Add a bookmark to get started

5 October 202318 minute read

Diversity and Inclusion in Financial Services: FCA and PRA consultation launched

The FCA and PRA have recently begun consulting on the long-awaited proposals to introduce a new regulatory framework on diversity and inclusion (D&I) for the financial services sector. Once finalised, the rules on D&I will form an integral part of the existing regulatory framework, establishing minimum standards and providing firms with a better understanding of regulatory expectations.

The proposals encompass:

  • Better integration of non-financial misconduct into the existing regulatory framework.
  • Reporting requirements, including reporting of D&I data.
  • Implementation of D&I strategies.
  • Setting of diversity targets.
  • Recognition of lack of D&I as a non-financial risk.

The FCA consultation paper is available here CP23/20 and the PRA consultation paper here CP18/23.

Non-financal misconduct

The FCA has long viewed non-financial misconduct as “misconduct plain and simple” and as something which contributes to poor workplace culture and undermines public trust in the financial sector. Practically, however, the law on this issue has been less clear with the Upper Tribunal not always supporting the regulators’ approach. As well as containing measures to boost D&I generally, the current consultation also contains proposals in relation to non-financial misconduct aimed at clarifying existing uncertainty.

Within the new framework, it will be made explicit that adverse findings about an individual’s conduct on issues such as bullying, sexual harassment and discrimination should form part of a fitness and propriety assessment and could constitute a breach of the Conduct Rules that should be reported to the regulator/disclosed in a regulatory reference.

  • The FIT section of the FCA handbook and the relevant PRA Supervisory Statements will be revised to explain in more detail how non-financial misconduct forms part of the fit and proper test. For example, explaining that bullying both in the workplace and in a person’s private life is relevant to fitness and propriety. The revisions will also clarify that certain conduct, such as sexual or racially motivated offences, is likely to result in a person being partially or fully prohibited from holding a regulated role.
  • The scope of the Conduct Rules will be expanded to make clear that they cover serious instances of bullying, harassment, and similar behaviour towards fellow employees. The amended rules will include guidance on the types of serious behaviour that may breach the rules and “what conduct is out of scope because it relates to an individual’s private life”.
  • It is clear from both the FCA and PRA consultation papers that matters in an individual’s private life are excluded for the purposes of the Conduct Rules, but relevant for an assessment of fitness and propriety. As demonstrated by the High Court’s decision in Beckwith v Solicitors Regulatory Authority, this is set to present challenges for firms, given the uncertainty as to where the dividing line sits between conduct which does and conduct which doesn’t affect the integrity of the market or a firm’s safety and soundness. The forthcoming guidance which the regulators have committed to providing on this issue may, however, bring some greater clarity.
  • Finally in relation to non-financial misconduct, the guidance on the Suitability Threshold Conditions will also be extended to include, for example, sexual or racially motivated offences, or a finding of discriminatory practices, as matters that can be considered in assessing the suitability of a firm. 
D&I strategies

Although many firms already have D&I strategies in place, the consultation proposes that this should be made an express requirement for all large firms given the recognised benefits that flow from a formal strategic approach.

  • In scope firms will be required to develop an evidence-based D&I strategy that takes account of their current progress on D&I. A strategy must include D&I objectives and goals with a plan for meeting these and measuring progress; a summary of arrangements to identify and manage obstacles; and ways to ensure staff know of and understand the strategy. Firms covered by the PRA would also require a “strategy to promote diversity and inclusion on the board” which is wider than the current requirement to have “a policy to promote board diversity”.
  • A firm’s board will be responsible for maintenance and oversight of the strategy, including reviewing it to ensure it remains appropriate and effective. New guidance will make clear that matters relating to D&I are to be considered as a non-financial risk and should be treated as such within a firm’s governance structures. There will be no prescribed rules on how to manage this risk, so firms may implement controls that align to their existing internal structures. The PRA’s proposals, however, make clear their expectation that risk and control functions have an important role to play here.
  • In terms of prescribed responsibilities (PRs), the FCA will not require an individual within a firm to be assigned responsibility for D&I, however firms may consider if it is helpful to do so. For firms which are within scope of its rules on PRs for culture, the PRA proposes to clarify that this includes responsibility for D&I strategies and to require that the relevant Statements of Responsibilities (SoRs), covering PRs H and I, are amended to incorporate D&I. For firms not in the scope of culture PRs, the PRA proposes that at least one Senior Manager should have responsibility for implementation of the D&I strategy reflected in their SoR.
D&I targets

Despite the mixed views previously expressed across the sector in relation to D&I target setting, the regulatory view is that targets play an important role in driving progress by encouraging a focus on reaching diversity goals and enabling progress to be measured. To this end, the consultation papers contains several proposals.

