Understanding the FCA Code of Conduct

Regulators expect employees in financial firms to comply with the UK Financial Conduct Authority’s (FCA’s) Code of Conduct (COCON). Failure can result in fines. Is your organisation compliant?

The UK Financial Conduct Authority’s (FCA’s) Code of Conduct was introduced in 2021 as a step-change in how firms engage with culture in their organisations and the behaviour of employees. However, companies are still breaching this code.

The Code of Conduct was introduced to shift industry culture towards higher ethical standards. It’s about ensuring staff act with integrity, competence and care while enhancing consumer protection, maintaining market integrity and strengthening accountability. However, companies sometimes breach the COCON.

In 2025, the FCA updated its rules, “setting clearer standards for how financial services firms should address non-financial misconduct (NFM)”. They also provided guidance to support businesses. The changes come into force on September 1st, 2026 – more on this below.

Key takeaways:

• The FCA Code of Conduct provides a base level of behaviour expected of people working in the financial services industry, and it covers almost all employees, except for a handful of exceptions, such as receptionists and switchboard operators (ancillary staff).
• There are six Individual Conduct Rules, such as acting with integrity, and four Senior Manager Conduct Rules, including taking reasonable steps to ensure the firm’s business for which you’re responsible is controlled effectively.
• Implementing the Code of Conduct takes a lot of work, including identifying individuals and roles to which it applies, notifying and training them effectively, plus putting COCON processes in place and documenting them.
• Training should be general, helping employees understand the COCON and its requirements, but also specific, ensuring they comprehend how it applies to their role.
• Significant FCA COCON changes announced in 2025 include expanding the scope of non-financial misconduct, enhancing manager accountability and updating Fit and Proper tests.
• To adhere to the changes, firms should update their policies and procedures, train employees, strengthen reporting channels, etc.
• Skillcast can help you on your FCA compliance journey via our online training courses, Learning Management System (LMS) and Compliance Portal.

Complying with the FCA Code of Conduct

The regulator wants certain standards of behaviour embedded within firms’ culture, backed by robust training and documentation. Let’s look at the Code of Conduct and what it asks of businesses.

What’s the FCA Code of Conduct?

The FCA, the UK regulator, created the Code of Conduct in 2016. For the first time, it established a base level of behaviour expected of people working in the financial services industry.

The Code of Conduct is part of an overall package that includes the Senior Managers & Certification Regime (SM&CR) and the Certification Regime.

The COCON applies to nearly everyone at FCA-authorised financial companies, including senior managers, certified staff, other employees and contractors. It covers regulated and unregulated activities and includes UK branches of foreign firms.

The Code of Conduct sets out Individual Conduct Rules and Senior Manager Conduct Rules. Through the COCON, the FCA aims to:

• Support the development of the ‘right’ corporate culture within firms
• Focus employee attention on acting with integrity and due skill, care and diligence
• Emphasise the need for employees to pay due regard to the interests of customers and treat them fairly
• Enable firms to nurture the right compliance culture by supporting the need for employees to meet standards of market conduct
• Ensure employees know they must inform the FCA about certain things, from breaches to structural changes
• Ensure staff understand non-financial misconduct, such as bullying, harassment and discrimination, is formally treated as a serious regulatory concern (following the changes in 2025)

Does the Code of Conduct apply to me?

The COCON applies to almost all employees who carry out financial services or linked activities within an authorised firm. There are a handful of exceptions, such as:

Firms should carefully review the FCA’s text to identify which roles are exempt. Failure to comply with COCON constitutes a breach, which will be penalised.

What are the Individual Conduct Rules?

Below are the six Individual Conduct Rules and a selection of sample breaches.

Rule 1: You must act with integrity.
Breaches: Misleading a client, falsifying documents or mismarking a trading position’s value.

Rule 2: You must act with due skill, care and diligence.
Breaches: Failing to explain investment risks to customers or undertaking transactions without a reasonable understanding of the risks involved.

Rule 3: You must be open and cooperative with the FCA, the UK Prudential Regulation Authority (PRA) and other regulators.
Breaches: Failing to promptly answer questions posed by the regulators, or acknowledge or seek to resolve mistakes in dealing with customers.

Rule 4: You must pay due regard to customer interests and treat them fairly.
Breaches: Failing to provide adequate control over a client’s assets, disclose details of charges or surrender penalties of investment products to a customer.

Rule 5: You must observe proper standards of market conduct.
Breaches: Manipulating a benchmark or market (or attempting to), or failing to comply with market codes or exchange rules.

Rule 6: You must act to deliver good outcomes for retail customers (The Consumer Duty).
Breaches: Failing to act in good faith, causing foreseeable harm, or creating unreasonable barriers to service, including selling unsuitable products, providing misleading information, neglecting vulnerable customers and imposing complex exit fees.

What are the Senior Manager Conduct Rules?

These apply to individuals and roles identified as senior managers under the SM&CR regime. The FCA outlines four rules, plus additional guidance about how to fulfil obligations.

Rule 1: You must take reasonable steps to ensure that the firm’s business for which you are responsible is controlled effectively.

Breaches: Failing to take reasonable steps to apportion responsibilities clearly; failing to take reasonable care to maintain a clear and appropriate apportionment of responsibilities.

