CP23/20: Diversity and inclusion in the financial sector – working together to drive change

Consultation Paper CP23/20*** Diversity and inclusion in the financial sector – working together to drive change September 2023

Moving around this document Use your browser’s bookmarks and tools to navigate. To search on a PC use Ctrl+F or Command+F on MACs. How to respond We are asking for comments on this Consultation Paper (CP) by 18 December 2023. You can send them to us using the form on our website. Or in writing to: Governance and Cross-Cutting Standards Policy Team Financial Conduct Authority 12 Endeavour Square London E20 1JN Email: CP23-20@fca.org.uk Sign up for our news and publications alerts See all our latest press releases, consultations and speeches. Request an alternative format Please complete this form if you require this content in an alternative format. Or call 020 7066 6087 Contents

1. Foreword 3
2. Summary 5
3. The wider context 10
4. Overall approach 15
5. Proposals for firms of any size 22
6. Proposals for large firms and for CRR and Solvency II firms of any size 27
7. Other interventions considered 43 Annex 1 Questions in this Paper 47 Annex 2 Cost benefit analysis 49 Annex 3 Compatibility statement 61 Annex 4 Draft guidance notes for completion of data item REPxxx Diversity and Inclusion 65 Annex 5 Abbreviations used in this paper 74 Appendix 1 Draft Handbook text

3 Foreword The degree to which firms reflect the societies they serve and how open a culture they create is central to each of the objectives set for us by Parliament: to protect consumers, enhance market integrity, support competition in financial services and facilitate UK competitiveness and economic growth. Greater diversity and inclusion can create better outcomes for consumers and markets by supporting healthy work cultures, reducing groupthink, unlocking talent and improving understanding of diverse consumer needs. A strength of UK financial services is the exceptional pool of talent that it attracts. Greater diversity can further support the international competitiveness of the UK’s financial services sector. Increasing levels of diversity within firms can help unlock talent from those with underrepresented characteristics and support career progression. This means sustainably widening the sector’s talent pool and increasing the attractiveness of the UK as a place to invest and do business, which can help facilitate the medium to long-term growth and international competitiveness of the UK economy. That is why, together with the Prudential Regulation Authority (PRA), we have been clear that diversity and inclusion are regulatory concerns. Yet, the evidence suggests the financial services sector is not yet where we should be. Deloitte reports that just 19% of C-suite positions in banking, capital markets and payments are held by women. CityWire’s Alpha Female Report 2023 has shown the number of female fund managers rose to only 12% in the last year. The latest Parker Review found that over 100 of the FTSE250 either have no ethnic minority representation on their boards or did not provide data. It is perhaps unsurprising then that Reboot’s ‘Race to Equality’ report found that 57% of those from an ethnic minority employed in financial services feel their talents are being overlooked. As financial regulators, we want a financial sector that meets the needs of a diverse consumer base. Our own Financial Lives Survey data shows that consumers in minority groups experience unequal outcomes and barriers to access. For example, people from certain minority ethnic backgrounds are much less likely to have private pension provision, savings accounts or protection policies. Just over half of people with a disability had trouble dealing with their providers and disabled applicants for current or basic accounts were twice as likely to be refused. We expect to see firms foster healthy cultures where all staff can contribute, and where constructive feedback is encouraged. But we continue to see examples of internal cultures promoting complicity over challenge or concerns ignored when the brave speak out. This is why we were early signatories to the Government’s Women in Finance Charter and support voluntary initiatives like the Parker and FTSE Women Leaders Review, as well as work with regulators in other jurisdictions to learn from each other. Today we are publishing proposals alongside the PRA, which seek to support the progress already made on improving diversity in the wider financial services sector.

4 We are clarifying and strengthening our expectations around non-financial misconduct, which will apply to firms large and small, across the financial services sector. We are also proposing that the largest financial firms, those already required to publish their gender pay gaps, report representation on certain characteristics, for example disability status and ethnicity. As well as giving firms the option to go further, for instance by voluntarily reporting additional data on socio-economic background and gender identity. Doing so will highlight where change is needed, allowing firms and regulators to better target their interventions. Over time, we expect to see increasing numbers of firms move towards reporting against all characteristics. We may consider moving to mandatory reporting at a later date and welcome feedback on the decision to make certain reporting optional. Flexibility is at the heart of our proposals. We want large firms to publish plans for how they will move the dial on diversity and inclusion, but do not think it would be right for us to prescribe what that should look like. Each firm is different. They need to come up with their own solutions. We recognise the need for proportionality for smaller firms. This is a journey we are on ourselves. We have set ourselves stretching targets and while we are proud that we are leading by example on diversity by reaching parity between female and male representation in our senior leadership team ahead of our 2025 target date, we know we have further to go to achieve 20% minority ethnic representation for the same group. So, today’s proposals are not a starting point but a next step. Good work has been done, but the results are not yet being seen universally across financial services. That inconsistency can put at risk the objectives we need to deliver, and so we think it is right to make clear to firms what we expect of them on diversity and inclusion. We welcome your comments on this consultation, and I look forward to working together to drive the positive change needed across the industry to ensure UK financial services remains an attractive place for the most talented people of all backgrounds. Nikhil Rathi (Chief Executive, Financial Conduct Authority)

5 Chapter 1 Summary Why we are consulting 1.1 Alongside the Prudential Regulation Authority (PRA), we are consulting on proposals to introduce a new regulatory framework on Diversity and Inclusion (D&I) in the financial sector. This builds on our July 2021 Discussion Paper (DP21/2). Responses to the DP were broadly positive, with most respondents endorsing regulatory action. 1.2 In April 2022, we launched our 3-year Strategy to improve outcomes for consumers and markets. We set a number of priorities, including accelerating the pace of change on D&I. Our proposals support this goal and are designed to form an integral part of our existing regulatory framework. They also support the objectives of the Consumer Duty, which include ensuring that firms consider the needs, characteristics and objectives of their customers, particularly those who are vulnerable. 1.3 We consider that greater diversity and more inclusion can improve outcomes for consumers and markets by reducing groupthink, supporting healthy work cultures, unlocking diverse talent and improving understanding of and provision for diverse consumer needs. 1.4 In this consultation, we set out proposals to: • better integrate non-financial misconduct (NFM) considerations into staff fitness and propriety assessments, Conduct Rules and the suitability criteria for firms to operate in the financial sector (Threshold Conditions). 1.5 We also propose to require certain firms to: • report their average number of employees to us on an annual basis • collect, report and disclose certain D&I data • establish, implement and maintain a D&I strategy • determine and set appropriate diversity targets • recognise a lack of D&I as a non-financial risk 1.6 The proposals would apply differently to firms depending on their number of employees, their categorisation under the Senior Managers and Certification Regime (SM&CR), and whether they are dual-regulated. To reduce regulatory burden, smaller firms with fewer than 251 employees would be exempt from many of the requirements. This is set out in more detail in Chapter 3. 1.7 We are not alone in seeking to drive forward progress on D&I. In particular, a number of international initiatives have sought to address diversity at board level. For example, the Australian Securities Exchange has recommended that S&P/ASX 300 entities set measurable objectives for achieving gender diversity on boards. Last year, the EU

6 adopted a law aiming to achieve gender balance on corporate boards. By 2026, large listed companies will be expected to ensure that the ‘underrepresented sex’ makes up 40% of non-executive directors and 33% of all directors. We published our own rules on D&I disclosures for listed firms in 2022. This CP builds on those initiatives with a wider￾ranging set of proposals seeking to support progress on D&I in the financial services sector, consistent with Government and wider initiatives. 1.8 We know many firms have already made progress in areas covered by the proposals in this CP. For example, a recent FCA review found that 87% of large firms and 45% of small firms already have a D&I strategy in place and see D&I as core to a firm’s culture and practices. 1.9 By working together with firms and other stakeholders, we aim to accelerate the pace of meaningful change and help deliver the benefits of diverse and inclusive work environments across the financial sector. Who this applies to 1.10 This CP will be of interest to all firms with a Part 4A FSMA permission, though not all firms would be subject to the same requirements or have to meet them in the same way. Our proposed proportionality framework establishes a baseline standard for in scope firms with additional requirements for large firms. See Chapter 3 for further detail. 1.11 This consultation may also be of interest to other stakeholders, including: • regulated firms who do not have a Part 4A permission • industry groups/trade bodies • consumer groups and individual consumers • policy makers and other regulatory bodies • industry experts and commentators • academics and think-tanks What we want to change 1.12 Despite some promising signs, research shows that there is more to be done to improve diversity and inclusion in the financial services sector. The Government has launched a range of initiatives to support diversity in business and across the financial sector, including the Women in Finance Charter launched in 2016, the FTSE Women Leaders Review and the Parker Review on ethnic diversity on UK Boards. The most recent Women in Finance Charter Annual Review reported that in 2022, female representation in senior management among charter signatories averaged 35%. A 2020 survey by the Financial Services Culture Board (FSCB) found that minority ethnic women faced disproportionate barriers to progression while research by the Bridge Group indicated that almost 9 in 10 senior roles in financial services were held by people from higher socio-economic backgrounds (SEBs).

7 1.13 Similarly, a survey by the FSCB and the Financial Services Skills Commission (FSSC) found that employees with certain protected characteristics (as defined by the Equality Act 2010) were less likely than average to feel included in the workplace. They expressed concerns about being stereotyped and feared the consequences of speaking up about issues. 1.14 Our Financial Lives research shows that many consumers in minority groups experience unequal outcomes and barriers to access. For example, people from a minority ethnic background are much less likely to have private pension provision, savings accounts or protection policies. In 2022, just over half of people with a disability (defined according to the Government’s harmonised standard) reported difficulties dealing with providers or managing their finances due to the impact of their condition. Disabled applicants for current or basic bank accounts were also twice as likely as average to be refused. 1.15 We consider that greater diversity and inclusion can help by ensuring that firms benefit from a broad range of skills, knowledge and experiences, both in their decision-making and throughout the design and provision of products and services. By unlocking talent from individuals with underrepresented characteristics, greater diversity can also widen the sector’s talent pool and bolster the competitiveness of the UK financial sector. Yet diversity by itself is unlikely to be sufficient. Firms also need to foster inclusive and healthy workplace cultures in which staff from all backgrounds feel comfortable contributing, speaking up and challenging ingrained views and practices. 1.16 The specific outcomes we are looking to achieve are: • Healthier firm cultures • Reduced groupthink • New talent unlocked • Greater understanding of, and provision for, diverse consumer needs 1.17 Our proposed framework targets these outcomes by seeking to establish minimum standards and give firms a better understanding of regulatory expectations. It could also contribute to greater consistency and transparency on approaches to D&I across the sector, while higher quality D&I data would allow us to better monitor progress. 1.18 We do not propose to set sector-wide targets and firms remain free to determine their own targets consistent with their needs. 1.19 In recent public debate, it has been suggested there could be a link between D&I initiatives taken by certain firms and the closure of customer bank accounts. We are clear that there is nothing in our proposals that would provide a basis for the unlawful closure of customer accounts. On the contrary, our proposals explicitly aim to improve outcomes for all consumers and ensure firms are better able to respond to, and meet the needs of, a diverse customer base.

8 Measuring success 1.20 We will monitor progress to ensure the effectiveness of our interventions: Outcome What will this achieve? How will we measure success? A healthy culture Higher standards of conduct Initially, we expect clearer guidance on non￾financial misconduct and discriminatory practices would lead to an increase in instances of firms reporting disciplinary actions to us. We would also seek to measure success through improved staff inclusion scores on the proposed D&I regulatory return. Reduced groupthink Improved decision-making, risk management and more effective challenge Improved staff inclusion scores on the proposed D&I regulatory return, including on willingness of employees to provide constructive challenge. This can also be measured via our proactive supervisory engagement. New talent unlocked Widen the sector’s talent pool and help make the UK financial sector a more attractive place to work and do business Board, senior management and employee diversity increases on average across regulated firms, measured through the proposed D&I regulatory return. Greater understanding of and provision for diverse consumer needs Increased competition on product innovation and products and services that better cater for a diverse consumer base Improved consumer feedback and improving rates of financial inclusion (as measured through our Financial Lives Survey or other sources of consumer research) can be indicative of the extent to which products and services are being better tailored to consumers’ needs.

9 Next steps and implementation period 1.21 The PRA has published its own proposals at the same time as our CP. We have worked closely with the PRA to develop a consistent and coordinated set of proposals for consultation. 1.22 Please respond to the questions in this CP by 18/12/23, using our electronic survey or one of the other methods in the ‘How to respond’ section. We will review the feedback and develop final regulatory requirements for publication in a Policy Statement (PS) in 2024. 1.23 We propose to bring our rules into force 12 months from publication of the PS. This is to allow firms time to improve existing policies where necessary, or to develop and implement new policy, governance, oversight and data collection processes.

10 Chapter 2 The wider context 2.1 In this chapter, we outline the links between our proposed D&I framework and our statutory objectives, and detail workstreams that have helped inform our proposals. Link to our Objectives 2.2 In our view, more diverse and inclusive firms can support better outcomes for both firms and consumers. This links to all 3 of our operational objectives and our new secondary objective. Securing an appropriate degree of protection for consumers 2.3 We consider the combination of diversity and inclusivity reduces the risk of groupthink. Groupthink can lead to weak governance and a failure to act in consumers’ best interests. 2.4 Groupthink occurs when groups of people make poor choices because members have either not considered or do not feel comfortable suggesting alternative options. This creates risks for firms. If a firm cannot draw on diverse perspectives or constructive challenge from all its staff, it may miss or misinterpret important considerations throughout its decision-making processes. 2.5 We consider a lack of D&I within firms can also lead to poor outcomes for consumers by limiting a firm’s ability to understand or fully meet their diverse needs. As a result, consumers may be unable to access suitable products and services. 2.6 Where firms are diverse and inclusive, we consider they may also be able to draw on a greater breadth of knowledge, experience and perspectives throughout the design and provision of a product or service. We consider such firms to be better placed to understand and respond to the needs of a broad range of customers. This supports good consumer outcomes and advances our consumer protection objective. 2.7 In this way, our proposed framework also supports the Consumer Duty, which sets higher and clearer standards of treatment for retail customers. This includes ensuring that retail customers are sold and receive products and services designed to meet their needs, characteristics and objectives. Protecting and enhancing the integrity of the UK financial system 2.8 Sound decision-making within firms supports effective governance and risk￾management, and so protects and enhances well-functioning markets. Groupthink can undermine these outcomes by preventing constructive challenge, and by allowing ingrained views and practices to go unchecked.

11 2.9 When misconduct such as discrimination also passes unchecked, this can create work environments that are permissive towards further wrongdoing, and in which harm to customers and markets is more likely to occur. 2.10 By seeking to reduce groupthink and foster work environments in which misconduct can be more readily challenged, our proposals can address these risks, helping to improve decision-making and so enhance the stability and integrity of the UK’s financial system. 2.11 Additionally, we consider certain instances of non-financial misconduct to be so serious that confidence in regulatory standards is undermined if we do not take action. Our proposals can play a further role in upholding market integrity by enhancing public confidence in the financial sector. Promote effective competition in the interests of consumers 2.12 Competition helps deliver good consumer outcomes when firms strive to win customers through the quality and innovation of their products and services. As firms compete to better tailor their offering to customers’ needs, innovation leads to a greater variety of products and services aimed at a wider range of customers. As we outline in paragraph 2.6, we consider our proposals will help support this healthy competition by encouraging firms to innovate to the benefit of diverse groups of consumers and to compete for their business. 2.13 Competition is strengthened when consumers have access to sound and accessible information that enables them to make informed decisions and act in their interests. Our proposals on data collection, reporting and disclosure aim to establish better quality data on D&I in the financial sector. This would give consumers – and firms themselves – the chance to compare firm performance. Our secondary objective to facilitate the medium to long-term growth and international competitiveness of the UK economy 2.14 The Financial Services and Markets Act 2023 (the Act) introduced a secondary objective for the FCA to facilitate the long-term growth and international competitiveness of the UK economy.  2.15 One of the factors underpinning the international competitiveness of the UK’s financial services sector is its broad and highly skilled talent pool and the capacity to attract and retain such talent on an ongoing basis. We consider that proposals to increase levels of D&I within firms can further help unlock talent from individuals with underrepresented characteristics and support their career progression. This means sustainably widening the sector’s talent pool, and thereby bolstering further the UK financial service sector’s reputation as an attractive place to work and do business. 2.16 Financial services can drive sustainable growth when consumers actively and effectively engage with them to save, borrow and invest in the wider economy. Firms that better reflect the populations they serve are more likely to appreciate the diverse needs of differing groups, and to compete and innovate to serve them. This could improve trust and grow participation in financial services among under-served groups, increasing financial inclusion.

12 2.17 Fostering an inclusive environment within firms that encourages constructive challenge can improve decision-making and reduce groupthink, potentially both enhancing innovation and reducing poor conduct. Reducing non-financial misconduct should further enhance the reputation of UK financial services and increase consumer and market confidence in the sector. Background 2.18 We outline below several workstreams and inputs that have informed our proposals. Discussion Paper 2.19 We were encouraged by the level of engagement with our July 2021 DP, which received 183 responses. Feedback was broadly positive, with most respondents endorsing regulatory action and recognising the value of a regulatory framework that raises standards and improves consistency. We refer to this feedback throughout this CP and detail how it has informed our proposals. Cost Benefit Analysis 2.20 We have carried out 2 cost surveys to inform our cost benefit analysis (CBA). This has helped make sure our proposals support cost effectiveness for firms, and that our future requirements are proportionate to the size and operations of each firm. We set out the estimated costs and benefits in full in Annex 1. 2.21 We expect the following benefits: • higher standards of conduct • improved decision-making and risk management including through more effective challenge • helping to make the UK market a more attractive place to work and do business • products that can cater for a diverse consumer base through more innovation and competition Multi-firm review and pilot data survey 2.22 In 2021, we undertook a voluntary survey of regulated firms together with the PRA and Bank of England. We wanted to better understand what D&I data firms collect and hold. We followed this in 2022 with a multi-firm review exploring how firms currently design and embed D&I strategies. 2.23 We found both data collection and D&I initiatives often focus primarily on gender and ethnicity. Other demographic characteristics such as socio-economic background receive relatively little attention. We also found a wide variation in data quality between firms. These findings highlight the value of a framework that achieves a more consistent and comprehensive approach to D&I across the sector.

13 2.24 We refer to this research and how it has informed our framework when detailing our proposals below. Literature review 2.25 We conducted a Literature Review on the impact of D&I in the workplace that pointed to some generally positive correlations between increased diversity and elements of firm performance. However, we acknowledge that the current literature is limited as: • many studies focus on gender and (to a lesser extent) ethnicity, with comparatively few focusing on the other characteristics within our intended scope, such as disability or age • many studies look only at teams, senior leadership or boards, while our proposals aim to improve D&I throughout organisations • only a minority of the studies relate to the UK and of those, not all of them are specific to the financial sector • the age, methodology and reliability of studies (eg whether they have been peer reviewed, if academic research) varies • inclusion is more difficult to measure and relatively less studied than demographic diversity 2.26 The literature review proved useful for generating policy ideas for discussion in our DP, and we have sought to incorporate findings from the literature where possible. However, the limitations mean our justification for intervening is based to a greater extent on industry feedback to our DP, emerging standards of market practice, and our own analysis of how improved D&I could advance our objectives. 2.27 Our proposals on data collection, reporting and disclosure (discussed in Chapter 5) seek to establish a reliable and high quality dataset on D&I in the UK financial sector. This data could enable new research to address some of the existing limitations. Wider work on D&I 2.28 There are several other linked FCA workstreams involving D&I: • Consumer Duty: the Consumer Duty requires firms to consider retail customers’ needs, objectives and characteristics, including characteristics of vulnerability. While demographic characteristics and characteristics of vulnerability are distinct categories, they may overlap. For example, our Financial Lives (2022) research shows consumers in minority ethnic groups are disproportionately likely to have low financial resilience. So the Duty and our work on D&I are aligned and mutually reinforcing. • DEI Innovation Spotlight: this initiative encourages financial technology – FinTech – firms to engage with the Regulatory Sandbox, Innovation Pathways, and TechSprint platform to launch innovative products and services intended to foster financial inclusion. • Our internal diversity, equity & inclusion (DEI) programme: as an employer, we aim to address imbalances in our workplace to deliver fair and equitable outcomes

14 for our people, with clear leadership and accountability for our DEI strategy. We have embarked on a programme to deliver a new DEI strategy for 2023-26 and share progress towards our objectives in our annual reporting. Equality and diversity considerations 2.29 When exercising our functions as a public body, we have a duty under the Equality Act 2010 to ‘have due regard’ to the need to: eliminate discrimination, harassment, victimisation and any other conduct prohibited by or under the Equality Act; advance equality of opportunity between persons who share a relevant protected characteristic and those who do not; and to foster good relations between people who share a protected characteristic and those who do not. 2.30 Our policy proposals have been designed to advance our statutory objectives for the financial sector and to align with our Public Sector Equality Duty (PSED) responsibilities. Our proposals could help advance the equality objectives set out in 2.29 by: reducing instances of discrimination and harassment within financial services firms; promoting equality of opportunity within the sector for people from all backgrounds; and encouraging firms to create more inclusive working environments. Ensuring a greater focus on the diverse wishes and needs of consumers would also help to promote equality and inclusion for people who share protected and other characteristics. (See the Compatibility Statement in Annex 3 for further details.) 2.31 We will continue to consider the equality and diversity implications of the proposals during the consultation period and will revisit them when making the final rules.

15 Chapter 3 Overall approach 3.1 We summarise below the proportionality related concepts raised in our DP, the feedback received and our proposed policy framework. DP concepts and feedback 3.2 In our DP, we outlined the importance of D&I for all firms while being aware that a one size fits all approach would not work. We want to encourage D&I across the financial services sector in a proportionate manner, avoiding rules that would not be effective or appropriate for smaller firms. 3.3 We discussed using existing thresholds such as SM&CR categorisations and potential exclusions for firms with few employees or where financial services are not their primary activity. We also highlighted the need to be thoughtful around how a future regime could apply to overseas firms. 3.4 Respondents supported applying D&I requirements broadly. They highlighted that some measures are suitable for all firms (eg adopting a zero tolerance approach to discriminatory conduct). 3.5 Many respondents agreed a one size fits all approach would be inappropriate. Some respondents highlighted limitations in applying requirements to certain firm types such as family firms, volunteer organisations and those in remote geographical locations. 3.6 Suggestions for a framework included: • aligning with existing people thresholds under Gender Pay Gap reporting (250 or more employees) or the Companies Act 2006 • using a tiered system of requirements such as existing SM&CR categorisations • assessing the maturity of an organisation, employee turnover and the number of consumers 3.7 For non-UK firms who hold a Part 4A permission, we were encouraged to think about the environment in the home state. For example, where staff are recruited from and serve markets with different demographics, or where the legal environment could put some individuals at risk. Our proposed framework 3.8 We propose applying a minimum standard to all FSMA firms with a part 4A permission with the aim of reducing discrimination and misconduct. 3.9 We then propose introducing additional requirements for firms with 251 or more employees where additional measures are more likely to be effective, for example on firms setting targets and strengthening disclosure. To align with the PRA, all dual-

16 regulated CRR and Solvency II firms will be subject to the proposals on D&I strategies. The additional requirements would not apply to Limited Scope SM&CR firms regardless of size. 3.10 All FSMA firms with a part 4A permission, excluding Limited Scope SM&CR firms, would be required to report employee numbers to us annually on RegData so we can determine who is in scope of the additional requirements. 3.11 Whilst our proposals would amend FIT, COCON, and COND, we are not proposing to change their scope. This means that if a firm is not currently in scope of these rules and guidance, then the proposed changes would also not apply to them. Table 1: proposed FCA framework Policy proposals Which firms the proposals apply to Non-Financial Misconduct All FSMA firms with a Part 4A permission and where relevant Threshold Conditions and existing chapters of the Handbook apply Data Reporting All FSMA firms with a Part 4A permission need to report their number of employees annually, excluding all Limited Scope SM&CR firms All FSMA firms with a Part 4A permission with 251 or more employees have additional reporting obligations, excluding all Limited Scope SM&CR firms D&I Strategies Dual-regulated CRR and Solvency II firms of any size (firms to which the CRR or Solvency II parts of the PRA Rulebook apply) All other FSMA firms with a Part 4A permission that have 251 or more employees, excluding all Limited Scope SM&CR firms Data Disclosure All FSMA firms with a Part 4A permission with 251 or more employees, excluding all Limited Scope SM&CR firms Setting Targets Risk & Governance Identifying a large firm 3.12 We have identified the number of employees as the simplest and most suitable metric to define a large firm. We propose that this threshold is set at 250 employees. So a firm with 251 or more employees will be a large firm for the purposes of the proposed additional requirements. 3.13 We selected the 251 or more employee metric as it is a long-standing, widely used and simple threshold. For example, the Companies Act 2006 uses a threshold of 251 employees (alongside other business metrics and exclusions) to define a large firm. Businesses of this size are already liable to report employee data under the Government’s Gender Pay Gap regulations. 3.14 We found business metrics like turnover or revenue used for SM&CR thresholds to be less suitable in the context of D&I proposals. This is because the extent to which they can be practically and meaningfully applied within firms depends on the number of employees.

