Summary
The Financial Conduct Authority (FCA) has always linked tone from the top, treatment of staff, internal challenge, disciplinary integrity, and record keeping to fitness and propriety, market integrity, and consumer protection.
Two recent cases bring that into sharp focus.
The first is the FCA’s March 2026 Final Notice against Kasim Garipoglu, where the FCA concluded he lacked honesty and integrity and imposed a prohibition order. The notice is striking not only for its detail, but for what it says about leadership behaviour: disregard for AML and compliance obligations, repeated overruling and undermining of compliance staff, pressure to pursue commercially attractive but non-compliant courses of action, and deliberate provision of false or misleading information to regulators. The FCA’s conclusion was explicit: this was a tone-from-the-top failure that fostered a culture in which compliance was treated as an obstacle rather than part of the control environment.
The second is Crispin Odey. In March 2025, the FCA decided to fine him £1.8 million and ban him from UK financial services for lack of integrity, saying he deliberately sought to frustrate Odey Asset Management’s disciplinary processes, showed reckless disregard for governance, and lacked candour with both the firm and the regulator. That decision remains provisional because it was referred to the Upper Tribunal. It has resurfaced now because the tribunal hearing is underway in March 2026, with fresh reporting and evidence again focusing on governance failures, intimidation concerns, safeguarding measures, and how internal processes were handled when allegations involved a powerful founder.
What links the two matters is bigger than the personalities involved. Both cases underline the same supervisory message: culture is evidenced through decisions, escalations, records, and whether challenge is genuinely allowed to operate.
Why the Garipoglu case matters
The Garipoglu Final Notice is important because it is not limited to one bad decision or one regrettable communication. The FCA set out a pattern: pressure on control functions, willingness to run compliance risks for commercial gain, applause for risk-taking that sidelined regulatory obligations, and misleading documentation provided to regulators over a long period. The notice also makes clear that the FCA regarded the passage of time as insufficient mitigation where the individual continued to defend the conduct rather than meaningfully recant it.
That point matters for firms. Historical behaviour does not become irrelevant just because it is old, particularly where later conduct, explanations, or records suggest the underlying mindset has not changed. The practical takeaways for HR and Compliance teams is to really look into conduct review processes to not only asked “what happened?” but also “has this behaviour been defended internally?”, “what did leaders do when challenged?”, and “what do subsequent records show about accountability, remediation and reflection?”
The FCA also relied on documentary evidence. That included email chains and audit trail material showing both the underlying attitude to compliance and the provision of false or misleading information, including around AML training and other regulatory interactions.
In other words, record keeping was absolutely central to the investigative process.
Why the Odey case remains important
Odey is important for a different but equally significant reason. The March 2025 FCA action was not framed simply as punishment for the underlying sexual misconduct allegations themselves. The core regulatory issue, on the FCA’s account, was integrity and governance: frustrating disciplinary proceedings, using control over governance structures to interfere with internal accountability, attempting to influence or delay outcomes, and creating a situation in which the firm could not properly evidence fitness and propriety assessments.
That is why the matter remains highly relevant in 2026. The ongoing tribunal has brought the issues back into public view because it tests how far the FCA will go in treating non-financial misconduct and failures in handling it as regulatory matters, not merely employment matters. Recent coverage shows the hearing is again examining whether disciplinary processes were obstructed, whether safeguarding measures for staff were resisted, and whether power was used to avoid accountability.
For boards, HR and Compliance, the practical takeaway it to ensure governance is evidenced and mirrors the culture expected from staff at all levels. A firm can fail not only because misconduct occurred, but because leadership interfered with the firm’s ability to investigate, decide, document and act.
In context: PS25/23 and the extension of non-financial misconduct
Though they feel like ‘they could never happen at our firm’, these cases can be a beneficial starting review point at a moment when the FCA has completed its policy work on non-financial misconduct (NFM) and shifted firmly into implementation and supervision. In PS25/23, the FCA confirmed guidance in COCON and FIT and reiterated that serious work-related non-financial misconduct in non-banks will be brought into scope more clearly from 1 September 2026, aligning the treatment of banks and non-banks. The FCA also said plainly that its focus now is on how firms tackle NFM in practice.
The FCA states that tackling NFM supports consumer protection, market integrity and competition, while also supporting growth and international competitiveness by improving the sector’s reputation, access to talent, and confidence in financial services. It also links healthy cultures with psychologically safe workplaces, better challenge, better decision-making and responsible risk-taking.
That is the answer to anyone still asking whether culture should really be a board priority. The FCA has already answered it: yes, because culture affects misconduct risk, speak-up effectiveness, governance quality, talent retention, innovation and confidence in markets. PS25/23 expressly says firms should be able to make fair, consistent decisions and take decisive action when standards are breached, and it reminds firms of their duty to notify conduct rules staff and take reasonable steps to ensure they understand how the rules apply.
There is also a practical indicator in the FCA’s 2024 culture and NFM survey findings. The regulator said reported incidents increased across the three years surveyed, with bullying and harassment and discrimination among the most reported categories. That does not automatically mean culture is worsening; it can also indicate stronger detection and speak-up channels. But it does mean firms should assume the FCA expects mature data, governance and response frameworks rather than ad hoc handling.
