Regulators consult on measures to improve diversity and inclusion and promote healthy cultures in financial services

United Kingdom

After much talk and the promise of action, on 25 September 2023, the Prudential Regulation Authority (“PRA”) and Financial Conduct Authority (“FCA”) (together the “Regulators”) each published a consultation paper, CP23/20 (the “FCA Consultation Paper”) and  CP18/23 (the “PRA Consultation Paper”) (together, the “Consultation Papers”) seeking to boost diversity and inclusion to support healthy workplace cultures, reduce groupthink and unlock talent in financial services. There is no doubt that culture remains at the heart of the Regulators’ agendas.  

The Consultation Papers follow on from the joint discussion paper on D&I (DP21/2), which was published way back in July 2021, and include proposed changes in respect of:

  • Non-Financial Misconduct: better integrate non-financial misconduct (NFM), covering bullying harassment and discrimination, considerations into staff fitness and propriety (F&P) assessments, the Conduct Rules and the suitability criteria for firms to operate in the financial sector (known as the Threshold Conditions);
  • Diversity and Inclusion: introduce requirements to increase the pace of change on D&I in financial services. The D&I proposals are intended to apply proportionately and certain firms (depending on their size and categorisation) will be required to:
    • report their average number of employees on an annual basis
    • collect, report and disclose certain D&I data (across a range of characteristics and inclusion metrics which will be benchmarked with other firms as part of an industry report)
    • establish, implement and maintain a D&I strategy (overseen at board level)
    • determine and set appropriate diversity targets
    • recognise a lack of D&I as a non-financial risk.

The Consultation Papers demonstrate the Regulators’ continuing focus on D&I which they see as an important part of a firm’s culture. Firms are increasingly expected to ‘walk the talk’ on D&I initiatives by demonstrating that those initiatives are fully embedded in their operations because greater diversity and inclusion create better outcomes for consumers and markets. It is also clear that the Regulators’ focus goes beyond gender and ethnicity (where there has been progress) and includes other “demographic characteristics” such as disability, age, parental and carer responsibilities and socio-economic background.

While the FCA has long made clear that it considers “non financial misconduct to be misconduct” that falls within its regulatory remit, it has not provided any guidance to firms in terms of the types of behaviours that would constitute a breach of the Conduct Rules and/or go to an individual’s fitness and propriety. This has led to firms setting their own tolerance levels and making difficult and nuanced judgement calls when determining the regulatory significance of NFM-related behaviours, resulting in a significant degree of inconsistency across the industry. As such the proposals to issue specific guidance will be welcomed. However, firms will still need to exercise their own judgement against this guidance and their own culture. Senior management will also need to take note that their own conduct in identifying and addressing this type of behaviour could come under regulatory scrutiny and, where it falls short, result in regulatory penalties. Firms should be under no illusions; their cultures and behaviours will be under the regulatory spotlight.

FCA Consultation Paper

Application: The FCA Consultation Paper is relevant to all firms that are authorised pursuant to Part 4A of the Financial Services and Markets Act 2000 (FSMA). The proposals set out in the FCA Consultation Paper are therefore not relevant to other firms, such as credit rating agencies, payment services and e-money firms. The FCA has however encouraged these firms to consider whether voluntarily adopting the D&I framework may be beneficial for them.

Non-financial misconduct: The FCA proposes to apply a minimum standard of NFM which is intended to reduce discrimination and misconduct in financial services. The concept of NFM will be expressly included within:

