Britain’s financial watchdog isn’t writing new rulebooks for artificial intelligence. The Financial Conduct Authority is instead sitting down with firms, asking hard questions, and leaning on what’s already on the books.
The FCA’s position is pretty clear: existing frameworks — the Consumer Duty and the Senior Managers and Certification Regime, known as SM&CR — are enough for now. No new regulations are coming. What the authority wants instead is to understand how firms are actually running their AI systems day to day, who’s accountable when something goes wrong, and whether customers — especially vulnerable ones — are being treated fairly. Those conversations are already happening. The FCA has been deep in dialogue with financial firms about model testing, outcome monitoring, and governance structures. It’s not a passive watch-and-wait approach. It’s active, direct engagement.
Not new rules. A new kind of scrutiny.
Governance Is the Real Battleground
The FCA’s focus on governance isn’t accidental. AI models don’t fail dramatically — they drift. They produce subtly skewed outcomes over time, often in ways that aren’t obvious until real consumers start getting hurt. That’s probably why the authority is pressing firms on whether their monitoring setups can actually catch problems early, not just after a complaint lands on a desk somewhere.
SM&CR already puts named individuals on the hook for firm-wide failures. And the Consumer Duty, which came into full effect in 2023, demands that firms deliver good outcomes for retail customers — not just avoid obvious misconduct. Stacking AI governance on top of those two frameworks isn’t a stretch. It’s kind of the point. Senior managers who sign off on AI deployments can’t hide behind “the model decided.” The accountability structures are already there.
The FCA also wants firms to think hard about explainability — how AI-driven decisions get communicated to customers. If a loan gets denied or an insurance premium spikes because of an algorithm, can the firm actually explain why in plain terms? Unclear yet how many firms can do that well. But the FCA seems determined to find out.
What Firms Should Expect Next
Later this year, the FCA plans to publish examples of good and poor practices it’s seen during its industry engagement. That’s not a consultation paper or a policy statement — it’s more like a report card on what the watchdog has observed. For firms that have been sloppy about AI governance, it’s basically a warning shot before anything more formal arrives.
And the timing matters. AI adoption across financial services has moved fast. Banks, insurers, and wealth managers are all running models that influence credit decisions, fraud detection, customer communications, and more. The FCA can’t pretend it isn’t happening. But it also can’t regulate technology that’s moving faster than most policy teams can track. So the current approach — engage, observe, share findings — is probably the most realistic option available right now.
That said, the watchdog isn’t just collecting information. It’s building a picture of where the real risks sit. Firms that can’t explain their models, can’t show robust testing records, or can’t demonstrate fair treatment for vulnerable customers are going to show up in those published examples. Maybe not by name. But the industry will recognize the patterns.
The FCA’s ongoing dialogue also covers a specific concern: AI tools that interact directly with consumers. Chatbots, automated advice systems, robo-advisers — these aren’t hypothetical anymore. They’re live, they’re widespread, and they’re making decisions that affect real people’s finances. The authority wants to know whether customers understand what’s driving those interactions and whether firms have real oversight of what the systems are actually doing.
There’s no indication the FCA is about to pivot to a hard regulatory stance. But it’s also not staying quiet. Publishing good-and-bad-practice examples is a deliberate move — it shapes behavior without mandating it, and it puts firms on notice that the watchdog is watching closely.
Firms that get ahead of this — strong governance, clear explainability, documented testing, proper monitoring — are probably in decent shape. Firms that haven’t thought seriously about who owns AI accountability inside their organization might want to start before the FCA’s findings land publicly.
The authority plans to keep adapting its approach as technology and industry feedback evolve. No fixed endpoint, no new rulebook — just a regulator trying to keep pace with a technology that didn’t wait for anyone’s permission to reshape financial services.
The SM&CR accountability hook stays central to all of it.
Frequently Asked Questions
Is the FCA introducing new regulations specifically for AI?
No. The FCA is relying on existing frameworks — the Consumer Duty and the Senior Managers and Certification Regime (SM&CR) — to govern how firms use AI, with no new rules planned.
What will the FCA publish on AI practices?
The FCA plans to share examples of both good and poor AI practices drawn from its industry engagement, expected later this year, to help firms adopt AI safely.
