What does Ferretly do?

Ferretly is an AI-powered social media background screening platform that analyzes publicly available online content to surface behavioral risk signals for hiring, compliance, and brand protection.

Is Ferretly compliant with FCRA and other regulations?

Ferretly is designed with regulatory compliance at its core. Its workflows support Fair Credit Reporting Act requirements and align with EEOC and GDPR guidance when used for employment-related social media screening.

Ferretly is used by employers, staffing and background screening providers, government agencies, financial services organizations, healthcare providers and brands that want deeper insight into digital behavior than traditional background checks provide.

What data sources does Ferretly analyze?

Ferretly analyzes public content across major social media platforms and can incorporate web, news and media sources to build a clearer picture of digital behavior over time.

How long of a history can Ferretly review?

Depending on the plan and use case, Ferretly can review up to approximately ten years of publicly available social media content, with options for continuous monitoring going forward.

FCA’s New Non-Financial Misconduct Rules Aren’t a Policy Update—They’re a System Reset

New FCA guidance requires firms to assess behavioral risk. See how non-financial misconduct impacts hiring, compliance, and audits in 2026.

April 3, 2026

‍The quiet shift that just changed financial services risk models

In December 2025, the Financial Conduct Authority released Policy Statement PS25/23.

On paper, it’s about non-financial misconduct (NFM).

In reality, it redraws the boundary of what counts as regulatory risk.

For the first time, behavior outside the workplace—especially digital behavior—isn’t just reputational.

It’s regulatory.

And come September 1, 2026, firms won’t just be expected to react to misconduct.

They’ll be expected to detect it, document it, and defend how they handled it.

What actually changed (and why it matters more than people think)

PS25/23 integrates behavioral risk directly into:

Conduct rules (COCON)
Fitness & propriety assessments (FIT)

That sounds procedural. It’s not.

It means:

👉 A person’s pattern of behavior now impacts whether they are allowed to operate in the financial system.

👉 And firms are accountable for identifying that risk—before it becomes a problem.

The FCA is explicit:

Private social media activity can be relevant if it signals risk of harassment, violence, or regulatory breach.

Translation for operators:

Your risk surface just expanded beyond your walls.

The real unlock: behavior is now a measurable risk signal

Historically, firms assessed:

Credit history
Criminal records
Certifications

Clean inputs. Structured data. Easy to audit.

Now?

You’re being asked to assess:

Harassment
Threats
Discrimination
Patterned toxic behavior
Escalation signals across digital environments

That’s not structured.

That’s behavioral intelligence.

And here’s the uncomfortable truth most vendors won’t say out loud:

👉 Most compliance teams are not equipped for this shift.

Where most firms will fail (and regulators will notice)

Let’s call it straight.

When regulation moves faster than infrastructure, teams default to:

1. Manual review (“just Google them”)

Inconsistent
Impossible to scale
Completely indefensible in an audit

2. Overreach

Flagging protected characteristics
Crossing privacy boundaries
Creating legal exposure while trying to reduce risk

3. No audit trail

No documentation of how decisions were made
No consistency across hires or reviews
No ability to defend outcomes to regulators

This is where PS25/23 gets real:

👉 It’s not just about what you find

👉 It’s about how you found it—and whether you can prove it

The new requirement: defensible behavioral screening

FCA didn’t just expand scope.

They implicitly introduced a new standard:

Behavioral risk must be:

Consistent
Explainable
Relevant to role
Documented for audit

That’s a completely different operating model.

Where Ferretly fits (and why this isn’t just “screening”)

This is where we take a different stance than the rest of the market.

Ferretly isn’t here to “scan the internet.”

That’s table stakes—and frankly, where most risk is introduced.

We focus on something much more important:

👉 Turning unstructured behavior into structured, defensible insight

What that looks like in practice:

1. Behavior-first detection (not keyword scraping)

We identify patterns tied to:

Harassment
Disparaging speech
Threats
Discrimination
Escalation risk

Aligned to what regulators actually care about—not noise.

2. Explainable outputs (built for audit, not curiosity)

Every finding is:

Contextualized
Categorized
Reviewable by humans

Because if you can’t explain it, you can’t defend it.

3. Compliance-aligned boundaries

We do not surface:

Protected class inference
Personal opinions outside risk relevance

Because screening should reduce risk—not create it.

4. A consistent, repeatable framework

Every candidate. Every employee. Same standard.

That’s what regulators expect.

That’s what most firms don’t have.

The bigger picture: this is about trust infrastructure

The FCA isn’t trying to monitor people’s lives.

They’re doing something bigger:

👉 Rebuilding trust in financial systems through behavioral accountability

And that puts firms in a new position:

You are no longer just employers.

You are gatekeepers of integrity.

What to do before September 2026

If you’re in financial services, the move now is simple—but not easy:

1. Audit your current screening process

Are you capturing behavioral risk at all?
Is it consistent?
Could you defend it in front of a regulator?

2. Define your internal adjudication framework

What constitutes risk?
What triggers escalation?
How do you ensure fairness?

3. Implement a scalable, compliant system

Because this is not something you can duct-tape together.

Bottom line

PS25/23 didn’t just introduce new guidance.

It introduced a new expectation:

👉 Behavior is now part of compliance.

The firms that treat this like a checkbox will struggle.

The ones that operationalize it will have an advantage—not just with regulators, but with trust, hiring, and long-term brand equity.

¿Quieres ver un ejemplo de informe sobre redes sociales?

Programe una demostración gratuita

Explore more Blogs

General

Pre-Employment Checks & Workplace Safety: A Vital Guide

Job seekers can approach checks with confidence, knowing these safeguards protect...

Recursos humanos

Trust in Executive Searches: Importance of Social Media Screening

Incorporating social media screening is indispensable in the modern executive search

General

Tech Industry: Navigating Social Media Screening Challenges

Effective reputation management is not just desirable; it is essential.

Explore All Industry Insights