Legal development

Diversity and Inclusion proposals with a side order of non-financial misconduct

Insight Hero Image

    The PRA and FCA have each published a consultation paper (CP23/20  and CP18/23) following their joint July 2021 discussion paper on diversity and inclusion (which we covered in our briefing here). The regulators consider that the proposals on diversity and inclusion will deliver better outcomes for customers and markets by ensuring healthy work cultures, reducing groupthink and unlocking talent. 

    Arguably more important (but certainly not clear from the consultations' title) are the proposals contained in these papers to incorporate changes to the FCA conduct rules and fitness and propriety to clarify the position firms should adopt with respect to non-financial misconduct. This is an area that will undoubtedly lead to change in firms. 

    The proposals are wide-ranging and apply differently to different sizes of firms.  The proposals can be grouped into two: (i) those in relation to D&I initiatives; and (ii) those in relation to the integration of non-financial misconduct into firms' SMCR governance processes. 

    On D&I, there is a sliding application of the proposals.  Firms who have over 251 employees will be required disclose certain D&I data; establish and maintain a D&I strategy; and set diversity targets. 

    For all firms, the regulators have also provided clarity in relation to non-financial misconduct and how it is to be treated under the fitness and propriety assessment as well as under the conduct rules set out in COCON.  Illustrative examples have been provided in the handbook text.  This will mean changes required in relation to policies and procedures that reflect this. 

     Policy proposals Which firms are impacted?
     Non-financial misconduct  All firms – this will mean changes to fitness and propriety assessments, conduct rule breach processes, and regulatory references.
     D&I data reporting  All firms (except limited scope SMCR firms) need to report the number of their employees annually.
     All firms with 251 employees or more (except limited scope SMCR firms) will have additional reporting obligations.
     D&I strategies Dual regulated CRR and Solvency II firms of any size.
     All firms with 251 employees or more (except limited scope SMCR firms) will have additional reporting obligations.
     Data disclosure

    All firms with 251 employees or more (except limited scope SMCR firms) will have additional reporting obligations.

     Setting D&I targets
     Risk and governance 


    What are the proposals?

    Diversity and inclusion

    The papers build on some of the concepts set out in the 2021 discussion paper. 

    The D&I proposals apply to firms with 251 employees or more (except limited scope SMCR firms).  
    Firms that do not hit this threshold (i.e. with less than 251 employees) must report on an annual basis the number of employees in the firm but otherwise will not be subject to the main proposals. 

    For those firms with 251 employees or more (except limited scope SMCR firms) they must produce:

    a. D&I strategy

    Firms must develop an evidence based D&I strategy that takes account of their current progress on diversity and inclusion and includes as a minimum: 
    • the firm's D&I objectives and goals;
    • a plan for meeting those objectives and goals and measuring progress;
    • a summary of the arrangements in place to identify and manage any obstacles to meeting the objectives and goals;
    • ways to ensure adequate knowledge of the D&I strategy amongst staff; and
    • board oversight of D&I strategy.

    b. D&I targets 

    Firms must set targets to tackle underrepresentation in their firms at both board and firmwide level. 

    Firms would normally be expected to set at least one target for each of the board, its senior leadership and the employee population as a whole (which will include board and senior leadership). 

    Firms will have the flexibility to set their own targets (taking into account UK population data the geography they operate in) and to publicly disclose their targets, as well as their progress towards them. 

    c. D&I data reporting

    All firms must report on the number of their employees annually (except limited scope SMCR firms). (This will be based on an average number over a 3 year rolling basis).   

    Large firms (i.e. those with 251 employees or more except limited scope firms) must: 

    • annually collect and report to the regulators in numerical figures, data on a range of demographic characteristics, inclusion metrics and targets via a regulatory return. The form of the regulatory return has been set out in the proposed handbook text. 

    The joint FCA and PRA regulatory return would initially cover mandatory demographic characteristics and voluntary demographic characteristics (e.g. gender identity and socio-economic background). 