  • The Conduct Rules:
  1. Currently the scope of COCON is restricted (except in the case of banks) to regulated activities, other so-called SM&CR financial activities and certain kinds of misconduct that could have serious effects. The FCA proposes to expand the scope of COCON to make clear that instances of bullying, harassment and similar behaviour towards fellow employees and employees of group companies and contractors could breach Individual Conduct Rule 1 (You must act with integrity), but only when such instances are serious.  
  2. NFM in a person’s private or personal life will not lead to a breach of COCON and the FCA does not propose to change this. The FCA has provided helpful guidance to clarify the line between the workplace and a person’s private life. For example, misconduct against a fellow employee at a social event organised by the firm would fall within the scope of COCON but the same misconduct at a social occasion organised by a colleague in a personal capacity would not. However, misconduct outside of the workplace may still be relevant for the purpose of an F&P assessment.
  3. The FCA proposes to introduce guidance for managers (which captures managers in the broader sense than approved senior managers) in respect of Individual Conduct Rule 2 (You must act with due skill, care and diligence). A manager may breach Individual Conduct Rule 2 if they fail to take reasonable steps to protect staff against NFM or fail to take seriously or deal effectively with complaints of NFM.
  • F&P assessments: the FCA proposes to edit the FIT sourcebook in the FCA Handbook to include guidance on how NFM is relevant to fitness and propriety, and that both serious NFM in the workplace or in a person’s private life is relevant when undertaking an F&P assessment. The FCA considers that misconduct in a person’s personal or private life may run the risk that the person would commit misconduct in their work activities. The guidance in FIT has also been expanded to suggest that conduct of a type that can damage public confidence in the financial sector is likely to mean that a person is not fit and proper.
  • Threshold Conditions: the FCA proposes to edit the Threshold Conditions part of the FCA Handbook (COND) to provide additional guidance on what the FCA will assess when considering the Threshold Condition of suitability. Going forward the FCA proposes to look at not only financial crime offences committed by person’s connected to a firm but also violent, racially motivated or aggravated and sexual offences. The FCA will also consider whether a person connected with a firm has been found previously to have engaged in discriminatory practices.
  • Regulatory references: the FCA proposes to add guidance on how NFM should be incorporated into regulatory references to help firms act confidently and decisively where NFM is identified.

Additional D&I measures for large firms: for solo-regulated firms with 251 or more employees (excluding limited scope SMCR firms):

  • D&I strategies. The FCA proposes to require firms to develop an evidence based D&I strategy. At a minimum, a D&I strategy will need to contain information about a firm’s D&I objectives and goals, a plan for meeting goals and measuring progress, a summary of arrangements in place to identify and manage obstacles to meeting those objectives and goals, and ways to ensure staff have adequate knowledge of a firm’s D&I strategy. The FCA however decided against introducing a mandatory D&I training requirement because of a lack of clear evidence about its effectiveness.
  • Setting and publishing targets. The FCA proposes to require large firms to set their own diversity targets to address underrepresentation. The FCA is not proposing to mandate which demographic characteristics the targets should cover, nor what the targets should be, on the basis that each firm is different.
  • Data reporting. The FCA proposes to introduce requirements for firms to annually collect and report to the regulators in numerical figures, data across a range of demographic characteristics, inclusion metrics, and targets via a regulatory return. The FCA has set out mandatory and voluntary demographic characteristics in the report and the FCA has indicated that they expect to see an increasing number of firms reporting data on voluntary metrics and that these may move to mandatory characteristics in the future. The mandatory demographic characteristics would be: (i) age, (ii) ethnicity, (iii) sex or gender, (iv) religion, (v) disability or long-term health conditions, and (vi) sexual orientation. The voluntary demographic characteristics would be: (i) sex or gender (firms would be required to report on either sex or gender but could choose to report on both), (ii) parental responsibilities, (iii) carer responsibilities, (iv) gender identity, and (v) socio-economic background.
  • Data disclosure. The FCA proposes that firms make public disclosures on D&I data to increase transparency and scrutiny. It is proposed that firms publicly disclose their targets and progress towards them annually and also publicly disclose the same information that is reported to the FCA. The FCA proposes to produce a regular aggregated disclosure report based on the D&I data reported to it.
  • Risk and governance. The FCA proposes to introduce guidance for firms to make clear that matters relating to D&I are to be considered as a non-financial risk and treated appropriately within a firm’s governance structures. Firms are given the flexibility to implement this proposal in a way that is aligned with their governance structure.

PRA Consultation Paper

The PRA Consultation Paper is relevant to PRA-authorised banks and insurance firms, building societies, PRA-designated UK investment firms, and their qualifying parent undertakings, which for this purpose comprise UK-headquartered financial holding companies and mixed financial holding companies. The proposals do not apply to credit unions and friendly societies.