  • In scope firms will be required to set diversity targets to address underrepresentation, with targets expected at board, senior leadership, and employee population level. Which demographic characteristics targets should cover will not be set by the regulators, but firms must consider the context in which they operate when setting their targets. Under the PRA proposals, large firms (with 251 or more employees) would be expected to set targets for women and ethnicity at a minimum, if a firm identifies underrepresentation in these areas.
  • Firms will be required to publicise their targets and their progress towards them annually and to report on progress to the regulator. It is also expected that targets will be reviewed and updated regularly to ensure they remain stretching and realistic. These target setting and reporting requirements are an aspect of the consultation proposals that will require careful planning by firms. Experience shows that establishing realistic and achievable targets is crucial to avoid the risk of positive discrimination which can arise when a business is under pressure to meet self-declared goals.
Reporting requirement

The FCA recognises the challenges employers face in collecting diversity data and that to be able to collect good quality information many firms first need to build greater employee trust. Data is, however,  viewed as an essential component in the design, tracking and monitoring of a D&I strategy and, in view of this, various data reporting requirements are proposed.

  • All firms will be required to report their average number of employees to enable the regulators to monitor which firms are in and out of scope of the various D&I requirements.
  • Large firms will be required to report annually to the regulator on additional matters, namely:
    • workforce data on age, ethnicity, sex or gender, religion, sexual orientation, and disability or long-term ill health conditions. This data will also have to be publicly disclosed. This approach is markedly different to non-regulated sectors where the government is not currently pursuing further reporting requirements with, for example, its decision that ethnicity pay reporting should be voluntary and not mandatory;    and
    • a range of inclusion metrics including, for example, whether employees feel safe to speak up if they observe inappropriate behaviour or misconduct and whether there is an inclusive working environment.
  • Firms may also choose voluntarily to report on sex or gender, gender identity,  parental responsibilities, carer responsibilities, and socio-economic background and, in future, it may become compulsory to report this data.    

Despite the recognised benefits of collection and review of diversity data, the relationship between data exercises and D&I strategy isn’t an easy one and the limitations which data privacy laws impose on gathering and using personal employee information can make this a tricky area to navigate. Consequently many firms are in a position where, although they are keen to make progress on D&I, they have been grappling with how to achieve this lawfully. The current consultation proposals now make it more important than ever to find a workable data gathering solution.


Although the regulators recognise the importance of D&I for all firms, they acknowledge that a one size fits all approach will not work. It is therefore proposed that the new rules will be implemented across the sector in a proportionate manner with the new rules applying to firms as detailed in the tables below.

FCA Consultation
Proposed rules Affected firms
Non-financial misconduct All FSMA firms with a Part 4A permission and where relevant Threshold Conditions and existing chapters of the Handbook apply. 
Data reporting -  numbers of employees

All FSMA firms with a Part 4A permission 

Data reporting -  additional reporting requirements (see above) All FSMA firms with a Part 4A permission with 251 or more employees but excluding Limited Scope SMCR firms
D&I strategies Dual-regulated CRR and Solvency II firms of any size
All FSMA firms with a Part 4A permission with 251 or more employees but excluding Limited Scope SMCR firms
Data disclosure  All FSMA firms with a Part 4A permission with 251 or more employees but excluding Limited Scope SMCR firms
Setting targets
Risk & Governance
Non-Part 4A FSMA firms such as Credit Rating Agencies, Payment Services and E-Money are not captured, though the FCA has indicated they may consult on this at a later stage.


PRA Consultation

Proposed rules Affected firms
Firm-wide strategies  All CRR and Solvency II firms with respect to their establishment in the UK, including third country branches.
Monitoring diversity and inclusion
Individual accountability
Board governance  All CRR and Solvency II firms with respect to their establishment in the UK, excluding third country branches.
Targets  Only those CRR and Solvency II firms (including third country branches) with 251 or more employees who are predominantly carrying out activities from an establishment in the UK.
 Regulatory reporting

No proposals apply to non-CRR and non-Solvency II firms (eg credit unions and friendly societies).


The regulators also set out what interventions are not being consulted on at this time, including talent pipelines, D&I training and remuneration requirements, reflective of the challenge the regulators face with calibrating the proposed rules but which firms may nevertheless wish to consider and reflect upon in their D&I strategies and implementation plans.

Next steps

The consultation period is scheduled to end on 18 December 2023. Both regulators have said that the final regulatory requirements will be published in Policy Statements in 2024 and that the new rules will come into force 12 months after publication. This will allow firms time to improve existing policies and to develop and implement new policy, governance, oversight, and data collection processes.

In November 2023, DLA Piper’s Employment team will be holding an in-person roundtable event, and hosting a webinar to discuss the changing landscape for diversity and inclusion in financial services. These events will see our lawyers share their thoughts on key themes arising from the incoming rule changes including the regulators’ stance in relation to non-financial misconduct; the practical and legal challenges of collecting and reporting diversity data; and the pros and cons of exceeding the minimum standards which the FCA and PRA proposals set. For further information on these events please contact any member of the team.