What does Ferretly do?

Ferretly is an AI-powered social media background screening platform that analyzes publicly available online content to surface behavioral risk signals for hiring, compliance, and brand protection.

Is Ferretly compliant with FCRA and other regulations?

Ferretly is designed with regulatory compliance at its core. Its workflows support Fair Credit Reporting Act requirements and align with EEOC and GDPR guidance when used for employment-related social media screening.

Ferretly is used by employers, staffing and background screening providers, government agencies, financial services organizations, healthcare providers and brands that want deeper insight into digital behavior than traditional background checks provide.

What data sources does Ferretly analyze?

Ferretly analyzes public content across major social media platforms and can incorporate web, news and media sources to build a clearer picture of digital behavior over time.

How long of a history can Ferretly review?

Depending on the plan and use case, Ferretly can review up to approximately ten years of publicly available social media content, with options for continuous monitoring going forward.

PS25/23 is the FCA's policy statement on tackling non-financial misconduct in financial services, published December 2025. It introduces new rule COCON 1.1.7FR, bringing serious NFM (bullying, harassment, violence, sexual misconduct, discrimination) within the scope of the FCA conduct rules. It takes effect on 1 September 2026 and applies to approximately 37,805 FCA-regulated UK firms.

Does PS25/23 require monitoring of staff social media?

No. The FCA does not require firms to proactively monitor employees' social media. Firms must, however, act on credible information that surfaces — including at the point of SMF appointment, Certified Person re-certification, and regulatory reference. Proportionate, triggered checks under a defensible UK GDPR lawful basis are the expected approach.

FCA PS25/23 · COCON 1.1.7FR · In force 1 September 2026

FCA non-financial misconduct, made defensible. PS25/23 brings NFM into the FCA conduct rules. We deliver the report your Fit & Proper decision needs.

From 1 September 2026, bullying, harassment, violence and sexual misconduct fall expressly within the FCA conduct rules for SMCR firms. PS25/23 doesn’t ask you to monitor your people — it asks you to act proportionately on material risk, with a defensible record. Ferretly delivers the report. Your team makes the Fit & Proper call.

Book a 30-min readiness review → Read the rule

UK GDPR-aligned · Equality Act–safe · No blanket monitoring of staff required.

1 Sep 2026

COCON 1.1.7FR & FIT amendments in force

~37,000

FCA-regulated UK firms newly in scope

6 + 4 + 1

Individual + Senior Manager + new NFM rule (COCON 1.1.7FR)

What PS25/23 actually requires

Non-financial misconduct, on the FCA’s terms.

PS25/23 sets a high bar on purpose. Private-life conduct only matters when there’s a material risk it shows up at work. The job isn’t to see everything — it’s to act correctly on what counts, and prove you did.

⚖

Material risk only

The FCA names what counts: bullying, harassment, violence, sexual misconduct, discrimination. We surface those — not noise, not lawful expression of controversial views, not protected characteristics.

🔒

Privacy by design

Point-in-time checks under a defensible UK GDPR lawful basis (legitimate interests), aligned to the ICO Employment Practices Code. No standing surveillance of your workforce.

📋

The record regulators expect

Every screening timestamped, sourced and reproducible. The defensible evidence trail SMCR firms need for Fit & Proper decisions and regulatory references under SYSC 22.

How Ferretly fits your conduct rules process

Built for Fit & Proper decisions under PS25/23.

1

Detection mapped to PS25/23’s material categories

Harassment, violence, sexual misconduct, discrimination, criminal indicators — the conduct PS25/23 expressly names. Protected characteristics and lawful expression of controversial views are excluded by design, in line with the FCA’s safe harbour.

2

Public-data evidence the FCA can read

Open-source social and web content, point-in-time. AI-driven analysis across video, audio and image — not just keyword text scans — so a material finding doesn’t slip past a search-string filter.