Proposals applicable to all dual-regulated firms:

  • Firm-wide diversity and inclusion strategies. The PRA proposes to require firms to have and to publish a firm-wide D&I strategy. The strategy will need to include a firm’s core values, the culture it is trying to create, clear objectives and goals for improving D&I, ways of measuring progress, and the role of the firm and staff in fostering an open and inclusive environment. Firms have the flexibility to tailor their strategy to meet their circumstances. For smaller firms, the PRA would expect their strategy to be proportionately simpler, and less comprehensive than those for larger firms. The PRA’s proposed expectations are set out in a new D&I supervisory statement. 
  • Board governance. CRR and Solvency II firms have an existing requirement to promote diversity when recruiting to the board. The PRA proposes to change rules referring to ‘a policy promoting diversity’ on the board to ‘a strategy promoting diversity and inclusion’. The PRA also proposes to clarify expectations on succession planning and board/board sub-committee responsibilities for D&I.
  • Individual accountability. The PRA proposes an expectation that responsibility for D&I be incorporated within the already existing prescribed responsibilities which relate to culture. Prescribed Responsibility I, usually held by the SMF9 Chair of the board, sets out the responsibility for leading the board’s development of the firm’s culture. Prescribed Responsibility H, usually held by the SMF1 CEO, includes responsibility for overseeing the adoption of the firm’s culture in the day-to-day management of the firm. These SMFs would be expected to have their responsibilities for D&I reflected in their Statements of Responsibility. For firms that are not in scope of culture prescribed responsibilities, the PRA proposes that at least one SMF should have responsibility for the implementation of the firm’s D&I strategy reflected in their SoR.
  • Monitoring diversity and inclusion. The PRA proposes to require firms to monitor D&I internally and to take appropriate actions where necessary. The PRA considers the ability to monitor outcomes to be an important factor in making progress on D&I.

Proposals applicable only to CRR and Solvency II firms with over 250 employees:

  • Targets. Firms will be required to set their own diversity targets where they identify underrepresentation. Firms would be expected to set targets for women and ethnicity at a minimum, if the firm identifies underrepresentation in these areas. The PRA does not propose to be prescriptive about the specific types of targets firms set for themselves in order to allow for proportionate application.
  • Regulatory reporting. The PRA proposes to require large firms to report certain D&I data alongside information on their targets. Like the FCA, the PRA is proposing to use the data to produce and publish an aggregated benchmark report.
  • Disclosure. The PRA proposes to require the large firms to disclose information on the D&I targets that they have set for themselves, the demographic diversity of their firm, as well as inclusion metrics.


Non-financial misconduct: The FCA’s stance on NFM has already been well publicised – the Consultation Papers serve to clarify what was already known (i.e. that NFM and D&I are regulatory priorities), and give firms hope that some much-awaited guidance is on the horizon. As long ago as 2018, Megan Butler (a former FCA Executive Director of Supervision) wrote [link] in response to the Women and Equalities Committee report on sexual harassment in the workplace that the FCA sees sexual misconduct as falling within the scope of the financial services framework – in terms of F&P assessments and also potential Conduct Rule breaches too. Christopher Woolard, former interim Chief Executive Officer of the FCA, stated in December 2018 (when he was then FCA Executive Director of Strategy and Competition) that “non-financial misconduct is misconduct, plain and simple.” [link] In practice therefore, regulated firms have been grappling with the concept of NFM for years when conducting F&P assessments and considering potential breaches of the Conduct Rules.

What is newly set out in the FCA Consultation Paper is the FCA’s guidance on what constitutes NFM.  Previously, firms had to set their own bar as to what may or may not constitute NFM.  Firms will therefore welcome the guidance which will effectively set a minimum standard for the entire industry although decisions in this area are never going to be binary and firms will still have to apply their own judgement as each case will turn on its own individual facts and each firm will continue to define their own organisation tolerance levels.  

