Yesterday I attended the launch of the FCA's Mills Review, which is likely to become one of the defining papers shaping the future of AI within UK retail financial services. Rather than debating whether firms should adopt AI, the Review focuses on a more important question: how do we accelerate innovation while maintaining consumer trust, market integrity and effective supervision?
The message was clear. AI is no longer simply an efficiency tool. It is becoming embedded across customer journeys, operational processes and decision making. Equally important, the FCA recognises that supervision must also evolve, with regulators increasingly using AI to oversee firms operating at machine speed.
The Review anticipates increasingly autonomous and agentic AI systems transforming advice, customer engagement and business operations.
The challenge for firms is no longer whether to deploy AI, but how to implement it responsibly while maintaining regulatory compliance. As AI becomes embedded into regulated activities, governance can no longer be treated as an afterthought.
The Review identifies four priority areas:
These recommendations reinforce existing FCA expectations under Consumer Duty, SYSC, SM&CR, Operational Resilience, Financial Promotions and Critical Third Parties. AI may introduce new technology, but firms remain accountable for the outcomes it delivers.
Traditional supervisory approaches cannot keep pace with AI systems that continuously learn and evolve.
The FCA is therefore looking towards AI-supported supervision capable of identifying emerging risks including hallucinations, bias, deepfake fraud and synthetic identity attacks, while analysing large regulatory datasets and detecting consumer harm much earlier. This builds directly on initiatives such as the FCA AI Lab, Supercharged Sandbox and AI Live Testing programme, which Model Office was privileged to participate in.
One area that deserves greater attention is the role of RegTech.
As firms deploy more AI, boards will need independent evidence that governance remains effective. Automated supervision platforms can provide continuous compliance monitoring, regulatory intelligence, board-ready management information, audit trails and ongoing oversight of AI deployment.
Rather than responding to regulatory enquiries retrospectively, firms can demonstrate continuous control, evidence-based decision making and regulatory defensibility.
One point from Sheldon's presentation particularly resonated with me. Governance must keep pace with innovation.
Many AI vendors now claim their solutions are compliant, often relying on their own internal assessments. Boards should not rely solely on suppliers marking their own homework. Independent governance reviews, model risk assessments, explainability testing, security controls, regulatory mapping and continuous performance monitoring should become standard due diligence.
The organisations that gain competitive advantage will not simply be those deploying the most AI. They will be those able to demonstrate that every significant AI decision is governed, monitored, explainable and capable of withstanding regulatory scrutiny.
The Mills Review confirms that AI will reshape financial services. Success will depend not only on innovation, but on building the governance, oversight and regulatory intelligence needed to deploy AI with confidence.
Please click the below icon to learn more about MO RegTech today..