The Financial Conduct Authority published its perimeter report on 26 March 2026 identifying a significant regulatory blind spot: AI-powered personal finance chatbots that operate beyond the boundaries of existing financial services frameworks. These tools, increasingly used by consumers seeking financial guidance, fall outside the FCA's current regulatory remit despite their potential to influence significant financial decisions. The report represents a formal acknowledgement that the rapid deployment of AI in consumer finance has outpaced regulatory architecture designed before such technologies emerged.

The FCA's concerns centre on consumer protection gaps. Personal finance chatbots leveraging generative AI may provide advice or guidance that resembles regulated financial advice, yet escape oversight under Consumer Duty, COBS, or other applicable rules because they do not constitute regulated activities as currently defined. The regulator has stopped short of prescribing immediate regulatory intervention but has signalled to government that regulatory boundaries may require updating if consumer detriment materialises from these unregulated services. This cautious approach reflects the dual challenge regulators face: protecting consumers without stifling innovation in an emerging field where harms remain largely theoretical.

For regulated financial services firms, the perimeter report carries direct implications. Firms must assess whether their own AI-powered advisory tools—whether chatbots, robo-advisers, or automated recommendation engines—fit within FCA definitions of regulated activities and comply with COBS 2, SM&CR, and other applicable rules. The report's existence signals that the FCA is monitoring the regulatory perimeter closely and may introduce clarifications, guidance, or rule changes if the boundary between regulated and unregulated AI advisory services becomes a material consumer protection concern. Compliance teams should evaluate their AI governance frameworks to ensure alignment with emerging regulatory expectations, even where current rules do not yet explicitly address AI-specific risks.

The perimeter report also reflects broader international regulatory trends. While the FCA has taken a monitoring approach, the EU AI Act establishes binding obligations for high-risk AI systems, including those used in financial services. Firms operating across jurisdictions or contemplating cross-border AI deployments should consider how EU AI Act requirements, ISO 42001 standards, and other emerging frameworks interact with UK regulatory expectations. Trovix Watch and Trovix Reach enable firms to track evolving regulatory signals and perimeter developments as the FCA continues to assess whether current frameworks remain fit for purpose in an AI-driven financial services landscape.

Source: Global Policy Watch