Rule 2: You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system.

Breaches: Failing to take reasonable steps to implement adequate and appropriate controls to comply with regulatory requirements and standards, failing to take reasonable steps to ensure processes and controls are reviewed when there is a significant breach of regulatory requirements.

Rule 3: You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively.

Breaches: Failing to take reasonable steps to maintain an appropriate level of understanding about an issue or part of the business that the senior manager has delegated to an individual or individuals.

Rule 4: You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice.

Breach: If a senior manager is responsible within the firm for reporting matters to the regulator and fails to promptly inform the regulator concerned of information of which they are aware and which it would be reasonable to assume would be of material significance to the regulator.

Read our SMCR Roadmap

How can you comply with the Code of Conduct obligations?

Although the Code of Conduct seems straightforward, implementing it across your organisation requires substantial work. Key steps to take include:

• Identifying individuals and roles to which the Code of Conduct applies.
• Notifying those individuals of the rules that apply to them.
• Training individuals about the rules, including a broad understanding of the Code of Conduct and a deeper grasp of the practical application of the specific areas relevant to their work.
• Putting processes in place that employees can use to notify the firm or regulator of a breach.
• Documenting everything the firm does to implement the Code of Conduct and ensure ongoing compliance in a way that’s readily accessible if the regulator (or an employee) wants to review the materials.
• Creating a regular governance rhythm for the board of directors, including providing reports on training, code breaches and culture survey results.

What’s the best way to approach Code of Conduct training?

Training is a requirement, so firms must ensure employees know what the rules are and how they apply.

The FCA needs to be confident that companies successfully share the Code of Conduct – and the common standards of good behaviour it captures – with required employees.

Training should be general, so employees understand the Code of Conduct and its requirements. But it also needs to be specific, helping them comprehend how it applies to their specific roles.

The FCA published a list of elements it looks for when it reviews the Code of Conduct training firms deploy. We group them below across the training journey:

Before COCON training:

• Put training in the context of the overall regime.
• Present SM&CR/Conduct Rules as a step-change in regulatory expectations.
• Relevant senior managers can demonstrate appropriate involvement/oversight of training.

During COCON training:

• Training is interactive and uses realistic scenarios.
• Examples/scenarios draw out the nuances of how the rules apply to each type of role.
• Line managers are involved in training delivery, not just HR or the project team.

After COCON training:

In short, the regulator is looking for informative, high-quality training that helps evolve the culture within firms.

Significant FCA COCON changes

Key 2025 updates by the FCA focused on serious non-financial misconduct. Previously, it was often unclear when behaviours amounted to a Conduct Rules breach at non-bank organisations. As of 1st September 2026, the rules will be extended to around 37,000 other regulated financial firms, increasing consistency across the industry.

As well as being extended, the rules are changing, therefore impacting banks as well. In short, they aim to standardise how NFM is handled across the entire financial services sector. They include (but aren’t limited to):

By the September 1st deadline, firms are expected to update their policies and procedures, train employees, strengthen reporting channels, ensure regulatory references accurately reflect non-financial misconduct, and stress-test FIT assessments.

Skillcast can help you on your FCA compliance journey through our online training libraries, Learning Management System (LMS) and Compliance Portal. To find out more, contact the team today or book a demo.

FCA Code of Conduct: FAQs

How often should FCA Code of Conduct training be refreshed to remain effective?

Firms should refresh Code of Conduct training at least annually, or more frequently if there are significant regulatory updates, changes in business processes or lessons learned from compliance breaches. Regular refreshers help maintain awareness and reinforce expected behaviours across the organisation.

How can firms tailor Code of Conduct training for high‑risk business areas?

Training should be customised to reflect the specific risks and responsibilities of high-risk areas, such as trading desks or advisory teams. This can include scenario-based exercises, role-specific guidance, and practical examples relevant to the department’s day-to-day activities, ensuring staff understand the real-world implications of the Conduct Rules.

What tools or technology can support ongoing compliance monitoring?

Firms can leverage compliance monitoring software to track employee behaviour, activity and policy adherence. This includes workflow monitoring, automated alerts, data analytics, and communication surveillance systems to identify potential breaches quickly and efficiently.

What steps can be taken to rebuild trust after a breach of the Conduct Rules?

Rebuilding trust requires transparency, accountability and proactive remediation. Firms should promptly report to the FCA and investigate the breach, implement corrective measures, communicate clearly with stakeholders, and enhance training and oversight to prevent recurrence. Demonstrating a strong compliance culture and ethical behaviour is key to restoring confidence among clients, staff and regulators.

Want to learn more about FCA Compliance?

Our Essentials Library contains e-learning content designed to help organisations meet fundamental compliance requirements. If you’re looking for focused training, our training packages offer a complete solution for your compliance programme. For example, our FCA Handbook Training Package includes:

Our e-learning courses are designed to engage employees with our microlearning library, which was created to support knowledge retention.

Our Compliance Portal also features a range of tools to digitise and automate your compliance learning. These include our:

If you’d like to access leading insights and compliance tips, you can browse our free resources by topic to find guides, modules, compliance bites and more.

Explore our collection