The FCA's Approach to AI in Financial Services (2026)

UK financial services is one of the most heavily regulated AI environments — but notably, the FCA has chosen not to write AI-specific rules. Here’s how it actually regulates AI in 2026, cited to the FCA. (dgm implements osFoundry as an independent partner. General information, not compliance advice.)

The FCA’s stance: existing rules, not new AI rules

The FCA has deliberately declined to introduce AI-specific rules, reaffirming this stance in late 2025. Its reasoning: models evolve too fast for prescriptive rules, so it relies on existing, outcomes-focused frameworks. For firms, that means AI is governed by rules you already know — applied to AI.

Consumer Duty: the primary lens

Consumer Duty (in force since 31 July 2023) is the FCA’s main lens for customer-facing AI. Firms must:

• act in good faith;
• avoid foreseeable harm; and
• deliver good outcomes for customers.

So AI must not produce unfair or discriminatory outcomes, and you must be able to evidence good outcomes from AI-driven processes (e.g. in lending, pricing, complaints, vulnerable-customer handling). This is where most financial-services AI risk concentrates.

SM&CR and SYSC

• SM&CR (Senior Managers & Certification Regime) — named senior managers are accountable for the firm’s activities, including AI deployments. There’s no hiding behind “the algorithm did it”.
• SYSC — governance, outsourcing and operational resilience rules apply to AI systems and to third-party AI providers.

The FCA AI Lab

The FCA actively enables safe experimentation through its AI Lab: the Supercharged Sandbox (with NVIDIA, offering compute and enriched/synthetic datasets) and AI Live Testing for real-world controlled trials. So the posture is enable innovation within existing rules, not block it.

What this means in practice

For a bank, building society, insurer or fintech, the path is: deploy AI to improve outcomes, but evidence Consumer Duty compliance, keep named accountability (SM&CR), manage the AI provider as an outsourcing/resilience risk, and keep humans in the loop for significant customer decisions.

Where osFoundry and dgm fit

dgm builds financial-services AI with Consumer Duty outcomes designed in: fairness and bias-awareness, explainability, audit trails that evidence outcomes, and human oversight for significant decisions. On osFoundry, data control via self-hosting or an EU region (it publishes US/EU/JP regions, not a UK one) and bring-your-own-key help with the outsourcing/resilience and data-protection angles. See our guides on building societies and fintech for sector specifics.

dgm is an independent integration partner with zero integrations so far, and not a compliance adviser. Regulatory responsibility stays with the firm and its senior managers. To scope a Consumer-Duty-aware AI project, book a consultation with dgm.