17 3.15 We propose excluding Limited Scope SM&CR firms from requirements for large firms, regardless of their size. This is because the financial services activities typically conducted by these firms are ancillary to their main business (eg car dealerships or dental practices offering third party finance options). 3.16 Our policy framework sets a minimum standard. Some firms with 250 or fewer employees may feel able to meaningfully apply more elements of the regime than required. We would encourage such firms to apply additional elements where they consider it may be beneficial to do so. Applying the large firm threshold 3.17 To reduce the regulatory burden of firms moving in and out of scope of the additional requirements, we propose relying on the average number of employees over a rolling 3-year period as at a specified annual reference date. Where it is not reasonably practicable for a firm to obtain the total number of employees for a given year, the firm would calculate its average using the numbers for the years it does have. And where a firm has been authorised for less than a year at the specified reference date, it should use the number of employees at the date of authorisation. 3.18 If a previously small firm calculates that its 3-year average is 251 or more employees, it would have 12 months from the relevant reference date to meet the additional requirements for a large firm (unless at that date its average number of employees has again fallen below the threshold). 3.19 If a firm’s average number of employees falls below the 251 or more threshold as at their annual D&I reporting date, they would immediately fall outside of scope of the requirements for large firms. 3.20 We propose that this employee number is calculated on a solo entity basis. Firms should review the definition of ‘employee’ in our glossary as it may include, for example, contractors, individuals seconded to the firm and non-executive members of the board. Under these proposals, only employees who predominantly carry out activities from an establishment in the UK will count towards the 251 employee threshold. 3.21 For the purposes of these proposals, dual-regulated firms must calculate their number of employees by applying the definition of ‘employee’ in the PRA rulebook. This approach avoids the need for dual-regulated firms to consider two different definitions. Territorial scope 3.22 Apart from non-financial misconduct and the application of Threshold Conditions (see Chapter 4), our proposals apply only to employees that carry out their activities predominantly from an establishment in the UK. For overseas firms, our proposals apply only to activities of the firm that are carried out from an establishment in the UK.

18 Group application 3.23 Our proposals apply on a solo entity basis, to ensure progress is made at an individual firm level. Allowing application on a group entity basis for quantitative proposals (target setting, data reporting and disclosure) would reduce transparency on areas of underrepresentation at individual firm level. However, firms may decide to apply a consistent approach across a group if they wish to do so. Non-Part 4A FSMA firms 3.24 Non-part 4A FSMA firms (eg Credit Rating Agencies, Payment Services and E-Money firms) are subject to different legal and regulatory frameworks. To avoid complexities and to enable us to maintain a consistent framework as far as possible, we propose these firms remain out of scope of the proposals in this consultation where they do not otherwise have a Part 4A permission. We may consult on this at a later stage as part of future regulatory reform of these sectors. We encourage firms to consider whether voluntarily adopting this new framework may be beneficial. Illustrative examples 3.25 The tables below show how these proposals would apply in practice to firms of different sizes. Table 2: A sole trader (a Limited Scope SM&CR firm) with a small number of staff Applicable rules What this would look like in practice Non-Financial Misconduct Threshold Conditions • Staff are held to high levels of fitness and propriety (Conduct Rules (COCON) do not apply to non-financial services staff) • Any evidence of discrimination forms part of the FCA’s suitability assessment of the sole trader when seeking authorisation • Sole trader required to adhere to Threshold Conditions on an ongoing basis Table 3: A car dealership with limited permission credit broking (a Limited Scope SM&CR firm) with 300 employees Applicable rules What this would look like in practice Non-Financial Misconduct Threshold Conditions As above (for the firm and staff)

19 Table 4: An investment firm with 400 employees Applicable rules What this would look like in practice Non-Financial Misconduct Threshold Conditions D&I Strategies Data Reporting Setting Targets Disclosure Risk & Governance As above, plus the firm must: • maintain an effective D&I strategy • set appropriate diversity targets • collect demographic and inclusion data from staff, reporting this to us and disclosing it on an aggregate basis • recognise a lack of D&I as a non-financial risk Q1: To what extent do you agree that our proposals should apply on a solo entity basis? Q2: To what extent do you agree with our proposed proportionality framework? Q3: Are there any divergences between our proposed regulatory framework and that of the PRA that would create practical challenges in implementation? Regulatory approach 3.26 We asked for suggestions in our DP on which aspects of our regulatory engagement could be improved to help deliver and support greater D&I. Ideas included showcasing best practice and highlighting problem areas on an industry-wide basis. Some concerns were expressed that the regulators may lack sufficient expertise. 3.27 D&I will continue to be an important element of our supervisory approach, which includes our regular proactive engagement with firms. An example of this was our December 2022 multi-firm review. We have used the insights from this work to develop new materials to help our supervisors assess firms’ strategies and approaches. We may also conduct future multi-firm or thematic reviews to understand how effective firms’ strategies are and identify any systemic issues to support our work on culture. 3.28 Nothing in our approach could be used to justify unlawful discrimination against particular customers or groups of customers. On the contrary, we expect the needs of a diverse customer base to be appropriately considered. 3.29 We seek to prevent harm by ensuring that all regulated firms and individuals meet our minimum standards and by assessing the drivers of behaviour that can create cultures likely to cause harm. Our work aims to ensure there are real and meaningful consequences for firms and individuals who do not follow our rules and requirements, and who cause actual or potential harm.

20 Definitions DP concepts and feedback 3.30 The terminology used to discuss and codify D&I continues to evolve. In our DP we set out what we refer to when using certain terms. For diversity, we explained what we meant by ‘diversity of thought’, ‘demographic characteristics’, ‘intersectionality’ and ‘inclusion’. 3.31 We asked for views on the terms and definitions used and whether they are sufficiently broad and useful, both now and in the future. 3.32 We had a high response rate to this question (over 70%) and a clear majority were supportive of the terms and definitions used. It was suggested that we could broaden ‘diversity of thought’ and respondents also raised the importance of inclusion, equity and equality, together with the difficulty of future-proofing definitions. Our proposals 3.33 We intend to define some key terms to ensure clarity and consistency in understanding how to implement our proposals. If we believe a term is well understood using its ordinary meaning, or where its meaning is likely to develop, we think it may be unhelpful to define it. An example of the former is ‘demographic characteristics’, which we have not defined in these proposals. This term has a commonly understood meaning (describing characteristics across a population) which includes the protected characteristics defined in the Equality Act 2010 alongside other factors, for example socio-economic background. 3.34 The terms we propose to define are: Discriminatory Practices: includes discrimination against, or the harassment or victimisation of, a person or group due to their demographic characteristics, where these behaviours would be a breach of the Equality Act 2010 if they related to protected characteristics.  Senior leadership:

1. The executive members of the management body;
2. The executive committee, or most senior executive or managerial body below the management body (or, where there is no such committee or body, the most senior level of managers reporting to the executive members of the management body); and
3. All direct reports of the persons in (2), excluding administrative staff Diversity and inclusion employee number: A threshold of 251 or more employees, calculated in accordance with SYSC 29.1.4R to SYSC 29.1.6R.

21 3.35 We are proposing to apply certain requirements to the ‘management body’ as defined in our existing glossary but for ease of understanding refer to this as the ‘board’ throughout this CP. Q4: To what extent do you agree with our definitions of the terms specified?

22 Chapter 4 Proposals for firms of any size 4.1 In this chapter, we set out proposals to establish a minimum standard for firms of any size with the aim of reducing discrimination and misconduct. These proposals support our aims of promoting healthy and inclusive workplace cultures and reducing the risk of groupthink within the financial services sector. Table 5: proposals for firms of any size Policy areas Which firms the proposals apply to Non-Financial Misconduct All FSMA firms with a Part 4A permission and where relevant Threshold Conditions and existing chapters of the Handbook apply Threshold Conditions Data Reporting All FSMA firms with a Part 4A permission need to report their number of employees annually, excluding all Limited Scope SM&CR firms Non–Financial Misconduct: Conduct rules, Fitness & Propriety and Threshold Conditions DP concepts and feedback 4.2 In our DP, we explored whether we needed to make explicit that adverse findings about individuals’ conduct for issues such as bullying, sexual harassment and discrimination should form part of fitness and propriety assessments. We discussed whether evidence of such behaviour, or a failure to address it, could constitute a breach of the Conduct Rules that should be reported to us and disclosed in future regulatory references. 4.3 Firms must also meet a set of minimum requirements to carry on regulated activities (Threshold Conditions). We explored whether evidence of a firm engaging in discriminatory activities should explicitly form part of our suitability criteria to help prevent bad actors from entering the market. 4.4 There was strong support to embed non-financial misconduct into fitness and propriety assessments and the Conduct Rules, and we were urged to provide clear guidance with examples. Most respondents agreed this would be a positive intervention, further strengthening assessments. 4.5 From our DP feedback, we understand many firms already consider non-financial misconduct to be a breach of the Conduct Rules, highlighting the importance of having a clear framework to ensure consistency. Some respondents encouraged us to be

23 cautious, given there are serious consequences for individuals if they are considered by an employer and/or the regulator to lack fitness and propriety or be in breach of the Conduct Rules. 4.6 On Threshold Conditions, most respondents were in favour of guidance but asked for clarity on how this would work in practice. There was strong opposition to any approach that might involve us withholding authorisations on the basis that a firm was not sufficiently diverse. There was concern this could reduce consumer choice, create a fear culture leading to inappropriate appointments, have an impact on start-up companies or give rise to unlawful discrimination under the Equality Act 2010. Our proposals 4.7 We propose to explicitly include non-financial misconduct within:

1. The Conduct Rules
2. Fit and Proper assessments
3. Suitability guidance on the Threshold Conditions 4.8 We propose to add guidance on how non-financial misconduct should be incorporated into regulatory references. Our proposals would amend the Handbook to reflect our publicly expressed view that non-financial misconduct is misconduct and not an additional principle. As outlined in our recent response to the Treasury Select Committee, we see that the vast majority of firms we regulate already understand this view. Our aim is to give firms the reassurance needed to take decisive and appropriate action against employees for instances of non-financial misconduct. 4.9 Misconduct such as bullying and harassment poses a risk to a healthy firm culture. Healthy cultures that are inclusive and psychologically safe will support and allow diversity of thought to flourish. Non-financial misconduct erodes psychological safety and trust and can also increase the risk of groupthink and the problems that gives rise to (paragraphs 2.3 – 2.11). 4.10 Such behaviour can lead staff to feel reluctant to raise concerns and speak up. This can result in firms missing the opportunity to remedy problems of all kinds as they arise or stop them from developing in a way that leads to regulatory breaches, negative impacts on market integrity or consumer harm. Where these behaviours persist, an unhealthy culture can develop that facilitates further wrongdoing and regulatory breaches, resulting in harm to both markets and consumers. 4.11 We prioritise our enforcement resources on misconduct that is serious because it poses the greatest threat to our statutory objectives. The way that we address harm and add public value through our statutory powers includes investigation and relevant civil, criminal and/or disciplinary action. This may include prohibiting individuals from working in regulated firms. Our approach recognises, however, that not all breaches of our rules or requirements constitute serious misconduct that requires us to undertake disciplinary action. Further, as we stated in our response to the Treasury Select Committee referred to above, potential non-financial misconduct may involve suspected offences that are properly primarily for other authorities to investigate.

24 Fitness and propriety 4.12 We propose to explain in more detail how non-financial misconduct forms part of the Fit and Proper test for Employees and Senior Personnel (FIT) section of our Handbook. 4.13 Currently, firms must be satisfied, on an ongoing basis, that individuals performing a Senior Management Function (SMF), or a certification function, are ‘fit and proper’ to carry out their role. FIT provides guidance on how firms should assess honesty, integrity and reputation and all relevant matters arising in the UK or elsewhere should already be considered. Misconduct both within and outside the workplace can be relevant for FIT and our proposals do not change this existing position. 4.14 We propose to explain that bullying and similar misconduct within the workplace is relevant to fitness and propriety and that similarly serious behaviour in a person’s personal or private life is also relevant. We propose giving examples of non-financial misconduct, such as sexual or racially motivated offences. 4.15 We also assess applications from firms for people to hold roles that we approve against FIT and will only approve an application when we are satisfied that the individual is fit and proper to perform the role in question. We engage proactively with firms on these matters and there have been instances in the past where firms have decided to withdraw applications after we raised concerns. 4.16 One of the purposes of FIT is to maintain confidence in the financial system in the UK. In our view, there is a risk to public confidence where individuals have committed serious non-financial misconduct, whether inside or outside the workplace, such as sexual or racially motivated offences, but are permitted to continue working within the sector. Such conduct is unlikely to be compatible with our statutory objectives and we can impose a partial or a full prohibition, depending on the level and type of risk posed by the individual in question. 4.17 Our proposed changes also clarify that conduct that could damage such public confidence is likely to mean that the person is not fit and proper. 4.18 We consider that articulating our views clearly in FIT would reduce the risk of inconsistency in how our guidance involving non-financial misconduct is interpreted and applied in firms and within judicial settings. We also consider that our proposed approach is consistent with other regulators – for example, the Solicitors Regulation Authority (SRA) and the consultation on the regulation of non-professional conduct by the Bar Standards Board (BSB). Conduct Rules 4.19 Currently the scope of COCON is restricted (except in the case of banks) to regulated activities, other so-called SM&CR financial activities and certain kinds of misconduct that could have serious effects. We propose to expand the scope of COCON to make clear that it covers serious instances of bullying, harassment and similar behaviour towards fellow employees and employees of group companies and contractors.

25 4.20 We propose to make changes to the Conduct Rules by adding guidance on:

1. the types of behaviour that would fall within the expanded scope of COCON, and that may breach our Conduct rules
2. what conduct is out of scope because it relates to an employee’s personal or private life 4.21 The exception would be where the misconduct clearly relates to a part of the firm’s business that does not carry on any financial services activities, in line with our existing regulatory remit. 4.22 We propose to include guidance that not every instance of misconduct towards a fellow member of the workforce will amount to a breach of COCON. Only serious misconduct would amount to a breach of COCON, and we provide examples of this. Factors to consider when deciding whether there has been a breach include, for example, whether the conduct is repeated, the duration of the conduct and the extent of the impact on the subject of the conduct. 4.23 We will only take disciplinary action for serious breaches of COCON. In the current context, we will therefore only take such action for particularly serious instances of bullying, harassment or similar behaviour, or multiple instances that are collectively particularly serious. If we determine that disciplinary action by the FCA is appropriate, we will consider all our relevant sanctioning powers, including public censure and financial penalty. Breaches of COCON may also lead to an individual being considered not fit and proper. This may result in us withdrawing approval and/or prohibiting the individual. 4.24 COCON applies to SMF managers and Material Risk Takers (as defined in our Remuneration Codes), wherever the conduct occurs. For all other conduct rules staff (as defined in our glossary), COCON applies to conduct of staff at a UK office or (in the case of a UK firm) when dealing with a client of the firm in the UK from an establishment overseas. COCON, except in the case of banks, is usually limited to conduct related to a firm’s financial activities. 4.25 Firms need to notify us if they take disciplinary action for non-financial misconduct that is a breach of the Conduct Rules, in line with our current rules. SUP 10C.14.22 outlines the notification obligations on firms for SMF holders. For firm notifications about non-SMFs and certified staff, please see SUP 15.11. Guidance on the Suitability Threshold Condition 4.26 We propose extending the guidance on the Suitability Threshold Condition in COND. We propose to include, for example, offences relating to a person or group’s demographic characteristics (such as sexual or racially motivated offences) and tribunal or court findings that the firm, or someone connected with the firm (such as a director), has engaged in discriminatory practices. We see this as relevant to maintaining market integrity and conduct in UK markets. 4.27 Under the threshold conditions, we already have regard to all relevant matters arising in the UK or elsewhere. Our proposed changes apply to the firm as a whole to align with the existing scope of COND.

26 4.28 We generally base our assessment of the Suitability Threshold Condition for a firm applying for authorisation on the aggregated picture across the firm, including the action(s) the firm took. As per our current guidance in COND, a series of matters may be significant when taken together, even though each of them in isolation might not give serious cause for concern. In line with our current approach when assessing suitability, we would consider the individual circumstances of each firm on a case-by-case basis. 4.29 We note the concerns of unintended consequences raised in feedback to our DP of any measures linking regulatory approval of a firm to undertake regulated activities to the demographic characteristics of its senior management population or wider staff. We are not bringing forward any such proposals. Q5: To what extent do you agree with our proposals to expand the coverage of non-financial misconduct in FIT, COCON and COND? Data reporting 4.30 With the exception of employee numbers, our proposed data reporting requirements would only apply to large firms and are set out in Chapter 5. 4.31 For the FCA and PRA to monitor which firms are in scope of the additional requirements in Chapter 5, we propose that all FSMA firms with a Part 4A permission with 250 or fewer employees, excluding Limited Scope SM&CR firms, are required to report their average number of employees using the same single data return on the RegData platform described in Chapter 5. They would not be required to report any further information to us but could report additional data to us on a voluntary basis. 4.32 We propose that our rules on reporting come into force 12 months from the date of publication of final rules. Data must be reported as at this reference date. Firms would then have a 3-month reporting window to submit this data. Q6: To what extent do you agree with our proposals on data reporting for firms with 250 or fewer employees, excluding Limited Scope SM&CR firms?

27 Chapter 5 Proposals for large firms and for CRR and Solvency II firms of any size 5.1 In this chapter, we set out our additional proposals to drive positive change and progress towards our policy objectives. We consider this package of proposals supports our intended outcomes of promoting healthy and inclusive workplace cultures, reducing the risk of groupthink, unlocking new talent and enabling greater understanding of the diverse needs of consumers. Table 7: proposals for large firms and for CRR and Solvency II firms of any size Policy areas Which firms the proposals apply to D&I Strategies Dual-regulated CRR and Solvency II firms of any size (firms to which the CRR or Solvency II parts of the PRA Rulebook apply) All other FSMA firms with a Part 4A permission who have 251 or more employees, excluding all Limited Scope SM&CR firms Data Reporting All FSMA firms with a Part 4A permission with 251 or more employees, excluding all Limited Scope SM&CR firms Disclosure Setting Targets Risk & Governance Diversity & inclusion strategies DP concepts and feedback 5.2 In our DP, we discussed the merits of firms developing their own policies on D&I within their organisations. We explained how publishing such a policy would allow firms to be transparent and held accountable. We also discussed potential components of a D&I policy including objectives, goals, a plan for meeting these, ways to measure progress and ways to increase board diversity. 5.3 Most respondents supported the idea of requiring firms to put in place and publish a D&I policy. They agreed this would drive progress and enable scrutiny of firms’ actions. Many firms told us they already have one in place. 5.4 A small proportion of respondents were not supportive. They argued this requirement would be challenging for the smallest firms specifically, distracting from a focus on outcomes for their customers.

28 5.5 Most respondents agreed these policies should have some mandatory elements, while giving firms flexibility to tailor the content to meet their needs. Some respondents argued we should set more prescriptive requirements to enable comparison between firms’ policies, while others suggested any mandatory elements would be ineffective and disproportionate. Our proposals 5.6 In our DP we used the term ‘D&I policies’. We want to encourage firms to set out a proactive approach to embedding D&I across their organisation, so we now propose to use the term ‘D&I strategies’ in our rules instead. 5.7 We propose that firms in scope must develop an evidence-based D&I strategy that takes account of their current progress on diversity and inclusion and advances the aims set out in 2.1 – 2.17. 5.8 The D&I strategy would also contain, as a minimum: • the firm’s D&I objectives and goals • a plan for meeting those objectives and goals and measuring progress • a summary of the arrangements in place to identify and manage any obstacles to meeting the objectives and goals • ways to ensure adequate knowledge of the D&I strategy amongst staff 5.9 This is intended to provide a high-level framework that gives firms the flexibility to devise strategies that most effectively deliver the outcomes we want to see, taking account of their own needs and operating environment. 5.10 Our review of current approaches to D&I in the financial sector found several shortcomings with many existing D&I strategies. These include failing to clearly explain the strategy’s purpose and a lack of detailed actions explaining how a firm intends to achieve its aims. Our proposals will establish minimum requirements and help bring greater consistency. Maintenance and oversight of the D&I strategy 5.11 To ensure effective governance and oversight arrangements are in place, a firm’s board would be responsible for the maintenance and oversight of the firm’s D&I strategy. The board would need to review the strategy to ensure it remained appropriate and effective. 5.12 We don’t propose to mandate how frequently the D&I strategy should be reviewed but firms need to be satisfied that it remains fit for purpose. We propose to give firms flexibility in how they carry out the review. This would allow firms, for example, to incorporate the review into cyclical reviews of the firm’s people and operating strategies or to carry out incremental updates. Making a D&I strategy accessible 5.13 Stakeholder engagement and scrutiny will be key to our overall framework for driving and embedding ambitious progress on D&I within firms. We propose that firms who must

29 adopt a D&I strategy would have to make it easily accessible and free to obtain. Making the strategy freely available on the firm’s website is likely to satisfy this requirement. 5.14 This would enable stakeholders such as current and potential employees, investors, suppliers and consumers to look at the firm’s approach and progress against commitments. As part of our supervisory approach, we may review D&I strategies to assess how firms are identifying, monitoring and taking steps to address issues they or we have identified. Q7: To what extent do you agree with our proposals on D&I strategies? Firms setting targets DP concepts and feedback 5.15 In our DP, we discussed the benefits of firms setting stretching diversity targets to address underrepresentation at both board and firm-wide levels, supported by appropriate monitoring by the board. The DP also considered the merits of targets for customer-facing roles. 5.16 Responses to the DP often cited the need for firms to have robust D&I data before targets can be set, noting potential difficulties in setting meaningful D&I targets in the absence of diversity data. They also pointed out firms’ uncertainty about what data they should collect without being given direction from the FCA. 5.17 There were mixed views around target setting. The concern often cited by those opposed was that they did not want targets to be too prescriptive. Similarly, some in favour mentioned that they supported the introduction of targets that were flexible. Respondents wanted firms to have the flexibility to set their own targets to meet specific challenges of underrepresentation either within their firm or the sector. The value of targets 5.18 Targets can play an important role in driving progress on D&I. Setting specific, time￾bound targets encourages firms to focus attention and effort on reaching their diversity goals while enabling them to measure their progress. Targets have been described as a ‘promising action’ to tackle the gender pay gap by the Government Equalities Office and as a form of positive action to increase the participation of people from underrepresented groups by the Equality and Human Rights Commission. 5.19 Voluntary target-setting has led to significant increases in gender and ethnic diversity across the FTSE 350, as shown by the success of the government-backed FTSE Women Leaders and Parker Reviews. In 2023, both reviews expanded their scope to include targets for senior management as well as for the 50 largest private companies. Signatories to the Treasury’s Women in Finance Charter have also made strong

30 progress. The 2023 report showed that more than a third (79) of the 235 signatories had either met or exceeded their targets for female representation in senior management, with 22 UK banks and building societies in the top quartile for female representation. Our proposals 5.20 We propose that firms would be required to set targets to address underrepresentation in their firms. 5.21 We would normally expect firms to set at least 1 target for each of the board, its senior leadership, and the employee population as a whole (which includes the board and senior leadership). Our multi-firm review found that existing initiatives to address underrepresentation focus primarily on senior leadership. Yet our analysis of firms’ diversity data showed that the sharpest drops in gender and ethnic diversity occurred in the step from junior to mid-level roles, a finding that is consistent with research by the FSCB. This highlights the importance of firms setting targets across the employee population, in addition to senior levels. 5.22 Firms based overseas that carry out operations in the UK would be in scope but may not have a board or senior leadership in the UK. In this case, firms would not have to set a target for the areas of the firm that are based overseas, ie, the board or the senior leadership. 5.23 We also propose that firms may choose to set inclusion targets on a voluntary basis in addition to the diversity targets. Considerations for firms when setting targets 5.24 When setting targets, firms must take into account their D&I strategy and current diversity profile. Firms may want to prioritise areas of greater underrepresentation in the short to medium term so they can make more rapid progress on increasing diversity. Firms may also use their own employee networks to help identify areas of weakness. 5.25 We propose that firms are required to consider the context in which they operate by having regard to available data on the diversity profiles of the UK population and the geographical area in which they carry out regulated activities. 5.26 We do not propose to mandate which demographic characteristics the targets must cover nor what those targets should be. This approach builds on, but is different from, our approach to targets for listed firms set out in ‘Diversity and inclusion on company boards and executive management’ (PS 22/3) where we require disclosure against specific targets for gender and ethnicity on a ‘comply or explain’ basis. This is to give firms full flexibility to target the characteristics, or additional characteristics in the case of listed firms, that would enable them to make progress in their areas of greatest underrepresentation. 5.27 Targets could be informed by the proposed data collection and any relevant wider data.

