COBS (The Conduct of Business Sourcebook – FCA) has quietly shifted from the compliance back office to commanding attention in the boardroom because it now reaches far beyond technical rule-checking. Far from being just another section of the FCA (Financial Conduct Authority) Handbook, it has become a behavioural framework that shapes how firms interact with customers and markets, demanding evidence of fair, clear and professional conduct in every client touchpoint. COBS underpins the FCA’s drive for consumer protection and market integrity, and failures here can lead not just to fines but reputational damage and consumer backlash that attract wider scrutiny than ever before. So, firms that still treat COBS as a narrow compliance obligation are missing its real commercial impact.
Beyond the Rulebook: COBS as a Cultural Signal
COBS is increasingly a proxy for organisational culture, not just a set of box-ticking rules. Regulators such as the FCA assess habitual behaviours and mindsets within firms, focusing on how incentives, governance and leadership drive everyday decisions, not just isolated breaches of policy. A sales team rewarded primarily on short-term revenue, for example, is more likely to push products that superficially meet COBS obligations but fail in delivering good outcomes, creating conduct debt. There are the small compromises that build into systemic risk and reputational harm over time. Regulators now expect firms to evidence internal challenge and escalation channels, and how decisions are taken in practice, rather than simply the outcome of those decisions. Firms that ignore misaligned priorities risk cultural weaknesses spiralling into substantive conduct and trust failures, the very harms that post-crisis reforms aimed to prevent.
COBS in the Age of Scrutiny
Despite its central role in protecting consumers and maintaining market integrity, COBS remains misunderstood in practice. One common pitfall is an over-reliance on disclosure where firms assume that providing complex terms or risk information satisfies regulatory expectations, without ensuring the consumer truly comprehends that information. The FCA’s overarching principles make clear that communications must be fair, clear and not misleading, tailored to the audience’s level of understanding, not just presented in dense legal language.
A related error is treating “fair outcomes” as a documentation exercise, rather than a lived experience for customers. Regulators now expect firms to prove that products and processes deliver good outcomes, not merely claim they do.
Firms also confuse customer choice with customer understanding. Offering online journeys or digital tools does not absolve companies from proving comprehension. Nor can a user’s click-through consent substitute for authentic informed decision-making. Recent FCA scrutiny, including enforcement letters to CFD (contract for difference) providers over fair value failures, emphasises that regulators now look at actual consumer harm narratives, amplified by media and complaints, not just rule books.
Why COBS Is a Boardroom Issue
COBS has become a boardroom issue because regulators now hold senior management accountable for how firms are run, not just whether the right disclosures exist. Under the Senior Managers and Certification Regime (SM&CR), failures linked to COBS are increasingly traced back to weaknesses in systems, incentives and oversight, rather than technical rule breaches. In practice, this means boards are expected to ask uncomfortable questions, such as how do we know customers are treated fairly in real life, and where might our assumptions about customer behaviour be wrong?
Recent enforcement cases show that when products generate complaints or media criticism, regulators scrutinise governance minutes, MI (Management Information) and escalation routes, not just compliance sign-off. As a result, many firms now treat COBS as a leading indicator of strategic risk, alongside cyber resilience, data ethics and environmental, social and governance (ESG) exposure.
A growing response is the use of conduct dashboards and outcome-based management information, tracking indicators such as complaint trends, drop-off points in digital journeys and pricing outcomes. Used well, these tools allow boards to spot emerging conduct risk early, before it reaches the front page.
COBS Across the Product Lifecycle
COBS has its greatest impact not at the point of sale, but across the entire product lifecycle, shaping how products are conceived, priced and explained. At the design stage, firms are now expected to test their target market assumptions rigorously, including foreseeable vulnerability. For example, the FCA has criticised investment products designed for “experienced” customers where onboarding data showed a high proportion of first-time investors, exposing a gap between intention and reality.
Pricing and value represent the second pressure point. Under COBS, fair value is not a one-off approval exercise but an ongoing judgement. Firms offering subscription-based financial products have faced scrutiny where legacy customers paid materially more than new ones for identical services, without clear justification.
The third moment is communication, where COBS increasingly intersects with behavioural economics. Regulators now assess digital journeys, nudges and friction points, asking whether design choices steer customers towards decisions they may later regret. A “Buy Now” button placed before key risk warnings may technically disclose information, but still fail the spirit of COBS.
Crucially, firms are judged on what customers are likely to do, not what they could theoretically understand.
The Moving Target
In a post-Brexit landscape, COBS remains familiar on paper, but its interpretation is increasingly fluid. While UK and EU conduct rules still share common roots, divergence now appears in supervisory emphasis rather than headline regulation. UK regulators have placed stronger weight on outcomes and behavioural evidence, whereas EU authorities continue to focus more heavily on prescriptive alignment.
This shift is reinforced by how regulators supervise firms. The FCA now relies heavily on data analytics, customer journey testing and outcome sampling to identify conduct risk at scale. For example, firms have been challenged where digital onboarding data revealed repeated customer confusion, despite compliant disclosures and scripts.
The implication is clearly that periodic reviews are no longer enough. COBS compliance increasingly depends on real-time monitoring of customer behaviour, complaints, drop-off rates and pricing outcomes. Firms investing in conduct dashboards and live MI are better able to respond to emerging risks before they crystallise into harm.
Those that treat data capability as a regulatory burden may struggle. Those that see it as a strategic asset gain not just efficiency, but genuine regulatory agility.
Treating COBS as a Strategic Asset
COBS is no longer about avoiding breaches or satisfying a regulator at audit time. In a low-trust financial services environment, it has become a framework for building credibility, confidence and long-term value. Regulators increasingly emphasise outcomes, behaviours and decision-making quality, not technical perfection. Firms that embed COBS into culture, product design and everyday judgement are better placed to withstand scrutiny, adapt to regulatory change and respond early to emerging harm. More importantly, they tend to build stronger, more sustainable customer relationships, where trust is earned rather than assumed. That combination delivers genuine commercial advantage. The question is no longer whether firms comply with COBS, but whether they understand what is being asked of them.
And what about you…?
- Where might our incentive structures, sales targets or performance metrics unintentionally conflict with the spirit of COBS?
- What assumptions do we make about customer behaviour—and when did we last test whether those assumptions are still valid?
