On 20 January 2026, the Treasury Select Committee released a critical report evaluating the Bank of England's, FCA's and HM Treasury's approach to AI risk in regulated financial services. The Committee found that 75% of UK financial firms are already deploying AI systems—yet regulators have adopted what it characterised as a 'wait-and-see' posture, creating what the report termed 'serious harm to consumers and the wider system.' The Committee's conclusion is unambiguous: passive oversight is incompatible with the FCA's Consumer Duty (PS22/9), which mandates that firms identify and mitigate material risks to consumer outcomes. Unlike cyclical financial risks that build gradually, AI system failures can propagate instantaneously across interconnected institutions. This is why regulatory bodies using Trovix Watch to monitor AI policy developments across jurisdictions have observed that forward-looking frameworks (such as the EU AI Act's classification of high-risk AI systems) are outpacing UK reactive guidance.

The Committee's report identifies three specific regulatory gaps. First, the FCA has not mandated AI-specific stress testing despite the systemic interdependencies created by AI adoption in credit risk assessment, fraud detection, and algorithmic trading. SYSC 4 (General organisational requirements) requires firms to stress-test operational risks, yet the FCA has not clarified how AI model degradation fits within this framework. Second, the FCA has issued no practical guidance on implementing COBS (Conduct of Business sourcebook) and ICOBS (Insurance: Conduct of Business sourcebook) compliance when using AI to make customer recommendations or process claims. Firms deploying Trovix Watch now track these guidance gaps as material compliance risks. Third, the Committee highlights that major AI vendors providing systems to UK financial firms are not designated as 'critical third parties' under the PRA's Rulebook, meaning they face no direct prudential oversight despite their systemic importance.

The Committee's recommendations demand accelerated regulatory action. It calls for the FCA to issue practical AI governance guidance by 31 December 2026—a nine-month timeline that forces prioritisation. This guidance must address: how SYSC 6 (Systems and controls) applies to AI vendor management; how Consumer Duty PS22/9 extends to AI-related consumer detriment; and how existing SM&CR (Senior Managers and Certification Regime) accountability applies when AI systems cause consumer harm. The Committee also recommends that the PRA and FCA designate major AI providers as critical third parties under the critical third party regime, ensuring direct prudential oversight of vendors supplying systems to systemically important financial institutions. Trovix Brief automates the intake assessments that compliance teams now conduct when evaluating AI vendor risk.

The report's timing reflects mounting political pressure on UK regulators to demonstrate proactive oversight ahead of potential AI-related financial incidents. The Committee notes that a single undetected AI model failure in an algorithmic trading system or credit risk engine could trigger cascading losses across multiple financial institutions. The FCA's existing Handbook references (COBS 2, ICOBS 2, SYSC 1) already require firms to manage operational risks transparently, yet the FCA has not clarified whether current rules are sufficient for AI governance or whether AI-specific rules are necessary. This ambiguity has created a compliance vacuum: some firms interpret existing rules as adequate; others argue new rules are essential. The Committee's report breaks this deadlock by explicitly demanding new guidance, signalling that Parliament views regulatory passivity as accountable negligence. Firms monitoring this escalation through regulatory intelligence platforms understand that FCA guidance publication is now likely by Q4 2026, creating a compliance implementation window for which firms should prepare maturity assessments now.

Source: Parliament UK