From 1 September 2026, the FCA’s non-financial misconduct rule (COCON 1.1.7FR) comes into force for around 37,000 non-bank firms.

The system of record for conduct & stress risk · FCA-regulated firms

Prove your reasonable steps.

EEmber turns a 60-second daily staff check-in into a weekly conduct-and-stress read per team, a fix with a named owner, and a dated reasonable-steps trail that protects the senior manager personally. Fully managed. Ready before 1 September 2026.

Get the 7-Day Defensibility Audit · £750 Book a discovery call

Aggregated, never the individual UK GDPR, UK hosted Built for reasonable-steps evidence

EEmber Weekly Conduct & Stress View · W/C 08 Jun

Record building

TeamScoreTrend

Deal team22▼ improving

Advice team46▼ acting

Broking floor38▲ watching

Ops & onboarding19▼ improving

Compliance24stable

Advice team · this week’s read

46AMBER · ACT THIS WEEK

Driver: demands / caseload HSE Standards vs baseline ▲ +6

Caseload cap & reallocation

When an adviser’s active caseload passes the cap, work is reallocated that day, not left to build.

Owner: SMF16 · Compliance OversightReview: Fri

Reasonable-steps trail

Mon 09:05Risk flagged · driver named: demands

Mon 10:30Control assigned · owner + date logged

Fri 16:40Confirmed running · filed to weekly pack

↓59%average risk score in one deployment
(37.9 → 15.4)

100%of teams ended the period Green

238anonymous check-ins captured

48weekly evidence packs delivered

From EEmber’s first deployments (further education) · the loop is identical in a regulated firm

And if it isn’t on your risk register yet · the national picture

964,000UK workers suffering work-related stress, depression or anxiety last year, up from 776,000HSE 2024/25

19.6working days lost per stress case on average, a month of capacity per person affectedHSE

1 in 3+over a third of workers don’t feel comfortable raising high or extreme stress with a manager, and in a regulated firm the career risk feels higher stillMental Health UK 2026

5–6 figsthe cost of one prevented senior exit: remediation, replacement and lost revenue, before any claimCost of inaction

From the people who ran it

The same weekly loop, in their words.

“EEmber gave us a simple weekly way to spot early pressure signals and act on them. It moved us from assumptions to clear decisions, daily stabilisers, and visible changes, without becoming a tick-box wellbeing exercise. The main benefit was greater stability. It showed where change and workload pressures were building, and its daily controls helped protect ‘winnable days’ for staff.”

Carl D.

Department Lead, Bishop Auckland College

“I found the controls were simple and effective and did not add further stress to my days. The pilot helped me to spot operational drift early and put simple controls in place so days were easier to navigate, especially when tasks pile on top of each other unexpectedly.”

Nathan D.

Management Course Leader, College of Esports

Why now

A policy on the intranet is not oversight. The FCA has said it will look behind the wording.

Three deadlines turn conduct and stress risk from an HR topic into a personal-liability exposure with a named senior manager attached.

1 Sep 2026

The non-financial misconduct rule lands

COCON 1.1.7FR brings bullying, harassment and violence into conduct-rule scope for around 37,000 non-bank firms. The FCA has rejected a tick-box approach and will look behind your policies at what happens on the ground. A dignity-at-work policy on its own is no longer the answer.

SM&CR · today

It’s personal now

Under the Duty of Responsibility (FSMA s.66A) and Senior Manager Conduct Rule 2, a named senior manager is personally accountable for reasonable steps in their area. In 2023 the PRA fined TSB’s former CIO over £80,000 for failing to take them.

January 2027

No cap

The Employment Rights Act removes the limit on unfair dismissal payouts. Work-related stress can count as a disability with no formal diagnosis. One prevented senior exit is a five-to-six-figure event; an uncapped claim has no ceiling at all.

“Reasonable steps” is deliberately undefined, and it is evidenced by contemporaneous records: what you saw, what you did, and when. Underneath the FCA layer sits the employer duty itself: HSWA s.2 for mental health, MHSWR Reg 3 for a documented stress risk assessment, and in December 2025 the HSE served a formal notice on a major employer purely for failing to manage work-related stress. With no dated trail, there is little to show you did anything at all. FSMA s.66A · COCON · HSWA 1974 · MHSWR 1999 · HSE enforcement, December 2025

The senior manager carries the duty

One name carries the duty. The file protects it.

The named SMF holder carries the Duty of Responsibility personally. The Head of Compliance owns operationalising the misconduct rule. The COO releases the budget. All three are answered by the same artefact: a dated, weekly record that you were watching the conditions and acting on them.

Already running SM&CR attestations and a conduct-risk framework? EEmber adds the weekly oversight-and-response layer underneath them: the contemporaneous evidence that supports your reasonable-steps position, without your compliance team building anything new.

EEmber supports your reasonable-steps evidence; it does not make a firm compliant.

