Over 75% of financial services firms have embraced AI to deliver faster, more convenient service – but the pace of adoption has outstripped regulation.
While acknowledging that AI can deliver real benefits to consumers, MPs have warned that the UK’s ‘wait-and-see’ approach regarding AI usage is leaving them exposed to data misuse, opaque decision-making and systemic risk. The Treasury Committee has since recommended that the FCA publish practical AI guidance for financial services firms by the end of 2026.
But such a huge time window and a lack of guidelines in the interim creates a strategic dilemma for financial leaders: either delay AI deployments and lose ground, or move ahead without clarity on how future rules will shape data usage, model governance and accountability.
In a market driven by real-time insight, waiting until the end of the year to act is not a viable option. So, how can firms set themselves up for regulatory scrutiny when they don’t even know the rules?
Adopt compliance-first frameworks
Rather than thinking of regulatory compliance as the final step, firms should instead design frameworks that anticipate scrutiny.
FCA regulations are likely to mirror frameworks that already exist, so a good starting point is seeing what structures already exist for responsible AI use. In the US, the Cyber Risk Institute, an industry-led, sector-specific body has developed an AI risk management framework suitable for all financial institutions to use in developing their own strategy. Firms begin by assessing the current AI adoption stage across departments and the specific risks posed to each. Once identified, firms can design workflows and controls tailored to those risks.
While AI is still fairly new to industry, financial leaders should feel reassured that ultimately, the underlying principles of compliance remain the same regardless of the technology used. Full auditability and explainability is of the essence whether your solution uses AI or not.
The decision itself is important, but so is the justification. The weighting of variables in a credit decision or insurance premium must be visible and justifiable. If a case is brought under scrutiny, it’s impossible for the firm to defend decisions it doesn’t understand.
Data hygiene and the importance of a solid foundation
AI can’t make reliable decisions without high-quality, accessible data, so building a solid foundation of data is going to be incredibly important for businesses moving forwards. Making this a reality, though, is easier said than done.
Business data is often more siloed than teams expect. An LSE study found that only two percent of tech decision-makers thought their business was completely effective at data sharing. And the average enterprise uses more than 900 different applications, with only a third of those integrated with another. That represents a massive black hole for vital customer and company data.
Introducing an AI agent into this scenario is unlikely to deliver maximum impact. If the agent can’t effectively pull information from across the system, it simply won’t have the data it needs for accurate decision making.
Unifying data across customer interactions and platforms will therefore be essential to ensure AI agents can make fully informed decisions. Businesses can accomplish this with a single centralised data layer which pulls data from CRMs, marketing tools and other databases to create a ‘single source of truth’ that updates in real-time.
Implement human-in-the-loop controls
In a rush of enthusiasm, it can be tempting to offload a huge number of tasks to AI immediately, but this isn’t always the best approach. Total automation without careful governance could leave firms – and their customers – exposed to higher risk. There are also some high-impact decisions that must retain some human involvement, like credit-scoring or mortgage approvals.
Human-in-the-loop controls shouldn’t be seen as a fallback when the AI doesn’t work – it’s a non-negotiable part of the process. Requiring a human specialist to review AI-generated decisions provides an additional layer of protection against hallucinations and data bias. With this approach, AI handles the heavy lifting of data processing and research, while humans have the final say.
To effectively manage human and AI resources, businesses can use a tiered risk model to decide when to implement human-in-the-loop controls. Low-stakes work like simple chatbot enquiries can be fully automated, while more complex cases or sensitive matters can either be escalated to a human specialist or reviewed by one by default.
A regulatory gap shouldn’t hold back innovation
An absence of regulatory guidelines shouldn’t put off forward-thinking firms from innovating. Instead, firms should recognise this for what it is – an opportunity to lead the industry and to help shape the future of AI in financial services.
For pioneers, the best approach right now is to anticipate what regulations might look like, build solutions accordingly, and then bring regulators along on the journey. Getting an informed and de-risked head start sets a precedent for the rest of the industry. And being able to influence the direction of regulation means win-win outcomes for banks, customers and regulators alike.