31 Timing of target-setting 5.28 We do not propose to determine how frequently firms must update their targets as we recognise that meaningful progress may take several years. Firms would instead need to review and update their targets regularly to ensure that they remain stretching but realistic, and to assess whether to establish targets for other underrepresented characteristics. The firm’s board would oversee the targets set. This includes monitoring progress, identifying obstacles to achieving them, and agreeing plans to overcome such obstacles. Disclosure of targets 5.29 We propose that firms publicly disclose their targets and their progress towards them annually. This disclosure would promote transparency and allow firms and other interested stakeholders to benchmark progress. Our proposed approach to the reporting of targets is set out under ‘Data reporting’ and to the disclosure of targets under ‘Data disclosure’. Q8: To what extent do you agree with our proposals on targets? Data reporting DP concepts and feedback 5.30 The DP discussed the importance of data to understand areas of underrepresentation when setting appropriate targets and monitoring progress. We discussed introducing a new regulatory return on demographic characteristics and inclusion measures across firms’ employee population, senior leadership and board categories. We noted that regulators could use D&I data to publish an aggregated summary to provide industry￾wide insights. 5.31 A large proportion of respondents agreed that consistent D&I data is critical to understanding firm composition and designing interventions to address areas of underrepresentation or lack of inclusivity. Respondents agreed that firms should collect and report D&I data as this would help drive improvements in the sector. 5.32 Concerns centred around not having enough time to implement systems and the difficulties of encouraging employees to provide data to their employers. Respondents also had concerns around potential costs, firm burden and data protection. 5.33 On frequency of reporting, many firms told us they are already collecting and disclosing data on an annual basis (eg signatories to the Women in Finance Charter), or that their systems allow staff to keep their information up to date at any time. 5.34 Respondents generally supported the FCA and PRA using the data reported to us to publish an aggregated industry report to provide a standard benchmark for comparison.

32 Our proposals 5.35 We propose to introduce requirements for large firms to: • annually collect and report to the regulators in numerical figures, data across a range of demographic characteristics, inclusion metrics and targets via a regulatory return • during the first year the requirements are in place, report such data as is reasonably practicable and explain the reasons for any gaps and how they will be closed • report data to the FCA and PRA using a single data return (referred to as REPxxx Diversity and Inclusion for indicative purposes at this stage) on the RegData platform 5.36 We propose producing a regular aggregated disclosure report based on data firms report to us. An industry D&I report would allow firms and their stakeholders to see how their progress compares to peers' and help drive progress. We intend to consider the format of this report once our reporting requirements have been finalised. 5.37 Good quality data would give firms and regulators the basis to track and monitor D&I. We plan to integrate the data reported to us into the framework we use to understand culture in firms. This data would help us identify areas that could require further supervisory attention. The data on inclusion metrics in particular would be a significant indicator of firm culture. 5.38 Analysing the data reported to us through our reporting proposals would support us in carrying out trend analysis and firm and sector wide comparisons so that we can understand patterns and identify drivers of progress, as well as areas where we may need to intervene further. What to report 5.39 We recognise the challenges that firms face in collecting good quality data. Some firms may not currently have systems in place to collect data against a wide range of characteristics. Others may need to continue building trust with their employees before they are comfortable sharing their personal data. We carefully considered these concerns when developing our proposals and have decided to apply them only to large firms to limit any additional burden on smaller firms. In addition, we propose that firms report some data on a voluntary basis. 5.40 We have used the responses to our DP, data from our pilot survey, our literature review and good practice we observed in industry and other regulatory authorities to develop a proposed set of data items. We propose to introduce a joint FCA and PRA regulatory return covering the following metrics:

33 Mandatory demographic characteristics Age Ethnicity Sex or Gender (firms are required to report on either Sex or Gender. Firms may choose to report on both Sex and Gender on a voluntary basis.) Religion Disability or long-term health condition(s) Sexual orientation Voluntary demographic characteristics Sex or Gender (firms are required to report on either Sex or Gender. Firms may choose to report on both Sex and Gender on a voluntary basis.) Parental responsibilities Gender identity Carer responsibilities Socio-economic background 5.41 Our rationale to make reporting against certain demographic characteristics voluntary is based primarily on the responses to our 2021 pilot data survey, which indicated that less than 50% of large firms (firms with 251 or more employees) currently collect data against parental or carer responsibilities, gender identity, or socio-economic background. To ensure a proportionate approach, and with close regard to the potential costs and burden associated with data collection, we propose to make reporting against these 4 demographic characteristics voluntary. 5.42 Over time, we expect to see increasing numbers of firms reporting data against voluntary metrics. To that end, we may consider moving to mandatory reporting against these demographic characteristics at a later date. However, we recognise that good quality data also depends on firms having well-developed systems in place, and on employees feeling comfortable providing this data. Our proposed approach addresses those concerns by affording firms the necessary time and flexibility to improve their data collection processes. We welcome feedback on the proposal to make reporting against these demographic characteristics voluntary. 5.43 We propose that the data is reported to us in 3 categories: board, senior leadership and all employees (including the board and senior leadership). 5.44 Paragraphs 5.39 - 5.65 outline the proposed new regulatory return. We have also created a sample template which can be downloaded from the FCA website. Please note that this is for illustrative purposes only and the online form in RegData would reflect design and user experience considerations. Draft guidance notes to aid completion of the template are provided in Annex 4.

34 Provision of data by individuals 5.45 While we propose to require firms to report particular categories of data to us, each category in our proposed return would allow for employees either to choose not to respond or to indicate that they prefer not to say. 5.46 We recognise that employees may not want to disclose certain personal information as part of an employer’s data collection, even if this will be kept confidential and used only as part of aggregated datasets. We appreciate that, as a consequence of this, datasets may be incomplete, especially if firms have not previously collected substantive D&I data and first need to build trust within their organisation. 5.47 The FSCB’s literature review on principles for collecting diversity data may be helpful for firms. The PRA also proposes to provide a voluntary staff data collection template that both solo- and dual-regulated firms could use to support the collection of diversity data from employees. Data that is reported to the regulators would need to be submitted through the RegData platform. Variances from protected characteristics 5.48 We set out in paragraph 5.40 above what we consider to be a proportionate set of metrics that, in our view, would support both regulators and firms in monitoring representation in line with our objectives and the aims of these policy proposals. 5.49 We are also mindful of our obligations under the UK GDPR and Data Protection Act 2018, in particular to observe the principles of purpose limitation and data minimisation. While we propose that firms report to us on certain data points only, there are clear benefits in firms monitoring the diversity of their employees through a wider range of metrics to gain a more complete view within their firm. High quality data enables firms to undertake a detailed analysis of their firm’s demographic representation and monitor outcomes. 5.50 In some instances, there are differences between the characteristics we propose firms report to us and the protected characteristics set out in the Equality Act 2010. 5.51 We propose that firms would be required to report on either the demographic characteristic of sex or that of gender, in line with our requirements for reporting on the diversity of boards and executive management (PS22/3). Firms could choose to report on both characteristics on a voluntary basis. 5.52 Our pilot data survey showed that many large firms already collect data on both sex and gender, and we would encourage others to consider doing so. This would provide clearer and more comprehensive data for regulators and firms, including when benchmarking against peers. We may seek to move to mandatory reporting of both these demographic characteristics at a later date and we would welcome feedback on this. 5.53 We also propose to introduce voluntary data reporting on the demographic characteristics of parental responsibilities, carer responsibilities, gender identity and socio-economic background. However, our reporting requirements do not include the

35 protected characteristics of pregnancy and maternity or marriage and civil partnership. And we are proposing to collect data on gender identity instead of the protected characteristic of gender reassignment. 5.54 In developing our proposals, we have considered which data would help us achieve our policy outcomes while balancing a proportionate burden on firms. Pregnancy and maternity are generally measured through administrative data on maternity leave and pay. We do not consider that aggregated maternity leave data would provide regulators with sufficient insight into the experiences of those who share this characteristic. 5.55 We propose instead to introduce voluntary data reporting on parental responsibilities and carer responsibilities (caring for those with disabilities, old age or long-term health conditions). We consider that these would provide a comprehensive and long-term view of the representation and progression of people with caring responsibilities in the workplace. For example, this metric includes birth parents, adoptive parents and foster parents as well as carers for dependent adults. Collecting this data can support a full intersectional analysis of employee experience and the barriers those with caring responsibilities may face. Nevertheless, we believe that pregnancy and maternity are important metrics that firms can continue to monitor proactively to ensure fair outcomes for those who share these characteristics. 5.56 Marriage and civil partnership are one of the least claimed grounds of workplace discrimination. So we do not consider that it would make a proportionate contribution to our objectives to attempt to evaluate, monitor and draw valid conclusions from aggregated data on marriage and civil partnership. In the interest of minimising any burden, we do not propose firms report this data. 5.57 We propose to introduce voluntary data reporting on gender identity rather than the protected characteristic of gender reassignment. We are aware of concerns over the term ‘gender reassignment’, which the Equality and Human Rights Commission acknowledges is regarded by some as ‘outdated’. There are also individuals, such as non￾binary people, whose gender identity differs from their sex as registered at birth, yet who may not fall within the legal definition of ‘gender reassignment’. 5.58 We therefore propose to use the term ‘gender identity’ for this category. This phrasing is closely aligned with the 2021 England and Wales Census question ‘Is the gender you identify with the same as your sex registered at birth?’. We also note that the Solicitors Regulation Authority uses the same question in their own data reporting template. 5.59 We propose to introduce voluntary data reporting on socio-economic background. Research from the Bridge Group suggests that almost 9 in 10 senior roles in financial services are held by people from higher socio-economic backgrounds. They also found that employees from lower socio-economic backgrounds take 25% longer to progress, despite no evidence of poorer performance. This ‘progression gap’ increases to 32% in relation to those from lower socio-economic backgrounds who also identify as Black. This evidence points to a strong rationale to begin improving data collection on socio￾economic background. 5.60 We propose that firms would collect data on the socio-economic background of their employees, based on the occupation of the primary household earner when the

36 employee was aged about 14. Socio-economic diversity may be understood as an additional proxy for diversity of thought that could support our objectives by encouraging more inclusive cultures and promoting a better understanding of the diverse needs of consumers. The Social Mobility Commission has published extensive guidance for employers including a measurement toolkit for financial and professional services. 5.61 Our proposals seek to balance inclusive and proportionate approaches to data reporting. We welcome views on the data points we propose to collect in our reporting proposals, as well as those we propose not to. Culture and inclusion 5.62 In addition to reporting demographic data, we propose that firms report to the FCA and PRA on a selection of inclusion metrics. This is because we consider that the full benefits of diversity can only be realised in an inclusive environment that uses the capabilities of a diverse workforce. As part of an inclusive culture, we consider that individuals must be able to speak up freely and without prejudice, offering contributions based on their unique experiences, views and background without fear of negative consequences. 5.63 We propose introducing consistent measures of inclusion reporting to provide a baseline of measurable data within firms and across the sector. Employee surveys are widely used to measure inclusion and our pilot data survey found that 84% of large firms already make use of them. 5.64 We propose firms report to us annually on the following measures of inclusion. These metrics were developed through research on industry practice and materials such as the FSSC Inclusion Measurement Guide. This data should be reported on a 5-point scale of strongly agree to strongly disagree, including a neutral option. The measures are whether employees feel: • safe to speak up if they observe inappropriate behaviour or misconduct • safe to express disagreement with or challenge the dominant opinion or decision without fear of negative consequences • their contributions are valued and meaningfully considered • they are subject to treatment (for example actions or remarks) that had made them feel insulted or badly treated because of their personal characteristics • safe to make an honest mistake • that their manager cultivates an inclusive environment at work 5.65 Data on inclusion must be captured on an anonymous and voluntary basis and should always include a response option to ‘prefer not to say’. Responses to the questions on inclusion would also need to be reported in the 3 layers of the board, senior leadership, and all employees. Data on target setting and progress 5.66 We propose using the regulatory report to monitor large firms’ progress against targets they have set for themselves (see paragraphs 5.18-5.29). This information would inform

37 our understanding of how firms are applying our proposed rules, including addressing areas of underrepresentation. 5.67 We propose that firms provide information on: • the demographic characteristics they have set targets for (as proposed by the new target setting rules set out in paragraphs 5.20-5.27), as well as their inclusion targets, if any • the percentage at which each target has been set • the year each target was originally set • the year the firm is aiming to meet the target • the firm’s current level of representation against each target (%) • the rationale for the targets set • any further information the firm would like us to consider about targets they have set 5.68 We propose that information on targets would also need to be reported in the 3 layers of the board, senior leadership and all employees. The form has optional fields for firms to report any additional targets they may have set for different levels of the organisation. Timing and frequency Reporting frequency and transitional provisions 5.69 We propose that firms would report data to us annually. While we recognise that other regulatory authorities such as the SRA and European Banking Authority (EBA) ask for data to be reported every 2 or 3 years (respectively), our proposals only apply to large firms and many of these respondents said they already produce or report annual data (for example, signatories to the Women in Finance Charter). Feedback also suggested employees are asked to actively maintain this on a live basis. 5.70 Our cost survey shows that the cost of reporting data every year rather than every 2 years would increase the total ongoing costs for large firms by 8%. However, we consider that an annual return would provide more accurate data for our supervisory activities and enable us to publish aggregated data more regularly. Accurate and up-to￾date data allows us to carry out more detailed trend analysis that would also help us and firms measure progress more frequently. First submission date 5.71 We propose that our rules on reporting come into force 12 months from the publication of final rules. The data must be reported as at this reference date. Firms would then have a reporting window to submit the data to us. The reporting window would open the day after the reference date and close 3 months later. For example, if the final rules were published on 1 March 2024, the first reporting reference date would be 1 March 2025 and firms would have until 2 June 2025 to submit their data. This is intended to allow firms time to collect data and make any necessary changes to their internal processes and systems to enable reporting via our RegData platform.

38 5.72 To better enable firms to establish the necessary processes, we propose a transitional regime so that the first reporting cycle would be on a ‘comply or explain’ basis. Where firms are unable to submit all the required data in the first reporting period, they would need to explain why this is not possible and set out the steps they are taking to ensure they will be able to submit a complete report when required (via the RegData reporting form). In this first cycle, we would encourage firms to submit what data they have available, even if incomplete. We would require all large firms (except Limited Scope SM&CR firms) to submit a complete report in the second reporting cycle. 5.73 A ‘complete report’ covers all mandatory metrics. Firms would be required to report on either sex or gender but could choose to report on both characteristics on a voluntary basis. Reporting would be voluntary against parental responsibilities, carer responsibilities, gender identity and socio-economic background, though we would encourage firms to submit this data where possible. 5.74 This does not affect the requirement for all firms, except Limited Scope SM&CR firms, to provide data on their average number of employees in the first report. Timeline for implementation 2024 Final rules published 12 months from final rules First regulatory reporting window opens. Firms report data on a comply or explain basis. 12 months from first report Second regulatory reporting window opens. First complete report due on a mandatory basis. Non-submission of reports 5.75 As with other FCA reporting requirements, D&I reporting would be subject to our standard £250 administrative fee if returns are not completed on time. This would be supported by supervisory and enforcement powers in the event of continued non￾compliance. Data protection considerations 5.76 Firms should ensure any collection or reporting of diversity data complies with data protection legislation where personal data is processed for the purpose of being shared with the regulators. 5.77 We have reviewed our proposed requirements on data collection, reporting and disclosure against the UK GDPR. We consider our proposals to be consistent with our obligations under the legislation. We have also consulted with the Information Commissioner’s Office (ICO) in line with Article 36(4) of the UK GDPR and it had no comments. We process all data reported to us in line with our privacy notice.

39 Q9: To what extent do you agree with the date of first submission and reporting frequency? Q10: To what extent do you agree with the list of demographic characteristics we propose to include in our regulatory return? Q11: To what extent do you agree that reporting should be mandatory for some demographic characteristics and voluntary for others? Q12: Do you think reporting should instead be mandatory for all demographic characteristics? Q13: To what extent do you agree with the list of inclusion questions we propose to include in our regulatory return? Data disclosure DP concepts and feedback 5.78 We suggested in our DP that we could consult on requirements for firms to publicly disclose certain aggregated diversity data on their senior management and employees. 5.79 Many respondents agreed that disclosures could drive consistency and enable comparisons to be made, encouraging progress. Some respondents also argued that this would be a strong tool to change behaviours and improve outcomes. 5.80 Some respondents opposed the idea, citing firm burden and privacy considerations. Respondents told us it would be important to increase response rates from employees, building trust to overcome the challenges of self-declaration given data collection from employees must remain voluntary. Our proposals 5.81 We propose that firms make public disclosures on D&I data to increase transparency and scrutiny, as well as facilitate comparisons between firms on D&I performance. 5.82 We propose that firms disclose the same information that they report to us in the proposed reporting requirements set out above except in percentages rather than whole numbers (paragraphs 5.40-5.43). In line with our reporting requirements, we propose that disclosure on certain demographic characteristics is voluntary. Additional exceptions to the format of these disclosures are outlined below.

40 What to disclose Levels for disclosure Sex or* Gender 1. Board 2. Senior leadership 3. All employees Ethnicity We propose that firms only have to disclose either sex or gender in order to remain consistent with the Listing Rule and reduce any additional burden. Age 1. Board + Senior leadership [as a combined category] 2. All employees Disability or long-term health condition/s Religion Sexual orientation Gender identity* Socio-economic background** Parental responsibilities (child or children under 18)** Carer responsibilities (health conditions/old age)** **In line with our reporting requirements, disclosure of these demographic characteristics is voluntary. Inclusion metrics (see paragraphs 5.62-5.65)

1. Board
2. Senior leadership
3. All employees Targets When each target was set, when the firm is aiming to meet the target, and firm’s current level of representation.
4. Board
5. Senior leadership
6. All employees • Any other sub-sets of employees Addressing concerns around privacy and identifiability 5.83 Our research indicates that employee declaration rates and data availability are better for sex, gender and ethnicity, which is why we propose more granular disclosures for these categories. However, we have built safeguards into our proposals to address concerns around identifiability. If publishing the information as outlined in the table above might lead to the disclosure of information about an individual, firms should combine the levels as shown here:

41 Sex or gender Ethnicity All other demographic characteristics If disclosure on these categories would lead to identifiability (1) Board (2) Senior leadership (3) All employees (1) Combined category of board and senior leadership (2) All employees Combine all levels to disclose on 'All employees' only 5.84 Firms are not required to make disclosures that breach any laws applicable in the UK or the laws of another jurisdiction, including the UK GDPR. It is up to firms to make an assessment based on their specific circumstances. Frequency, timing and transitional provisions 5.85 Firms would make disclosures on an annual basis. Firms have the option to choose the reference date for the data in their disclosures. Disclosures should be made 1) at the same time firms publish annual reports and accounts, or 2) for firms that do not publish annual reports and accounts, within 6 months of the end of their financial year. 5.86 We propose that our rules on disclosure come into force 12 months after we publish final rules. In the first year of our rules being in force, firms can make their disclosures on a voluntary basis. From the following year onwards, disclosures are mandatory for firms in scope. Q14: To what extent do you agree with our proposals on disclosure? Q15: To what extent do you agree that disclosure should be mandatory for some demographic characteristics and voluntary for others? Q16: Do you think disclosure should instead be mandatory for all demographic characteristics?

42 Risk and governance DP concepts and feedback 5.87 In our DP, we discussed how the internal audit function can help drive progress on D&I, with some auditors already broadening their scope to consider non-financial risks such as those arising from poor working culture. Most respondents agreed auditors can play an important role by ensuring a firm acts in line with its commitments and appropriately embeds D&I policies and targets. Some proposed a stronger role for the regulators, such as mandating standalone D&I audits or integrating reviews into our supervisory frameworks. 5.88 Several respondents flagged that a D&I audit will be more effective if firms have already identified D&I as a risk and incorporated it into their wider control functions. Some expressed concern about the difficulty of prioritising D&I within the work of auditors, and whether this would be overly burdensome for smaller firms. Our proposals 5.89 We propose to introduce new guidance for large firms to make clear that matters relating to D&I are to be considered as a non-financial risk and treated appropriately within the firm’s governance structures. 5.90 In our DP, we focused discussion on the role of the audit function. Following our review of DP responses and engagement with external stakeholders, we have widened our proposals. We want firms to consider how a range of relevant functions can contribute to progress on D&I. Risk functions, for example, should consider potential risks stemming from a lack of D&I such as increased groupthink and poor decision making, which can affect outcomes for consumers and markets. 5.91 We want to give firms significant flexibility to implement this proposal in a way that is aligned with their internal governance structures. This means we are not proposing to prescribe how firms consider these risks. 5.92 Risk functions, as well as Internal Audit, can play an important role in managing risk. But it is essential that D&I is not seen as a ‘tick box’ compliance issue. Support functions, including HR and – where they exist – Corporate Responsibility (CR) and conduct specialists, can also help firms embed D&I practices, monitor progress against targets and identify areas for targeted interventions. They can also help boards to ensure a higher degree of scrutiny, with senior management held accountable for delivering on D&I. Q17: To what extent do you agree that a lack of D&I should be treated as a non-financial risk and addressed accordingly through a firm’s governance structures?

43 Chapter 6 Other interventions considered 6.1 In our DP, we discussed additional interventions which we are not consulting on at this time. We based the decision not to bring forward proposals in these areas on DP feedback, the relative balance of costs and benefits and our view that our objectives can be met more effectively by firms taking independent action or through other regulatory interventions. 6.2 However, we encourage firms to consider how the DP feedback below and our responses can help inform their approaches to advancing D&I. Individual Accountability, Representative Boards, SMF Approval and Talent Pipelines DP concepts and feedback 6.3 We discussed whether making senior managers individually accountable could drive a focus on D&I from the top, including through Statements of Responsibilities (SoR) and the PRA’s Prescribed Responsibility (PR) for Culture. 6.4 We discussed our existing requirement for certain firms to address diversity at senior levels (SYSC 4.3A) and the role of Nominations Committees in setting gender targets. We explored ways of enhancing D&I, including through board recruitment strategies and succession planning. We asked whether we should withhold approval where a senior appointment would not contribute to senior management diversity. We also explored how efforts to recruit, develop and retain talented individuals from diverse backgrounds can positively affect D&I at all levels. 6.5 Most respondents agreed that: • the tone from the top is essential • a clear allocation of responsibilities supports greater accountability • all senior managers should take responsibility for developing and embedding a healthy culture • cultural change is difficult without support from the board 6.6 Questions were raised about whether D&I responsibility in solo-regulated firms should lie with managers holding specific senior management functions (SMFs) or be split across the SMF population. 6.7 Respondents largely supported regulatory action to promote board diversity, noting the potential to improve scrutiny and decision-making. Many also agreed that integrating D&I into succession planning enables more representative boards and supported an increased role for Nominations Committees – where they exist – to drive this forward.

44 6.8 However, the idea we might withhold SMF approval due to a lack of diversity received a significantly negative response, with concerns raised over the potential for tokenism and ‘positive discrimination’. It was also flagged that current levels of underrepresentation at senior levels can make it difficult to find suitably qualified and experienced candidates from diverse backgrounds. Many respondents were clear that firms should retain the final decision over appointments. 6.9 Our suggestions around talent pipelines were received more positively. Several respondents noted that implementing policies to recruit, develop and retain individuals from diverse backgrounds not only increases the talent pool available to firms, but can also help address shortages in appropriately experienced candidates for senior roles. Our response 6.10 We have decided not to amend our rules and guidance to require an individual within each firm to be assigned responsibility for D&I. Firms are already required to record SMF responsibilities in their SoRs, as outlined in SUP 10C.11 of the Handbook, including those that are not Prescribed Responsibilities. 6.11 D&I may also be viewed as an aspect of ‘culture’ and under PRA rules, dual-regulated firms are required to assign the PR for Culture to an SMF. Under FCA rules, overall responsibility for culture or D&I does not need to be allocated to a specific SMF. However, firms may find it helpful to do so to focus attention on D&I. Where a responsibility is shared or divided between multiple SMFs, the SoR for each SMF should make this clear (SUP 10C.11.31). 6.12 We are not taking forward our proposals on board recruitment, succession planning and talent pipelines due to high indicative costs and the need to avoid unnecessary prescription in areas where many firms already have well-established approaches. We see our proposals on firms setting targets (paragraphs 5.20 – 5.29) as a simpler and more effective way of driving progress by building on existing frameworks. We intend also to update existing Handbook requirements relating to the board and Nomination Committee to clarify our rules and give firms greater flexibility. 6.13 In response to DP feedback, we have decided against proposing new rules and guidance on SMF approval. We agree that withholding SMF approval due to a lack of diversity could drive unintended consequences. Diversity & inclusion training DP concepts and feedback 6.14 In the DP, we discussed the potential value of training for increasing employees’ understanding of D&I. However, we acknowledged that some popular forms of training had mixed evidence of success and that training focused on real business outcomes may be more effective.

