As a practicing compliance professional, I’ve often found that the relationship between the Compliance and People (HR) function is one of the most critical drivers of a compliance culture. While modern compliance frameworks emphasise tone from the top and alignment with Governance, even the most noble, board‑endorsed ambitions will inevitably fail without an able group of implementers—key among them, the People function. This spring, I’ll be paying tribute to the legendary Compliance-HR relationship, with this first piece offering some thoughts on recent regulatory developments and the increasingly blurred line between behavioural expectations inside and outside the workplace.
The role of Compliance in financial institutions has historically been focused on anti-money laundering, counter-terrorism financing, sanctions screening, and other aspects of customer or third-party risk. Emphasis would largely be placed on regulatory compliance, and on external parties rather than employee conduct. In mature compliance programmes, and indeed regulatory frameworks, however; culture, accountability and employee conduct will be equally in focus. I was reminded of this in a refreshing way as I was reading up on the UK Financial Conduct Authority’s (FCA) latest policy paper on Non-Financial Misconduct (NFM), intended to ring in upcoming changes to the FCA’s conduct rules.
For a non-UK, non-finance sector audience (such as yours truly), a short explanatory detour on the FCA regime might be warranted here. The FCA collects conduct requirements for regulated firms under its Code of Conduct sourcebook (COCON), which is also where the new NFM rules will come in. Importantly, the upcoming regulatory update will expand the FCA’s criteria for the Fit and Proper Test for Employees and Senior Personnel (FIT), effective September 2026.
The most notable additions concern private-life conduct. Focus is on behaviours material to regulatory obligations, including patterns of repetitive minor infractions—to borrow and only slightly stretch the phrase coined by Richard Carlson—“Small Stuff”. All well and good since, as we know from criminology, if a control structure “doesn’t sweat the small stuff”, or turns a blind eye to minor misconduct, that can have ramifications for larger misconduct further down the line.
This is why for Compliance, while it is healthy to have a risk-based approach and at times perhaps even a materiality threshold for (non-criminal) infractions, this should not mean that minor infractions should simply be “excused” or ignored—only that consequence management should be proportionate to the breach itself.
You might agree with this approach if you subscribe to broken windows theory—which if you grew up in Central/Eastern Europe during the 90s like I did, you might be inclined to accept as intuitively true. But to take a more complex view, the theory has served as a hotbed of academic and policy debates—and indeed extreme controversies surrounding its applications, especially in policing. In a corporate context, however, where the likely biases (such as class bias) may be less salient than in urban settings, the appeal of the approach has not been eroded as much by its failed applications. In my experience, the “class bias” in corporations tends to be hierarchy-related: senior management is often perceived as being able to “get away with anything”, while “the little man” finds him-/her-/themselves encumbered to innovate and maybe outright penalised for even the most minor of outside-the-box endeavours.
Which is where the FCA hits the nail on the head when it places particular expectations on leaders and managers because they shape culture and accountability—a genuine “tone from the top” approach—even though NFM standards will apply across a much broader population (within regulated organisations).
***
In a perhaps slightly roundabout way, this brings me to what I believe is one of the key innovations of the NFM paradigm shift—that Compliance perspectives (integrity and fitness for a regulated role) and HR considerations (“soft” disciplinary issues) are inextricably linked—inside and outside the workplace. Consider this: would you feel comfortable with a senior manager signing off a risk acceptance decision, regulatory disclosure, or any other high-stakes act with implications for market integrity, if you knew that “on their own time” they were a sexual predator or xenophobe (both being in scope for NFM)? That, I believe, is the fundamental question asked—and answered authoritatively—by the FCA in its consultation with industry during the implementation of NFM rules.
And to bring this back to my organisational point, controlling for NFM requires not only a mature Compliance programme, but also one that is integrated with the organisation’s People programme. Securing a proper mandate and operational processes across Compliance and HR (with a strong focus on employee rights), will be key to implementation—but more on this in my next post.
The Right Thing on Tuesday 