as an isolated HR issue, issues a warning and does not escalate or notify.
• Firm B conducts a cross-functional review, identifies a pattern, documents rationale, determines seriousness and notifies the FCA.

From a regulatory perspective, Firm B demonstrates control while Firm A introduces avoidable risk. While the underlying circumstances will almost certainly differ even where the facts are similar, consistent judgement will nonetheless be needed. The distinction lies in process as decisions must not only be made and judgement exercised but also evidenced and supported on file.

 

A Practical Framework for Assessing Seriousness

Leading firms are adopting structured decision frameworks, typically considering:

• Context and Connection: Is the conduct work-related or does it impact colleagues, clients or the firm?
• Severity and Impact: Did it cause harm, distress or reputational exposure?
• Pattern and Persistence: Is the behavior repeated or systemic?
• Seniority and Power Dynamics: Does authority amplify its impact?
• Intent and Awareness: Was the behavior deliberate, reckless or avoidable?

This does not remove judgement but anchors it. Consistency becomes demonstrable rather than assumed.

 

Regulatory References: Where Judgement Becomes Record

Regulatory references are a critical risk point. They transform internal judgements into enduring external disclosures.

The FCA expects firms to provide relevant information on a best-endeavors basis, including when investigations are ongoing or incomplete.

 

Case Scenario: Incomplete Investigation

An employee exits while under investigation:

• A weak approach omits the matter due to lack of conclusion.
• A robust approach discloses the investigation, its scope and its status, clearly distinguishing fact from allegation.

The latter demonstrates transparency and governance discipline. The former risks regulatory challenge, particularly if issues later emerge publicly. For boards, regulatory references are a direct reflection of control and credibility.

 

Accountability in Practice

NFM is expanding accountability under SM&CR. The focus is no longer limited to perpetrators. Managers who fail to take reasonable steps to prevent or address misconduct may themselves be exposed.

Importantly, the definition of manager is broad. It extends beyond formally designated senior managers to include functional or situational leadership roles.

This creates two realities:

• Accountability is wider than organizational charts suggest
• Oversight expectations are proactive, not reactive

Failure to act, inadequate escalation or poor handling of complaints can create direct regulatory exposure.

 

When Does Supervision Intensify?

While enforcement remains selective, supervisory scrutiny is increasing. Common triggers include:

• Inconsistent handling of similar cases
• Failure to notify issues that later become material
• Weak documentation or investigation processes
• Patterns indicating cultural weaknesses
• Involvement of senior individuals

In practice, firms should assume that decisions will be assessed in hindsight. The key regulatory question is not only what happened, but how it was handled.

 

Board-Level Priorities

For boards and senior leadership, NFM requires structured oversight. Key priorities include:

• Governance Integration: Embed NFM within SM&CR, conduct risk and broader governance frameworks.
• Clear Accountability: Define ownership across HR, compliance and business leadership, with clear escalation lines.
• Consistent Decision-Making: Implement structured frameworks to assess seriousness and ensure comparability.
• Effective Reporting: Provide boards with insight into trends, not just individual incidents.
• Culture as Control: Reinforce expectations through training, leadership behavior and communication.
• Documentation and Auditability: Ensure decisions are fully supported by evidence, rationale and process.

 

From Policy to Operational Discipline

The defining challenge of NFM is execution. Firms that succeed will:

• Align HR, Compliance and Legal processes
• Apply consistent frameworks across jurisdictions
• Document decisions rigorously
• Engage proactively with the regulator where appropriate

Those that struggle will rely on fragmented approaches and subjective decision-making.

 

Looking Ahead

NFM will be defined by how rigorously firms apply existing expectations.

The FCA is not seeking to regulate morality. It is assessing whether behavior reflects integrity, judgement and the ability to operate within a regulated system.

For firms, the implication is clear: Culture is no longer a matter of articulation. It is a matter of evidence in that environment; non-financial misconduct is not peripheral. It is a core test of governance, leadership and regulatory credibility.