The topic of agentic AI-related reform was addressed in recent speeches made by senior figures at the Financial Conduct Authority (FCA) and Bank of England. The conversation was moved on further on Monday when the findings of a review, undertaken by FCA executive director Sheldon Mills, into how AI will impact retail financial services in future, were published. That review foreshadows near- and longer-term implications of the evolution of agentic AI for business models, operations and regulation across financial services.
One area where agentic AI use is already fast-growing is online shopping. Below, we explore how the way agentic AI operates grates with existing payments regulations and suggest how some rules, including around consent and liability, might be updated as regulators look to position the UK as a global leader in enabling AI-related innovation.
Agentic AI and online shopping
Agentic AI is a term describing systems set up to act autonomously based on dynamic reasoning, with little or no human input.
In the e-commerce context, consumers can already build their own agentic AI tools – or use those provided by retailers – and instruct those systems to continuously browse products from thousands of online stores, monitor and be notified of price changes in real time, select products to review, and even complete purchases of goods on their behalf. The consumer sets the objective – such as buying a specific product at or below a specified price – while the AI agent autonomously determines how that objective is achieved, typically using large language models to drive decision‑making.
The response of regulators
In a recent speech, FCA chief executive Nikhil Rathi acknowledged that accountability for regulated activities and outcomes "must remain clear" where agentic systems are deployed and must be "designed with the right human oversight, and in a way that gives consumers confidence to engage".
However, he also recognised that traditional rule-making alone will not be sufficient to keep pace with the technology: "A growing part of our role will be stewardship, as well as supervision," Rathi said, adding that it is "re-thinking what it means to be an effective regulator in the age of AI".
Rathi’s speech was followed just days later by similar comments from the Bank of England’s deputy governor for financial stability Sarah Breeden. She said agentic payments and commerce raise big issues for regulation and industry standards.
“The biggest issues are likely to be … how users securely give consent and authorisation to agents, especially for multiple transactions; how disputes are settled and liability assigned for erroneous or fraudulent transactions; and how authorities avoid fragmentation and walled gardens as AI firms and payment systems all develop protocols for agents to interact with themselves and merchants,” Breeden said.
“We must keep asking whether existing, technology-agnostic regulatory frameworks remain sufficient. Our frameworks were not built to contemplate autonomous agents, and relying on a human in the loop for all agent actions is unlikely to be realistic. More sophisticated governance and accountability frameworks may be needed,” she added.
These speeches have been followed by publication of the Mills review. It has highlighted how agentic AI is likely to have profound implications for the way firms offer products, engage with consumers, handle complaints and govern risks, as well as for competitive dynamics in financial services markets – with AI providers expected to play a much more prominent role in shaping how financial firms reach and serve consumers. The findings are set to spur an FCA review into the ‘regulatory perimeter’, while Mills further recommended the FCA adopt an “agentic supervisory model” in what would represent a material change in the way it addresses AI-related risk and regulates the industry.
The regulatory gap
In light of these regulatory signals, several specific interventions are likely to be needed in the world of online payments.
We would expect to see new rules around consent and authorisation frameworks for agentic transactions – the existing ‘strong customer authentication’ (SCA) requirements under payment services regulations (PSRs) were designed for human-initiated payments and are not well suited to autonomous agents executing multiple transactions on a consumer's behalf.
There will also need to be a clear liability allocation regime for when agentic transactions go wrong – whether through error, hallucination or fraud. At present, it is unclear whether liability sits with the consumer who deployed the agent, the developer of the AI system, the payment service provider (PSP), or the merchant. Regulators will need to address that gap.
What new rules might look like
New regulations will need to address four fundamental problems: liability / authorisation; authentication; fraud; consumer protection.
Liability
Under existing PSRs, a PSP generally bears liability for unauthorised transactions. With agentic payments, a user who grants an AI agent a budget of, say, £100 per month is not specifically authorising any individual transaction and so what constitutes an ‘unauthorised’ transaction – and who bears liability – is less clear. Here, the regulators may propose a different approach to authorisation, split into stages:
- the initial authorisation – this being the user’s authorisation to act within specified parameters. The question here would be whether the user initially authorised the agent to undertake activity on their behalf and in what respect. In the above example, the user’s initial authorisation would amount to giving the agentic AI tool a £100 budget to work within;
- the second element of authorisation would interrogate whether each individual transaction is within the initial parameters set. In short, this would serve to check whether the agent acted in accordance with the initial authorisation, for which the AI deployer may be required to take some responsibility.
A new regulated category covering the role of a PSP in agentic payment initiation could also emerge, to help determine responsibility within the regulatory framework.
Merchant side rules may also be implemented, with the expectation that retailers verify that an AI agent has the authority it purports to have before completing a transaction. This could be done via a standardised agentic credential check or by using standardised agentic payment protocols.
Authentication
On the question of authentication, the SCA standards need to be considered. They entail ensuring at least two of three possible elements – something the account holder knows, something they possess and something they are – are present and independent of one another. An AI agent cannot provide some of these – for example, if cannot provide a user’s fingerprint to satisfy the ‘something they are’ element – and existing SCA exemptions provide only limited alternatives.
Regulators may therefore seek to introduce a framework for agent credentials – whether through authentication tokens – in which the user ‘links’ to the agent generating a time- and scope-limited token that the agent presents for subsequent transactions – or through new SCA technical standards specifically providing for delegated agent authority.
Fraud
The existing authorised push payment (APP) fraud regime, in which PSPs are required to reimburse APP fraud victims, will likely need to be extended to address agentic transactions specifically – such as circumstances where an AI agent is manipulated, whether through prompt injection attacks or product listings designed, to achieve fraudulent outcomes. Significant work will be required on defining which losses are relevant for reimbursement and who should bear primary responsibility – i.e. whether the developer should be responsible if the security vulnerability was present in the underlying agent software.
Merchant liability for facilitating AI fraud may also be addressed – where e-commerce platforms knowingly or negligently enable fraudulent agent activity, such as through inadequate listing controls.
Consumer protection
Existing consumer protections will almost certainly be interpreted – and possibly formally extended via guidance – to apply to firms deploying AI agents on behalf of consumers, whether under the consumer rights regime for retailers, or the FCA consumer duty for financial services firms. We can expect enhancement to these, such as a mandatory disclosure regime for merchants – including an obligation to disclose to the consumer the terms of any transaction concluded by an AI agent on their behalf; rules requiring human override rights allowing consumers to pause, reverse or cap agent activity; and the right to contest, and redress for, agent-executed transactions, including cooling off periods. In this latter respect, existing distance selling frameworks were not designed with machine-initiated purchases in mind.
What else to expect
The growing reliance on third-party AI model providers in agentic commerce also raises systemic resilience issues. The FCA’s Rathi has indicated that the ‘critical third parties’ regime will become “more important than ever” as dependencies on model providers grow, and that the regulator expects to use its system-wide powers more frequently, not as exceptional interventions, but as a regular part of its toolkit. We would also anticipate new requirements around the mapping and governance of AI supply chain dependencies, and potentially mandatory information-sharing obligations to help regulators and firms identify emerging risks across the system.
The FCA's establishment of a dedicated Agentic Academy within its AI Lab, alongside the joint AI Consortium with the Bank of England, suggests that regulators are actively preparing the groundwork for a more structured regulatory framework. This is likely to combine targeted rules in high-risk areas with broader principles-based oversight and facilitated industry collaboration.