How will the Employment Rights Act 2025 and Financial Conduct Authority Changes Transform Workplace Harassment Duties?

How will the Employment Rights Act 2025 and Financial Conduct Authority Changes Transform Workplace Harassment Duties?

Employment law in the UK is undergoing another significant shift as the Employment Rights Act 2025 (ERA 2025) is set to introduce stricter preventative duties on employers when it comes to workplace harassment and sexual harassment. But it is not just legislation which is impacting workplace attitudes to harassment; the Financial Conduct Authority (FCA) is tightening expectations and rules around non-financial misconduct (NFM): serious misconduct that includes behaviours such as bullying, harassment and violence. Both these changes of rules mean that employers face wider obligations in relation to workplace behaviour and greater consequences if they do not manage allegations of misconduct correctly. In the first part of a series of articles focusing on both the ERA 2025 and the new FCA rules, Kate Kapp, Employment Partner and Benedicte Perowne, Regulatory Partner, summarise the upcoming changes and highlight the key risk areas employers should focus on now.

What's changing under the ERA 2025?

The ERA 2025 makes two major changes to current harassment and sexual harassment laws in Great Britain. The first change concerns preventing sexual harassment at work. Preventing sexual harassment at work is one of the key principles under the Equality Act 2010. However, the duty on employers to protect their workers was further strengthened in October 2024 with the introduction of new rules which place a positive and proactive duty on employers to take "reasonable steps" to prevent sexual harassment of their workers in the course of employment, including by third parties. No longer is it acceptable for employers to take a reactive approach to preventing sexual harassment. From October 2024, under the Worker Protection (Amendment of Equality Act 2010) Act 2023, in the event of a successful sexual harassment employment tribunal claim, the tribunal can increase discrimination compensation by up to 25% where an employer fails to take "reasonable" and proactive steps to prevent sexual harassment. The Equality and Human Rights Commission (EHRC) also has powers to investigate and take enforcement action. From October 2026, under the ERA 2025, this "bar" is set to be raised further with the need for employers to take "all reasonable steps" if they are to avoid compensation increases and potential enforcement action by the EHRC.

Third-party sexual harassment - and third-party harassment based on a protected characteristic (e.g. sex, age, race, disability) - are important areas of employer focus, risk management, and prevention. As indicated above, since October 2024, the duty for employers to take reasonable steps to prevent sexual harassment includes a duty to protect against third-party sexual harassment (e.g. from clients, customers, suppliers etc). However, whilst complaints of harassment by third parties can be raised by an employee internally; be the subject of an EHRC investigation; and be used as evidence in an unfair dismissal, harassment or sexual harassment claim against their employer in an employment tribunal, success is hampered by there being no standalone claim under current equality legislation. This is about to change. Again, from October 2026, the ERA 2025 introduces employer liability for third-party harassment (both sexual harassment and harassment based on a protected characteristic) where the employer fails to take "all reasonable steps" to prevent it, creating employer liability for incidents involving clients, customers, suppliers, contractors or any other third party.

"All reasonable steps" - Greater scrutiny of workplace culture

The raising of the bar from reasonable to "all" reasonable steps shines a spotlight firmly on workplace culture, practices, and the employer's approach to protecting its workers from both sexual harassment and third-party harassment risks. These new duties flip the old way of thinking on its head. Unlawful behaviours should not be tolerated and employees should be clear as to the consequences if they do occur. This change of focus is also supported by other changes due to be brought in under the ERA 2025 including that a disclosure about sexual harassment at work will be made a protected disclosure under whistleblowing legislation; and restrictions will be placed on the use of non-disclosure agreements (including settlement agreements) which seek to curb disclosures about harassment and discrimination post signature.

Policies and a few posters will not cut it when it comes to discharging your employer duty or defending claims. This is not a "tick-box" exercise. Whilst the EHRC has produced an eight-step guide to preventing sexual harassment this will need updating once the new "all" reasonable steps bar comes in. We also expect government regulations to be introduced which will specify what steps are to be regarded as reasonable when it comes to determining whether an employer has taken "all reasonable steps" to prevent sexual harassment (both for the purposes of the preventative duty and when it comes to defending claims). However, we may have to wait until 2027 for those regulations. In our brave new world of "all" reasonable steps, employers are going to have to think much more carefully about assessing risks, proactive training, having effective and well communicated policies, leadership accountability, changing culture and behaviours and setting up robust reporting routes. When it comes to third-party risk management, employers are going to have to face uncomfortable discussions around client/contractor terms and conditions, declarations around acceptable third-party conduct, rethinking social events and redrafting client engagement letters. For those who work in certain client facing sectors - leisure and hospitality, retail, healthcare for example – or with third parties, where an overheard comment might cause offence, the need for clarity in terms of acceptable conduct from third parties will be greater.

Whilst preventing complaints and claims is important, it is also vital to consider the reputational damage to the business and to individuals when such allegations are raised or claims are brought.

Potential for increased enforcement - How FCA developments intersect with harassment duties

In December 2025, the FCA published its long-awaited and hotly anticipated policy statement on tackling NFM (including harassment) in the financial services sector. Amendments to the FCA handbook and additional guidance embeds 'serious' NFM within the individual conduct rules and also confirms that some behaviours will be relevant to the fit and proper test for relevant employees. The changes will come into effect on 1 September 2026 and help to demonstrate that these sort of misbehaviours go to a firm’s culture and conduct matters and are not just an HR issue.