45 6.15 We received mixed feedback on D&I training and its effectiveness. Some respondents supported the principle of D&I training and made suggestions about the specific types they had found effective. Others disagreed and argued D&I training was known to be counter-productive, less effective than other measures or ineffective in isolation. 6.16 Respondents made a wide range of suggestions, some specifically focused on training that could be used to understand the diverse needs of consumers. This includes engaging with consumers directly, using real-life examples and encouraging the use of research such as our Financial Lives Survey. Our response 6.17 Given the mixed evidence of benefit for some types of training, we do not propose to mandate a training requirement. However, we do expect there still to be some costs arising from the need to familiarise employees with regulatory policy changes proposed in this consultation, eg a firm’s D&I strategy. Firms may choose to provide formal training or to rely on other methods of communication, as appropriate to their circumstances. 6.18 This does not affect our existing and well-established regimes on training and competency, fitness and propriety and senior management, systems and controls. Taken together, these regimes require firms to ensure that all their staff have the skills, knowledge and expertise needed to carry out the responsibilities of their role. Products and services DP concepts and feedback 6.19 In the DP, we discussed the importance of firms focusing on consumer outcomes and putting consumers in a position where they can act and make decisions in their interests. Where firms do not adequately consider the diverse needs of their consumers, it can result in harm and poor outcomes. We discussed ways of integrating D&I into the proposals for a new Consumer Duty that had recently been consulted on at the time the DP was published. 6.20 There was a mixed response to the suggestion that product governance should consider consumers’ protected characteristics. Some respondents thought any new requirements would not be burdensome, as firms should already be doing this. Others suggested that, given the extensive obligations and requirements already in place, further regulation was either unnecessary or better taken forward as part of other relevant initiatives. 6.21 Most respondents supported integrating D&I into existing and proposed regulatory frameworks, including the Consumer Duty. Respondents suggested that firms that were more diverse and inclusive would deliver better consumer outcomes, and that there were strong linkages between the proposed Consumer Duty, D&I and ESG (Environmental, Social and Governance).

46 Our response 6.22 In response to DP feedback, we integrated D&I considerations into the Consumer Duty that came into force for open products on 31 July 2023. We do not propose to introduce any additional new products rules or guidance as part of this consultation. Firms should refer instead to the requirements of the Consumer Duty applicable to them. Remuneration DP concepts and feedback 6.23 In the DP, we discussed linking remuneration to non-financial metrics such as D&I as a way of driving accountability and incentivising progress. We noted that some firms already used this approach to determine part of the value of variable pay awards. We also discussed how Remuneration Committees could take steps to tackle adverse D&I outcomes such as pay gaps. 6.24 Many respondents supported the idea of linking variable remuneration awards to D&I metrics. Some highlighted the importance of clear regulatory guidance and appropriate timelines. 6.25 Others were neutral towards the proposals, pointing out the risks of unintended consequences. They argued that we should recognise the value of qualitative, as well as quantitative, data for capturing progress on D&I remuneration issues such as pay gaps. Some respondents expressed the view that mandating a link between variable remuneration awards and D&I metrics would drive negative practices such as tokenism. Our response 6.26 We do not propose making any changes to our remuneration rules as part of this consultation. Our CBA highlighted that introducing these changes now would drive costs for firms that could likely be reduced by including them alongside other changes to relevant elements of our Remuneration Codes at the next suitable opportunity. This would avoid the need for firms to make multiple incremental sets of changes to their policies and practices. We may consider a wider review of our remuneration regime subject to strategic priorities.

47 Annex 1 Questions in this Paper Q1: To what extent do you agree that our proposals should apply on a solo entity basis? Q2: To what extent do you agree with our proposed proportionality framework? Q3: Are there any divergences between our proposed regulatory framework and that of the PRA that would create practical challenges in implementation? Q4: To what extent do you agree with our definitions of the terms specified? Q5: To what extent do you agree with our proposals to expand the coverage of non-financial misconduct in FIT, COCON and COND? Q6: To what extent do you agree with our proposals on data reporting for firms with 250 or fewer employees, excluding Limited Scope SM&CR firms? Q7: To what extent do you agree with our proposals on D&I strategies? Q8: To what extent do you agree with our proposals on targets? Q9: To what extent do you agree with the date of first submission and reporting frequency? Q10: To what extent do you agree with the list of demographic characteristics we propose to include in our regulatory return? Q11: To what extent do you agree that reporting should be mandatory for some demographic characteristics and voluntary for others? Q12: Do you think reporting should instead be mandatory for all demographic characteristics? Q13: To what extent do you agree with the list of inclusion questions we propose to include in our regulatory return? Q14: To what extent do you agree with our proposals on disclosure?

48 Q15: To what extent do you agree that disclosure should be mandatory for some demographic characteristics and voluntary for others? Q16: Do you think disclosure should instead be mandatory for all demographic characteristics? Q17: To what extent do you agree that a lack of D&I should be treated as a non-financial risk and addressed accordingly through a firm’s governance structures? Q18: Do you have any comments on the cost benefit analysis? Note: In the online survey, all questions will be followed with a prompt stating, ‘Please provide any further detail you would like us to consider in relation to your response’.

49 Annex 2 Cost benefit analysis Introduction

1. In this consultation paper, we are consulting on a package of proposals to drive change across the financial services industry. FSMA requires us to publish a Cost Benefit Analysis (CBA) of our proposed rules. Specifically, section 138I requires us to publish a CBA of proposed rules, defined as ‘an analysis of the costs, together with an analysis of the benefits that will arise if the proposed rules are made’.
2. Our proposals are based on carefully weighing up these multiple dimensions of costs and benefits and reaching a judgement about the appropriate level of consumer protection and market integrity, considering all other foreseeable impacts. The analysis presented here sets out our estimates of the impacts of our proposals. We provide monetary values for the impacts where we have found it reasonably practicable to do so. For other impacts, we provide estimates of outcomes using other metrics and qualitative discussion. Problem and rationale for intervention Description of poor outcomes
3. A lack of D&I in the financial services industry may result in poor outcomes for consumers, the UK financial system and the UK economy.
4. Detriment to consumers may arise where a lack of D&I leaves firms unable to understand or fully meet the needs of their customers. This could mean consumers are unable to access suitable products or services either because firms fail to cater to their needs or that the most suitable products or services are not made available to certain groups. Further detriment can arise if such consumers are subsequently encouraged to engage with or have access to less suitable products or services, leading them to incur unreasonable costs.
5. A lack of suitable products or services for diverse consumer needs can imply that there is less innovation and competition in the financial services sector than we would expect in relation to the design and provision of products and services.
6. Risks to the integrity of the UK financial system arise where lack of D&I within the financial sector contributes to poor decision-making or misconduct. 
7. A lack of D&I in the financial services industry may impact negatively on the competitiveness and medium to long-term growth of the UK economy, as the UK may be a less attractive place to work and do business than it could be. A lack of D&I may indicate the talent pool for the financial services sector is smaller than it could be. 

50 8. Our intervention seeks to address these four key outcomes through enhancing D&I as described in more detail in paragraphs 2.2 – 2.17 of this CP. Drivers of poor outcomes 9. A lack of D&I within firms means there are less diverse perspectives, and behavioural biases, such as cultural and unconscious biases, can go unchallenged. 10. This can limit a firm’s ability to understand and develop products and services to meet diverse consumer needs.   11. This can also contribute to poor decision making and misconduct. A particular concern is groupthink, which refers to the process by which groups arrive at poor decisions because alternative options either haven’t occurred to group members, or because members don’t feel comfortable suggesting a contrary view. This is more likely to occur when a firm’s lack of diversity narrows the range of views that can inform decision￾making, or when firms fail to foster an inclusive work culture in which people feel comfortable speaking up and providing constructive challenge.  When decisions and processes go unchallenged, there is a heightened risk that firms misinterpret or fail to recognise important considerations. When staff do not feel able to express different views, it may also heighten the risk that misconduct such as discrimination goes unchallenged too, which can contribute to a negative culture.    12. Imperfect information on D&I levels and related risks within firms and across the industry may result in D&I and related risks not being adequately managed. 13. Large firms may have imperfect information on the level of D&I within their firm and in the financial services industry, due to the lack of data and information collected. As a result, firms may find it difficult to identify and manage D&I related risks. 14. Where firms do collect data or information and do not currently disclose this, there is asymmetric information between firms and the rest of the financial services industry and consumers. They may lack incentives to disclose diversity data, for example, due to costs of disclosure or fear of reputational damage. Firms may fear reputational damage where there is a lack of D&I within firms relative to other firms or, a firm may face a first￾mover disadvantage by attracting public scrutiny that is costly to deal with. 15. Our intervention aims to set a consistent minimum standard for D&I within the financial services industry. We expect this to enable industry to overcome barriers to improvements in D&I, such as asymmetric information, and drive industry-wide improvements in D&I, in turn addressing the poor outcomes set out above. Our proposed intervention 16. Our policy framework seeks to set a consistent minimum standard for D&I within the financial services industry. Our proposed policy framework can be found in Chapter 3 (paragraphs 3.8 to 3.11).

51 17. Our proposals for dual-regulated firms have been developed in close coordination with the PRA so are substantially the same. However, the PRA’s proposed framework has some additional requirements for dual-regulated firms that are not considered in this CBA but are set out in the PRA’s CBA. Baseline and Key Assumptions Baseline – existing regulatory framework 18. To analyse the costs and benefits of our proposed requirements we have established a baseline. 19. Our proposed new rules and guidance build on existing regulatory frameworks, applying requirements more consistently across some of the Part 4A permission firms we regulate. For example, SYSC 4.3A9R to 4.3A.11R requires common platform firms to meet requirements on board diversity. The joint European Securities and Markets Authority (ESMA) and EBA Guidelines on assessment of the suitability of members of the board and key function holders under Directive 2013/36/EU and Directive 2014/65/ EU (the Guidelines), which remain relevant to the relevant firms authorised in the UK, provide further guidance on how firms should promote diversity on their board. 20. To estimate the costs of these requirements relative to existing requirements for some firms, we sent questionnaires to firms to collect information on the additional costs of the proposed requirements in this CP in addition to their existing D&I activities. Affected Firms 21. We are consulting on a policy framework applicable to firms that hold a FSMA Part 4A permission. Based on our regulatory data, we estimate there are 45,122 of these firms at the time of writing this CP. 22. The requirements will apply differently to firms based on whether they are: • Solo- or dual-regulated • A Limited Scope SM&CR firm • A CRR or Solvency II firm • Small or large as defined by our policy framework. 23. We provide a breakdown of the 45,122 firms by these categories in Table 1. 24. As we do not hold data on the total number of employees for all firms with Part 4A permission, we estimated the number of these firms that are small and large using a sample of firms that submit total number of employees through the Retail Mediation Activity (RMA)-G (training and competence) regulatory return (c11,000 firms). 25. We apply the proportion of small and large firms in this sample to the firms in scope of these proposals (excluding Limited Scope SM&CR firms). While we do not have certainty

52 that the size distribution is the same across the two firm populations, we judge that the size distribution would be unlikely to vary based on the eligibility for submitted RMA-G regulatory return. 26. For the purposes of this CBA, we assumed that all Limited Scope firms under SM&CR are small firms due to the nature of this firm category. Table 1: Estimated number of firms with Part 4A Permission, by type and size Type of firm Small (<251 employees) Large (251+ employees) Solo-regulated Limited Scope SM&CR firms 24,585 - Non-Limited Scope SM&CR firms 18,148 1,108 Dual-regulated Non-CRR and non-Solvency II 325 183 CRR and Solvency II 494 279 Total 43,552 1,570 Grand total 45,122 Survey data 27. We surveyed firms twice on the costs of our proposals to help inform our policy development. These costs are the key evidence base for the estimated costs to firms in our CBA. 28. As our proposed framework would apply across the industry, we drew a random sample of solo- and dual-regulated firms within each sector to ensure that we received cost information from a range of firms in both of our surveys.. 29. In January 2022, we sent a questionnaire to 1,359 firms at the solo entity level (but firms could choose to respond on a group-level, covering multiple solo entities, if they wished). We asked firms to estimate the one-off implementation and ongoing costs of each of the policy proposals. We received 123 responses, a response rate of 9%. 30. To improve the robustness of our cost estimations, we sent an additional questionnaire to 2,877 firms in May 2022, including the 1,359 firms that received the previous questionnaire. This included updated potential policy proposals reflecting changes in our thinking informed by the first survey. We asked firms to estimate the one-off implementation and ongoing costs of each of the requirements. These cost estimates were the basis for estimating costs to firms for most of our proposed policy framework. 31. We received 421 responses to the additional questionnaire, a response rate of 15%. We took the following steps to clean the data:

53 • 8 duplicate responses from firms were excluded • 53 responses from firms where all responses were blank (no one-off or ongoing cost estimates were provided) were excluded • 2 responses from firms that appear to be significant outliers were excluded as their estimated total costs were significantly higher than the next highest estimates submitted by other firms and of an order of magnitude larger than average total costs for firms of the same subgroup. 32. The final sample size used to estimate costs is 358 firms, including 284 small firms and 74 large firms. This sample is comprised of a mix of solo- and dual-regulated firms from a range of sectors. 33. We assume that these cost estimates are broadly representative of the costs that firms in the same size category (small or large) would incur. However, there is uncertainty when collecting data from a small number of firms to reflect a large and diverse population of firms. There may be some unobservable characteristics of firms that affect the costs of implementation, that we cannot have sight of. For example, existing D&I activities and the level of compliance with our proposed requirements varies between firms, which affects the additional costs of meeting these requirements. We sought to mitigate against this as far as possible by having a sample of firms of different sizes, operating in a range of sectors. Costs and Benefits Summary of total costs and benefits 34. In the sections below, we have assessed the one-off implementation and ongoing annual costs arising directly from each of the requirements set out in the section on ‘our proposed intervention’ in this CBA. 35. We estimate average (mean) costs per firm for small and large firms based on the methodology described in paragraph 38. As our survey data suggests that costs scale with size and as some requirements only apply to large firms, we use estimated average cost per firm figures for small and large firms. Table 2: Total average cost to an individual firm, by firm type and size Small firms Large firms One-off costs Ongoing costs (annu-al)* One-off costs Ongoing costs (annu-al) Solo-regulated Limited Scope SM&CR firms £5,800 £3,200 N/A N/A Non-Limited Scope SM&CR firms £5,800 £3,200 £173,600 £102,500

54 Small firms Large firms One-off costs Ongoing costs (annu-al)* One-off costs Ongoing costs (annu-al) Dual-regulated Non-CRR and non-Solvency II £5,800 £3,200 £173,600 £102,500 CRR and Solvency II £29,300 £11,500 £173,600 £102,500 The additional £24 cost for an ongoing regulatory return for small solo- and dual-regulated firms, excluding Limited Scope SM&CR firms is lost in the rounding. The figures are rounded to the nearest £100. Table 3: Total costs to firms, by firm size One-off costs Ongoing costs (annual) Small firms £263m £143m Large firms £298m £175m Total costs £561m £317m *we estimate that c. 45,122 firms are in scope of the proposals. The figures are rounded to the nearest £1m and may not sum exactly to total costs due to rounding. 36. We expect the following benefits: higher standards of conduct; improved decision￾making and risk management including through more effective challenge; helping to make the UK market a more attractive place to work and do business; and products that can cater for a diverse consumer base through more innovation and competition. 37. Comparing the range of potential benefits with the estimated costs is difficult given challenges with quantifying benefits. On balance, considering the range of potential benefits of improved D&I, we expect proposals to be net beneficial. To test this, we plan to measure the success of our proposals over time using the success measures set out in this CP (paragraph 1.20). Costs How we estimated costs to firms 38. Firms provided us with estimated costs in the two surveys we conducted, upon which we based our methodology. Our policy proposals were updated after the May 2022 survey, and we adjusted our estimated costs to reflect these changes using additional evidence, which we outline below, along with how we made the appropriate cost adjustments. We consider that this was a proportionate way to capture the impact of the changes to proposals on the costs submitted by firms.

55 D&I strategies 39. Following the May 2022 survey, we reviewed the estimated costs of our proposals and decided not to proceed with proposals to require D&I training within firms. As we asked firms in the May 2022 survey to estimate costs for the combined requirements for ‘D&I Strategies and Training’, we had to estimate the proportion of these costs which are for the ‘D&I Strategies’ requirements only. 40. We held two roundtables with a total of 19 firms to understand the cost of requirements for D&I strategies alone. The firms in this sample were a mix of small and large, from across a range of sectors, to ensure we collected views from a variety of firms. The firms estimated that between 70% and 100% of cost estimates provided to us in the survey were attributable to the training component of the ‘D&I Strategies and Training’ policy proposal. 41. Taking the mid-point between 70% and 100%, we estimate that 85% of costs for ‘D&I Strategies and Training’ were attributable to the training component and 15% to the strategies component. We expect there to still be one-off costs for communicating D&I strategies to employees which we estimate using our Standard Cost Model (SCM). In early 2023, the underlying salary and firm size data were updated in our SCM. The underlying assumptions remain the same as in our CBA guidance. 42. Some small dual-regulated firms will also be required to meet requirements for D&I strategies as CRR and Solvency II firms of all sizes are in scope of D&I strategies. As we did not collect information on the costs of implementing D&I strategies to small firms in the May 2022 survey, we use the total average cost of requirements for D&I strategies to large firms in this survey. 43. Based on results from our January 2022 survey where we also collected information on the costs of implementing D&I Strategies (and Training), we conclude that these average costs could overestimate the cost as costs seem to scale with size. However, we decided it was prudent to use these average costs as they are a better reflection of the proposed policy proposals than costs submitted in our January 2022 survey. Regulatory return on employee numbers 44. We are consulting to require small and large firms, excluding Limited Scope SM&CR firms, to complete a regulatory return with the average number of employees at the firm so that we know which requirements apply to each firm (covered in Chapter 5). We assume there will be no significant one-off costs to firms as they will already have this information readily available to complete the regulatory return, and the regulatory return will be very simple and so quick to complete. 45. For large firms, this regulatory return will not represent an additional cost as they will submit the average number of employees at the firm as part of D&I data collection. We estimate the cost to small firms, excluding Limited Scope SM&CR firms, using our SCM.

56 Average cost to an individual firm 46. We present average costs to give an indication of the cost per firm. Average costs do not represent the costs we expect each firm to incur as the additional costs to firms for our requirements will vary based on their structure and existing D&I activities. 47. For example, we would expect costs to vary considerably between firms because the costs incurred from giving greater focus to a broader range of fitness and propriety considerations under our proposals on non-financial misconduct and threshold conditions would likely increase with firm size. Table 4: Average cost to an individual firm, by firm size Policy area Small firms Large firms One-off costs Ongoing costs (annual) One-off costs Ongoing costs (annual) Non-Financial Misconduct £2,600 £1,400 £24,600 £20,400 Threshold Conditions £3,200 £1,800 £7,900 £6,700 Risk & Governance N/A N/A £36,400 £17,400 D&I Strategies £23,600* £8,400* £23,600 £8,400 Setting Targets N/A N/A £18,200 £15,100 Data Disclosure N/A N/A £29,800 £15,100 Data Reporting N/A N/A £33,200 £19,500 Regulatory return N/A £24** N/A N/A *These costs only apply to small dual-regulated CRR and Solvency II firms only. **These costs only apply to small solo- and dual-regulated firms that are not Limited Scope SM&CR firms. The figures are rounded to the nearest £100. Total costs to firms Table 5: Total costs to firms, by firm size Policy area Small firms Large firms One-off costs Ongoing costs (annual) One-off costs Ongoing costs (annual) Non-Financial Misconduct £113m £60m £39m £32m Threshold Conditions £139m £78m £12m £10m Risk & Governance N/A N/A £64m £30m D&I Strategies £12m £4m £41m £15m Setting Targets N/A N/A £32m £26m Data Disclosure N/A N/A £52m £26m Data Reporting N/A N/A £58m £34m Regulatory return N/A £0.4m N/A N/A

57 Policy area Small firms Large firms One-off costs Ongoing costs (annual) One-off costs Ongoing costs (annual) Total costs £263m £143m £298m £175m The figures are rounded to the nearest £1m. The average costs by policy area may not sum to total costs in the table due to rounding. Costs to the FCA 48. We do not expect the proposals set out in this consultation will result in any significant increase in costs for the FCA. Supervision of the new regulatory requirements will form part of our existing supervisory and authorisation activities and we will allocate resources internally based on the prioritisation of arising risks. Indirect impacts 49. The compliance costs will increase firms’ operating costs. There may be additional costs for retail and wholesale consumers as they may be subject to price increases if firms pass on the cost of implementing and operating the proposed rules and guidance. 50. In principle, increased compliance costs could have indirect effects on the market more widely such as increased barriers to entry and expansion and, possibly, as a result, have an impact on innovation, competition, and choice for consumers. Based on estimated costs provided by firms, we consider that these additional costs are likely to be manageable for firms as the overall increase in costs per firm is modest and the costs are proportionate to a firm’s size. We do not expect the overall impact on innovation or prices across all sectors to be material or these proposals to act as a significant barrier to entry, and therefore we have not estimated them. We expect the benefits to innovation and competition in the market, and choice for consumers, following from improved D&I in the UK financial services sector to outweigh these impacts. Benefits 51. The causal chain below shows how our proposals will seek to set a consistent minimum standard for D&I within the financial services industry and secure an appropriate degree of protection for consumers, protect and enhance the integrity of the UK financial system and promote competition.

58 D&I Regulatory Policies: Causal chain and success measures Firms have a published D&I Strategy D&I embedded into Threshold Conditions Non-financial misconduct (NFM) embedded in Fitness & Propriety assessments and the Conduct Rules D&I treated as a non￾financial risk to be addressed within the firm’s Governance structures Firms collect and report D&I Data Firms Disclose aggregated D&I metrics Firms Set Targets for employee diversity The Consumer Duty obliges firms to consider the diverse needs of consumers Firms put in place policies and procedures to advance diversity and inclusion and act in line with these. Other stakeholders can scrutinise and compare this work and hold firms accountable. Firms take disciplinary action against staff for NFM like bullying and harassment and carefully consider these factors to prevent unsuitable staff working in financial services. Firms better understand their levels of diversity and inclusion, informing their targets and strategies. An aggregated industry report is published by the regulators, driving scrutiny and action. Ambitious, stretching, firm-set targets drive higher levels of diversity and representation across a firm’s business. Firms consider the diverse needs of their customers, monitor outcomes, and provide products and services tailored to their needs. Firms innovate and compete to serve these diverse needs. Firms address discriminatory practices which may act as a barrier to firms undertaking regulated financial services activity. Firms' relevant functions help embed D&I practices, monitor progress, identify areas for intervention, and help boards ensure a higher degree of scrutiny. Disclosures enable stakeholders (investors, interest groups, employees & customers) to scrutinise and compare firms’ actions. This drives firms to make change. OUTCOMES A healthy culture Initially, we expect clearer guidance on non-financial misconduct and discriminatory practices would lead to an increase in instances of firms reporting disciplinary actions to us. We would also seek to measure success through improved staff inclusion scores on the proposed D&I regulatory return. Reduced groupthink Improved staff inclusion scores on the proposed D&I regulatory return, including on willingness of employees to provide constructive challenge. This can also be measured via our proactive supervisory engagement. New talent unlocked Board, senior management and employee diversity increases on average across regulated firms, measured through the proposed D&I regulatory return. Greater understanding of and provision for diverse consumer needs Improved consumer feedback and improving rates of financial inclusion (as measured through our Financial Lives Survey or other sources of consumer research) can be indicative of the extent to which products and services are being better tailored to consumers’ needs. Success Measures Key Interventions Firm actions Outcomes Existing FCA policy

59 Benefits to consumers, firms and the wider economy 52. An inclusive culture and increased diversity of thought support sound decision￾making by firms through ensuring that decision-makers consider a diverse range of perspectives, thus reducing the risks associated with groupthink. Prudent decision￾making by a firm not only enhances the quality of its decision-making but also contributes to enhancing the integrity of the UK financial system. Creating an inclusive culture where employees are encouraged to speak up and challenge processes means firms may also be less likely to commit misconduct or regulatory breaches. 53. Measures to support market integrity also contribute to greater levels of trust and confidence in UK markets, thereby increasing the attractiveness of the UK as a place to invest and do business. 54. Collection of diversity data will allow firms to have a better understanding of their position and to be better placed to decide on actions and initiatives in their D&I strategy which are appropriately focused. This will further promote D&I and enhance the effects of the other proposals. 55. Making D&I and related metrics available in the public domain allows internal and external stakeholders to review, scrutinise and compare policies and progress by organisations. Clear and transparent communication related to D&I can also have a positive impact on the public perception of firms, which can lead to increased consumer and market confidence. 56. In addition, enhancing D&I could attract and retain talented individuals with a diverse range of knowledge, experiences and backgrounds through widening the talent pool for the sector. This could contribute to making the UK market a more attractive place for firms to do business. The Women in Finance Charter Five Year Review found that diversity credentials are increasingly important to both attracting and retaining staff, and employees are scrutinising employers’ delivery of their D&I promises. 57. Ensuring that there is a diverse range of perspectives in financial services could lead to more innovation when it comes to the design and provision of products and services. Encouraging firms to better understand the needs of their diverse customer base could also drive innovation resulting in a wider range of products and services that cater to the needs of consumers. Greater innovation should enhance competition in the market through a wider variety of more suitable products and services. As such, consumers will be able to benefit from access to a wider range of products and services suited to their diverse needs. 58. Quantifying the value of potential benefits associated with the proposals described above is a complex task for various reasons: • The proposals are designed to achieve a wide range of benefits, many of which are challenging to measure consistently both at the firm and industry level due to them being more intangible in nature (for example, benefits from improved inclusion such as employees being encouraged to speak up and challenge processes). Even if high-quality and reliable data was available for selected metrics, quantifying and monetising these impacts would be challenging.