    So-called inclusion metrics would be recorded on a 5-point scale and would involve collecting employee views on whether the employee feels safe to speak up if they see inappropriate behaviour or misconduct. 

    The FCA is proposing that reporting rules would apply 12 months from the publication of the final rules and that data would be reported as of this date. Firms would have three months from the day after the reference date to report (e.g. if the final rules were published on 1 March 2024, the first reporting reference date would be 1 March 2025 and firms would be required to submit data by 2 June 2025). The first reporting cycle would be on a comply or explain basis.

    Under the proposals, firms would be required to publicly disclose the same information that the firm disclosed in the regulatory return, with the difference being that the disclosures would be in percentages rather than whole numbers. Disclosure on certain demographics would be voluntary. 

    d. Risk and governance

    Under FCA proposals, it would be clarified that matters relating to diversity and inclusion are to be considered as a non-financial risk and treated appropriately within a firm's governance structures.

    Non-financial misconduct

    The FCA is combatting the criticism that their previous statements and speeches on the position firms should adopt in relation to non-financial misconduct is not reflected in the Handbook text. 

    The FCA proposes incorporating non-financial misconduct considerations into staff fitness and propriety assessments under FIT, conduct rules under COCON and the suitability criteria for firms to operate in the financial sector (Threshold Conditions) in the Handbook text.

    The FCA has proposed significant new guidance on the kind of conduct which conduct rules apply, explaining that they will apply to conduct which 

    "(a) has the purpose or effect of: 

    Violating a [person's] dignity; or 

    Creating an intimidating, hostile, degrading, humiliating or offensive environment for [that person]; or 

    (b) is offensive, intimidating or violent to [that person]'; 

    (c) is unreasonable and oppressive to [that person]; or 

    (d) humiliates, degrades or injures [that person]'. 

    There is some additional clarity that the scope of the conduct rules does not cover private or personal life (see proposed COCON 1.3.1) however this distinction does not apply for a fitness and propriety assessment where behaviour in a person’s personal or private life is relevant to such assessment (the FCA provides examples of non-financial misconduct which they consider to be relevant to such assessments, such as sexual or racially motivated offences). 

    The proposed handbook text also explains that bullying and similar misconduct within the workplace is relevant to fitness and propriety assessments.

    The PRA also intends to update SS35/15 and SS28/15 to clarify that assessments of fitness and propriety would consider such behaviour. 

    What is the impact on firms? 

    For large firms i.e. 251 employees and above (not including limited scope firms)

    If/when the proposal come into effect (sometime in 2024) large firms will need to as a minimum:

    a) create board approved D&I strategy;

    b) set targets;

    c) prepare for disclosure of targets and progress towards these;

    d) data reporting to the FCA;

    e) review risk and governance frameworks;

    f) review fitness and proprietary assessments and conduct rule breach processes;

    g) potential amendments to regulatory references in relation to non-financial misconduct;

    h) update conduct policy (or compliance policy, if this is where reference to conduct is kept), in particular for new FCA definitions regarding discrimination/misconduct (workplace bullying); and

    i) senior level training/update on these changes and firm wide communication.

    For non-large firms

    This means, at a minimum – if/when the proposal come into effect smaller firms must:

    a) prepare for annual reporting of employee numbers;

    b) review of fitness and proprietary assessments for relevant employees;

    c) consider how to deal with regulatory references in relation to non-financial misconduct - maybe just more of the same, if already have a system;

    d) update conduct policy (or compliance policy, if this is where reference to conduct is kept), in particular for new FCA definitions regarding discrimination/misconduct (workplace bullying); and

    e) senior level training/update on these changes and firm wide communication.

    What next?

    The deadline for comments for both paper is 18 December 2023. The FCA plans to review the feedback and produce a Policy Statement containing final rules in 2024.

    The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
    Readers should take legal advice before applying it to specific issues or transactions.


    Stay ahead with our business insights, updates and podcasts

    Sign-up to select your areas of interest