FCA and PRA consultation on D&I in financial services: which firms are captured and how

Published Date
Nov 8, 2023
The extent to which firms are captured by the UK Financial Conduct Authority (FCA) and Prudential Regulation Authority’s (PRA) proposals to implement a new regime for diversity and inclusion (D&I) in financial services generally depends on the firm’s size, categorisation under the Senior Managers and Certification Regime (SMCR) and whether the firm is dual or solo regulated.   This post considers the scope of the proposals in more detail to help firms understand which aspects are likely to apply to them and how best to plan and prepare.   

The combined proposals of the FCA and PRA will result in a two-tier approach. “Minimum requirements” apply to all firms holding permissions granted pursuant to part 4A Financial Services and Markets Act 2000 (FSMA) (Part 4A firms), with an additional layer of requirements applicable only to larger firms. The two regulators have co-ordinated their proposals but there are some points on which they diverge. 

Minimum requirements

All Part 4A firms will need to comply with the proposals relating to non-financial misconduct. Namely, amendments to guidance relating to the FCA’s Code of Conduct, fitness and propriety standards and the suitability guidance in the Threshold Conditions, which reflect the FCA’s view that non-financial misconduct (eg bullying, sexual misconduct and discrimination) is misconduct from a regulatory perspective. The FCA’s proposals involve amendments to the substance of these rules and guidance but do not include proposals to extend the scope of them. If a firm is not currently in scope of these rules, the proposed amendments will not apply. 

All Part 4A firms, except Limited Scope SMCR firms, will also need to report their number of employees annually.  

In keeping with the FCA’s wider strategy for D&I, smaller firms are encouraged to apply additional elements of the proposals where they consider it may be beneficial to do so. Similar encouragement is directed at firms regulated other than via FSMA, for example, payment services and e-money firms, which fall outside the scope of these proposals entirely. 

Larger firms

A large firm for the purposes of the regulators’ proposals is one that employs more than 250 employees. This aligns with the approach adopted in UK company law as well as the employee data reporting requirements under the Gender Pay Gap regulations. The only exception to this definition is Limited Scope SMCR firms, who are excluded from the larger firm requirements, regardless of their size, on the basis of proportionality.  

Firms at the smaller end of this definition of larger firms could find themselves moving in and out of scope of the larger firm requirements as employee numbers fluctuate, particularly if the current economic climate persists. The FCA’s proposal is that these firms should use a three-year rolling average to work out whether they are in or out of scope. Firms who are in the first year of authorisation should refer to the number of employees as at the date of authorisation. 

The number of employees should be calculated on a solo entity basis. Dual-regulated firms should refer to the definition of “employee” in the PRA Rulebook; all other firms should rely on the definition of “employee” in the FCA Handbook.  

In addition to the proposals applicable to all Part 4A firms, larger firms will need to:

  1. Develop an evidence-based D&I strategy.
  2. Collect and report data across a range of demographic characteristics and inclusion metrics.
  3. Set targets to address underrepresentation.
  4. Demonstrate that D&I is considered as a non-financial risk and treated appropriately within the firm’s governance structure. 

CRR and Solvency II firms

Dual-regulated firms that are subject to the Capital Requirements Regulation (CRR Firms) and Solvency II firms, of any size, will need to comply with the proposals relating to D&I strategies, monitoring, individual accountability and (except for third country branches) board governance. 

Larger CRR and Solvency II firms, including third country branches, will also need to comply with the PRA proposals on regulatory reporting, targets and disclosure.

Qualifying parent undertakings of designated UK investment firms are within scope of the proposals. This includes UK-headquartered financial holding companies and mixed financial holding companies.

Dual regulated firms – dealing with divergence

There are some elements of the proposals where the two regulators adopt a slightly different approach. In these circumstances, dual-regulated firms will generally need to comply with the more onerous of the two requirements to ensure they are fully compliant. 

Respondents to the consultations are invited to highlight divergences that may create “practical challenges in implementation”, so it possible that some of these discrepancies will be softened or disappear entirely when the final rules are published. Nonetheless, the areas in which this disparity occurs are relatively few so dual-regulated firms would be wise to “plan for the worst and hope for the best” at this stage.

Firms that carry out a mixture of regulated and unregulated activities

In-line with the existing application of the regulators’ remit, the new regime will only apply to regulated business. However, this rule can be difficult to apply in practice, particularly when considering the proposals on non-financial misconduct. We expect that the circumstances in which firms conducting a mixture of regulated and unregulated activities will need to engage with the proposals relating to non-financial misconduct will be broader than might first appear from reading the consultation papers and draft guidance. 

Extra territorial scope

Employees predominantly carrying out activities from an establishment outside the UK are excluded from the calculation of employee numbers for the large firm threshold. Likewise, for overseas firms, only activities of the firm carried out from an establishment in the UK need to be considered.

With regard to the substantive rules and guidance, these follow the spirit of existing requirements. For example, the proposals relating to regulatory references apply to an overseas firm only in relation to its activities carried on from an establishment in the UK. In contrast, much of the existing SMCR regime applies to employees of UK firms even when they are conducting themselves outside of the UK; and so it follows that employees of a UK firm are still within scope of the proposals relating to non-financial misconduct when they are operating outside the UK.


The consultations close on 18 December 2023 and we expect final requirements to be published sometime next year. There will be a twelve-month implementation period with some additional flexibility expected in relation to specific aspects of the proposals. 

For some firms, significant work will be required to implement the new regime. All firms should be considering now the work that might be required to comply with the proposals, with a view to revising their planning once the final requirements have been confirmed. It seems likely that firms may need to be compliant by mid-2025. 

Content Disclaimer
This content was originally published by Allen & Overy before the A&O Shearman merger