60 • While metrics may be associated with some of the outcomes these policies aim to improve, current data in the financial services sector is limited on many aspects of D&I. For example, our DP highlighted that most data collected through academic and other research focuses on gender and on ethnicity to lesser extent, with little emphasis on other protected or demographic characteristics. High-quality data collection on a regular basis is key to ensuring that the benefits of these policies can be estimated using robust and sound evidence. • Further, establishing a causal link between higher levels of D&I and outcomes is one of the key methodological challenges identified in our literature review. This is in part due to the incompleteness of existing data, which limits the extent to which the effects of D&I can be isolated from the influence of other variables or characteristics on D&I outcomes. • Finally, as noted above, we expect the package of policies to work together, with each element facilitating or enhancing the effects of the others. This interaction between our policy proposals provides further challenges for disentangling the separate impacts and benefits associated with each of the policies. International competitiveness and growth 59. Promoting D&I may facilitate the medium to long-term growth and competitiveness of the UK economy by delivering the benefits set out above through the following channels: • Improvements in decision-making and a reduction in misconduct or regulatory breaches could enhance the reputation of UK financial services and support consumer and market confidence. • Unlocking talent from individuals with underrepresented characteristics could help sustainably widen the sector’s talent pool, thereby furthering the UK financial sector’s reputation as an attractive place to work and do business. • Financial services that better understand the diverse needs of consumers could drive innovation and competition, as well as supporting greater participation and financial inclusion. 60. We therefore expect these proposals will help support the competitiveness and growth of the UK financial services sector and the economy. 61. We consider that the additional regulatory costs to firms are proportionate to the expected benefits from our proposals, enabling us to raise standards while maintaining the competitiveness of the UK financial services sector. Conclusion 62. Taking all these expected benefits from promoting D&I in the round while noting difficulties in quantifying them, and balancing them against the expected costs, we expect our proposals will be net beneficial. Our plan for measuring success is set out in this CP (paragraph 1.20). Q18: Do you have any comments on the cost benefit analysis?

61 Annex 3 Compatibility statement Compliance with legal requirements

1. This Annex records the FCA’s compliance with a number of legal requirements applicable to the proposals in this consultation, including an explanation of the FCA’s reasons for concluding that our proposals in this consultation are compatible with certain requirements under the Financial Services and Markets Act 2000 (FSMA).
2. When consulting on new rules, the FCA is required by section 138I(2)(d) FSMA to include an explanation of why it believes making the proposed rules is (a) compatible with its general duty, under s. 1B(1) FSMA, so far as reasonably possible, to act in a way which is compatible with its strategic objective and advances one or more of its operational objectives, and (b) its general duty under s. 1B(5)(a) FSMA to have regard to the regulatory principles in s. 3B FSMA. The FCA is also required by s. 138K(2) FSMA to state its opinion on whether the proposed rules will have a significantly different impact on mutual societies as opposed to other authorised persons.
3. This Annex also sets out the FCA’s view of how the proposed rules are compatible with the duty on the FCA to discharge its general functions (which include rule-making) in a way which promotes effective competition in the interests of consumers (s. 1B(4)). This duty applies in so far as promoting competition is compatible with advancing the FCA’s consumer protection and/or integrity objectives.
4. In addition, this Annex explains how we have considered the recommendations made by the Treasury under s. 1JA FSMA about aspects of the economic policy of His Majesty’s Government to which we should have regard in connection with our general duties.
5. Under the Legislative and Regulatory Reform Act 2006 (LRRA) the FCA is subject to requirements to have regard to a number of high-level ‘Principles’ in the exercise of some of our regulatory functions and to have regard to a ‘Regulators’ Code’ when determining general policies and principles and giving general guidance (but not when exercising other legislative functions like making rules). This Annex sets out how we have complied with requirements under the LRRA. The FCA’s objectives and regulatory principles: Compatibility statement
6. Work on D&I in the financial services sector links to our three year-strategy, designed to improve outcomes for consumers and markets by reducing harm, and promoting competition and positive change. We consider improving D&I in financial services firms will help us advance one or more of our objectives, as set out in paragraphs 2.2 – 2.17 of this consultation paper.

62 7. In preparing the proposals set out in this consultation, the FCA has had regard to the regulatory principles required of us by s3B FSMA, as further detailed below. The need to use our resources in the most efficient and economical way 8. We consider the proposed measures in this consultation are a proportionate use of our resources. The data provided under the proposals will help support future monitoring of companies’ progress which will help us to assess compliance more efficiently and cost effectively. This may in turn inform our future policy and assist us with reviewing the rules if introduced and provide us with data we otherwise would not have and would need to collect. The principle that a burden or restriction should be proportionate to the benefits 9. We consider our proposals to be proportionate to the benefits. Our assessment of the costs and benefits of these proposals is set out in Annex 2. The desirability of sustainable growth in the economy of the UK in the medium or long term 10. We outline in paragraphs 2.14 to 2.17 how we contend our proposals will help facilitate the sustainable growth of the UK economy in the medium or long term. The general principle that consumers should take responsibility for their decisions 11. Clearer public information on the diversity of firms’ boards, senior leadership and employees will allow investors wishing to assess prospective investments against ESG considerations as well as consumers to make better informed decisions on who they do business with. The responsibilities of senior management 12. Our proposals make clear that boards will be responsible for putting in place and overseeing the effective operation of a firm’s D&I strategy. We also make clear that senior managers are accountable for progress within their areas of responsibility. This is set out in more detail in Chapter 5. The desirability of recognising differences in the nature of, and objectives of, businesses carried on by different persons including mutual societies and other kinds of business organisation 13. Our approach to proportionality is set out in Chapter 3, explaining the scope, thresholds, and examples of application.

63 The desirability in appropriate cases of each regulator publishing information relating to persons on whom requirements are imposed by or under this Act, or requiring such persons to publish information, as a means of contributing to the advancement by each regulator of its objectives. 14. We explain in Chapter 5 on our proposals relating to disclosure about our intentions for reporting requirements, and the desirability in appropriate cases of each regulator publishing information related to persons on whom requirements are imposed by or under this Act or requiring such persons to publish information as a means of contributing to the advancement of our objectives. The principle that we should exercise our functions as transparently as possible. 15. This consultation paper sets out our policy justification for these proposals, CBA and compatibility with our legal duties. The consultation is open for 12 weeks and we welcome responses from all stakeholders. We will consider all responses before deciding whether to proceed to make rules or proceed to make rules in the form proposed in this consultation. This is subject to the approval of the FCA Board. 16. In formulating these proposals, the FCA has had regard to the importance of taking action intended to minimise the extent to which it is possible for a business carried on (i) by an authorised person or a recognised investment exchange; or (ii) in contravention of the general prohibition, to be used for a purpose connected with financial crime (as required by s. 1B(5)(b) FSMA). We do not consider our proposals to be relevant in this regard. 17. We engaged with our five statutory panels during the policy development process. All five meetings were held in December 2021. Expected effect on mutual societies 18. The FCA does not expect the proposals in this paper to have a significantly different impact on mutual societies. Equality and diversity 19. The purpose of this CP is consistent with the FCA’s discharge of its Public Sector Equality Duty (PSED). Refer to paragraphs 2.29 – 2.31 for further information. Legislative and Regulatory Reform Act 2006 (LRRA) 20. We have had regard to the principles in the LRRA for the parts of the proposals that consist of general policies, principles or guidance and consider that our proposals are transparent, accountable, proportionate, and consistent. Our proposals related to transparency on diversity of boards, executive management and all employees are

64 appropriate to the information needs of investors and to promote action by issuers. For example, we think the proposed requirement for disclosure of standardised numerical data on diversity encourages comparability across firms on progress on diversity, promoting consistent standards and accountability. 21. We have had regard to the Regulators’ Code for the parts of the proposals that consist of general policies, principles or guidance. We consider that our proposals are consistent with the principles of the code, for example, by proposing a ‘comply or explain’ basis in year 1 (for the data collection), we have sought to ensure that companies can meet our proposed requirements without incurring unreasonable costs that may make them less commercially successful. By setting a 12-week consultation period, we are providing an opportunity to gain feedback from these companies and to communicate our proposals clearly. We consider that our proposals will foster market integrity and market effectiveness. Treasury recommendations about economic policy 22. This section explains how we have considered the recommendations made by the Treasury under s. 1JA FSMA about aspects of the economic policy of His Majesty’s Government to which we should have regard in connection with our general duties. 23. We consider that our proposals are consistent with the aspects of the Government’s economic policy to which the Financial Conduct Authority should have regard. In the remit letter from the Chancellor of the Exchequer to the FCA on 9 December 2022, the Chancellor affirms the FCA’s role in protecting consumers, promoting competition in financial services and protecting and enhancing the integrity of the UK financial system. The FCA has regard to this letter and the recommendations within. Supporting the government’s objective of medium to long-term economic growth in the interests of consumers and businesses 24. The proposals contained in this paper support the Government’s objective of medium to long term economic growth in the interests of consumers and businesses, as ensuring that there are a diverse range of perspectives in financial services could lead to more innovation when it comes to the design and provision of products and services. Encouraging firms to better understand the needs of their diverse customer base could also drive innovation resulting in a wider range of products and services that cater to the needs of consumers. Supporting the government’s objective to promote the international competitiveness of the UK 25. The proposals in this paper support the Government’s objective to promote the international competitiveness of the UK by enhancing market integrity and contributing to greater levels of trust and confidence in UK markets. This increases the attractiveness of the UK as a place to invest and do business, both within the UK and globally for financial services workers, which can help facilitate the medium to long-term growth and international competitiveness of the UK economy.

65 Annex 4 Draft guidance notes for completion of data item REPxxx Diversity and Inclusion

1. A sample template can be downloaded from the FCA website. Please note this is for illustrative purposes only and the online form in RegData would reflect design and user experience considerations. Introduction
2. These notes are to assist firms in completing data item REPxxx Diversity and Inclusion (the return). Dual-regulated firms are only required to make a single reporting submission to the regulators to comply with the FCA’s and the PRA’s reporting requirements. The return should be submitted via the FCA’s RegData system.
3. These notes should be read alongside the return and the following PRA and FCA rules: • SYSC 29.4 Data Reporting (FCA) • Chapter 24 of CRR Firms: Regulatory Reporting (PRA) • Chapter 9 of Solvency II Firms: Reporting (PRA) Scope
4. FSMA firms with a Part 4A permission/s (excluding all Limited Scope SM&CR firms) will need to complete Part 1. SYSC 23 Annex 1 (part 6) provides further information on which firms fall under the Limited Scope SM&CR category. This part of the return requires firms to provide the average number of employees predominantly carrying out activities from an establishment in the UK on [Editor’s note: the calendar day on which the final rules are published will be added here]. The average number of employees is calculated by taking the total number of employees as at [Editor’s note: the calendar day on which the final rules are published will be added here] in each of the three (3) most recent years and calculating the arithmetic mean of those numbers.
5. Where a firm’s average number of employees is 251 or more, it is required to complete Parts 2, 3 and 5 of the return. It may also choose to provide data on any of the questions in Part 4 on a voluntary basis. Please see Part 1 of these guidance notes below for further information.
6. Where a firm’s average number of employees is 250 or fewer, it is not required to complete any of Parts 2-5 of the return but may do so if it wishes to.
7. Limited Scope SM&CR firms are not required to report their employee numbers to us so will not see the return on their reporting schedule within RegData. However, if they wish to voluntarily report this data to us, they should contact us so the return can be added to their RegData schedule.

66 General reporting guidelines 8. Firms are expected to take a reasonable and proportionate approach to how they collect the information required in the return. In some cases, for example the responses to the questions on culture and inclusion (Part 5), firms will need to ask for information at least annually. In others, for example where information is unlikely to change over time, one￾off data collection may be sufficient. 9. Parts 1, 3, 4 and 5 of the return should be completed with whole numbers only. 10. Where a percentage is requested (in Part 2 only), this should be rounded to the nearest whole percentage. 11. The return applies on a solo entity basis, corresponding to the firm reference number (FRN). Defined terms 12. Firms should consult the definition of ‘employee’ in the FCA or PRA rules, as it covers a range of individuals who work for the firm. For example, this includes contractors and individuals seconded to the firm. The effect of these definitions is that non-executive directors will be employees for these purposes. 13. Dual-regulated firms should apply the PRA employee definition rather than the FCA employee definition. 14. Overseas firms should only report on: • activities carried on from an establishment in the UK by • employees predominantly carrying out activities from an establishment in the UK.

67 Part 1: Number of employees Question Guidance 1 Average number of employees (FCA or PRA rules) as at [Editor’s note: the calendar day on which the final rules are published will be added here] over the three most recent years Calculate an average of the number of employees in your firm predominantly carrying out activities from an establishment in the UK as at [Editor’s note: the calendar day on which the final rules are published will be added here] in each of the three (3) most recent years. Where it is not reasonably practicable for a firm to obtain the total number of employees for any given year, it may exclude that year from the arithmetic calculation. Another exception relates to newly authorised firms - SYSC 29.1.7G of the FCA Handbook provides worked examples of what firms should do. 2 Voluntary reporting After having reported their employee numbers in Part 1, Parts 2, 3 and 5 are only mandatory for firms with an average of 251 or more employees as at [Editor’s note: the calendar day on which the final rules are published will be added here]. These firms may also choose to complete any of the questions in Part 4 on a voluntary basis. Firms that fall below this threshold are only required to complete Part 1 of the return. These firms should respond ‘Yes’ if they wish to complete the remainder of the template on a voluntary basis. If ‘Yes’ is selected, you will be prompted to complete Parts 2-5. You may choose which Parts, or which questions within a Part, to complete. If ‘No’ is selected, you will be able to submit the return.

68 Part 2: Target setting and progress Question Guidance General guidance Firms are ordinarily expected to set at least one target for each of the following categories of employees: board, senior leadership, and all employees (including senior leadership and board). Firms can also choose to set targets at other specific levels within the firm (eg Vice President, Graduate, Apprentice). The board category refers to the FCA Handbook term ‘management body’, and the PRA Rulebook terms ‘management body’ (for banks) and ‘governing body’ (for insurers). This category includes both executive and non-executive members of the board. Please see the definition of ‘senior leadership’ in the Glossary Parts of the PRA Rulebook and/or FCA Handbook to understand which employees would fall into the senior leadership category. The ‘all employees’ category includes all members of the board, including non-executives, as well as any other employees of the firm, that meet the definition of ‘employee’ in the FCA Handbook and/or PRA Rulebook. Please note that it is acceptable for there to be overlap between the categories of employees. For example: • Executive Directors who are board members could be counted under all three headings. • A member of senior leadership who is not a member of the board would be counted under both ‘senior leadership’ and ‘all employees’. • An employee who is not part of the board or senior leadership would only be counted under ‘all employees’. A firm must set appropriate diversity targets to address the underrepresentation of demographic characteristics within the firm. As above, the FCA and the PRA would ordinarily expect a firm to set at least one target for each of the board, senior leadership, and all employees categories of employee. Overseas firms that do not have a board or senior leadership based in the UK are not required to set targets for these categories. The template allows firms to enter multiple targets at different levels within the firm. A firm should use its judgement in deciding which demographic characteristics to set targets for. Firms can set targets for underrepresented demographic characteristics beyond those covered by the reporting and disclosure obligations in SYSC 29.4 and SYSC 29.5 of the FCA Handbook and in Chapter 24 of the Regulatory Reporting Part, Chapter 4 of the Public Disclosure Part and Chapters 9 and 10 of the Reporting Part of the PRA Rulebook.

69 Question Guidance A firm must disclose its rationale for the targets it has chosen under question 12. A firm may also choose to set inclusion targets for different employee categories across the firm. If a firm does not set any targets for a certain role category, it should briefly explain why under question 13. 3 Grade or level(s) target applies to This row only applies under the ‘all employees’ category. While a firm may choose to set a target for ‘all employees’ in general, they could also choose to focus on a particular level of employee. The dropdowns offer some possible options of employee level (eg Vice President or Graduate). If ‘Other’ is chosen from the dropdown list, please specify which level this refers to in question 13. 4 Demographic characteristic for which target is set Where a firm has identified an underrepresented demographic characteristic and decided to set a target it should fill in this section. The dropdown menu provides a list of demographic characteristics against which firms may consider it appropriate to set targets. If a firm chooses a characteristic not on the list, it should select ‘Other’ and state what this characteristic is under question 13. A firm may decide not to set a target for a category of employee in relation to which it has identified an underrepresented demographic characteristic, eg a firm has chosen to focus efforts on entry-level employees rather than senior leadership although they have identified areas of underrepresentation at all levels across the firm. If that is the case, the firm may choose ‘Not applicable’. and provide their rationale under question 13. 5 Subcategory of demographic characteristic The dropdown offers options to describe what subcategory of demographic characteristic the target has been set for. For example, if the target set was for ‘ethnicity’, a firm could specify in this field that the target was for ‘Black or Black British’. If none of the dropdown choices match the nature of the target set, choose ‘Other’ and specify the details in question 13. 6 Target set Enter a percentage only. This should represent the percentage the firm wants to achieve in terms of representation of the demographic characteristic that they have selected under question 4. For example, if the target is to achieve 40% representation of women on the board, then in column C, the answer to question 6 would be ‘40’. 7 Year targets set Enter the year that the firm set the target outlined in question 4. Where a firm has reviewed and updated a target, it should use the date the revised target was set. 8 Year targets aimed to be achieved Enter the year the firm aims to achieve the target outlined in question 4.

70 Question Guidance 9 Firm’s current position The response to this question should reflect the firm’s current position in terms of representation of the demographic characteristic for which the target is set, as reported under question 4 as at [Editor’s note: the calendar day on which the final rules are published will be added here] for that reporting year. So, for example, if the board is composed of 30% women as at [Editor’s note: the calendar day on which the final rules are published will be added here], enter ‘30’ in this field. 10 Inclusion targets A firm may also voluntarily set targets based on the inclusion metrics that they are required to report and disclose on. The dropdown list provides some options for types of inclusion targets that could be set. These targets could be qualitative or quantitative, and firms could also set an inclusion target that is not on the list by choosing ‘Other’. If a firm chooses to report on an inclusion target that is not on the list, please provide a short explanation of the nature of the inclusion target in question 13. 11 Other diversity and inclusion targets set If after filling in questions 3-10, the firm still has additional targets to report, answer ‘Yes’ to this question. This functionality should only be used to report targets on additional demographic characteristics. Targets set for different employee categories should be reported in the pre￾provided columns. This will create a copy of questions 3-10 above. Firms can report as many targets as they wish. 12 Rationale for the targets set Firms should outline the rationale for their chosen targets. 13 Additional information Firms should use this field to include anything else they would like to explain about their targets. Text in this field should be kept brief and concise. In particular, there are three situations in which a firm would be expected to input information into this field: • If a firm has selected ‘Other’ in response to questions 3, 4, 5 or 10, they should state what demographic or inclusion target they have set. • If a firm has inserted ‘Not applicable’ in any column under question 4 they should briefly explain why they are not setting any targets for demographic characteristics. • If a firm has chosen to set an inclusion target under question 10, they should explain whether it is quantitative (eg increasing the number of employees that agree with the statement/s in part 4 of the template) or qualitative (eg by changing some firm practices, processes or policies to encourage improvements to culture and inclusion).

71 Part 3: Composition (mandatory reporting) Question Guidance General guidance This part of the template aims to collect information in respect of a firm’s composition. Responses should be submitted in whole numbers and not percentages. 25 Number of employees in each role category Please indicate the number of employees in each category of employee. For more information on how to understand the different categories, please refer to the ‘General guidance’ for Part 2 of the template, above. If the firm does not have a board (management/governing body), state N/A in the relevant field, and then enter 0 for all other inputs in that column. 26-70 Demographic characteristics Please indicate the number of employees that fall into each of the categories listed under each question. Mandatory reporting: • Age • Sex or Gender • Disability or long-term health condition/s • Ethnicity • Religion • Sexual orientation The information to be reported should be extracted from the firm’s system on [Editor’s note: the calendar day on which the final rules are published will be added here] each year. The data should reflect information reasonably available to the firm. However, please ensure that employees are given the option to ‘Prefer not to say’ or to not respond for each demographic characteristic. The number of employees that choose these options should be reported in the relevant fields of the return. Firms are required to report on either Sex or Gender in Part 3 of the return. The PRA and the FCA are not providing set definitions for each of the demographic characteristics. Firms should consider whether, and if so how, to explain the terms used in the template.

72 Part 4: Composition (voluntary reporting) Question Guidance General guidance This part of the template aims to collect additional information in respect of a firm’s composition. Any firm may choose to submit data on any of the demographic characteristics in Part 4 on a voluntary basis, regardless of whether they are above or below the employee number threshold. Responses should be submitted in whole numbers and not percentages. 71 – 98 Demographic characteristics Please indicate the number of employees that fall into each of the categories listed under each question. Voluntary reporting: • Sex or Gender • Gender identity • Socio-economic background • Parental responsibilities • Carer responsibilities The information to be reported should be extracted from the firm’s system on [Editor’s note: the calendar day on which the final rules are published will be added here] each year. The data should reflect information reasonably available to the firm. However, please ensure that employees are given the option to ‘Prefer not to say’ or to not respond for each demographic characteristic. The number of employees that choose these options should be reported in the relevant fields of the return. Firms are required to report on either Sex or Gender in Part 3 of the return. Having done so, firms may also choose to make a voluntary report on the other demographic characteristic (either Sex or Gender) that was not reported in Part 3. If reporting voluntary data on either Sex or Gender, please provide this in Part 4 of the return. The PRA and the FCA are not providing set definitions for each of the demographic characteristics. Save to the extent set out below, firms should consider whether, and if so how, to explain the explain the terms used in the template.

73 Question Guidance 85 – 90 Socio-economic background Our approach to measuring socio-economic background is based on guidance from the Social Mobility Commission (SMC) and focuses on a single question measure of socio-economic diversity. In accordance with the SMC’s approach, firms should ask their employees the occupation of their main household earner when they were aged about 14. When asking employees about their socio-economic background, firms should provide multiple choice options for answering the question, as listed in the SMC guide under the ‘Key question’ section. This will aid classification of the occupations into the categories in the template. Firms should then report on the following categories: (i) Professional background; (ii) Intermediate background; (iii) Lower socio-economic background; (iv) Other; (v) Prefer not to say; and (vi) No response. An explanation of the meanings of (i)-(iii) can be found in the SMC guide by clicking on the ‘Key question’ tab. The explanations are then found in the sections headed ‘What to ask?’ and ‘How to analyze’. The (iv) ‘Other’ category should include the following options: ‘Retired’, ‘This question does not apply to me’ and ‘I don’t know’. Part 5: Culture and inclusion Question number/topic Guidance General guidance This part of the template aims to form a picture of how employees respond to an employee survey that requests their views on particular aspects of culture and inclusion at the firm. Responses should be submitted in whole numbers and not percentages. For more information on how to understand the different categories of employee (ie board, senior leadership, and all employees), please refer to the ‘General guidance’ for Part 2 of the template, above. When collecting information for this part of the template, firms should ensure that employees cannot be individually identified. Employees should be asked to what extent they agree with each of the statements in the template. Firms should report the number of employees that answered each question with each level of agreement (ie Strongly disagree, Disagree, Neither agree nor disagree, Agree, Strongly agree), Prefer not to say and who did not respond.