What firms should be testing
1. Whether challenge is genuinely independent
Both enforcement matters show the danger of control functions being overruled, marginalised or procedurally bypassed. Firms should test whether Compliance, HR, Legal, Risk and whistleblowing channels can escalate concerns involving senior individuals without practical or political interference. That includes checking escalation routes beyond the immediate executive chain, access to the Chair or relevant Board committee, and documented triggers for external legal or investigatory support.
2. Whether disciplinary processes can withstand senior influence
Odey is a reminder that policy wording is not sufficient evidence of good governance if in practice it can be reconfigured and neutralised. Firms should test who can suspend, delay, re-scope or terminate an investigation; whether founders or dominant shareholders can influence process design; and whether the firm has pre-agreed protections for conflicts involving senior management or controllers.
3. Whether NFM is embedded into FIT, certifications and references
PS25/23 makes clear that NFM forms part of fitness and propriety analysis, and that conduct inside and outside work may be relevant where it indicates a material risk of breaching regulatory standards or risks damaging confidence in the system. It also confirms firms are not expected to investigate trivial or implausible allegations, nor to breach privacy law, but they do need a defensible framework for deciding when investigation is needed and when notification obligations arise.
4. Whether speak-up data is being interpreted intelligently
Low case numbers are not automatically a positive indicator. The FCA has repeatedly linked psychological safety with better culture, innovation and reduced misconduct risk. Boards should therefore examine not just volumes of cases, but reporting routes, substantiation rates, retaliation concerns, time to triage, repeat allegations, hot spots by team or manager, and whether certain groups are disproportionately affected or reluctant to report.
5. Whether the firm can evidence that it acted – record keeping
For HR and Compliance teams, good record keeping should include:
- clearly dated complaints, incident logs and escalation records
- contemporaneous notes of meetings, decisions and rationale
- preserved emails, messages and system records showing who knew what and when
- records of safeguarding measures, interim controls and why they were or were not adopted
- investigation terms of reference, scope decisions, evidence reviews and outcome letters
- documentation of conflicts management, recusals and governance adjustments
- records of FIT assessments, certification decisions, Conduct Rule analysis and regulatory notifications
- training completion records with reliable audit trail, not merely attestations
- board and committee MI showing trends, thematic issues, challenge and management response
- evidence of follow-up actions: remediation, coaching, disciplinary action, control redesign and monitoring
The Garipoglu notice is an especially good place to see how the FCA relied on documentary evidence not just to prove what happened, but to show attitude, intent, disregard for control functions, and the falsity of representations made to the regulator.
The Odey decision also describes how internal governance actions affected the firm’s ability to conduct disciplinary proceedings and even to evidence a valid fitness and propriety assessment.
So when you’re thinking about record-keeping the question is always whether records withstand scrutiny if the allegation, including if it involved the highest revenue producer, founder, or a board member.
What this means for HR and Compliance specifically
HR and Compliance should not treat NFM as a hand-off issue between employment law and regulatory compliance. The FCA is explicit that its framework does not replace employment law, but it also does not defer to it. Firms must make their own judgments under COCON and FIT.
That means HR and Compliance need a joined-up operating model. In practice, this usually requires:
- a shared triage protocol for allegations that may engage employment, conduct rule, FIT or notification issues
- clear thresholds for when Legal, the SMF holder, the Chair, or a Board committee must be involved
- a documented method for deciding whether allegations are credible, material and work-related
- a consistent approach to interim risk management, including safeguarding and reporting line changes
- a clean process for certification and regulatory reference implications
- governance that prevents powerful individuals from controlling the process concerning themselves
The FCA’s guidance also helps firms avoid overreach. It says firms are not expected to investigate trivial or implausible allegations or proactively monitor private social media. But it equally makes clear that private-life conduct can become relevant where it indicates a material risk of future regulatory breach or is so serious that it risks damaging public confidence in the system.
Board priorities
Beyond “do we have a policy” Boards should be asking:
- Could we investigate a senior leader without that person influencing scope, timing or outcome?
- Do we receive culture and conduct MI that is genuinely decision-useful?
- Are our records sufficiently robust to defend our decisions to the FCA, a tribunal and the market?
- Are our managers trained on reasonable steps, escalation duties and how NFM interacts with FIT and COCON?
- Do we understand where fear, deference or commercial dependency may be suppressing challenge?
- Have we stress-tested whether our governance still works when the person accused is commercially important?
Final thought
The lesson from Garipoglu is that contempt for compliance, manipulation of records, and hostility to challenge are not merely poor behaviours; they go directly to honesty, integrity and fitness. The lesson from Odey is that even where the underlying allegations are contested, interference with process, governance and accountability can itself become the core regulatory issue.
From 1 September 2026, firms should expect even sharper scrutiny of how they identify, assess, document and act on serious non-financial misconduct across the regulated sector. For non-banks, think of NFM as an evidential topic and if it was only a high level board issue before, make sure that it’s on the agenda.
