Treasury Committee challenges Big Tech on AI in UK financial services

UK Treasury Committee presses Big Tech on AI in finance: what it means for your firm

Six major technology firms have been asked to explain their role in UK financial services AI. Letters went to Microsoft, Meta, Google, Amazon, Anthropic and OpenAI as part of the Treasury Committee's inquiry. Responses are due at the beginning of October.

The inquiry spans banking, pensions and wider financial services. The questions go beyond headlines and into concrete issues that affect risk, supervision, and day-to-day operations.

What the Committee is asking

The letters set out 12 questions for each company. They cover high-level impact and regulation, and specific practices the firms use.

• Predicted impact of AI across UK financial services and recommended regulatory approaches.
• Company strategies for financial services use cases and client onboarding standards.
• Transparency methods, data controls, testing, and incident reporting.
• Risk mitigation for bias, misuse, hallucinations, and model drift.
• Engagement with the Bank of England and the FCA on AI-related issues.
• How operations would change if designated critical to the UK economy.

Cloud vs. models: different questions, same exposure

The Committee recognises that cloud infrastructure underpins much of AI in finance. Cloud providers received a targeted set of questions distinct from those for AI model companies.

For providers that touch both stacks, the message is clear: demonstrate end-to-end responsibility and operational resilience across infrastructure and models.

Why this matters for risk, resilience, and regulation

The Bank of England and FCA told MPs that some AI providers could be named "critical third parties" by the Treasury. That would formalise oversight and set expectations for resilience and data safeguards across the supply chain. For firms, it highlights concentration risk in both cloud and model layers, and the need for credible substitution and contingency plans.

Background reading: FCA/BoE/PRA discussion on critical third parties and joint paper on AI and machine learning.

What finance leaders should do now

• Map AI dependencies: cloud regions, foundation models, APIs, vector databases, data pipelines. Identify single points of failure and vendor concentration.
• Classify criticality: which AI services are in your IBS/important business services? Define substitution paths and time-to-recover.
• Review contracts: audit rights, transparency disclosures, model update notices, incident SLAs, data residency, and kill-switch options.
• Strengthen model risk management: documentation, explainability, validation, human-in-the-loop controls, and change management.
• Test scenarios: model outage, degraded accuracy, prompt injection, data leakage, cloud region failure, and sudden API pricing changes.
• Tighten governance: board oversight, risk appetite for AI, clear ownership across first and second line, and escalation playbooks.
• Prepare for potential CTP designations: monitor suppliers likely to fall in-scope and pre-plan supervisory engagement.

Timeline and what to watch

Companies must respond by early October. Expect public evidence sessions, published correspondence, and possible recommendations to the Treasury and regulators.

• How "criticality" thresholds are defined for AI providers.
• Transparency and audit expectations for foundation models used in finance.
• Data sovereignty, retention, and fine-tuning safeguards for sensitive datasets.
• Clearer shared-responsibility models across cloud, model providers, and regulated firms.

If your team is building practical AI capability for finance use cases, see these resources: AI tools for finance.