74 Annex 5 Abbreviations used in this paper Abbreviation Description Board A firm’s ‘management body’ or ‘governing body’ as these terms are defined in the glossary of the PRA Rulebook and FCA Handbook. CBA Cost Benefit Analysis COCON Code of Conduct COND Threshold Conditions CP Consultation paper CR Corporate Responsibility D&I Diversity and Inclusion DEI Diversity, Equity and Inclusion DP Discussion paper EBA European Banking Authority EHRC Equality and Human Rights Commission ESG Environmental, Social and Governance ESMA European Securities and Markets Authority FinTech Financial technology FIT Fit and Proper test for Employees and Senior Personnel FSCB Financial Services Culture Board FSMA Financial Services and Markets Act FSSC Financial Services Skills Commission GDPR General Data Protection Regulation HR Human resources

75 Abbreviation Description ICO Information Commissioner's Office LRRA Legislative and Regulatory Reform Act 2006 NFM Non-Financial Misconduct PR Prescribed Responsibility (PRA) PRA Prudential Regulation Authority PS Policy statement PSED Public Sector Equality Duty SEB Socio-economic background SM&CR Senior Managers and Certification Regime SMF Senior Management Function SoR Statement of Responsibilities SRA Solicitors Regulation Authority

76 We make all responses to formal consultation available for public inspection unless the respondent requests otherwise. We will not regard a standard confidentiality statement in an email message as a request for non-disclosure. Despite this, we may be asked to disclose a confidential response under the Freedom of Information Act 2000. We may consult you if we receive such a request. Any decision we make not to disclose the response is reviewable by the Information Commissioner and the Information Rights Tribunal. All our publications are available to download from www.fca.org.uk. Request an alternative format Please complete this form if you require this content in an alternative format. Or call 020 7066 6087 Sign up for our news and publications alerts

Appendix 1 Draft Handbook text Appendix 1 Draft Handbook text

FCA 2023/XX Page 1 of 53 DIVERSITY AND INCLUSION INSTRUMENT 2023 Powers exercised A. The Financial Conduct Authority (“the FCA”) makes this instrument in the exercise of: (1) the following powers and related provisions in the Financial Services and Markets Act 2000 (“the Act”): (a) section 64A (Rules of conduct); (b) section 64C (Requirement for relevant authorised persons to notify regulator of disciplinary action); (c) section 137A (The FCA’s general rules); (d) section 137T (General supplementary powers); (e) section 138C (Evidential provisions); (f) section 138D (Actions for damages); and (g) section 139A (Power of the FCA to give guidance); and (2) the other powers and related provisions listed in Schedule 4 (Powers exercised) to the General Provisions of the FCA’s Handbook. B. The rule-making provisions listed above are specified for the purposes of section 138G(2) (Rule-making instruments) of the Act. Commencement C. This instrument comes into force on [date]. Amendments to the Handbook D. The modules of the FCA’s Handbook of rules and guidance listed in column (1) below are amended in accordance with the Annexes to this instrument listed in column (2). (1) (2) Glossary of definitions Annex A Senior Management Arrangements, Systems and Controls sourcebook (SYSC) Annex B Code of Conduct sourcebook (COCON) Annex C Threshold Conditions sourcebook (COND) Annex D Fit and Proper test for Employees and Senior Personnel sourcebook (FIT) Annex E Notes E. In the Annexes to this instrument, the notes (indicated by “Editor’s note:”) are included for the convenience of readers, but do not form part of the legislative text.

FCA 2023/XX Page 2 of 53 Citation F. This instrument may be cited as the Diversity and Inclusion Instrument 2023. By order of the Board [date]

FCA 2023/XX Page 3 of 53 Annex A Amendments to the Glossary of definitions In this Annex, underlining indicates new text and striking through indicates deleted text, unless otherwise stated. Insert the following new definitions in the appropriate alphabetical position. The text is not underlined. Amend the following definitions as shown. discriminatory practices includes discrimination against, or the harassment or victimisation of, a person or group due to their demographic characteristics, where these behaviours would be a breach of the Equality Act 2010 if they related to protected characteristics. diversity and inclusion employee number threshold a threshold of 251 or more employees, calculated in accordance with SYSC 29.1.4R to SYSC 29.1.6R. senior leadership employees constituting: (1) the executive members of the management body; (2) the executive committee, or most senior executive or managerial body below the management body (or, where there is no such committee or body, the most senior level of managers reporting to the executive members of the management body); and (3) all direct reports of the persons in (2), excluding administrative staff. data item One or more related data elements that are grouped together into a prescribed format and required to be submitted by: (1) a firm or other regulated entity under SUP 16 or, provisions referred to in SUP 16, or SYSC 29; or (2) a MIFIDPRU investment firm or a parent undertaking under MIFIDPRU 9. employee (1) (for all purposes except those in (2), (3), (4) and (4A) to (4B)(a)), an individual: …

FCA 2023/XX Page 4 of 53 (4A) … (4B) (for the purposes of SYSC 29, and subject to (4C)) the definition of employee: (a) for a PRA-authorised person, has the same meaning as in the glossary to the PRA Rulebook; and (b) in all other cases, has the meaning in (1). (4C) for the purposes of SYSC 29, the definition of employee excludes an individual who does not predominantly carry out activities from an establishment in the UK. (5) for the purposes of (1) to (4A) (4C), “employment” is to be construed accordingly. management body (1) (other than in (2) or, (3), (4) or (5)) the governing body and senior personnel who are empowered to set the person’s strategy, objectives and overall direction, and which oversee and monitor management decision-making in the following: … (4) (in relation to a non-authorised parent undertaking of an FCA investment firm) the board of directors, committee of management or other governing body of the undertaking and senior personnel who are empowered to set the undertaking’s strategy, objectives and overall direction, and which oversee and monitor management decision-making in the undertaking. (5) (for the purposes of SYSC 29): (a) for a PRA-authorised person, means the ‘management body’ or ‘governing body’ as those terms are defined in the glossary to the PRA Rulebook; and (b) for all other firms, has the same meaning as in (4).

FCA 2023/XX Page 5 of 53 Annex B Amendments to the Senior Management Arrangements, Systems and Controls sourcebook (SYSC) In this Annex, underlining indicates new text and striking through indicates deleted text, unless indicated otherwise. 1 Application and purpose 1.1A Application 1.1A.1 G The application of this sourcebook is summarised at a high level in the following table. The detailed application is cut back in SYSC 1 Annex 1 and in the text of each chapter. Type of firm Applicable chapters Insurer, UK ISPV Chapters 2, 3, 12 to 18, 19F.2, 21, 22, 23, 24, 25, 26, 27, 28, 28A, 29 Managing agent Chapters 2, 3, 11, 12, 15A, 18, 19F.2, 21, 22, 23, 24, 25, 26, 27, 28, 28A, 29 Society Chapters 2, 3, 12, 15A, 18, 19F.2, 21, 22, 23, 24, 25, 26, 27, 28, 28A, 29 Any other SMCR firm Chapters 4 to 12, 15A, 18, 19D, 19F, 19G, 21, 22, 23, 24, 25, 26, 27, 28, 28A, 29 Every other firm Chapters 4 to 12, 15A, 18, 19D, 19F, 19G, 21, 22, 28, 28A, 29 … 1.1A.1A G The application of this sourcebook to specific firms that are not PRA￾authorised persons is summarised at a high level in the following table. The detailed application is cut back in SYSC 1 Annex 1 and in the text of each chapter. Type of firm Applicable chapters Full-scope UK AIFM Chapters 4 to 10, 12, 18, 19B, 19F.2, 21, 22, 23, 24, 25, 26, 27, 28, 28A, 29 MIFIDPRU investment firm (including an overseas firm that Chapters 4 to 10, 12, 18, 19F, 19G, 21, 22, 23, 24, 25, 26, 27, 28, 28A, 29

FCA 2023/XX Page 6 of 53 would have been a MIFIDPRU investment firm if it had been a UK domestic firm, except that SYSC 19G does not apply to such a firm) … 1.1A.2 G … (3) For Solvency II firms, the FCA considers that the requirements and guidance in Chapters 2, 3, 12 to 18, 19F.2, 21, 22 and, 28 and 29 of SYSC are not inconsistent with: … … … 1.4 Application of SYSC 11 to 28A SYSC 29 What? … 1.4.1-A G The application of each of the chapters SYSC 19F.2, SYSC 22 to SYSC 28A SYSC 29 is set out in those chapters. … Actions for damages 1.4.2 R A contravention of a rule in SYSC 11 to SYSC 14, SYSC 18 to SYSC 21, SYSC 22.8.1R, SYSC 22.9.1R or SYSC 23 to SYSC 28A SYSC 29 does not give rise to a right of action by a private person under section 138D of the Act (and each of those rules is specified under section 138D(3) of the Act as a provision giving rise to no such right of action). … 4 General organisational requirements … 4.3A Management body and nomination committee …

FCA 2023/XX Page 7 of 53 Nomination Committee … 4.3A.9 R A common platform firm that has a nomination committee must ensure that the nomination committee: (1) engages a broad set of qualities and competences when recruiting members to the management body and for that purpose puts in place a policy strategy promoting diversity on and inclusion in the management body; … (4) decides on a target recommends targets for the representation of the underrepresented gender demographic characteristics in the management body and prepares a policy strategy on how to increase the number of the underrepresented gender in the management body in order to meet that target meet those targets; … 4.3A.9A R A firm that has a nomination committee must ensure that the nomination committee meets the requirements of SYSC 4.3A.9R in a manner consistent with the requirements of SYSC 29. 4.3A.10 R A common platform firm that does not have a nomination committee must engage a broad set of qualities and competences when recruiting members to the management body. For that purpose a common platform firm that does not have a nomination committee must put in place a policy promoting diversity on the management body. … … 22 Regulatory references … 22.6 Giving and updating references: additional rules and guidance … Updating references fairly 22.6.5 G … Non-financial misconduct 22.6.6 G (1) In deciding what information to include in a reference, a firm should bear in mind that it is not just the direct dealings by the subject of

FCA 2023/XX Page 8 of 53 the reference with customers, counterparties, their assets or the markets that are potentially relevant. (2) For example, as explained in SYSC 22.6.3G, the firm may be required to include information about disciplinary action taken for misconduct. This includes misconduct in relation to other members of the firm’s workforce. See COCON 1.3 (Scope of COCON and non-financial misconduct) and the parts of COCON 4.1 referred to in COCON 1.3 for more about COCON and such misconduct. (3) The firm may also need to disclose misconduct in relation to members of its workforce under SYSC 22.2.2R(2) (Obligation to give references) and Question G in the template in SYSC 22 Annex 1 (Template for regulatory references given by SMCR firms and disclosure requirements). (4) Misconduct in relation to someone outside the work context may also need to be disclosed under the rules referred to in (3). For example, it may be relevant to the fitness and propriety of someone to whom FIT will apply, as explained in FIT 1.3.6G to FIT 1.3.17G. After SYSC 28A (Regulated funeral plan activities: good repute requirements) insert the following new chapter SYSC 29. The text is not underlined. 29 Diversity and inclusion 29.1 Application, and purpose and aims Application 29.1.1 R (1) Subject to (2) to (4) below, this chapter applies to a firm that: (a) has a Part 4A permission; and (b) is at or above the diversity and inclusion employee number threshold. (2) Notwithstanding the effect of SYSC 29.1.1R(1)(b), the requirements in SYSC 29.2 (Diversity and inclusion strategy) apply to a PRA-authorised person that is below the diversity and inclusion employee number threshold but is a firm to which either of the following sectors of the PRA Rulebook applies: (a) the ‘CRR: Capital Requirement Regulation Firms’ sector of the PRA Rulebook; or (b) the ‘Solvency II Firms’ sector of the PRA Rulebook. (3) Notwithstanding the effect of SYSC 29.1.1R(1)(b), the requirements in SYSC 29.4.2R (employee number reporting) apply

FCA 2023/XX Page 9 of 53 to a firm irrespective of whether it is below the diversity and inclusion employee number threshold. (4) Nothing in this chapter applies to a limited scope SMCR firm. Application to an overseas firm 29.1.2 R The requirements in this chapter apply to an overseas firm only in relation to its activities carried on from an establishment in the UK. Calculation of the diversity and inclusion employee number 29.1.3 G The diversity and inclusion employee number threshold is 251 or more employees calculated in accordance with SYSC 29.1.4R to SYSC 29.1.6R. SYSC 29.1.4R explains the process by which a firm must calculate its average number of employees for these purposes. SYSC 29.1.5R explains how the average is calculated where there is missing data. SYSC 29.1.6R explains the position for a newly authorised firm. 29.1.4 R A firm must calculate its average number of employees for the purpose of the diversity and inclusion employee number threshold by: (1) taking the total number of employees as at [Editor’s note: the calendar day on which the final rules are published will be added here] in each of the 3 most recent years; and (2) calculating the arithmetic mean of those numbers. 29.1.5 R Where it is not reasonably practicable for a firm to obtain the total number of employees for any given year, it may exclude that year from the calculation of the arithmetic mean in (2). 29.1.6 R In any period prior to [Editor’s note: the calendar day on which the final rules are published will be added here] in the first calendar year in which a firm is authorised, its number of employees at the date of authorisation will be the relevant number for the purpose of the diversity and inclusion employee number threshold. 29.1.7 G The effect of SYSC 29.1.5R and SYSC 29.1.6R can be illustrated by the following example. (1) Firm A is authorised on 2 January 2030. At the date of authorisation it has 255 employees. (2) By virtue of SYSC 29.1.6R, in the period between 2 January 2030 and [Editor’s note: the calendar day on which the final rules are published will be added here] 2030, Firm A’s employee number for the purpose of the diversity and inclusion employee number threshold is therefore 255.

FCA 2023/XX Page 10 of 53 (3) On [Editor’s note: the calendar day on which the final rules are published will be added here] 2030, Firm A calculates its total number of employees again. At this date it has 260 employees. (4) Because Firm A has only been in business for a year, it is only reasonably practicable to obtain the number of total employees for that 1 year. While Firm A would normally have to calculate its average number of employees based on the mean of the total employee numbers as at [Editor’s note: the calendar day on which the final rules are published will be added here] in each of the last 3 years, the effect of SYSC 29.1.5R is that Firm A uses the number at [Editor’s note: the calendar day on which the final rules are published will be added here] in 2030. Firm A’s employee number for the purpose of the diversity and inclusion employee number threshold is therefore 260. (5) On [Editor’s note: the calendar day on which the final rules are published will be added here] 2031, Firm A calculates its total number of employees again. At this date it has 270 employees. (6) Firm A now has total employee numbers as at [Editor’s note: the calendar day on which the final rules are published will be added here] in 2 of the 3 most recent years (2030: 260; 2031: 270). The effect of SYSC 29.1.5R is that Firm A calculates the arithmetic mean of these 2 numbers. This means that its average employee number for the purpose of the diversity and inclusion employee number threshold is 265. (7) On [Editor’s note: the calendar day on which the final rules are published will be added here] 2032, Firm A calculates its total number of employees again. At this date it has 295 employees. (8) Firm A now has total employee numbers as at [Editor’s note: the calendar day on which the final rules are published will be added here] in all 3 of the 3 most recent years (2030: 260; 2031: 270; 2032: 295). As Firm A now has all the data points it needs, SYSC 29.1.5R is not relevant and Firm A calculates the arithmetic mean of these 3 numbers in the normal way. This means that its average employee number for the purpose of the diversity and inclusion employee number threshold is 275. Timing of application 29.1.8 G Where a firm calculates its average number of employees in accordance with SYSC 29.1.4R and is below the diversity and inclusion employee number threshold, rules in this chapter that apply by reference to that threshold cease to apply immediately. 29.1.9 R Where a firm calculates its average number of employees in accordance with SYSC 29.1.4R and is at or above the diversity and inclusion employee number threshold (having previously been below it), it must

FCA 2023/XX Page 11 of 53 begin complying with the relevant requirements in this chapter on [Editor’s note: the calendar day on which the final rules are published will be added here] the following year, unless at that date its average number of employees is again below the diversity and inclusion employee number threshold. 29.1.10 G The effect of SYSC 29.1.9R can be illustrated by the following example. (1) On 30 June 2030, a firm calculates its average number of employees for the purpose of assessing whether it is at or above the diversity and inclusion employee number threshold. (2) To do so, it takes the total number of employees on 30 June 2028 (230 employees), 30 June 2029 (270 employees) and 30 June 2030 (265 employees), and calculates the arithmetic mean (dividing 230

• 270 + 265 by 3). (3) As the arithmetic mean (255) is above the diversity and inclusion employee number threshold, the firm prepares to comply with the rules on 30 June 2031. (4) However, by 30 June 2031, the firm’s total number of employees has fallen to 200. This takes its average number of employees (now 245) below the diversity and inclusion employee number threshold, which means that it does not have to comply with the rules in this chapter (save any that apply to the firm irrespective of the threshold). Voluntary application 29.1.11 G A firm to which SYSC 29 does not apply may wish to refer to it as guidance when considering diversity and inclusion matters. Purpose and aim 29.1.12 R (1) The rules in this chapter should be interpreted and applied by reference to the overall purpose and aim set out in (2). (2) The purpose and aim of this chapter is to require a firm to take steps to achieve a sufficiently diverse and inclusive culture in order to: (a) reduce the risks posed by groupthink and improve the firm’s decision making (particularly among senior decision makers) by: (i) promoting diversity of thought; and (ii) ensuring all staff can contribute, challenge and question the way things are done; and

FCA 2023/XX Page 12 of 53 (b) better understand the diverse needs of the firm’s customers, so as to: (i) reduce customer harm and poor outcomes; and (ii) tailor their products and services to reflect different customer needs. 29.1.13 G In complying with the rules in this chapter, a firm may take a proportionate approach, appropriate to its size and internal organisation. 29.2 Diversity and inclusion strategy 29.2.1 R A firm must establish, implement and maintain an effective diversity and inclusion strategy: (1) using a clear format and easy to understand language; and (2) that is easily accessible and free to obtain. 29.2.2 E Publishing the information required by SYSC 29.2.1R on a free to access basis on the firm’s website will tend to establish compliance with SYSC 29.2.1R(2). 29.2.3 R The content of a diversity and inclusion strategy must: (1) be based on evidence about the current levels of diversity and inclusion within the firm; (2) be developed by reference to the overall purpose and aim set out in SYSC 29.1.12R(2); and (3) include: (a) clear objectives and goals; (b) a plan for meeting and measuring progress against those objectives and goals, including in relation to the requirements in SYSC 29.3 (where they apply); (c) a summary of the arrangements in place to identify and manage any obstacles to meeting those objectives and goals; and (d) ways to ensure adequate knowledge of the diversity and inclusion strategy among staff. 29.2.4 R A firm’s management body is responsible for: (1) maintaining and overseeing the firm’s diversity and inclusion strategy;

FCA 2023/XX Page 13 of 53 (2) regularly reviewing the quality and effectiveness of the firm’s diversity and inclusion strategy; and (3) updating the firm’s diversity and inclusion strategy, where appropriate. 29.3 Targets 29.3.1 R A firm must set appropriate targets to address underrepresentation of demographic characteristics within the firm. 29.3.2 G (1) The FCA would ordinarily expect a firm to set at least 1 target for each of the following categories of employees: (a) its management body (unless the firm is an overseas firm that does not have a management body based in the UK); (b) its senior leadership (unless the firm is an overseas firm whose senior leadership is not based in the UK); and (c) all of its employees. (2) A firm should use its judgement in deciding which demographic characteristics it sets targets for. (3) The targets a firm sets to meet the requirements of SYSC 29.3.1R may relate to demographic characteristics beyond those covered by the reporting and disclosure obligations in SYSC 29.4 and SYSC 29.5. (4) As set out in SYSC 29.5.20R, a firm must disclose its rationale for the targets it has chosen. (5) In addition to the targets in SYSC 29.3.1R, firms may set inclusion targets on a voluntary basis. 29.3.3 R When designing the targets at SYSC 29.3.1R, a firm must set stretching but realistic targets, taking into account: (1) the content of the firm’s diversity and inclusion strategy required by SYSC 29.2.3; (2) available data on the existing diversity profile of the firm and the context in which it operates, facilitated by compliance with the rules in SYSC 29.4; (3) when a firm is considering the context in which it operates, it should have regard to: (a) (a) available data on the diversity profile of the UK population; and

FCA 2023/XX Page 14 of 53 (b) available data on the diversity profile of the geographical area in which the firm carries out the regulated activities for which it holds its Part 4A permission. 29.3.4 R A firm should regularly review the targets it sets, in order to ensure they remain compliant with the requirements of SYSC 29.3 and to assess whether to establish targets for other underrepresented demographic characteristics. 29.3.5 R A firm's management body is responsible for: (1) overseeing the targets set in accordance with SYSC 29.3, including monitoring progress, identifying obstacles to achieving them and agreeing plans to overcome such obstacles; (2) monitoring the diversity profile of the firm and the extent to which the firm achieves an inclusive culture; (3) taking appropriate actions for improvement of the firm’s diversity profile and inclusive culture; and (4) keeping a record of the monitoring and actions undertaken. 29.4 Reporting Application 29.4.1 G (1) As explained in SYSC 29.1.1R(3), the reporting obligation in SYSC 29.4.2R applies to a firm other than a limited scope SMCR firm irrespective of whether it meets the diversity and inclusion employee number threshold. (2) The other obligations in SYSC 29.4 apply in the way set out in SYSC 29.1.1R(1) and (2), which means they apply only where a firm is at or above the diversity and inclusion employee number threshold. Reporting requirements 29.4.2 R All firms to which this chapter applies must complete Part 1 of the data item in SYSC 29 Annex 1R (REPXXX Diversity and Inclusion). 29.4.3 R A firm to which this chapter applies and that is at or above the diversity and inclusion employee number threshold must complete the following parts of the data item in SYSC 29 Annex 1R (REPXXX Diversity and Inclusion): (1) Part 2; (2) Part 3; and

FCA 2023/XX Page 15 of 53 (3) Part 5. 29.4.4 G A firm to which this chapter applies and that is at or above the diversity and inclusion employee number threshold may complete Part 4 of the data item in SYSC 29 Annex 1R (REPXXX Diversity and Inclusion) on a voluntary basis. 29.4.5 G A firm to which this chapter applies but which is not at or above the diversity and inclusion employee number threshold may complete Parts 2 to 5 of the data item in SYSC 29 Annex 1R (REPXXX Diversity and Inclusion) on a voluntary basis. 29.4.6 R (1) The provisions of SUP 16.3 (General provisions on reporting) listed in (2) apply to reports submitted under SYSC 29.4 as if the reports had been submitted under SUP 16. (2) The provisions are: (a) SUP 16.3.6R to SUP 16.2.10G (How to submit reports); (b) SUP 16.3.11R to SUP 16.3.12G (Complete reporting); and (c) SUP 16.3.14R to SUP 16.3.16G (Failure to submit reports). 29.4.7 G Under SUP 16.3.14R (as applied to reporting under SYSC 29.4 by SYSC 29.4.6R(2)(c)), a £250 administrative fee applies where a firm does not submit a complete report (which for these purposes means a report that satisfies the requirements in SYSC 29.4.3R) by the date on which the report is due under the applicable requirements and submission procedures. SUP 16.3.14AG explains that the FCA may also take disciplinary action in appropriate cases. Application: level of application 29.4.8 G When complying with the rules in SYSC 29, a firm must report on an individual basis. Periodic reporting requirements 29.4.9 R A firm must: (1) submit the parts of data item REPXXX Diversity and Inclusion that apply to it once a year; (2) complete the parts of data item REPxxx Diversity and Inclusion that apply to it so that it reflects the position of the firm on [Editor’s note: the calendar day on which the final rules are published will be added here] in the year of submission using information reasonably available to the firm on that date;

FCA 2023/XX Page 16 of 53 (3) submit the parts of data item REPXXX Diversity and Inclusion that apply to it on or before [Editor’s note: the calendar day 3 months after the final rules are published will be added here]; (4) submit in the format specified in SYSC 29 Annex 1R; and (5) complete the parts of data item REPXXX Diversity and Inclusion that apply to it in accordance with the instructions in SYSC 29 Annex 2G. 29.4.10 G Data item REPXXX Diversity and Inclusion will be available for firms to submit between [Editor’s note: insert the calendar day on which the rules are published and the calendar day 3 months after that date] each year. Information for data item [REPXXX Diversity and Inclusion] should be extracted from firm systems on [Editor’s note: insert the calendar day on which the rules are published] each year (the reference date). The rules require that this data reflects information reasonably available to the firm on the reference date. We expect firms to take a reasonable and proportionate approach to how they collect this information. In some cases, for example, the responses to the questions on inclusion will require firms to ask for information at least annually. In others, for example, where information is unlikely to change over time, one-off data collection may be sufficient. 29.5 Disclosure Application: level of application 29.5.1 G When complying with the rules in SYSC 29.5, a firm must comply on an individual basis. Application: proportionality 29.5.2 R In complying with the rules in SYSC 29.5, a firm must provide a level of detail in its qualitative disclosures that is appropriate to its size and internal organisation, and to the nature, scope and complexity of its activities. Application: when? 29.5.3 R A firm must publicly disclose the information specified in SYSC 29.5 at least annually and either: (1) at the same time as the firm’s annual report and accounts; or (2) if the firm is not required to file an annual report and accounts, on a day that is within 6 months of the end of its financial year. 29.5.4 R (1) A firm must disclose the information as at a chosen reference date in each year, using information reasonably available to the firm on that date.

