eflow has launched a Non-Financial Misconduct Readiness Check for financial services firms ahead of new Financial Conduct Authority rules on non-financial misconduct.
The new regime will require regulated firms to demonstrate clearer oversight, accountability and evidence-based governance on issues including bullying, harassment and violence. Firms are also expected to review staff policies, conduct breach reporting, fit-and-proper assessments, regulatory references, and staff and manager awareness.
Ben Parker, Chief Executive Officer of eflow, said many firms risk a gap between regulatory expectations and the evidence their current systems can provide. He said some organisations have focused on updating policies without testing whether their internal processes and records can support the new standards.
The assessment is intended to examine whether firms can monitor internal digital communications channels and document instances of non-compliant behaviour. Those channels are often an important source of evidence when organisations investigate concerns about conduct and workplace culture.
Rules shift
The Financial Conduct Authority has been tightening its approach to non-financial misconduct as part of a broader focus on behaviour, culture and individual accountability across financial services. The latest changes bring conduct such as bullying, harassment, and violence more clearly within the regulatory framework that firms already use for assessments of conduct and fitness.
That means employers may need to do more than issue revised policy documents. They may also need systems that let them retain, review and search internal communications, track how issues are escalated, and show how decisions were made when cases are examined internally or by regulators.
eflow said its Readiness Check draws on its electronic communications surveillance tools to review communications data for signs of bullying, coercive behaviour or abusive language. Messages shared across a firm's digital channels can also be archived and later searched to support oversight, escalation, and audit processes.
Conduct gap
Parker said the coming rules could expose weaknesses in how firms evidence governance around misconduct.
"The FCA has been clear about what firms need to demonstrate when it comes to non-financial misconduct - clear oversight, evidence trails and accountability processes. But many firms are focused on policy updates without considering whether their operational infrastructure can actually support those obligations. With 90 days until the regulations come into force, firms should be asking themselves: can we evidence decisions, track escalations and demonstrate governance in the way the regulator now expects?" Parker said.
His remarks highlight a practical challenge for compliance teams. In many firms, information relevant to conduct cases may be scattered across messaging platforms, email systems, case management tools, and human resources records, making it difficult to present a clear account of what happened and how managers responded.
The Financial Conduct Authority has also said firms do not need to reassess historic cases retrospectively or monitor employees' private lives. That clarification narrows the immediate compliance task, but firms still need to show that current arrangements are suitable for identifying and handling concerns once the rules take effect.
For providers of compliance software, the rule change opens another area of scrutiny beyond traditional market abuse surveillance and transaction monitoring. Internal conduct, once treated mainly as a human resources issue, is moving further into the remit of regulated governance and board oversight.
Founded in 2004, eflow supplies regulatory technology to financial firms in areas including market abuse surveillance, best execution, transaction cost analysis, transaction reporting, and electronic communications surveillance. It says it serves more than 140 clients across five continents, covering both buy-side and sell-side firms.
Parker said firms should address operational weaknesses before the rules take effect.
"Culture and conduct are becoming increasingly important compliance priorities, but they require operational clarity, not just policy documentation. The expansion of communications surveillance into broader conduct monitoring emphasises that firms need to understand whether their current systems and controls are fit for purpose - not in six months' time, but now, while there is still time to address gaps," Parker said.