The UK Financial Conduct Authority’s upcoming Non-Financial Misconduct (NFM) rules, taking effect on 1 September 2026, are not just another regulatory update. They mark a clear shift in how firms are expected to understand and monitor risk. For years, surveillance has focused on what could be measured in trades, transactions and market abuse indicators. Now, the regulator is making something unmistakably clear: culture itself is a risk surface, and it must be monitored with the same rigour as financial crime.
At its core, NFM covers behaviours that fall outside traditional financial misconduct (bullying, harassment, discrimination and other forms of inappropriate conduct). The FCA’s position is direct: when these behaviours go unchecked, they don’t just harm individuals; they erode trust in firms and, ultimately, in the financial system itself. This is not being framed as a soft HR issue. It is being elevated into something far more consequential: a matter of conduct, governance and market integrity.
Bringing Certainty, Creating New Demands
In many ways, this move brings a new level of regulatory certainty to an area that has long existed in ambiguity. Firms have always known that culture matters, but expectations around how it should be governed, evidenced and enforced have often been unclear. By embedding NFM into the Code of Conduct (COCON) and Fit and Proper (FIT) frameworks, the FCA is removing that ambiguity. Non-financial misconduct is now explicitly within scope, and accountability (particularly at the senior management and board level) is no longer implied, but defined.
But while regulatory expectations are becoming clearer, the operational challenge is only just beginning. This is where surveillance enters the picture in a fundamentally new way.
For years, firms have invested heavily in detecting insider trading, market manipulation and breaches tied to financial gain. Surveillance systems have been calibrated to identify suspicious trading patterns, flag keywords tied to collusion and monitor communications for evidence of financial wrongdoing. NFM introduces a different kind of signal, one embedded in tone, intent and behaviour rather than explicit financial outcomes.
The implication is clear: the scope of surveillance is expanding from transactions to behaviour.
From Transactions to Behaviour
And that expansion is not theoretical. A proactive management team, aware of its obligations under COCON and FIT, will turn to Compliance for assurance that NFM risks are being identified and managed. Compliance, in turn, will look to Surveillance, not just to monitor traditional risks like insider dealing or personal account dealing, but to surface potential indicators of misconduct within communications.
These indicators may not look like traditional red flags. They may take the form of a manager discussing retaliation against an employee, inappropriate or suggestive language in messages, or patterns of communication that point to intimidation or exclusion. Individually, these signals may appear subtle. Collectively, they form a picture of risk that firms are now expected to see, and act upon.
This is where many existing surveillance frameworks will start to show their limitations.
Traditional lexicons and phrase libraries were not built to detect cultural misconduct. They are optimised for financial risk signals, not behavioural nuance. Meeting the FCA’s expectations will require more than incremental updates. Firms will need to rethink how they define risk in communications, expanding lexicons, incorporating context and increasingly leveraging technologies capable of identifying patterns over time (rather than isolated keywords).
At the same time, this shift demands stronger internal alignment. Surveillance cannot operate in isolation. The detection of NFM-related risks sits at the intersection of compliance, HR, legal and senior management. Firms will need clear governance frameworks that define what constitutes misconduct, how it is escalated and how decisions are documented. Surveillance outputs will become a critical part of that evidentiary chain.
Redefining Market Integrity
There is also a broader strategic implication. By formalizing expectations around non-financial misconduct, the FCA is redefining what effective control environments look like. Market integrity is no longer assessed solely through trading behaviour, but through the culture that underpins it. In that sense, surveillance is evolving into something more than a control function; it is becoming a lens through which firms demonstrate that their culture aligns with regulatory expectations.
That creates a new kind of pressure. It is no longer sufficient to assert that the “tone from the top” is appropriate. Firms must be able to evidence it. And evidence, in this context, increasingly lives in data—specifically, in the communications that surveillance systems monitor every day.
The direction of travel is clear. The FCA has long shown a willingness to pursue cases that extend beyond direct investor harm, particularly where there are failures in leadership, governance or oversight. NFM reinforces that trajectory, making it explicit that misconduct (financial or otherwise) can undermine the integrity of markets.
So while firms now have greater certainty about what the regulator expects, the challenge lies in how those expectations are operationalised.
Surveillance sits at the center of that challenge.
A Necessary Evolution
The firms that respond effectively will be those that recognize this early (not as a compliance burden, but as a necessary evolution). They will adapt their surveillance frameworks, invest in more sophisticated detection capabilities and ensure that cultural risk is treated with the same seriousness as financial risk.
Because the line has now been drawn.
The FCA has made it clear that culture is no longer a peripheral concern; it is a regulated risk. The certainty now exists in expectation, not execution. And in that gap, surveillance becomes the mechanism through which firms turn principle into proof.
September 2026 is not just a deadline; it’s a signal. One worth paying attention to.
Learn More
Read about the FCA’s new upcoming rules related to Non-Financial Misconduct (NFM) here.
Explore how NICE Actimize solutions can help your organisation operationalise NFM requirements—strengthening surveillance, enhancing oversight and turning cultural risk into measurable, defensible outcomes. Get in touch to request a demo.