Join the Community

Expert opinions
Total members
New members (last 30 days)
New opinions (last 30 days)
Total comments

FCA/PRA Diversity and Inclusion for Crypto and FinTech Firms: PART I

Be the first to comment 2

By Rodrigo Zepeda, CEO, Storm-7 Consulting


Complicated as hell.” That is how I would summarise new proposed regulatory measures to boost “diversity and inclusion” (D&I) in financial services. In 2023, the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) (Bank of England (BoE)) (collectively the “regulators”) sought to engage with financial firms and other stakeholders, to discuss new proposed measures to boost D&I in financial services.

In summary, the measures seek to increase D&I in financial services, in order to achieve better outcomes for consumers and markets “by supporting healthy work cultures, reducing groupthink, unlocking talent and improving understanding of diverse consumer needs” (FCA CP23/20, 3).

On the face of it, the FCA and the PRA seem to want to make it appear as if the new proposed measures will be easy to understand and implement for authorised financial firms in the United Kingdom (UK). However, in this four-part blog series, I will seek to show readers exactly how complicated and difficult this process will be for firms, and especially for crypto and financial technology (FinTech) firms.

The proposed regulation of D&I raises many difficult questions and issues for traditional finance (TradFi) authorised firms that operate in the UK. However, TradFi firms are generally well acquainted with the FCA/PRA regulatory frameworks – they often have years of operational experience to draw upon. The same cannot be said of many new and evolving crypto and FinTech firms.

For example, in recent years, large numbers of crypto asset businesses have continued to face authorisation rejection by the FCA (24% FCA rejection rate as of March 2023) (Saugman, 2023). This would seem to reflect their lack of knowledge and experience in FCA regulatory and regulatory authorisation frameworks. Given that the new D&I measures will undoubtedly challenge TradFi authorised firms, it is highly likely that crypto and FinTech firms may find the new proposed D&I rules and obligations even more difficult to successfully implement in practice.  

This four-part blog series will therefore seek to identify and summarise the new D&I measures proposed by the FCA and PRA, and it will also discuss and explore the difficult questions and issues that may arise specifically in relation to D&I applied within authorised crypto and FinTech firms.

Given that this is not an easy area to follow, in PART I we will first set out relevant background information, as well as key definitions and concepts applicable to the new D&I measures. We will also set out the underlying rationale and objectives governing these proposed measures on the part of the FCA and PRA.

This will help readers to understand the reasons why these measures are being introduced, and how these definitions and concepts tie-in to regulatory objectives. Getting to grips with these concepts is something that is necessary if we are to effectively evaluate the proposed D&I measures.

PART II will provide an overview of the D&I proposals and will identify the tiered standards that are to be introduced under the proposed FCA/PRA framework.

PART III will analyse how new “non-financial misconduct” (NFM) obligations fit into the D&I framework, what they will entail, and more crucially, how this will affect and impact crypto and FinTech firms.

PART IV will analyse what the D&I rules and obligations consist of, to which types of firms they will apply, and how they will affect and impact crypto and FinTech firms.

FCA/PRA Background Publications

The FCA and the PRA each published a Discussion Paper (DP) and a Consultation Paper (CP) on this topic:

The FCA also published a review of research literature providing evidence of the impact of D&I in the workplace (FCA, July 2021). The closing date for responses to the FCA’s D&I consultation (CP23/20) was 18 December 2023.

D&I Regulatory Timeline

The D&I regulatory timeline has already been put in place. The FCA is currently reviewing feedback to its D&I consultation and is set to publish a Policy Statement (PS) in 2024. The new D&I rules will take force 12 months from publication of the PS (FCA CP23/20, 9, paras. [1.22]-[1.23]). This means that even if the FCA PS is published in December 2024, the new FCA D&I rules will take force at the latest by December 2025.


The proposed D&I measures are based on the underlying belief that there are positive benefits between D&I and positive outcomes in good conduct, healthy working cultures, risk management, and innovation in firms (FCA, 6 July 2021).

D&I Definitions

To gain a better understanding of the proposed D&I measures, we will first take a look at the definitions of key D&I terms.


The term “groupthink” is not expressly defined in the D&I proposals. It is referred to in general as occurring “when groups of people make poor choices because members have either not considered or do not feel comfortable suggesting alternative options. This creates risks for firms” (FCA CP23/20, 10, para. [2.4]).

Groupthink is a psychological phenomenon. At its core, it reflects collective social and psychological influences that may generate behavioural biases in the workplace (Lukacs, 2016). In practice, what this means is that cohesive groups may end up making bad, irrational, non-optimal, unrealistic, or unwise decisions with limited scrutiny, which reflect a collective need or desire for conformity or consensus within a group (Lukacs, 2016).