Reasonable-steps file · SMF16Illustrative

01 · Proof you spotted the riskweekly read, driver named, per teamLogged

02 · Proof you acted proportionatelycontrol, owner, due dateLogged

03 · Proof of whentimestamped as it happenedDated

The file, when the FCA asksexportable in under 15 minutesReady

The exact question an enforcement case turns on, answered before it’s asked.

See it. Fix it. Prove it. Every week.

Sixty seconds a day for staff. The whole loop for you.

No black box. Watch a 60-second check-in become a retrievable record, step by step.

1 — THE CHECK-IN

Nine questions, sixty seconds

Three short questions on exhaustion and energy, five on the HSE Management Standards conditions (demands, control, support, relationships, role), and a one-tap mood. Each scored 0–6. Anonymous, on any phone, no app.

Daily check-in · 60 secondsAnonymous

Over the last few days, how much has workload pressure built up on you?

0123456

Not at allConstantly

Question 3 of 9 · demands (HSE Management Standards) · illustrative

2 — THE SCORE

A modelled score, and the way it’s heading

The answers feed a calibrated Burnout Risk Score (0–100): a documented, weighted index, not a raw survey average. You get the band, the dominant driver, the change against baseline, and the direction it’s heading, so you act on the cause early, not on a hunch.

Advice team · Wk 09Mode 2 · Active

42Yellow

Top driver Relationshipsvs baseline ▲ +6Direction worsening

3 — THE ACTION

Daily actions from the control library

The band sets how many controls are required; we match the driver to proportionate controls from the action library. Small, specific things a named owner runs each day. Not a policy slogan, a concrete daily action.

Pick 3 controls · run dailyYellow · 3 required

Caseload cap & reallocationWhen an adviser’s active caseload passes the agreed cap, work is reallocated that day, not left to build.

One escalation channel for concernsConduct and pressure concerns go through one logged route, never a corridor conversation that leaves no trace.

Protected review blocksRing-fenced time for suitability and file reviews, so corners aren’t cut under deadline.

4 — THE ESCALATION

When a daily fix isn’t enough

If the score doesn’t move after a month, or the same driver keeps recurring, it triggers a decision register entry: a structural change with a root-cause theme, an owner, a due date and a success metric. Logged, not patched.

Decision registerDue 21 days

Rebalance the advice caseload

Driver: DemandsHSE: Demands

Decision: cap active suitability reviews per adviser; overflow reallocated weekly through the escalation channel, never left to silt up.

Success metric: overdue suitability reviews per week, trending to zero.

Owner Compliance Oversight (SMF16) · Review 4 weeks

5 — THE TRACKING

Logged, scored, benchmarked

Every action is logged and scored against the weekly conditions, so you see whether the control is actually being run, not just assumed. Over the weeks it becomes a benchmarked trend, each team against its own baseline and the others, so a driver sliding three weeks running flags the team heading for trouble before it breaks, while you can still act.

Weekly evidence check68% logged

Support5.0
Control4.5
Role5.0
Relationships2.0
Demands2.0

Scored against the weekly conditions and tracked vs a 4-week baseline. Demands and relationships down 3 weeks running, flagged early.

6 — THE RECORD

Mapped to the standard, and retrievable

Each control lands on a control log, mapped against the HSE Management Standards and confirmed retrievable on demand. The difference between “we have a policy” and “here is the dated proof we acted.”

Control logRetrievable

Control	HSE factor	Evidence	Ret.
Caseload cap & reallocation	Demands	Reallocation log, W2–4	✓
One escalation channel	Support	Concern log, W2–4	✓
Protected review blocks	Control	Calendar blocks, W2	✓

Mapped to the HSE Management Standards · MHSWR 1999 · retrievable on demand.

60sa day for staff, anonymous

No appa link or QR, nothing to install

Teamaggregated, never the individual

1 callto set up, then it runs itself

What lands on your desk

Not a dashboard to decode. A pack that tells you what to do.

This is the actual deliverable, with sample data, fully anonymised. Every Monday, no logging in, no analysis on your side.

Real pack · sample data Real EEmber pilot summary: finance sample output, fully anonymised

A weekly score for each teamAcross all six stress drivers, banded so a problem is obvious at a glance.
The driver named, not just a numberWhether it’s demands, control or relationships, so you fix the right thing first time.
A dated record of every decisionWhat was done, who owned it, and exactly when. Filed as you go.
The Red → Amber → Green trend, benchmarkedEach team against its own baseline and the others, so you resource the desk heading for Red before it breaks.

Real · sample data

Dashboard

Weekly Dashboard

Risk scores, the dominant driver, and the weekly decisions register at a glance.

Real · sample data

Control Library and Evidence Tracker: the controls you can run, mapped to evidence

Control tracker

Control Library & Evidence Tracker

The controls you can run, each mapped to evidence as you log it.