3

Triggered at the decisions PS25/23 turns on

SMF appointments, Certified Person re-certifications, regulatory reference requests, conduct rule breach investigations. Proportionate checks at the moments the rules actually engage — not blanket monitoring in between.

4

Findings, not verdicts — you make the call

Red / Yellow / Green ratings with clear rationale and source-linked evidence. Ferretly delivers the report. Your firm makes the Fit & Proper determination, completes the regulatory reference, and issues any notices.

How to read PS25/23 right

What PS25/23 rewards

Proportionate, triggered checks on material risk
Conduct findings the FCA names: bullying, harassment, violence
Lawful basis under UK GDPR (legitimate interests)
Equality Act–safe — protected characteristics excluded
A consistent, reproducible Fit & Proper record

What it doesn’t ask for

Proactive monitoring of staff social media
Flagging lawful opinion, however controversial
Investigating trivial or implausible claims
Anything that breaches UK GDPR or the Equality Act 2010
Replacing your firm’s Fit & Proper judgement

FCA non-financial misconduct: FAQs

Short answers compliance and HR teams need before 1 September 2026.

What is non-financial misconduct under the FCA?

Non-financial misconduct (NFM) is conduct unrelated to a financial transaction that the FCA considers relevant to a person’s fitness to work in financial services — including bullying, harassment, sexual misconduct, violence, and discrimination. From 1 September 2026, under PS25/23 and new rule COCON 1.1.7FR, NFM falls expressly within the FCA conduct rules for SMCR firms.

What is FCA PS25/23?

PS25/23 is the FCA’s policy statement on tackling non-financial misconduct in financial services, published 12 December 2025. It introduces new rule COCON 1.1.7FR, bringing serious NFM within scope of the FCA conduct rules. It takes effect 1 September 2026 and applies to approximately 37,805 FCA-regulated UK firms.

How many FCA conduct rules are there?

There are six Individual Conduct Rules and four Senior Manager Conduct Rules in the FCA Handbook (COCON). From 1 September 2026, PS25/23 adds COCON 1.1.7FR, expressly capturing serious non-financial misconduct within the conduct rules for SMCR firms.

What are examples of FCA non-financial misconduct?

Per the FCA’s PS25/23 guidance: bullying and serious workplace harassment, sexual misconduct, violence and threats of violence, and discrimination on protected-characteristic grounds. Lawful expression of controversial views — even where unpopular — is expressly excluded from fitness assessments.

When does the FCA non-financial misconduct rule come into force?

1 September 2026. PS25/23 was published on 12 December 2025; the new rule COCON 1.1.7FR takes effect on 1 September 2026 for FCA solo-regulated firms.

Does PS25/23 require us to monitor staff social media?

No. The FCA does not require firms to proactively monitor employees’ social media. Firms must, however, act on credible information that surfaces — including at SMF appointment, Certified Person re-certification, and regulatory reference. Proportionate, triggered checks under a defensible UK GDPR lawful basis are the expected approach.

How does PS25/23 affect the Fit & Proper test?

PS25/23 sharpens FIT by confirming that serious non-financial misconduct can call a person’s fitness into question — including, in some cases, conduct outside the workplace where there’s a material risk it bears on their role. Firms should be ready to evidence FIT assessments with consistent, sourced findings.

What about regulatory references under SYSC 22?

SYSC 22 itself wasn’t amended by PS25/23. The existing regulatory reference template already accommodates NFM disclosures — what changes is the evidentiary standard firms should hold themselves to when completing them. Ferretly’s reports give your team a reproducible, source-linked record to draw on.

Be defensible before 1 September 2026.

A 30-minute readiness review mapped to your conduct rules process — SMF and Certified Person hires, regulatory references under SYSC 22, and conduct rule breach investigations against the new PS25/23 requirements. No slideware.

Book my readiness review →

Built for SMCR firms · UK GDPR-aligned · SOC 2 Type II · ICO Employment Practices Code aware