FCA 2023/XX Page 17 of 53 (2) A firm must disclose the reference date in (1) and, where this is different from the previous reference date used, disclose its explanation for the change of reference date. 29.5.5 G (1) The information to be disclosed should be extracted from the firm’s systems on the reference date it chooses. The rules require that this data reflects information reasonably available to the firm on the reference date. (2) As with the reporting obligations in SYSC 29.4, we expect firms to take a reasonable and proportionate approach to how they collect this information. (3) In some cases, for example, the responses to the questions on inclusion, firms will need to ask for information at least annually. In others, for example, where information is unlikely to change over time, one-off data collection may be sufficient. (4) In some cases, firms may be able to rely on data provided by employees prior to the entry into force of these rules. For example, firms may have collected data on age and sex for payroll or other purposes. Provided the data collected answers the questions, firms can use the same data to populate the disclosure tables in SYSC 29.5. Application: how? 29.5.6 R A firm must publish the information required by SYSC 29.5 in a manner that: (1) is easily accessible and free to obtain; (2) is clearly presented and easy to understand; (3) is consistent with the presentation used for previous disclosure periods or otherwise allows a reader of the information to make comparisons easily; and (4) highlights in a summary any significant changes to the information disclosed, when compared with previous disclosure periods. 29.5.7 E Publishing the information required by SYSC 29.5 on a free-to-access basis on the firm’s website will tend to establish compliance with SYSC 29.5.6R(1). 29.5.8 G While the FCA’s expectation is that a firm will use a website for the purpose of complying with the disclosures required by SYSC 29.5, if a firm does not maintain a website, or cannot use a website to publish some or all of the information required without breaching the law of another jurisdiction, it must still ensure that the alternative method of disclosure used complies with the overarching requirement in SYSC 29.5.6R(1).

FCA 2023/XX Page 18 of 53 29.5.9 G A firm should consider the best way to make the disclosed information easy to understand, for example, by using tables, charts or diagrams, or cross-references to other information where relevant. 29.5.10 G The tables used in SYSC 29.5 are used to make it clear what information the FCA expects firms to disclose. Firms do not have to disclose the information in this form but may choose to do so. Disclosure as a percentage 29.5.11 R A firm must disclose the responses to the questions in this chapter as a percentage of the number of individuals in each category at the firm, as at its chosen reference date. Breach of laws and aggregation 29.5.12 R A firm is not required to comply with the rules in SYSC 29.5 to the extent that compliance would breach any laws applicable to the firm in the United Kingdom or another jurisdiction, but these rules should be taken into account in determining whether a disclosure would result in such a breach. 29.5.13 R For SYSC 29.5.18R Table 2 (disclosure on sex or gender) and SYSC 29.5.18R Table 4 (disclosure on ethnicity), a firm must aggregate the information to be disclosed for the management body and senior leadership where splitting the information between those 2 categories would lead to the disclosure of information about an individual. 29.5.14 R Where a firm is required to disclose on the basis of an aggregated category of ‘management body’ and ‘senior leadership’, including as a result of SYSC 29.5.13 R, but doing so would still lead to the disclosure of information about an individual, a firm should disclose on the basis of all employees only. 29.5.15 R Where a firm relies on the options for aggregation or non-disclosure provided by SYSC 29.5.12R, SYSC 29.5.13R and SYSC 29.5.14R, the firm must disclose this fact and explain why it has relied on the relevant provision. Options to be provided to employees 29.5.16 R A firm must make it an option for an employee to respond that they ‘prefer not to say’ to any question a firm asks when collecting the data to be used for the disclosure required by this chapter. A firm must disclose the percentage of employees who chose to respond ‘prefer not to say’. 29.5.17 R A firm must make it an option for an employee to choose not to respond to any question the firm asks when collecting the data to be used for the disclosure required by this chapter. A firm must disclose the percentage of employees who chose not to respond.

FCA 2023/XX Page 19 of 53 Disclosure: firm compositions 29.5.18 R (1) Tables 1 to 6 below (Mandatory disclosures) set out the information in respect of a firm’s composition that a firm subject to this chapter must disclose. (2) Tables 7 to 10 below (Voluntary disclosures) set out the information in respect of a firm’s composition that a firm subject to this chapter may voluntarily disclose. (3) Except where definitions are provided, it will be an individual decision for a firm as to whether, and if so how, it wishes to explain the terms used in each question. Mandatory disclosures Table 1: Table for disclosure on age (1) (2) (3) Age range (in years) Percentage of management body and senior leadership Percentage of employees 16 to 24 25 to 34 35 to 44 45 to 54 55 to 64 65 and above Prefer not to say No response Note Firms should ask employees which of the options in column 1 applies to them. Age ranges are up to and inclusive of the ages given.

FCA 2023/XX Page 20 of 53 Table 2: Table for disclosure on sex or gender (1) (2) (3) (4) Sex or gender Percentage of management body Percentage in senior leadership Percentage of employees Females/women Males/men [Other categories] Prefer not to say No response Notes

1. Firms should ask employees which of the options in column 1 applies to them.
2. Firms must disclose composition data on either sex or gender.
3. Firms may rename the option ‘Other categories’ and add as many categories as necessary to reflect the range of possible approaches to data collection for disclosure on gender for the purposes of this rule. Table 3: Table for disclosure on disability or long-term health condition/s (1) (2) (3) Disability or long-term health condition/s Percentage of management body and senior leadership Percentage of employees Yes No Prefer not to say No response Note Firms should ask employees which of the options in column 1 applies to them with respect to a disability and/or long-term health condition/s.

FCA 2023/XX Page 21 of 53 Table 4: Table for disclosure on ethnicity (1) (2) (3) (4) Ethnicity Percentage of management body Percentage in senior leadership Percentage of employees White Mixed or multiple ethnic groups Asian or Asian British Black or Black British Other ethnic group Prefer not to say No response Note Firms should ask employees which of the options in column 1 applies to them. Table 5: Table for disclosure on religion (1) (2) (3) Religion Percentage of management body and senior leadership Percentage of employees No religion Christian (all denominations) Buddhist Hindu Jewish Muslim Sikh

FCA 2023/XX Page 22 of 53 Any other religion Prefer not to say No response Note Firms should ask employees which of the options in column 1 applies to them. Table 6: Table for disclosure on sexual orientation (1) (2) (3) Sexual orientation Percentage of management body and senior leadership Percentage of employees Heterosexual or straight Gay or lesbian Bisexual Other sexual orientation Prefer not to say No response Note Firms should ask employees which of the options in column 1 best describes their sexual orientation. Voluntary disclosures Table 7: Table for disclosure on gender identity (1) (2) (3) Gender identity Percentage of management body and senior leadership Percentage of employees Gender identity the same as sex registered at birth Gender identity different from sex registered at birth

FCA 2023/XX Page 23 of 53 Prefer not to say No response Note Firms should ask employees which of the options in column 1 applies to them. Table 8: Table for disclosure on socio-economic background (1) (2) (3) Socio-economic background Percentage of management body and senior leadership Percentage of employees Professional background Intermediate background Lower socio-economic background Other Prefer not to say No response

FCA 2023/XX Page 24 of 53 Notes

1. Firms should ask employees which of the options in column 1 applies to them.
2. The Social Mobility Commission has produced a guide to measuring socio-economic diversity, following consultation with academic experts, think tanks, charities and employers. The guide can be found at: socialmobilityworks.org/toolkit/financial-and-professional-measurement The approach reflected in this table is based on the Social Mobility Commission guide and focuses on a single question measure of socio-economic diversity. In accordance with the approach in the guide, firms should ask their employees the occupation of their main household earner when they were aged about 14. When asking employees about their socio￾economic backgrounds, firms should provide multiple choice options for answering the question, as listed in the Social Mobility Commission guide under the ‘Key question’ section. This will aid categorisation of the occupations into the categories in this disclosure table.
3. The ‘professional background’ category covers modern professional and traditional occupations, senior or junior managers or administrators.
4. The ‘intermediate background’ category covers clerical and intermediate occupations and small business owners.
5. The ‘lower socio-economic background’ category covers technical and craft occupations, routine, semi-routine manual and service occupations and the long-term unemployed.
6. The ‘other’ category covers the following options: ‘Retired’, ‘This question does not apply to me’ and ‘I don’t know’.
7. An explanation of the meaning of the terms used in notes 3 to 5 and examples of occupations relating to each category can be found in the Social Mobility Commission guide to measuring socio-economic diversity. Table 9: Table for disclosure on parental responsibilities (children under 18) (1) (2) (3) Parental responsibilities for a child or children under 18 Percentage of management body and senior leadership Percentage of employees Yes No Prefer not to say No response Note Firms should ask employees which of the options in column 1 applies to them with respect to parental responsibilities for a child or children under the age of 18.

FCA 2023/XX Page 25 of 53 Table 10: Table for disclosure on carer responsibilities (long-term physical or mental health condition or illness, or problems related to old age) (1) (2) (3) Carer responsibilities: health conditions/old age Percentage of management body and senior leadership Percentage of employees Yes No Prefer not to say No response Note Firms should ask employees which of the options in column 1 applies to them with respect to carer responsibilitiesfor someone that needs help or support because they have a long-term physical or mental health condition or illness, or problems related to old age (not in a paid capacity). Disclosure: culture and inclusion 29.5.19 R (1) The following tables set out the information in respect of culture and inclusion that a firm subject to this chapter must disclose. (2) When collecting the data required by SYSC 29.5.19R(1), firms should ensure that employees cannot be individually identified (anonymous collection). Table 1: Speaking up when observing inappropriate behaviour (1) (2) (3) Speaking up when observing inappropriate behaviour Percentage of management body and senior leadership Percentage of employees Strongly disagree Disagree Neither agree nor disagree Agree Strongly agree

FCA 2023/XX Page 26 of 53 Prefer not to say No response Note Firms should ask employees to choose 1 of the options in column 1 when presented with the following statement: ‘I feel safe to speak up if I observe inappropriate behaviour or misconduct’. Table 2: Challenging dominant opinions and decisions (1) (2) (3) Challenging dominant opinions and decisions Percentage of management body and senior leadership Percentage of employees Strongly disagree Disagree Neither agree nor disagree Agree Strongly agree Prefer not to say No response Note Firms should ask employees to choose 1 of the options in column 1 when presented with the following statement: ‘I feel safe to express disagreement with, or challenge, the dominant opinion or decision without fear of negative consequences’. Table 3: Valued contributions (1) (2) (3) Valued contributions Percentage of management body and senior leadership Percentage of employees Strongly disagree Disagree

FCA 2023/XX Page 27 of 53 Neither agree nor disagree Agree Strongly agree Prefer not to say No response Note Firms should ask employees to choose 1 of the options in column 1 when presented with the following statement: ‘I feel as though my contributions are valued and meaningfully considered’. Table 4: Actions or remarks based on personal characteristics (1) (2) (3) Actions or remarks based on personal characteristics Percentage of management body and senior leadership Percentage of employees Strongly disagree Disagree Neither agree nor disagree Agree Strongly agree Prefer not to say No response Note Firms should ask employees to choose 1 of the options in column 1 when presented with the following statement: ‘I have been subject to treatment (for example, actions or remarks) that has made me feel insulted or badly treated because of my personal characteristics’.

FCA 2023/XX Page 28 of 53 Table 5: Safe to admit an honest mistake (1) (2) (3) Safe to admit an honest mistake Percentage of management body and senior leadership Percentage of employees Strongly disagree Disagree Neither agree nor disagree Agree Strongly agree Prefer not to say No response Note Firms should ask employees to choose 1 of the options in column 1 when presented with the following statement: ‘I feel safe to admit an honest mistake’. Table 6: Inclusive environment (1) (2) (3) Inclusive environment Percentage of management body and senior leadership Percentage of employees Strongly disagree Disagree Neither agree nor disagree Agree Strongly agree Prefer not to say No response

FCA 2023/XX Page 29 of 53 Note Firms should ask employees to choose 1 of the options in column 1 when presented with the following statement: ‘My manager cultivates an inclusive environment at work’. Disclosure: targets 29.5.20 R Firms must disclose the following information in relation to each of the targets it has set in accordance with SYSC 29.3: (a) the demographic characteristics or inclusion metric that has been used for each target; (b) at what percentage each target has been set; (c) the year each target was originally set; (d) the year the firm is aiming to meet the target; (e) the firm’s current level of representation against each target, expressed as a percentage; and (f) the rationale for the targets the firm has chosen to set. 29.6 Risk and governance 29.6.1 R Matters relating to diversity and inclusion are to be considered as a non￾financial risk and treated accordingly by a firm’s relevant functions, including applicable operational and internal audit functions. 29.7 Interaction with other legislation 29.7.1 R (1) A firm is not required to comply with the rules in this chapter if in doing so it would breach any law applicable in the United Kingdom or another jurisdiction to which the firm is subject. (2) In line with Principle 11, a firm must notify the FCA in writing if the scenario in (1) materialises. 29.7.2 G A firm is reminded that any actions taken by the firm to comply with the rules in this chapter must also comply with the Equality Act 2010. A firm is reminded of the distinction between positive action, which can be lawful, and positive discrimination, which is unlawful. The Equality and Human Rights Commission provides some guidance on its website (https://www.equalityhumanrights.com) to explain the distinction. 29.8 Record-keeping requirements 29.8.1 R A firm must create and keep orderly records that are sufficient to enable it to comply and demonstrate compliance with the requirements of this chapter.

FCA 2023/XX Page 30 of 53 29 Annex 1R Data items for SYSC 29.4 This annex consists of a form [Editor’s note: this form is referred to throughout this instrument as ‘REPXXX Diversity and Inclusion’. In the final instrument, this reference will be amended to reflect the final title of the form.] which can be found through the following link: [Editor’s note: a link to the reporting template containing the data item for SYSC 29.4 in SYSC 29 Annex 1R will be inserted here in the final rules]. 29 Annex 2G Guidance notes on data items in SYSC 29 Annex 1R This annex consists of guidance which can be found through the following link: [Editor’s note: a link to the guidance notes on data items in SYSC 29 Annex 1R will be inserted here in the final rules] After SYSC TP 11 (MIFIDPRU Remuneration Code transitional provision), insert the following new transitional provision, SYSC TP 12. The text is not underlined. TP 12 Transitional provision for the reporting and disclosure rules in SYSC 29 Application 12.1 R SYSC TP 12 applies to a firm to which SYSC 29.4 and/or SYSC 29.5 applies. Duration of transitional 12.2 R This transitional provision applies for the first 12 months following SYSC 29 coming into force. Transitional: reporting 12.3 R During the 12-month period in which this transitional provision applies, a firm that would otherwise be required to report information in accordance with SYSC 29.4.2R and/or SYSC 29.4.3R must instead: (1) report that information, so far as it is reasonably practicable; and (2) so far as it is not reasonably practicable to report that information, notify the FCA in data item REPXXX Diversity and Inclusion of the reasons why it could not report in full and the steps it will take to ensure that it will be able to report in full when it is next required to submit data item REPXXX Diversity and Inclusion. 12.4 R The information required by SYSC TP 12.3R(1) must be reported in accordance with the remaining provisions of SYSC 29.4.

FCA 2023/XX Page 31 of 53 12.5 G The effect of SYSC TP 12.3R and SYSC TP 12.4R can be illustrated by the following example. (1) Firm A is subject to the reporting obligations in both SYSC 29.4.2R and SYSC 29.4.3R. It must therefore complete Parts 1, 2, 3 and 5 of data item REPXXX Diversity and Inclusion. (2) Were it not for the effect of SYSC TP 12.3R, Firm A would have been required by SYSC 29.4.9R(3) to submit the parts of data item REPXXX Diversity and Inclusion that apply to it on or before [Editor’s note: the calendar day 3 months after the final rules are published will be added here]. (3) However, SYSC TP 12.3R means that for this first reporting date, Firm A has to provide only the information in data item REPXXX Diversity and Inclusion, so far as it is reasonably practicable. (4) As Firm A cannot reasonably practicably provide all of the information in data item REPXXX Diversity and Inclusion, it should instead complete the sections of REPXXX Diversity and Inclusion for which it does have information. It should then notify the FCA of the reasons why it was not able to provide the other information in data item REPXXX Diversity and Inclusion and explain the steps it will take to ensure it can submit in full next time. (5) On the next occasion that Firm A must report (which would be in the period 12 to 15 months after the date on which SYSC 29 came into force), SYSC TP 12 does not apply. Firm A must therefore submit data item REPXXX Diversity and Inclusion in full. Transitional: disclosure 12.6 R During the 12-month period in which this transitional provision applies, a firm that would otherwise be required to disclose information in accordance with SYSC 29.5.18R(1) can instead choose whether or not it does so. 12.7 R Where a firm chooses to disclose information, it must do so in accordance with the provisions of SYSC 29.5. 12.8 G The effect of SYSC TP 12.6R and SYSC TP 12.7R can be illustrated by the examples in SYSC TP 12.9G and SYSC TP 12.10G. 12.9 G Example 1: (1) Firm A is subject to the disclosure obligations in SYSC 29.5. (2) Firm A publishes its annual report and accounts on 1 April. This is therefore the date on which it would ordinarily be required to disclose the information in SYSC 29.5.18R(1).

FCA 2023/XX Page 32 of 53 (3) However, for the first 12 months after SYSC 29 comes into force, SYSC TP 12.6 applies. (4) This means that on 1 April in the first 12 months after the rules come into force, Firm A has a choice as to whether or not it discloses the information that would ordinarily be required under SYSC 29.5.18R(1). (5) On the following 1 April, SYSC TP 12 no longer applies and Firm A is required to disclose in full. 12.10 G Example 2: (1) Firm B is subject to the disclosure obligations in SYSC 29.5. (2) Firm B does not publish its annual report and accounts. It can therefore choose the day on which it wishes to make its disclosures under SYSC 29.5.18R(1), provided the day it chooses is within the 6-month period after the end of its financial year. Firm B’s financial year ends on 31 December, and it chooses to make its disclosures on 7 January. (3) However, for the first 12 months after SYSC 29 comes into force, SYSC TP 12.6 applies. (4) This means that on 7 January in the first 12 months after the rules come into force, Firm B has a choice as to whether or not it discloses the information that would ordinarily be required under SYSC 29.5.18R(1). (5) On the following 7 January, SYSC TP 12 no longer applies and Firm B is required to disclose in full. Amend the following as shown: Sch 1 Record keeping requirements Sch 1.1 G The aim of the guidance in the following table is to give the reader a quick over-all overall view of the relevant record keeping requirements. It is not a complete statement of those requirements and should not be relied on as if it were. Sch 1.2 G

FCA 2023/XX Page 33 of 53 Handbook reference Subject of record Contents of record When record must be made Retention period … SYSC 28.4.2R … SYSC 29.8.1R Arrangements made to demonstrate compliance with SYSC 29. As required to demonstrate compliance. As required to demonstrate compliance. As required to demonstrate compliance. Sch 2 Notification requirements Sch 2.1 G … (3) Table Handbook reference Matters to be notified Content of the notification Trigger event … SYSC 19D.3.51R … SYSC TP 12.3R The reasons why it has not been reasonably practicable for a firm to report any of the information required by SYSC 29.4.2R and/or SYSC 29.4.3R, and the steps the firm will take to ensure that it will be able to report in full when it is next The reasons why it has not been reasonably practicable for a firm to report any of the information required by SYSC 29.4.2R and/or SYSC 29.4.3R, and the steps the firm will take to ensure that it will be able to report in full when it is next Failure to report in full.

FCA 2023/XX Page 34 of 53 required to submit data item REPXXX Diversity and Inclusion. required to submit data item REPXXX Diversity and Inclusion. SYSC 29.7.1R(2) The reasons why it believes that the scenario in SYSC 29.7.1R(1) has materilised. The reasons why it believes that the scenario in SYSC 29.7.1R(1) has materilised. Failure to comply with the rules in SYSC 29. Chapter/ Appendix Section/ Annex Paragraph Right of action under section 138D For private person? Removed? For other person? … SYSC 23 to SYSC 28A 29 No Yes, SYSC 1.4.2R No … Sch 5 Rights of action for damages … Sch 5.4 G

FCA 2023/XX Page 35 of 53 Annex C Amendments to the Code of Conduct sourcebook (COCON) In this Annex, underlining indicates new text and striking through indicates deleted text, except where otherwise specified. 1 Application and purpose 1.1 Application … To what conduct does it apply? (General) 1.1.5B R (1) The restrictions of the scope of COCON in COCON 1.1.7AR to COCON 1.1.7ER COCON 1.1.7FR (when they apply) are in addition to those in COCON 1.1.6R to COCON 1.1.7R. (2) The restrictions of the scope of COCON in COCON 1.1.7AR to COCON 1.1.7ER COCON 1.1.7FR (when they apply) are cumulative. 1.1.5C G (1) The effect of COCON 1.1.5BR(1) is that conduct that is within the scope of COCON 1.1.7AR to COCON 1.1.7ER COCON 1.1.7FR but outside the scope of COCON 1.1.6R to COCON 1.1.7R is outside the scope of COCON and vice versa. (2) The effect of COCON 1.1.5BR(2) is that conduct of a member of the conduct rules staff of a firm: (a) is outside the scope of COCON even if it is excluded by only one of the rules in COCON 1.1.7AR to COCON 1.1.7ER COCON 1.1.7FR; and (b) … To what conduct does it apply? (Limitations in the Act) … 1.1.7-A R … To what conduct does it apply? (Other limitations) 1.1.7A R (1) Where Firm A in COCON 1.1.6R to COCON 1.1.7R is an SMCR firm other than an SMCR banking firm, the application of COCON is further restricted by this rule, subject to COCON 1.1.7FR. …

FCA 2023/XX Page 36 of 53 1.1.7B R (1) Where a member (M) of the conduct rules staff of Firm A as described in COCON 1.1.6R to COCON 1.1.7R meets the condition in (c) and Firm A meets the conditions in (a) and (b), the application of COCON to the conduct of M in relation to Firm A is further restricted by this rule (subject to COCON 1.1.7FR): … … 1.1.7E R … 1.1.7F R (1) This rule applies to an SMCR firm other than an SMCR banking firm. (2) Its purpose is to extend the scope of COCON beyond the scope set out in COCON 1.1.7AR and COCON 1.1.7BR. (3) COCON applies to the conduct of a member of the conduct rules staff of a firm (Firm A) of a kind described in (4) in relation to any of the following individuals: (a) an employee of Firm A or of a member of its group; (b) an individual who performs a function of Firm A or of a member of its group; (c) an individual who provides services to Firm A or to a member of its group; (d) an employee of a person who provides services to Firm A or to a member of Firm A’s group; (e) an individual who performs a function of a person who provides services to Firm A or to a member of Firm A’s group; or (f) an individual when performing an activity that forms part of an activity of Firm A. (4) The kind of conduct to which this rule applies as referred to in (3) is conduct in relation to an individual referred to in (3) (‘B’) that: (a) has the purpose or effect of: (i) violating B’s dignity; or (ii) creating an intimidating, hostile, degrading, humiliating or offensive environment for B; (b) is offensive, intimidating or violent to B;

FCA 2023/XX Page 37 of 53 (c) is unreasonable and oppressive to B; or (d) humiliates, degrades or injures B. (5) If Firm A carries on businesses some of which involve SMCR financial activities and the others of which do not, conduct is not within the scope of this rule if it only relates to a business of Firm A that does not involve SMCR financial activities. 1.1.7G G As explained in COCON 4.1.1CG, conduct within COCON 1.1.7FR is only a breach of COCON if it is serious. … After COCON 1.2 (Investments), insert COCON 1.3. The text is all new and is not underlined. 1.3 Scope of COCON and non-financial misconduct Introduction 1.3.1 G (1) A question that is often asked about COCON is how it applies to conduct of a member of the conduct rules staff when not directly carrying on business with a customer or counterparty, such as conduct towards fellow members of the firm’s workforce (non￾financial misconduct). However, the important question is whether the conduct is within the scope of COCON. COCON 1.1 (Application) explains what the scope is. If misconduct comes within the scope of COCON it does not matter whether it is non￾financial misconduct or misconduct of another kind. (2) This section deals with the restrictions on the scope of COCON based on: (a) the activities of the firm in COCON 1.1.6R to COCON 1.1.7R; and (b) the SMCR financial activities of a firm in COCON 1.1.7AR. (3) In particular it deals with how COCON applies to misconduct in relation to fellow members of the workforce. (4) There is further material about non-financial misconduct in COCON 4.1.1AG to COCON 4.1.1IG, COCON 4.1.3AG and COCON 4.1.8- AG to COCON 4.1.8-BG. COCON does not cover private or personal life 1.3.2 G COCON 1.1.6R to COCON 1.1.7R limit the application of COCON to conduct that relates to a function carried out by a member of the conduct