As a result, personal beliefs and opinions may be set aside or not expressed, there may be individual self-deception, forced manufacture of consent, or mindsets may become fixed. Alternative individual perspectives may not be considered. As a result, group members may ignore or overlook ethical or moral consequences of group decision-making, which may undermine compliance, risk management, and governance frameworks.


For the FCA, the term “diversity” is said to refer to “diversity of thought” also referred to as “cognitive diversity” (FCA DP21/2, 7, para. [1.13]). A proposed definition of diversity of thought is:

“...bringing together a range of different styles of thinking among members of a group. Factors that could lead to diverse thinking could include, but not limited, to different perspectives, abilities, knowledge, attitudes, information styles, and demographic characteristics, or any combination of these” (FCA DP21/2, 7, para. [1.13]).

According to the PRA, diversity in firms will typically refer to: (1) demographic diversity; (2) diversity of experience; and (3) diversity of thought (PRA CP18/23, 6, para. [1.4]). Consequently, the PRA reasons that increasing demographic diversity and diversity of experience can potentially foster increased diversity of thought in firms, thereby helping to reduce groupthink (PRA CP18/23, 6, para. [1.4]).

Overall, this should create an enabling culture in which different abilities, attitudes, information styles, knowledge, and skills will inform approaches to solving problems within firms (FCA DP21/2, 7, para. [1.14]). Greater diversity in firms can therefore result in improved decision-making throughout the firm (PRA CP18/23, 6, para. [1.4]).

The objective is to inhibit poor or weak cultures within firms that may facilitate or support negative outcomes, such as mis-selling practices (e.g., payment protection insurance (PPI), derivatives, motor finance), or incidents such as the “LIBOR scandal”. In short, increasing diversity should increase diversity of views, which means different perspectives on issues, and more people will question what is happening, instead of playing along with the status quo.

Demographic Characteristics

In practice, diversity of thought can be influenced by many different factors, including “demographic characteristics” such as age, disability, education, ethnicity, gender, and sexual orientation (FCA DP21/2, 7, para. [1.15]). As we will see, the issue of diversity in the proposed D&I measures becomes really complicated. This is because demographic characteristics in the D&I measures are not limited to the nine protected statutory characteristics set out in the Equality Act 2010 (EA 2010).

These are: (1) age; (2) disability; (3) gender reassignment; (4) marriage and civil partnership; (5) pregnancy and maternity; (6) race (including ethnic or national origin, colour, nationality); (7) religion or belief; (8) sex; (9) sexual orientation. Instead, other factors such as cultural background, gender (non-sex related), and socio-economic diversity are now also included (FCA DP21/2, 7, para. [1.15]). At law, this creates multiple legal frameworks that govern the same issue leading to legal and operational complexity.


The term “inclusion” is said to refer to everyone feeling involved, respected, treated fairly, and valued, and embedding these elements into a firm’s culture (FCA DP21/2, 7, para. 1.17]). A proposed definition of inclusion is:

“…the practice or policy of providing equal access to opportunities and resources for people who might otherwise be excluded or marginalised” (FCA DP21/2, 8, para. [1.18]).

The point made by both the FCA and the PRA, is that diversity by itself does not suffice. Without inclusion, diversity may have a much less beneficial impact, because a firm may have diversity of views, but no one feels able to safely express their views (PRA CP18/23, 6, para. [1.6]).

For example, in the 2023 ITV probe into the Phillip Schofield scandal, THIS Morning staff feared for their jobs if they spoke out about Phillip Schofield’s affair. The THIS Morning environment did not support inclusion. Inclusion must therefore be real and visible in firms if diversity is to function effectively. Overall, both diversity and inclusion are viewed as being complementary and important to governance and firm-wide culture (PRA CP18/23, 6, para. [1.3]).

Psychological Safety

The term “psychological safety” has been referred to by the FCA as meaning:

“A characteristic of a healthy culture. An environment where employees feel safe to share ideas and speak up where they see issues results in more productive and innovative businesses” (FCA DP21/2, Appendix 3).

The concept of psychological safety therefore ties in with both inclusion and NFM. The FCA reasons that misconduct within a firm can pose a risk to a healthy firm culture, whilst healthy firm cultures that are both inclusive and psychologically safe can allow and support diversity of thought (FCA DP21/2, 23, para. [4.9]).

Consequently, establishing psychological safety within a firm is viewed as being an essential first step to creating an inclusive and safe culture (FCA DP21/2, 35, para. [5.12]). So, for example, paper-based compliance exercises that attempt to portray inclusivity, but in practice leave staff unwilling to speak up and raise concerns, will not establish psychological safety within a firm (FCA DP21/2, 35, para. [5.12]).

The concept of psychological safety is one that is used and applied by the FCA, but it is one that it not technically made directly enforceable under the D&I proposed measures. As we will see, the concept is highly problematic because it is very difficult to precisely delineate and understand, not only for firms, but also for firm employees.