In publishing this guidance, the FCA states that the primary responsibility for dealing with allegations of NFM when they occur rests on firms, as they are best placed to assess the unique circumstances of each case.

Therefore, the pressure is on for firms to apply the guidance, define NFM within their organisations and make reasonable assessments about what qualifies as 'serious' misconduct, and then drive fair and consistent conduct outcomes.

The guidance in relation to fit and proper assessments is helpful. In particular, it clarifies that an assessment of fitness and propriety should not be limited to conduct related to a firm's activities. Conduct that shows that there is a material risk that the person will breach the standards and requirements of the regulatory system may show that the member of staff being assessed is not fit and proper, even if this conduct has taken place outside the workplace and there is little or no risk of it being repeated in their work for the firm; for example, if it demonstrates a willingness to abuse a position of trust or exploit the vulnerabilities of others. Helpfully, the FCA has clarified that a 'material risk' does not include one that is remote or speculative.

Making a positive change - preventative duties

Now is the chance to:

• Focus on your specific risk profile

The key to unlocking the door on one's preventative duty is the risk assessment. Without understanding where your key risks are, how can the business possibly take steps to avoid them? Risk assessments should be regularly updated, changed, and adapted to meet new methods of working; to reflect new ways in which your people interact with others (including third parties); and monitored to check the effectiveness of the measures you are putting in place.

• Refresh inadequate or outdated policies

Firms should consider whether existing policies and procedures are sufficient to cover the changes which are being introduced by the ERA 2025 and, where relevant, the FCA. It will be necessary to digest the guidance and rule changes to understand the impact they will have on firms’ internal processes. Include within your policies expectations around bystander intervention; third party harassment risks and responsibilities; and reporting options. We would also suggest including these within the contract of employment. Make clear that the responsibility for preventing behaviours and raising concerns rests with all - this is not an "HR thing" - and make sure the consequences are clear.

• Revisit your preventative training

Avoid training which is stale or simply seen as a "tick box" exercise. Whether the training is for Boards, leaders or employee populations, it must be:

• specific to the audience, your sector and risk profile;
• give clear and relevant examples;
• give attendees a chance to ask questions and engage with the topic;
• regularly refreshed;
• practical;
• identify the issues identified in your risk assessment;
• discuss third party risks;
• cover the Equality Act 2010 examples and risks; and
• where relevant, refer to regulatory changes.

Many managers lack experience in spotting harassment, how to manage concerns or how to escalate issues appropriately. Therefore, it is important to cover these matters during interactive training sessions. Relatedly, it will also be vital that regulated firms roll out appropriate training to employees and senior managers so that staff understand their obligations, individual accountability, and the new standards under the regulatory framework. For senior managers, not only will their individual conduct be relevant to their personal conduct rule and fitness and propriety assessments, but they will also have responsibility for taking reasonable steps to embed the changes and address concerns in their roles as senior managers.

• Think about investigations

Are your internal investigations robust when it comes to handling sensitive information and issues. Are managers (and HR teams) trained on how to manage such processes? Firms should consider appointing a specialist, external, legally trained investigator to run internal investigations on the business's behalf. This will ensure that the investigation is well-run, thorough and, most importantly, independent, which may become a requirement for the business during other legal processes, for example employment processes. Doyle Clayton has specialist investigation teams who would be happy to help with this work.

• Develop an open and "speak-up" culture

Firms should revisit their reporting procedures. For example, how easy it is for someone to raise a concern (and will they be taken seriously if they do)? Think about staff surveys or review exit data. Informal or unclear reporting routes increase risks so think about multiple safe channels, giving an anonymous route and train managers on what to do if a complaint is raised. Encourage others within a business to speak up and not be a bystander. Ensure that complaints are handled confidentially and sensitively (remembering there are always two sides) whilst ensuring those complaining are not subjected to further harassment or victimisation. Culture changes do not happen without a whole-firm approach to identifying the perpetrators and empowering others to take a stance.

• Focus on third-party risks

This is not about stopping networking or preventing staff from attending a client event. The new preventive duty is about risk assessing where the gaps might be in terms of protection or where there needs to be greater support for staff (especially juniors) attending events or working on secondment. It encourages employers to think outside the box and assess what practical, relevant, and reasonable steps can be taken. This is not a time to cut corners or think that someone else will have thought about the risks.

Next Steps

The direction of travel is clear: the focus needs to be on prevention, accountability, good culture, consistency, and transparency. The raising of the preventative duty "bar" from reasonable to "all" reasonable steps, and the regulatory changes from the FCA, will mean for many employers it will be a chance to revisit and tighten their procedures and processes, especially around third-party risk and individual accountability. For others, including those at an earlier place in their regulatory journey, it will be a rethink and maybe a (re)start.

Whatever stage of your preventative journey, there is always much to do and steps to be taken. Boards, managers, regulatory/compliance, and HR teams need to be working together to review workplace cultures, thinking critically about where (and from whom) the greatest risks will come and be ready to respond appropriately and robustly to allegations of harassment or other NFM. Firms must avoid a "tick-box" mentality as this is a subject which needs to be at the heart of how a business supports and protects it workers as well as being at the core of management training and awareness. It is a chance to reset the mindset from "this won't happen here" to this "could happen here and we are ready to respond correctly, fairly and consistently."

There are no absolutes of course; however, employers - and most definitely Boards and managers - need to refocus their attentions back to risk management; whilst remembering that these changes also carry personal liability risk.