UK finance faces AI risk: MPs call for action from the FCA and Bank of England
AI is now embedded across UK financial services, with more than 75% of firms using it-especially insurers and international banks. A new report from the Treasury Select Committee says the current "wait-and-see" approach from key public institutions risks serious harm to consumers and the financial system.
The message is clear: usage is racing ahead of oversight. Without stronger guardrails, the next AI-driven shock could catch the market off guard.
What the Committee found
- Regulators are not doing enough to manage AI risk across financial services.
- Call for AI-specific stress testing by the Bank of England and the FCA to gauge resilience to AI-driven market shocks, including a potential AI bubble burst.
- Request for the FCA to publish practical AI guidance by year-end-how consumer protection rules apply and who inside firms is accountable for AI-related harm.
- Concern over the Critical Third Parties Regime: it exists, but no firms have been designated yet. The Committee urges the government to designate critical AI and cloud providers by the end of 2026.
As stated by the Committee's chair, "The use of AI in the City has quickly become widespread and it is the responsibility of the Bank of England, the FCA and the Government to ensure the safety mechanisms within the system keeps pace." She added, "I do not feel confident that our financial system is prepared if there was a major AI-related incident."
Why this matters for finance leaders
AI now touches underwriting, risk scoring, fraud detection, customer ops, and trading signals. That means model risk, conduct risk, data quality, and operational resilience are all in scope.
If oversight lags, firms face higher downside from biased models, faulty signals, and third-party outages. Expect supervisors to lean in on accountability, explainability, and testing-well before rules are finalized.
What to do now
- Map your AI estate: inventory models, use cases, data sources, and dependencies (including vendors and clouds). Note where models impact customers and markets.
- Assign clear accountability: name a senior owner for AI risk, with defined responsibilities across model governance, consumer outcomes, and ops resilience.
- Run AI stress tests: simulate data drift, model failure, vendor outage, and feedback loops. Document how controls detect, contain, and recover.
- Tighten third-party risk: classify AI and cloud partners by criticality, set performance and exit plans, and test failover regularly.
- Strengthen data controls: validate inputs, track lineage, and log decisions. Some firms are exploring enterprise blockchain to improve data integrity and ownership; apply it where immutable audit trails add real value.
- Protect consumers: test for bias and unfair outcomes, set human-in-the-loop checkpoints for high-impact decisions, and make adverse action explanations clear.
- Prepare incident playbooks: define triggers, escalation paths, customer comms, and regulator notification steps for AI-related events.
The Critical Third Parties gap
The regime to oversee critical non-financial providers was set up in 2023, but no firms have been designated yet. That leaves a hole in market-wide resilience.
Don't wait. Treat important AI and cloud providers as critical in your own framework. Build redundancy, negotiate data portability, and rehearse black-swan scenarios.
Timelines to watch
- By end of this year: FCA to issue practical AI guidance on consumer protection and accountability.
- By end of 2026: Government urged to designate critical AI and cloud providers under the regime.
Use these dates to drive internal milestones-policy updates, capability build, vendor segmentation, and board reporting.
For reference
Upskill your teams
If you're building AI fluency across risk, compliance, and product teams, start with practical resources and tool stacks built for finance.
Bottom line: adoption is outpacing control. Get ahead with clear ownership, targeted stress tests, and tighter third-party oversight before regulators force the issue.
Your membership also unlocks:
