AI is no longer experimental in financial services. Across advice, banking, insurance and credit, it is embedded in live processes, from fraud detection and onboarding to suitability assessments and monitoring consumer outcomes. Adoption has accelerated quickly, often faster than regulatory certainty.
UK policymakers have backed AI as a driver of productivity and growth, reflected in the Government’s AI Opportunities Action Plan. Alongside these developments, regulators are also providing more explicit guidance on AI governance and evidencing of outcomes, signaling an evolving, complementary landscape of policy and regulation.
In its 2026–27 Annual Work Programme, the FCA sets out plans to become a more data‑led regulator, including the use of AI in supervision to detect harm, review firm submissions and support faster decision‑making. Parliamentary interest has also increased, with the Treasury Select Committee examining AI adoption and risk management across the sector.
Attention is moving from capability to proof – can firms evidence control, auditability, accountability and outcomes?
And it is why technology is no longer optional.
Adoption at scale with uneven governance
Large financial services firms are already widely using AI. The Treasury Select Committee’s recent inquiry underlines how common adoption has become, while also showing that governance maturity varies significantly.
Many firms continue to rely on control frameworks designed for deterministic systems, where decision paths are easier to explain and challenge. As AI becomes more complex and more deeply embedded, those approaches are being stretched further. Consumer Duty, SM&CR and operational resilience still apply, but applying them to AI‑driven decisions raises new questions about oversight, documentation and evidencing in practice.
Where firms struggle: explainability, audit trail and evidencing
The hardest issues tend to appear after deployment, when AI is scaled and relied on for business‑critical processes. Fairness, explainability, oversight and accountability move quickly from theory into day‑to‑day reality.
This is most acute when general‑purpose tools are used in contexts that require regulatory‑grade evidence. And this is where the real gap sits.
Regulatory-grade AI needs traceability, not just capability
As firms move beyond experimentation and try to operationalise AI, a more fundamental constraint becomes clear. In most cases, the limiting factor is not AI capability, but the combination of generative AI (GenAI) tools and the quality, consistency and reliability of the underlying data.
Mainstream GenAI and LLM-based tools are highly effective at text extraction, summarisation and surface-level pattern recognition. They can turn large volumes of content into more digestible content. However, they are not designed to support regulated decision-making. They do not inherently understand what financial advice data represents, how values relate to one another, or why one data point should be trusted over another.
Critically, these models often struggle to provide the explainability, traceability and auditability that regulators expect. They can silently resolve conflicts, obscure data lineage, and produce outputs that sound confident even when they are incomplete or wrong. As a result, firms frequently end up increasing human oversight rather than reducing it – spending more time validating outputs, resolving inconsistencies and evidencing compliance.
By contrast, purpose-built (predictive) AI models for analytics and prediction are designed around structured, trusted data. They are trained to understand how advice data is created, how it changes over time, and when it must be corrected rather than inferred. This enables predictive analysis, consistent MI, and defensible insights that can be traced back to the source and explained to regulators.
The more reliable, explainable and auditable the data foundation becomes, the more safely AI can be applied. In regulated environments, value does not come from applying GenAI and LLM models to unstructured data, but from combining selective GenAI capabilities with predictive AI operating on trusted, regulator-ready data. That is what allows automation to scale – and risk to come down.
FCA expectations: outcomes, governance and supervisory evidence
Regulatory engagement is becoming more hands‑on and outcome‑focused. The FCA’s Mills Review indicates a preference for testing whether existing regimes remain fit for purpose as AI becomes more embedded, rather than rewriting the rulebook entirely. The Critical Third Parties regime reinforces a growing focus on systemic technology dependencies and data integrity across the wider AI ecosystem.
Joe Norburn, CEO of TCC Group and Recordsure, summarises the practical challenge:
“Regulators aren’t asking firms to slow down innovation – they’re asking them to show control. That means being able to explain how decisions are made, evidence outcomes, and demonstrate accountability long after AI systems are live and scaled.”
What to do now: build evidence before scrutiny increases
Supervisory expectations are still evolving, but the emphasis on evidence is increasing. Investing now in data foundations and regulator‑ready reporting supports stronger control as AI use expands.
In regulated environments, how AI is built and governed matters more than how impressive it looks.
Trusted data and defensible evidence are what make AI scalable. When outcomes can be traced back to the source and supported by reliable MI, oversight improves without increasing risk.
How Recordsure helps evidence AI decisions
Recordsure AI is purpose-built for regulated environments where auditability, traceability and defensible outcomes matter. We use proprietary predictive AI analytics tools to convert advice and servicing interactions into structured, trusted data so firms can produce consistent MI, evidence how decisions were reached, and maintain an audit trail that supports governance and supervisory engagement over time.