Real · sample data

Evidence tracker

Evidence Log

Every signal, decision and outcome, dated and named. Defensible by default.

From a full early deployment

Two struggling teams. One deployment. The needle actually moved.

EEmber’s first deployments ran in further education; the loop is identical in a regulated firm. Two teams sat in a Yellow and Orange mix: the kind of sustained pressure that becomes grievances, complaints and senior exits if nothing changes.

↓59%drop in average risk score (37.9 → 15.4)

↓65%drop in peak risk spike (53.0 → 18.5)

238check-ins captured across the deployment

48weekly evidence packs delivered

The number that changed the conversation wasn’t the risk score. Leadership assumed the pressure was workload. The radar showed the top driver was lack of control. A headcount request would have moved nothing. That’s why naming the driver matters: you act on the cause, and the record shows you acted on the right one.

Fully managed

We run the entire system. Your compliance team builds nothing.

Your GRC stack handles attestations, incident logs and surveillance. EEmber adds the weekly oversight-and-response layer underneath it, run entirely by us. A concierge service with software inside it.

What EEmber does, every week

Runs the daily 60-second check-ins and protects anonymity
Models the risk score and names the dominant driver per team
Matches proportionate controls from the control library
Assigns named owners and review dates, and chases completion
Delivers the Weekly Pack to your desk each Monday
Maintains the dated reasonable-steps trail, mapped to the HSE Management Standards
Escalates recurring drivers into the decision register
Builds the board and FCA-ready closeout pack, exportable in minutes

What you do

One 45-minute setup call.

That’s it.

Two ways in

See where you’re exposed. Then close the gap before 1 September.

Start here

7-Day Defensibility Audit

£750 · one week

If the FCA, your board or a tribunal asked tomorrow, where would your conduct-and-stress evidence stand? We find out, fast.

Fully managed gap review, nothing for your team to build
Findings mapped to your reasonable-steps position
A written, board-ready gap report in seven days
The record is yours to keep, whatever you decide after

Book the Audit

The core programme

4-Week Proof Build

£3,500 · one team · fully managed

The whole loop, run for you: see it, fix it, prove it. Live within days of one setup call.

Daily anonymous check-ins across one team
Weekly Pack with named owners and dated actions
Dated reasonable-steps trail, retrievable on demand
Closeout pack you can send straight to your board
One 45-minute setup call is your entire lift

Book a discovery call

The Proof-or-Free guarantee. Your first Weekly Pack lands within 7 days of go-live. If it isn’t governance-usable, you don’t pay. Full refund. We guarantee the record we deliver, never a change in the score, which depends on the controls you choose to run.

One honest note. If you want a wellbeing badge for the intranet, EEmber isn’t it, and we’ll tell you so on the call. If you want the dated record that stands behind your reasonable-steps position when the FCA asks, this is exactly it.

Before you ask

The four questions every Head of Compliance asks first.

Is it really anonymous?

Yes, by design. No manager ever sees one person’s answers, not even inside your firm. EEmber tracks the conditions in the firm, not people, and a team needs seven or more people before the read shows anything at all. Data is held in the UK under UK GDPR with a data agreement signed before anything is collected. The FCA treats a healthy flow of concerns as a sign of a good speak-up culture, not a red flag.

Does it replace our compliance or GRC system?

No. Your GRC system handles attestations, incident logs and surveillance. None of them give you a weekly read on conduct and stress conditions with logged actions and owners, before it becomes a case. EEmber sits alongside and adds the one layer they miss: the weekly oversight-and-response evidence that supports your reasonable-steps position under the non-financial misconduct rule.

What do we actually need to provide?

One person to help launch it, usually your compliance or HR lead, and one 45-minute setup call. After that you share a link with your team. EEmber runs the check-ins, produces the weekly packs, keeps the log and builds the closeout pack. No IT, no integration, no system setup.

How is the data handled and kept secure?

Answers are aggregated to team level and never attributable to an individual, even internally. All data is held in the UK under UK GDPR on a Cyber Essentials footing, with a DPA signed before collection. Conduct-risk signals are kept separate from your regulated-business data. The check-in opens in any browser by link, no app, under 60 seconds.

Stabilise early. Act proportionately. Prove it.

The deadline is 1 September. Be the SMF holding the file.

Get the 7-Day Defensibility Audit · £750 Book a discovery call

EEmber · eember.co.uk · Twinio Ltd EEmber’s risk score is a calibrated, documented decision-support index built on established burnout-inventory methodology and the HSE Management Standards psychosocial conditions, not a regulatory rating or clinical diagnosis. Dashboards, packs and figures shown are illustrative or use sample data. Testimonials are from EEmber’s first deployments in further education; the weekly loop is identical in a regulated firm and results vary by setting. EEmber supports your reasonable-steps evidence; it does not make a firm compliant.