News Summary
In June 2026, the UK Financial Conduct Authority (FCA) reiterated that it does not intend to introduce AI-specific financial regulation. Through its June 2026 supervisory update and recent speeches by Chief Executive Nikhil Rathi, the regulator reaffirmed that existing financial rules remain capable of governing AI-enabled activities, provided firms continue to meet established standards of governance, consumer protection and operational resilience. Rather than creating a separate regulatory regime for AI, the FCA has chosen to build upon the supervisory framework already familiar to financial institutions.
This position offers an interesting contrast with developments in the European Union (EU). While the EU AI Act seeks to establish a common regulatory framework for AI systems across sectors, the UK's starting point is different. Its attention lies less in regulating the technology itself than in ensuring that the institutions deploying it remain accountable for the outcomes they produce.
Automated Decisions
As financial decisions become automated, responsibility still rests with the institution deploying the system.
Consider the compliance issues involved in deploying automated machine learning models in commercial loan portfolios. In a typical automated credit-scoring alignment, an algorithm evaluates commercial loan portfolios to generate automated lending recommendations. For example, when a bank introduces an AI model to assist with small business lending by reviewing financial statements, identifying patterns from historical data and recommending whether an application should proceed. Loan officers remain involved, but much of the initial assessment is completed automatically. Months later, concerns emerge that the model has consistently underestimated the creditworthiness of businesses operating in certain regions. The bank suspends the system while an internal review begins. The immediate regulatory question is not how the algorithm reached its conclusions, but who remains responsible for those.
For the FCA, legal responsibility has never depended on whether a decision was made by a human or an automated agent supported. Accountability continues to rest with the financial institution that chose to deploy the system, together with the individuals responsible for its governance and oversight. This principle forms the foundation of the UK's approach to AI governance.
Accountability Endures
The UK approach treats AI as another layer within existing financial accountability frameworks.
Financial regulation has adapted to successive waves of technological change, from online banking and cloud computing to algorithmic trading and digital payments. Each has altered the way financial services are delivered, but none has altered the object of regulation. Therefore, the FCA has consistently described its framework as technology-neutral, which does not imply indifference towards technological change, but reflects a regulatory philosophy that focuses on outcomes instead of tools. Financial firms are statutorily required to manage operational risks and ensure fair treatment, regardless of the underlying digital tools used. Therefore, AI is not entering a regulatory vacuum, but rather is integrated into an established and rigorous system of strict liabilities.
This philosophy also explains why the UK has shown little appetite for introducing a dedicated financial AI statute. Many of the issues raised by AI are already addressed, at least in part, through existing supervisory expectations. Where AI supports lending decisions, firms remain subject to Consumer Duty. According to these principles, companies using generative AI or automated models for retail or SME lending must empirically demonstrate that their algorithms deliver equitable results and do not cause systemic consumer harm.
Where AI influences significant business functions, the Senior Managers and Certification Regime (SM&CR) continues to require identifiable individuals to assume responsibility for governance and oversight. Individuals holding Senior Management Functions (SMFs) must assume direct responsibility for oversight of automated models. If a model fails, the relevant senior manager faces direct regulatory scrutiny regarding their defense of “reasonable measures.” And where AI models rely on third-party providers or cloud infrastructure, existing rules on outsourcing and operational resilience remain directly relevant. None of these frameworks was written with generative AI in mind, yet all of them continue to define how responsibility is allocated once AI becomes part of a firm's operations.
But it doesn't suggest that new challenges are absent. Large language models (LLM) introduce questions surrounding explainability (the understandability of decision-making processes), data provenance (the traceability of data origins and their lineage), third-party dependencies (external components, application programming interface (APIs), or services that the model relies on) and model drift (the degradation of model performance over time caused by shifts in data distributions or environmental contexts) that existing supervisory practices are still learning to accommodate. The FCA has acknowledged as much through its continuing engagement with industry and its emphasis on developing good practice rather than prescribing detailed technical requirements.
Looking Ahead
AI governance in finance is becoming a practical test of institutional oversight and provenance.
The UK's approach demonstrates that the future of AI governance in the financial sector is fundamentally an institutional and practical question. As AI becomes increasingly embedded in everyday financial activity, simply filling out static checklists is no longer sufficient for compliance. Debates surrounding governance are gradually shifting beyond the design of new rules. Attention is turning towards a more practical question of how existing institutions demonstrate that they remain capable of understanding, supervising and challenging decisions in which AI now plays a central role. Ultimately, building stronger AI provenance infrastructure will be crucial, because existing accountability frameworks can only function in practice if firms are able to trace, question and defend automated decisions over time.