Ready or Not: From the EHRC to the FCA – Assessing the Regulatory Impact of harassment at work

The next article in our series discussing the changes to employer obligations when it comes to preventing sexual harassment at work (under both the Employment Rights Act 2025 (ERA 2025) and, for regulated businesses, the Financial Conduct Authority’s (FCAs) Policy Statement on Tackling non‑financial misconduct in financial services), focuses on the Regulatory Impact of harassment at work.

The Equality and Human Rights Commission (EHRC) - Regulatory and Enforcement Powers

The EHRC has a wide and varied regulatory mandate when it comes to promoting workplace cultures free from discrimination, harassment, and sexual harassment. In the context of sexual harassment, the EHRC is the regulator responsible for enforcing the workplace sexual harassment preventative duty under the Worker Protection (Amendment of Equality Act 2010) Act 2023 – to take reasonable steps to prevent sexual harassment of its employees in the course of their employment (which changes under ERA 2025 to a duty to take “all” reasonable steps from October 2026).

This means the EHRC can:

• Investigate suspected breaches
• Issue compliance notices
• Enter into binding agreements for improvements
• Take legal action where needed

The EHRC can launch a formal investigation when it suspects an organisation has committed an unlawful act, including whether an employer has taken “reasonable steps” to comply with its statutory preventative duty. Its suspicion may arise from cases being heard in courts or tribunals, from reports to it from victims of harassment or discrimination or from trade unions, as well as from inquiries conducted by the EHRC itself. The EHRC’s investigations include setting terms of reference, evidence gathering, issuing findings, and drafting reports.

The EHRC has also produced technical guidance providing detailed explanations of what constitutes preventative “reasonable steps” and what factors it will consider when determining whether an employer has complied with its preventative duty. This includes guidance on how risk assessments should be conducted and how policies and training should be structured. Although the guidance is not legislation itself, tribunals and courts considering sexual harassment claims can refer to it when evaluating whether an employer has met the preventative duty.

Organisations which fail to comply with EHRC enforcement mechanisms may even face criminal liability.

Separately, victims of sexual harassment can bring an employment tribunal claim and have their compensation increased (by up to 25%) where their employer has not complied with the sexual harassment preventative duty.

The FCA

The FCA has made clear that tackling non‑financial misconduct (NFM), particularly bullying, harassment and other forms of serious interpersonal harm, is fundamental to market integrity, trust and preventing harm to consumers and markets. The new guidance under the COCON and FIT parts of the FCA Handbook provides firms with a more consistent, structured framework for assessing behavioural failings, including those that take place between colleagues and those that occur outside the immediate workplace but have regulatory implications.

Since the FCA started discussing workplace culture (as long ago as 2018), a central theme has been the FCA’s expectation that firms recognise the regulatory relevance of workplace culture and the idea that a poor culture is a key root cause of major failings which have occurred within the industry in recent history. As we have said previously, serious harassment or bullying is no longer viewed merely as an HR matter: such conduct can breach the individual Conduct Rules and directly affect an individual’s fitness and propriety.

The FCA has expanded the scope of the Conduct Rules for non‑bank firms, bringing them broadly in line with banks for NFM such as bullying, harassment and violence. The new rule means that behaviour towards colleagues can be within scope of the Conduct Rules even where the conduct is not directly linked to regulated activities themselves. For example, where there is conduct between two individuals where only one deals with the financial services business, this would be within scope. It would not be within scope if both individuals worked in functions which did not deal with the financial services business at all. This shift is designed to promote a more consistent approach to NFM across financial services. However, the changes do not bring misconduct in an individual’s private life into the scope of the Conduct Rules as this is out of scope of the FCA’s power under statute. For example, misconduct by an employee in relation to a member of the public while the employee is commuting to their firm’s place of work would be outside the scope of the Conduct Rules. New guidance does, however, make it clear that senior manager conduct rules staff will continue to be required to disclose information about their private or personal life under senior manager conduct rule 4 (“you must disclose appropriately any information of which the FCA or PRA would reasonably expect notice”).

The policy statement also introduces clearer and more detailed guidance within the FIT section of the FCA’s Handbook, confirming that when determining a person’s honesty, integrity, and reputation, the FCA and firms should consider all relevant maters which have arisen in the UK or elsewhere. This means that an individual’s behaviour inside and outside the workplace may be relevant when assessing their fitness and propriety. The FCA emphasises that misconduct in a person’s private life may call into question their integrity, judgement, or reputation if the behaviour shows there is a material risk that the individual will breach regulatory standards and requirements. The new guidance explains that behavioural examples provided in the new COCON guidance as being outside the scope of the Conduct Rules may still be relevant to an assessment of fitness and propriety - for instance, the commuting example provided above. Other examples highlighted in the FCA’s final guidance as being within the scope of the fitness and propriety assessment, include misconduct towards another member of the workforce at a social event organised in a personal capacity. The FCA has helpfully confirmed that it should not be assumed that simply because a member of staff being assessed under FIT engages in conduct in their private life, there is a material risk that they will repeat such conducted in their regulated role. In addition, a remote or speculative risk that the member of staff being assessed under FIT will breach the standards and requirements of the regulatory system is not sufficient.

The FCA’s aim is not to police personal morality or force investigations just because a particular behaviour feels a bit uncomfortable. However, it does want to ensure that behaviour which could undermine market confidence or workplace safety is appropriately considered in fitness and propriety assessments.

For senior managers, the obligations obviously expand beyond the specific guidance and conduct by a particular individual. The regulator will want to understand who knew about the particular conduct, when they knew and what happened once they did know. This is an example of the regulatory importance of reasonable steps: managers will not be held accountable for misconduct they could not have known about, but they will be expected to intervene, escalate concerns, and foster an environment where staff feel safe reporting issues.

Together, these reforms are likely to reshape firm culture in a lasting way. By embedding expectations around dignity, respect, and psychological safety into the regulatory framework, the FCA has elevated NFM to a core conduct‑risk issue. Firms now have a clear mandate to respond consistently to serious behavioural failings and to integrate NFM into senior manager governance, HR processes and annual fitness and propriety assessments. With the rules taking effect on 1 September 2026, organisations have a limited window in which to review policies, retrain managers, and reflect on the behaviours they reward, or tolerate, both within and beyond the traditional workplace.

Conclusion

The EHRC’s strengthened enforcement powers and the FCA’s new approach to NFM mark a decisive shift in how workplace harassment is regulated across the UK. Employers face harassment risks from individual complaints, as well as dual regulatory oversight.

The EHRC’s ability to proactively investigate issues of harassment and sexual harassment at work, as well as issue compliance notices - and even pursue criminal sanctions for non‑compliance – illustrates to employers that taking preventative steps is not a “nice to have” but essential. The FCA’s reforms embed behavioural expectations directly into the regulatory framework governing fitness and propriety, conduct rules, and senior management accountability.

To discuss how to embed legal and regulatory obligations, rules and expectations into your practices, procedures and policies or training please get in touch.