FCA Fitness and Propriety: How Misconduct Affects F&P Assessments

If you run a small FCA-regulated firm, the fit and proper test is the assessment that decides whether someone is allowed to hold a regulated role at your firm. It applies to your senior managers, your certified staff, and (in a slightly different form) to your conduct rules staff. From 1 September 2026, serious non-financial misconduct must be factored into those assessments — and that changes what you need to record during the year.

This guide explains how the FCA fit and proper test works, what FIT 2.2 requires, and how the PS25/23 changes feed into the annual F&P process for an IFA, mortgage broker, insurance broker, or wealth management firm with 1–50 staff.

What is the FCA fit and proper test?

The fit and proper test is the FCA's assessment of whether an individual is suitable to hold a particular regulated role. It sits inside the Senior Managers and Certification Regime (SMCR) and applies in three contexts at a small firm:

Approval as a Senior Manager — anyone holding a Senior Management Function (SMF) must be assessed before approval and re-assessed annually.
Annual certification of certified staff — anyone in a certification function (for example, a CASS oversight function or a customer-dealing function) must be certified each year.
Conduct rules staff — most other staff must meet a lower bar but still need to be assessed for honesty, integrity, and reputation.

The standards live in the FIT sourcebook of the FCA Handbook. FIT 2 sets out the three "main considerations" the FCA expects firms to apply.

The three FIT 2 considerations

Under FIT 2.1–2.3, the assessment covers:

Consideration	What it covers	Where it lives
Honesty, integrity, and reputation	Criminal record, regulatory record, civil proceedings, dishonesty, breach of conduct rules	FIT 2.2
Competence and capability	Qualifications, experience, training, performance	FIT 2.3
Financial soundness	County court judgments, bankruptcy, individual voluntary arrangements	FIT 2.4

For small firms, the consideration that has changed most under PS25/23 is honesty, integrity, and reputation — because that is where serious non-financial misconduct now sits.

How FIT 2.2 actually works

FIT 2.2 is the heart of the test. It lists factors the FCA expects firms to consider when assessing whether someone is honest, has integrity, and is of good reputation. The list is not exhaustive — the FCA expects judgement, not a tick-box exercise — but it includes:

Whether the person has been convicted of any criminal offence, particularly involving dishonesty, fraud, or financial crime
Whether the person has been the subject of any adverse finding by a regulator, court, professional body, or tribunal
Whether the person has been dismissed or asked to resign from a position of trust
Whether the person has been involved in any business that has gone into liquidation, insolvency, or administration, and the person's role in that
Whether the person has been investigated, disciplined, or censured by a regulator or professional body
Whether the person has breached the FCA's conduct rules (or equivalent rules at a previous firm)
Whether the person has been candid and truthful in dealings with regulators, including disclosing matters in fitness assessments

That last point matters. The FCA treats non-disclosure of relevant facts in an F&P process as a breach of integrity in itself — the assessment doesn't end if a fact later comes to light, it triggers a separate conduct issue.

What changes from 1 September 2026

Before PS25/23, serious non-financial misconduct sat in an awkward grey zone for non-bank firms. Most small firms treated bullying or harassment allegations as HR matters, not regulatory matters, unless the conduct was extreme. PS25/23 closes that gap.

From 1 September 2026, serious non-financial misconduct is explicitly relevant to F&P assessments at all FCA-regulated firms (not just banks). The changes are:

1. New rule, COCON 1.1.7FR. This rule clarifies that the individual conduct rules apply to serious non-financial misconduct at non-bank firms. A finding under this rule is a conduct rule breach, which is one of the FIT 2.2 factors above.

2. FCA guidance on F&P consideration. The FCA has explicitly named serious NFM — bullying, harassment, sexual misconduct, discrimination, and violence with sufficient connection to work — as a relevant matter when assessing honesty, integrity, and reputation under FIT 2.2.

3. No retrospective reassessment. The FCA has been specific: firms do not need to reopen previous F&P determinations. The new framework applies prospectively from 1 September 2026.

4. No mandatory new process. Firms are not required to buy software, redesign their forms, or build a separate NFM register. The existing F&P process must just account for NFM findings as they arise.

