The review (147-page / 2.4MB PDF), undertaken by FCA executive director Sheldon Mills, identified how AI will transform retail financial services by 2030 and beyond, from an industry that operates around “human-led, episodic financial activity” to one where services are “AI-enabled, continuous and delegated”.
Developments with so-called agentic AI will drive this change, according to Mills who predicted that consumer journeys will become “agent led”, like what is already happening in the world of online shopping. In time, he said, “trusted AI agents” will “act continuously for consumers within agreed limits, providing ongoing financial management and optimising people’s financial lives”.
Experts at Pinsent Masons said the review signals major changes that financial services firms will need to adapt quickly to.
David Heffron of Pinsent Masons, who specialises in financial services regulation, said: “The review recommends a proactive FCA response: adapting the regulatory perimeter, building AI-enabled supervision and laying the foundations for AI systems that can increasingly support and act on consumers’ financial decisions.”
"The review recognises that AI adoption across financial services will create significant opportunities but also new risks. As firms increasingly deploy AI-enabled services, regulators and industry will need to ensure that innovation benefits a broad range of consumers, including those who are unable or unwilling to engage with AI-driven financial services,” he added.
Angus McFadyen of Pinsent Masons, who supports financial services firms with their technology contracts, said the review signals that “the risk checklist approach to third party technology risk management is over” and said firms should further prepare for “deeper supply chain visibility”.
“Technology with agentic capability requires an evolution of both BPO and ITO risk management controls, with the AI being treated as an extension of a firm’s own operational structures,” McFadyen said.
“In the past there was only a focus on outsourced functions; we are now moving to ‘bill of materials’ level, with visibility over more of the dependencies – such as model, infrastructure, and data. Very few are setup to collate or understand this data at present,” he added.
McFadyen highlighted how the FCA is due to publish more on good and poor practices it has observed from firms’ use of AI later this year. He said this will provide firms with further insight, he said, into what regulators want to see from them in terms of how they manage AI-related risk.
Fintech specialist Luke Scanlon of Pinsent Masons said there are actions firms can take immediately in response to the evolving AI risk environment.
“For one, governance, model risk management and related controls should not be static and focused only on initial deployment,” Scanlon said. “The focus must be on continuous monitoring acknowledging, in particular, the current concerns around the impact model drift can have on outcomes.”
“Firms need to be thoughtful about human oversight: some deployments will need approval before action, others close supervision while AI workflows are actually running, while others still can allow for review by exception in less risky circumstances. It is helpful that the FCA is acknowledging that the controls put in place here should be proportionate to the risk,” he said.
“The FCA also raised concerns about third party dependencies and made it clear that it expects firms to manage not just models but third-party AI systems vendors and model providers. Data sovereignty and access to models were two specific issues raised in this context which firms will need to focus in on when negotiating with all AI-enabled third-party suppliers,” Scanlon added.
In his review, Mills highlighted the opportunities that agentic AI in retail financial services offers, citing scope for firms to better personalise the products and services they offer consumers and for consumers to obtain better outcomes. One example detailed in the report described how agentic AI might enable consumers to easily switch between providers to the cheapest, most appropriate, products for them.
However, Mills also said the rise of agentic AI changes the nature of regulatory risk. He set out the profound implications it will have for the way firms reach and engage with consumers, handle complaints and govern risks. Those risks include around bias and fraud, as well as in relation to cybersecurity, operational resilience and financial stability. Mills said competitive dynamics in financial services markets will also change, with AI providers expected to play a much more prominent role in shaping how consumers access financial services and financial firms reach and serve those individuals.
Among his recommendations, Mills has urged the FCA to carry out a review of the ‘regulatory perimeter’, to identify potential regulatory gaps that could arise from the technological shift he anticipates.
He further called on the FCA to adopt an “agentic supervisory model” in what would represent a material change in the way it addresses AI-related risk and regulates the industry. Such a model, he said, is “essential both for firm based supervisory efficiency, and for monitoring and detecting system-wide risks”.
In practice, Mills said, operating an agentic supervisory model would mean the FCA deploying AI-enabled tools for authorisation, supervision, enforcement and administrative processes – to make application processing and real-time monitoring, among other tasks, more efficient. It would also mean deploying “supervisory agents” that could make regulatory processes more streamlined and responsive while “human supervisors remain in the loop and retain responsibility for judgement and decision-making”. The model would also boost AI literacy within the FCA’s own workforce and improve the regulator’s system-wide oversight, because AI tools could help it “detect patterns and risks not visible at firm level”, according to Mills, who said it would allow the regulator to support firms in adopting AI and build consumer trust in the technology.
Mills said: “AI offers a once-in-a-generation chance to close the information asymmetries and frictions that have long left people making poor financial decisions. The right spur, in retail financial services, is ensuring consumers can make healthy ones; regulation, whether supportive or restrictive, should serve that outcome.”
Pinsent Masons recently published a report that explores the implications for financial services firms of their suppliers’ use of AI tools to deliver critical services. In it, Pinsent Masons described how firms must change the way they conduct supplier due diligence to account for use of agentic AI tools.
Access the Pinsent Masons report on AI-enabled service delivery