Most helpfully, the FCA has provided guidance as to what constitutes serious misconduct and would therefore be a breach of a Conduct Rule. The guidance clarifies that not every instance of misconduct towards a fellow member of the workforce will be a conduct breach and only serious instances will be caught. Factors to consider when deciding whether there has been a serious breach include, for example, whether the conduct is repeated, the duration of the conduct, the seniority of the person whose conduct is in question and the difference in seniority between the person whose conduct is in question and the subject of the conduct.

The FCA is not only seeking to dissuade acts of NFM themselves but is also hoping to encourage a psychologically safe working environment in financial services, where employees can raise concerns in the knowledge that they will be dealt with appropriately and taken seriously. A failure by a manager to protect staff against NFM or fail to take seriously or deal effectively with complaints of NFM may lead to a breach of the Conduct Rules and it is hoped that this guidance will dissuade managers from sweeping difficult issues such as NFM under the carpet and ensure that they are tackled head-on, with appropriate action taken if needed.

Where disciplinary action is taken in respect of actual misconduct, or a failure to appropriately deal with NFM, this should be explained in any regulatory reference and the FCA’s proposed guidance should assist firms to incorporate and justify the inclusion of such content when it is required.  

It will be important that firms and their senior management can demonstrate how NFM decisions have been reached and having taken appropriate action including lessons learned from individual incidents.    

Individual accountability: the PRA and FCA are taking different approaches when it comes to individual accountability. The PRA already has prescribed responsibilities for culture applicable to certain firms it regulates, and it was thought that the FCA may introduce the same prescribed responsibilities for solo-regulated firms to strengthen SMF focus on culture and D&I. However, FCA rules will not require overall responsibility for culture or D&I to be allocated to a specific SMF but it has stated that firms may wish to do so to focus attention on D&I. We anticipate that many solo-regulated firms, as a matter of best practice, will allocate overall responsibility for culture and/or D&I to an SMF in order to drive forward the firm’s D&I agenda.

The PRA has clarified that failure to achieve quantitative D&I targets related to diverse representation of demographic characteristics would not necessarily amount to a failure to meet their responsibilities for SMFs in dual-regulated firms who have been allocated a prescribed responsibility for culture. This makes sense as otherwise D&I target setting may have unintended consequences with responsible SMFs prioritising a ‘box-ticking’ approach rather than considering D&I progress more holistically. How much comfort it will provide to SMFs is debatable however. The PRA says failure to hit targets would not necessarily amount to a failure to meet responsibilities, which suggests that a failure to meet D&I targets may (in certain circumstances) be seen by the PRA as a failure to meet SMF responsibilities. 

SMFs with an allocated prescribed responsibility are however required to take ‘reasonable steps’ in order to avoid breaching the Conduct Rules and the PRA expects ‘reasonable steps’ in this context to include demonstrable efforts to implement a well-developed and evidence-based D&I strategy, and an understanding of how a firm should address strategic shortcomings on D&I over time.

Diversity & inclusion: The Regulators’ proposals continue to turn the dial on improving D&I within the financial sector. The proposals reflect the Regulators’ desire to accelerate the pace of change across the sector (not only in the largest firms) in order to deliver meaningful and lasting change. Mandating aspects of D&I reporting and target-setting and encouraging voluntary action in other areas will enable the Regulators and firms alike to take targeted action to improve the representation of relevant demographic characteristics within the sector within a flexible and proportionate framework. By recognising the importance of inclusivity (via the reporting of certain inclusion metrics such as safety to speak up about inappropriate behaviour or misconduct), the Regulators have recognised the importance of reducing ‘groupthink’, promoting psychological safety and fostering cultures where misconduct such as discrimination, bullying and harassment do not go unchecked.  

Next Steps

Respondents are asked to respond to the Consultation Papers by 18 December 2023. Regulators aim to publish policy statements in 2024 and bring rules into force in 2025, a year after the publication of the policy statements.

Authors: Alison McHaffie (Partner), Gillian MacLellan (Partner), Steven Cochrane (Partner) & Billy Bradley (Senior Associate)