The annual F&P assessment, step by step

For a small firm, the practical annual process now looks like this:

Step 1: Gather inputs

For each person being certified, collect:

Conduct rule breach records from the past 12 months (including NFM findings from 1 September 2026 onwards)
Performance information (appraisals, complaints, supervision notes)
Self-declaration form (covering criminal record, regulatory record, financial soundness, NFM)
DBS check (for relevant roles — typically required at appointment, not annually unless there has been a trigger)
Training and competence records

Step 2: Apply FIT 2 considerations

For each individual, document an explicit assessment against the three FIT 2 considerations. The form does not need to be elaborate — a single page per person with the three headings is acceptable for a 5-person firm.

For honesty, integrity, and reputation, run through the FIT 2.2 factors and note any concerns. If there has been an NFM finding during the year, document it here and explain why it does or does not affect F&P. Be specific — "no F&P concern" without reasoning is not a documented assessment.

Step 3: Senior manager sign-off

A senior manager must approve the assessment. For a small firm, this is usually the principal or compliance officer SMF. Their sign-off is the act of certification.

Step 4: Record-keeping

Keep the assessment for as long as the person is at the firm plus six years. The FCA can ask for any F&P record on supervision and you must produce it.

Step 5: Re-assess on trigger events

Outside the annual cycle, you must re-assess F&P when a trigger event occurs:

A conduct rule breach is identified
A serious NFM finding is made
The person is convicted of a relevant offence
The person becomes the subject of an adverse regulatory finding
The person becomes financially unsound (CCJ, bankruptcy, IVA)
The person is dismissed for conduct reasons

How NFM feeds in: a practical example

A small IFA has 8 employees. During the year, an allegation is made that an employee bullied a colleague over several months. The firm investigates, finds the allegation substantiated, and concludes the conduct was a serious breach of Rule 1 of COCON (act with integrity) and Rule 2 (act with due skill, care, and diligence).

The annual F&P assessment for that employee then needs to consider:

The conduct rule breach is recorded (a FIT 2.2 factor)
The breach involved a question of integrity (the central FIT 2.2 standard)
The firm must reach a documented conclusion: is the person fit and proper to continue in the certified role?

The FCA does not dictate the answer. The firm must reach its own judgement and document the reasoning. Possible outcomes:

Continued certification with no further action — if the breach is not severe enough to call F&P into question (rare for serious NFM)
Continued certification with conditions — for example, training, supervision, or a clean record period
Withdrawal of certification — the person cannot continue in the certified role

If certification is withdrawn, the firm must report under SUP 15 and submit a Form C (notification of cessation) for any SMF the person held. NFM-related conduct breaches must also be reported on the annual REP008 return for non-SMF certified staff.

Three things small firms get wrong

1. Treating F&P as a one-off appointment check. F&P is continuous. The annual certification process is the explicit re-assessment, but trigger events between annual cycles also require re-assessment. A firm that only assesses on appointment has not met the standard.

2. Documenting the conclusion but not the reasoning. "Pass" or "no concerns" is not a documented assessment. The FCA expects the file to show what factors were considered and why the firm concluded the person was (or was not) fit and proper. Use our free F&P Decision Tree to walk through the reasoning step by step and produce a defensible record.

3. Conflating F&P with employment law. A finding that someone is not fit and proper does not automatically mean dismissal — and dismissal does not require an F&P finding. The two processes can run in parallel and reach different conclusions. Get HR advice on the employment side and document the F&P conclusion separately.

What to do before 1 September 2026

Use the months before the deadline to:

Update your F&P assessment template to include a section on NFM findings during the year — our free F&P Assessment Worksheet is a ready-made XLSX with FIT 2 conclusions, NFM findings log, and trigger-event tracking
Brief senior managers and any compliance staff on the FIT 2.2 + PS25/23 connection
Make sure your NFM investigation process produces a written conclusion suitable for feeding into F&P (use the NFM Investigation Checklist)
Add an NFM question to your annual self-declaration form
Keep the F&P record-keeping for six years post-departure

Compliance does not require new software. It requires a documented process and consistent application.

Sources

This guide is for general information only and does not constitute legal or regulatory advice. Last reviewed: 7 April 2026.