FCA 2023/XX Page 38 of 53 rules staff where in turn that function relates to the carrying on of an activity by the firm. This limitation on the scope of COCON applies in relation to all firms. 1.3.3 G The effect of COCON 1.1.6R to COCON 1.1.7R is that conduct relating to the conduct rules staff member’s private or personal life is outside the scope of COCON. 1.3.4 G Relevant factors in deciding whether conduct is within the scope of COCON include whether: (1) the conduct occurred when the conduct rules staff member was present on the firm’s premises; (2) the conduct occurred when the conduct rules staff member was working on the firm’s business; (3) the conduct involved any clients or someone the person had dealt with on behalf of their firm; (4) the conduct was committed using work equipment or by involving the firm’s staff; (5) the position of the conduct rules staff member as an employee of the firm helped them to carry out the conduct; or (6) the purpose (misguided or not) of the conduct was to benefit the firm. 1.3.5 G The table in COCON 1.3.6G sets out examples of when a person’s conduct is outside the scope of COCON because it is part of their private or personal life and when it is not excluded for that reason. 1.3.6 G Table: Private or personal life and COCON Description of conduct Whether generally within the scope of COCON Misconduct by A in relation to a fellow member of the workforce while both are on their firm’s premises Yes Misconduct by A in relation to a fellow member of the workforce while A is working remotely for their firm Yes

FCA 2023/XX Page 39 of 53 Misconduct by A in relation to a family member while A is working remotely for their firm No Misconduct by A in relation to a member of the public while A is commuting to their firm’s place of business for work No Misconduct by A in relation to a fellow member of the workforce when both are travelling to a meeting in which they will represent their firm Yes Misconduct by A in relation to a client at a business meeting in which A is representing their firm Yes Misconduct by A in relation to a fellow member of the workforce at a social occasion organised by their firm Yes Misconduct by A in relation to a fellow member of the workforce at a social occasion organised by them in their personal capacity No Misconduct by A in relation to a fellow member of the workforce at a social occasion organised by a client of their firm in which they will represent their firm or where the main reason for the invitation is their working for their firm Yes Notes

1. ‘A’ refers to a member of a firm’s conduct rules staff .
2. ‘Yes’ means that generally the conduct is within COCON 1.1.6R to COCON 1.1.7R and thus within the scope of COCON unless excluded by COCON 1.1.7AR to COCON 1.1.7FR.
3. ‘No’ means that generally the conduct is outside the scope of COCON. 1.3.7 G However, conduct excluded from COCON as described in the table in COCON 1.3.6G can still be relevant to fitness and propriety, as described in FIT 1.3.6G and FIT 1.3.7G (Relevance of behaviour in private or

FCA 2023/XX Page 40 of 53 personal life) and FIT 1.3.8G to FIT 1.3.17G (Non-financial misconduct against individuals). 1.3.8 G The scope of COCON is not limited to conduct that is authorised by the firm or carried out with a view (misguided or not) that it is for the firm’s benefit. Conduct is not excluded from the scope of COCON just because the firm forbids it or it is calculated to harm the firm. Thus, for example, the following conduct is within the scope of COCON: (1) misappropriating a client’s or the firm’s assets; (2) providing false or inaccurate details about the member of the conduct rules staff’s training, qualifications, past employment record or experience; (3) misusing the assets or confidential information of a client or the firm to make a personal profit; (4) misconduct against a client even though it is a breach of the firm’s compliance requirements; (5) misconduct against a fellow member of the workforce even though it is a breach of the firm’s internal code about treatment of employees; and (6) maliciously sabotaging a firm’s information technology systems or altering or erasing its data. SMCR financial activities 1.3.9 G COCON 1.3.10G to COCON 1.3.14G deal with a conduct rules staff member for whom the scope of COCON is limited to conduct in relation to their firm’s SMCR financial activities by COCON 1.1.7AR. 1.3.10 G When COCON is restricted to SMCR financial activities, it covers more than conduct involving direct dealings with counterparties and customers (and potential ones) or their assets at the point of sale or at the time of the transaction. It can also cover matters such as the following: (1) conduct arising out of such direct dealings, such as record-keeping, valuations and reporting; (2) after-sale or post-transaction activities such as settlement, queries, dealing with the exercise of rights by the firm or the customer, complaints, cancellations, renewals and generally dealing with the customer or counterparty through the lifecycle of the product or relationship; (3) designing and operating policies and procedures relating to the conduct of the firm’s relationship with counterparties and customers, such as product or services design, policies and procedures about what services and products to sell or buy, policies

FCA 2023/XX Page 41 of 53 and procedures about product distribution, policies and procedures for the conduct of the relationship between the firm and a customer under products and services already sold or delivered and policies and procedures for the monitoring of customer outcomes for products and services already sold or delivered; and (4) management and monitoring of these activities. 1.3.11 G COCON is not restricted to the activities in COCON 1.3.10G. For example, it covers: (1) participation in meetings of the firm’s governing body and its committees and other management forums; (2) conduct in relation to internal systems, controls and operations supporting the activities in COCON 1.3.10G; (3) conduct in relation to acquisition and management of resources used to support the activities in COCON 1.3.10G; and (4) conduct in relation to systems and controls to monitor and control risks such as liquidity, operational, solvency, market and trading risks. 1.3.12 G COCON 1.1.7FR says that the restriction of the scope of COCON to conduct in relation to a firm’s SMCR financial activities under COCON 1.1.7AR does not apply to bullying and similar conduct in relation to a fellow member of the workforce. Instead COCON 1.1.7FR(5) excludes such conduct if it clearly relates to a part of the firm’s business that does not carry on regulated activities or other SMCR financial activities, as explained further in COCON 1.3.13G. 1.3.13 G (1) This paragraph gives an example of how the exclusion in COCON 1.1.7FR(5) applies to conduct of a conduct rules staff member in relation to a fellow member of the workforce when a firm has both a financial services business and a non-financial services business. (2) The example relates to human resources and is based on an example in SYSC 25.3.4G (Management responsibilities maps: Exclusion of non-financial services activities for some firms). (3) If the firm’s human resources function covers the firm’s entire workforce without separating the parts that deal with the firm’s financial services business and its other business, the activities of someone working in that function are within the scope of COCON. (4) On the other hand, the firm may separate the part of its human resources function that deals with those working in its financial services business from the part that deals with the other part of its business. In that case, the conduct of staff within the part of the

FCA 2023/XX Page 42 of 53 human resources function that covers the firm’s non-financial services business may be outside the scope of COCON. (5) In particular, if both the employee committing the misconduct and the subject of the misconduct work in the part of the human resources function that does not deal with the financial services business, the misconduct may fall outside the scope of COCON 1.1.7FR. 1.3.14 G As explained in COCON 1.3.10G and COCON 1.3.11G, COCON is not limited to dealings with customers and the markets. Therefore, misconduct by one staff member in relation to another can still be within the scope of COCON even when it is outside the scope of COCON 1.1.7FR. This will be the case if the misconduct: (1) forms part of, or is for the purpose of, their firm’s regulated activities or other SMCR financial activities; or (2) comes within COCON 1.1.7AR(2)(b). Benchmark firms 1.3.15 G COCON 1.1.7FR also applies to a pure benchmark SMCR firm to which the restrictions in COCON 1.1.7BR apply. Amend the following as shown. 4 Specific guidance on conduct rules 4.1 Specific guidance on individual conduct rules Rule 1: You must act with integrity: General 4.1.1 G … Rule 1: You must act with integrity: Misconduct in relation to fellow members of the workforce 4.1.1A G COCON 4.1.1BG to COCON 4.1.1IG deal with misconduct in relation to a fellow member of the workforce. 4.1.1B G A good working environment is one in which each employee: (1) feels respected, valued and able to give their best; and (2) is treated fairly and with dignity and respect. 4.1.1C G Conduct that is inconsistent with COCON 4.1.1BG may be a breach of rule

1. However, not every lapse from that standard will involve a breach of COCON. Only a serious departure from it is likely to be a breach.

FCA 2023/XX Page 43 of 53 4.1.1D G COCON 3.1 (General factors for assessing compliance) is the starting point for deciding whether there has been a breach of COCON. The factors that the FCA will take into account when deciding whether misconduct in relation to a fellow member of the workforce is serious enough to amount to a breach of COCON include: (1) whether the conduct is repeated or part of a pattern; (2) the duration of the conduct; (3) the size of the impact on the subject of the conduct and on those who witnessed or heard about or may hear about the conduct; (4) the likelihood of damage to the firm’s work culture and the possible size of such damage; (5) the seniority of the person whose conduct is in question; (6) the difference in seniority between the person whose conduct is in question and the subject of the conduct; (7) whether the conduct is related to a protected characteristic under the Equality Act 2010; (8) whether the person concerned has been warned or disciplined for similar conduct by the firm, a previous employer, the police or a regulator; (9) whether the person has previously undertaken not to do the act or engage in the behaviour in question; and (10) whether the conduct is criminal or would justify dismissal. 4.1.1E G COCON 4.1.1DG(4) does not mean that conduct is permissible because it occurs in a firm with a culture of bad treatment of members of its workforce. 4.1.1F G The following is a non-exhaustive list of examples of conduct by a conduct rules staff member in relation to a fellow member of the workforce that will breach rule 1 (subject to COCON 4.1.1IG): (1) intimidating or violent conduct; (2) seriously offensive, malicious or insulting conduct; (3) unwanted conduct that has the purpose or effect of violating the dignity of the fellow member of the workforce; (4) unwanted conduct that has the purpose or effect of creating an intimidating, hostile, degrading, humiliating or offensive environment for the fellow member of the workforce;

FCA 2023/XX Page 44 of 53 (5) bullying; (6) unreasonable and oppressive conduct causing serious alarm or distress to a fellow member of the workforce; (7) subjecting a fellow member of the workforce to detriment for complying with rule 3 in COCON 2.1 or rule SC4 in COCON 2.2 or for using the firm’s whistleblowing procedures; (8) abusing or misusing their power or position in a way that: (a) humiliates; (b) seriously undermines or denigrates; or (c) significantly injures; the subject of that conduct; and (9) victimisation as defined in the Equality Act 2010. 4.1.1.G G One result of COCON 4.1.1FG is that sexual harassment (that is, behaviour of a sexual nature coming within COCON 4.1.1FG(3) or COCON 4.1.1FG(4)) is a breach of COCON. 4.1.1H G An example of conduct by a manager in relation to members of the workforce whom they manage that would breach rule 1 (subject to COCON COCON 4.1.1IG) is abusing or misusing their position as a manager in a way that undermines, humiliates, denigrates or injures the subject of the misconduct. 4.1.1I G (1) Misconduct in relation to a fellow member of the workforce described in COCON 4.1.1FG and COCON 4.1.1HG may fall outside the scope of rule 1 if the conduct rules staff member: (a) thought that there was a good and proper reason for the conduct; or (b) did not intend to have a negative impact on the subject of the misconduct, did not know that they were doing so and was not reckless about the effect of their conduct. (2) A belief of the kind referred to in (1)(a) should be reasonable. An unreasonable belief that conduct is justified may itself show a lack of integrity. For example, bullying, sexual harassment or violence cannot be justified. (3) Conduct excluded from rule 1 under (1) may fall under rule 2 instead. Rule 2: You must act with due skill, care and diligence

FCA 2023/XX Page 45 of 53 … 4.1.3 G … 4.1.3A G As stated in COCON 4.1.1IG, misconduct in relation to fellow members of the workforce that is not a breach of rule 1 for the reason in that paragraph may be a breach of rule 2. Acting with due skill, etc as a manager (rule 2) … 4.1.8 G … 4.1.8-A G The following is a non-exhaustive list of examples of conduct by a manager in relation to members of the workforce whom they manage that would breach rule 2: (1) failing to take reasonable steps to protect staff against treatment of the kind described in COCON 4.1.1FG; (2) failing to take seriously or to deal effectively with complaints of behaviour of the type described in COCON 4.1.1FG; and (3) conduct described in COCON 4.1.1HG that is not a breach of rule 1 for the reason in COCON 4.1.1IG. 4.1.8-B G A firm may allocate responsibility for diversity and inclusion and fair treatment of its staff to a particular senior manager or central function. If it does, any other manager still has responsibility for developing and embedding healthy cultures in their areas of responsibility, albeit under the direction or supervision of the centralised function or the senior manager. COCON 4.1.8-AG is still relevant to that other manager. …

FCA 2023/XX Page 46 of 53 Annex D Amendments to the Threshold Conditions sourcebook (COND) In this Annex, underlining indicates new text and striking through indicates deleted text. 2 The threshold conditions … 2.5 Suitability … Paragraph 3D to Schedule 6 of the Act … 2.5.6 G Examples of the kind of particular considerations to which the FCA may have regard when assessing whether a firm will satisfy, and continue to satisfy, this threshold condition include, but are not limited to, whether: … (2) the firm has been convicted, or is connected with a person who has been convicted, of any criminal offence; this must include, where provided for by the Rehabilitation Exceptions Orders to the Rehabilitation of Offenders Act 1974 or the Rehabilitation of Offenders (Northern Ireland) Order 1978 (as applicable), any spent convictions; particular consideration will be given to offences of dishonesty, fraud, financial crime or an offence under legislation relating to companies, building societies, industrial and provident societies, credit unions, friendly societies, banking, other financial services, insolvency, consumer credit companies, insurance, consumer protection, money laundering, market manipulation and insider dealing, violence, sexual offences, and offences relating to a person’s or a group’s demographic characteristics such as racially motivated or aggravated offences, whether or not in the United Kingdom; … (8) the firm or a person connected with the firm has been dismissed from employment or a position of trust, fiduciary relationship or similar or has ever been asked to resign from employment in such a position; whether the FCA considers a resignation to be relevant will depend on the circumstances, for example if a firm or person is asked to resign in circumstance circumstances that cast doubt over its their honesty or integrity, including where this is as a result of involvement in discriminatory practices;

FCA 2023/XX Page 47 of 53 … (18A) … (a) all the persons in the firm’s management structure and any staff directly involved in regulated funeral plan activities are of good repute (see SYSC 28A.2 (Good repute)); and (19) where appropriate, the firm has appointed auditors and actuaries, who have sufficient experience in the areas of business to be conducted.; and (20) the firm or a person connected with the firm has been found by a tribunal or court to have been engaged in discriminatory practices.

FCA 2023/XX Page 48 of 53 Annex E Amendments to the Fit and Proper test for Employees and Senior Personnel sourcebook (FIT) In this Annex, underlining indicates new text and striking through indicates deleted text. 1 General … 1.3 Assessing fitness and propriety … 1.3.5 G … Relevance of behaviour in private or personal life 1.3.6 G (1) COCON is limited to conduct in the course of a firm’s activities and sometimes only a part of its activities. An assessment of fitness and propriety should not be limited in that way. (2) That means that conduct is potentially relevant to an assessment of fitness and propriety even though COCON 1.3 (Scope of COCON and non-financial misconduct) says that it is generally outside the scope of COCON because: (a) it relates to the person’s private or personal life; or (b) it does not have a sufficient connection with SMCR financial activities. (3) In particular, conduct described in the table in COCON 1.3.6G (Table: Private or personal life and COCON) as generally being outside the scope of COCON is potentially relevant to fitness and propriety. 1.3.7 G One consequence of FIT 1.3.6G is that, as explained in FIT 2.1.3G, any conviction for a criminal offence is potentially relevant to an assessment of fitness and propriety although, as explained in FIT 2.1.1AG (Honesty, integrity and reputation), a conviction does not automatically mean that the member of the staff being assessed under FIT is unfit. Non-financial misconduct against individuals 1.3.8 G (1) An assessment of the fitness and propriety of a member of the staff being assessed under FIT may take account of misconduct in their relationship with other members of the workforce and with people outside work for a number of reasons.

FCA 2023/XX Page 49 of 53 (2) FIT 1.3.9G to FIT 1.3.16G set out some of the factors relating to fitness and propriety relevant to misconduct in (1). (3) FIT 1.3.17G then explains how they apply to misconduct in (1). 1.3.9 G (1) Breaches of the requirements of the regulatory system are obviously relevant to fitness and propriety under the regulatory system and thus to FIT. This includes: (a) breach of COCON or APER; (b) (where a firm is required to try to ensure that someone in the position of the member of the staff being assessed under FIT meets a particular standard) failure to meet that standard; and (c) involvement in a breach by the firm of the requirements of the regulatory system. (2) One of the purposes of the fitness and propriety requirement is to ensure that firms themselves meet the requirements of the regulatory system. A firm can only act through its staff and so ensuring that its staff are fit and proper will help to ensure that the firm itself is a fit and proper person to be authorised and will comply with the standards of the regulatory system. Thus, conduct by a member of a firm’s staff being assessed under FIT may show that member to be unfit if: (a) it results in the firm itself being unfit; or (b) it is a factor that points towards the firm being unfit even if the member of the firm’s staff being assessed under FIT’s position in the firm is not sufficiently significant for it to mean that the firm is unfit. 1.3.10 G A requirement in FIT 1.3.9G(1)(b) might be one relating to the particular position the person holds. It may also be one covering a firm’s workforce generally or a certain section of it to which the member of the staff being assessed under FIT belongs, such as the competent employees rule. 1.3.11 G (1) Misconduct that is outside the scope of COCON but has a connection to the member of the staff being assessed under FIT’s firm may be relevant to that person’s fitness and propriety because of that connection. (2) The factors in COCON 1.3.4G (COCON does not cover private or personal life) are also relevant for the purposes of (1). 1.3.12 G (1) As explained in FIT 2 (Main assessment criteria), factors related to the member of the staff being assessed under FIT’s activities outside the regulatory system can be relevant to fitness and propriety. FIT 2.1 (Honesty, integrity and reputation) gives examples of misconduct that

FCA 2023/XX Page 50 of 53 do not involve a breach of the requirements of the regulatory system but that are still relevant to an assessment of fitness and propriety. (2) Misconduct outside the regulatory system may be an indicator that the member of the staff being assessed under FIT does not currently meet the standards of the regulatory system applicable to them and may not have the qualities and abilities needed for a person performing the role for which they are being assessed. (3) Misconduct in the person’s private or personal life may run a significant risk that the person would commit misconduct in their work activities that would breach the standards of the regulatory system. In particular, misconduct in a person’s private or personal life or other activities outside the regulatory system that, if repeated in the role for which they are being assessed, would breach the standards and requirements in FIT 1.3.9G, may show that the member of the staff being assessed under FIT is not fit and proper because of the risk it will be repeated in that role. (4) See FIT 1.3.17G(4) for an example of conduct in (3). Another example is dishonesty. Honesty is a key quality that staff being assessed under FIT should have. Thus dishonest conduct outside the regulatory system is always relevant to fitness and propriety under FIT. (5) Misconduct in a person’s private or personal life or in their working life outside the regulatory system may be relevant to their fitness and propriety even though it does not involve a breach of standards that are equivalent to those required under the regulatory system. In particular it may show that the person lacks moral soundness, rectitude and steady adherence to an ethical code. That in turn raises doubts as to whether they will follow the requirements of the regulatory system. 1.3.13 G (1) One of the key factors in deciding whether something is relevant to whether a person is fit and proper is the FCA’s statutory objectives. Conduct that is inconsistent with the FCA’s statutory objectives is likely to show that the person concerned is not fit and proper. (2) Maintaining public confidence in the financial system and financial services industry in the United Kingdom is part of the FCA’s statutory objectives. Therefore conduct of a type that can damage such public confidence is likely to mean that the person concerned is not fit and proper. 1.3.14 G (1) Misconduct may mean that a person is not fit and proper even if that misconduct does not have such great effects that it measurably prejudices the FCA’s statutory objectives by itself.

FCA 2023/XX Page 51 of 53 (2) For example, fraud is inconsistent with the FCA’s statutory objectives and is likely to mean that the person committing it is not fit and proper even if it is small-scale. 1.3.15 G (1) Misconduct in a person’s private or personal life or in their working life outside the regulatory system may be relevant to their fitness and propriety even though there is little or no risk of it being repeated in their work for their firm. This will be the case if it is disgraceful or morally reprehensible or otherwise sufficiently serious. (2) This is because their working in the role for which they are being assessed may damage public confidence in the financial system and financial services industry in the United Kingdom and consequently be inconsistent with the FCA’s statutory objectives. (3) One reason for the effect in (2) is that if the regulatory system allows persons to carry on working in those circumstances it would reflect negatively on the rigour and quality of the standards expected of those working in such positions and in turn on the quality of those who work in such positions. The regulatory standards that apply to a person working for one firm are likely to reflect on the regulatory standards applying generally. 1.3.16 G (1) In the FCA’s view, misconduct of the type in FIT 1.3.15G can mean that the person concerned is not fit and proper even if it cannot be shown that the misconduct will by itself cause direct and discernible damage to public confidence in the financial system and financial services industry in the United Kingdom or to confidence in their firm on the part of customers or those who deal with the firm. (2) As with other kinds of misconduct (see FIT 1.3.14G), it is sufficient if the misconduct is of a type that is inconsistent with the FCA’s statutory objectives. (3) In addition, the fact that a person only works for a small firm and that their misconduct does not significantly damage the confidence of the firm’s clients or those who deal with the firm or itself damage confidence in the financial services industry more generally does not prevent the reflection on the standards of the regulatory system described in FIT 1.3.15G(3). 1.3.17 G (1) This paragraph deals with misconduct in relation to a fellow member of the workforce or another individual. (2) Misconduct in relation to a fellow member of the workforce may be a breach of COCON (COCON 1.3 (Scope of COCON and non￾financial misconduct) has material about this) or APER and thus relevant to fitness and propriety as described in FIT 1.3.9G(1). (3) Misconduct in relation to:

FCA 2023/XX Page 52 of 53 (a) a fellow member of the workforce; or (b) an individual in the personal or private life of the member of the staff being assessed under FIT or in a work context outside the regulatory system; is also relevant to the fitness of the firm as described in COND 2.5.6G and so is relevant to the fitness and propriety of the member of the staff being assessed under FIT as described in FIT 1.3.9G(2). (4) Misconduct against an individual by a member of the staff being assessed under FIT in their private or personal life or in work outside the regulatory system may be relevant for the reasons in FIT 1.3.12G. For example, violence or sexual misconduct against an individual may show that there is a risk of similar misconduct in relation to: (a) customers or counterparties of their firm; or (b) people working for their firm, which, as explained in COCON 1.3 (Scope of COCON and non-financial misconduct), is a breach of the rules in COCON. (5) Misconduct against an individual by a member of the staff being assessed under FIT in their private or personal life of a kind that is inconsistent with the FCA’s statutory objectives will often come under FIT 1.3.9G to FIT 1.3.12G. However even if it does not, it may be relevant for the reasons in FIT 1.3.13G. (6) Very serious misconduct in relation to an individual (whether in relation to activities under the regulatory system or in relation to activities outside it) may be relevant for the reasons in FIT 1.3.15G. (7) Misconduct in this paragraph FIT 1.3.17G is relevant to honesty, integrity and reputation. It may also be relevant to competence and capability. 2 Main assessment criteria 2.1 Honesty, integrity and reputation … 2.1.3 G The matters referred to in FIT 2.1.1G to which the FCA will have regard, and to which a firm should also have regard, include, but are not limited to: (1) whether the person has been convicted of any criminal offence; this must include, where provided for by the Rehabilitation Exceptions Orders to the Rehabilitation of Offenders Act 1974 or the Rehabilitation of Offenders (Northern Ireland) Order 1978 (as applicable), any spent convictions; particular consideration will be given to offences of dishonesty, fraud, financial crime or an offence

FCA 2023/XX Page 53 of 53 under legislation relating to companies, building societies, industrial and provident societies, credit unions, friendly societies, banking, other financial services, insolvency, consumer credit companies, insurance, consumer protection, money laundering, market manipulation and insider dealing, violence, sexual offences and offences related to a person’s or a group’s demographic characteristics such as racially motivated or aggravated offences, whether or not in the United Kingdom; … (11) whether the person has been dismissed, or asked to resign and resigned, from employment or from a position of trust, fiduciary appointment or similar; (11A) whether the person has been asked to resign and resigned, from employment or from a position in (11); whether the FCA considers (or a firm should consider) a resignation to be relevant will depend on the circumstances – for example, if a person is asked to resign in circumstances that cast doubt over their honesty or integrity, including where this is as a result of involvement in discriminatory practices; … (13) whether, in the past, the person has been candid and truthful in all their dealings with any regulatory body and whether the person demonstrates a readiness and willingness to comply with the requirements and standards of the regulatory system and with other legal, regulatory and professional requirements and standards.; (14) whether the person has been found by a tribunal or court to have been engaged in discriminatory practices; (15) whether the person has been the subject of an upheld internal complaint related to discriminatory practices; and (16) misconduct in private or personal life or in work outside the regulatory system of the kind described in FIT 1.3.12G to FIT 1.3.17G (Non-financial misconduct), whether or not resulting in a criminal conviction.

© Financial Conduct Authority 2023 12 Endeavour Square London E20 1JN Telephone: +44 (0)20 7066 1000 Website: www.fca.org.uk All rights reserved Pub ref: 1-007753