The term “NFM” (non-financial misconduct) is not expressly defined in the D&I proposals. At a basic level, the FCA considers that this includes evidence of bullying, discrimination on the basis of an individual’s protected (or otherwise) characteristics, and sexual harassment (FCA DP21/2, 46, para. [5.69]).

The reasoning behind NFM is that it can erode psychological safety and trust in firms, as well as increasing the risk of groupthink (FCA CP23/20, 23, para. [4.9]). The persistence of NFM behaviours in firms can create unhealthy cultures that can facilitate regulatory breaches and wrongdoing (FCA CP23/20, 23, para. [4.1]).

The D&I measures essentially seek to regulate NFM more comprehensively. Nevertheless, NFM represents the most complicated and problematic aspect of the proposed D&I measures. This is because:

(1) it will apply to most authorised firms;
(2) it will be very difficult to define, apply, and also to enforce;
(3) it will be applied in disparate ways with multiple exceptions leading to fragmented frameworks that may actually increase groupthink instead of mitigating groupthink; and
(4) firm employees will likely find it very difficult to understand how NFM rules operate both inside and outside the workplace.   

The FCA takes the view that NFM constitutes misconduct and would not form an additional principle (FCA CP23/20, 23, para. [4.8]). Still, the FCA has recognised the need to develop guidance for firms as to what constitutes NFM (FCA DP21/2, 46, para. [5.69]). Consequently, the meaning of the term will be discussed in PART III of this blog series.

D&I Measures and Regulatory Objectives

The FCA considers that the proposed D&I measures are linked to its three operational objectives, as well as its secondary objective, which are set out in the Financial Services and Markets Act 2000 (FSMA). These are:

(1) securing an appropriate degree of protection for consumers (consumer protection objective, FSMA, s. 1C);
(2) protecting and enhancing the integrity of the financial system (integrity objective, FSMA, s. 1D);
(3) promoting effective competition in the interests of consumers (competition objective, FSMA, s. 1E); and
(4) facilitating medium to long-term growth and international competitiveness of the UK economy (secondary objective, FSMA, s. 1EB) (FCA CP23/20, 10-11).

In terms of the PRA, its statutory objectives are:

(1) a general objective to promote the safety and soundness of PRA-authorised persons (FSMA, s. 2B); and
(2) an insurance objective of “contributing to the securing of an appropriate degree of protection for those who are or may become policyholders” (FSMA, s. 2C).

The PRA seeks to improve D&I across PRA-authorised persons, as this will support prudent decision-making and better risk management, via reduction of the risk of groupthink (PRA CP18/23, 10). The proposed D&I measures will support its general objective and insurance objective because of their potential impact on decision-making across all levels of PRA-authorised persons, as well as through the promotion of good governance and risk management (PRA CP18/23, 36, para. [9.1]).


To understand how the D&I measures operate and what they are trying to achieve, we first need to understand key concepts such as groupthink, diversity, inclusion, demographic characteristics, psychological safety, and NFM. However, we can already start to see how some of these terms may be problematic. For instance, demographic characteristics are no longer limited to the nine protected statutory characteristics under the EA 2010, as they now cover other factors as well.

Discrimination will therefore be broader under the D&I framework and will create a different regulatory system for authorised firms. However, for firms not authorised by the FCA or PRA, discrimination law and employment law in the UK will still be based on the EA 2010 statutory characteristics. So, the D&I measures may lead to two systems of discrimination, one at law and one under the D&I framework.

Imagine if “Red Bull” was an authorised firm, then it is possible that “Christian Horner” would not have been cleared of inappropriate behaviour towards a junior female colleague. Instead, sexual harassment and sexual misconduct could have been construed much more widely under the D&I rules. They could have been tied to endangering the psychological safety not only of his colleague, but also of all other junior female colleagues, both at work and outside of work.

Moreover, Red Bull itself might also have become subject to investigation, for potentially failing to take reasonable steps to address these kinds of behaviour (FCA DP21/2, 46, para. [5.70]). We can begin to see some of the implications that will arise under the new D&I measures, especially for crypto and FinTech firms that may often foster dynamic, fast-paced, high-pressure, results-driven environments.

Think of all the alleged controversies that "Revolut" has faced over the years, such as coerced employee terminations, employees forced to undertake unpaid work, toxic work environment, and unachievable targets. Under the proposed D&I measures, all of these types of behaviour could potentially fall under NFM that endangers the psychological safety of employees.

This means that it is imperative that crypto and FinTech firms fully understand the new D&I measures, and how they will be impacted in the near future. In PART II of this blog series, we will set out an overview of the new proposed D&I measures.


This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

Expert opinions
Total members
New members (last 30 days)
New opinions (last 30 days)
Total comments

Now Hiring