A University of Cambridge survey published this month found that AI agent adoption in financial services will jump from 24% today to 81% by 2030. That is not the story. The story is buried in the caveats: the researchers found that regulatory frameworks and supervisory capacity have not kept pace with the technology. For a mid-market UK financial services firm, insurer, or legal practice, this means you are operating in a jurisdiction where the FCA's Consumer Duty (PS22/9) requires you to act in the customer's best interest, but the FCA has not yet published binding guidance on what "best interest" means when an autonomous AI agent is making decisions on a client's behalf. That is a regulatory gap. You are being asked to comply with a standard that no one has yet defined.
This story is part of a larger pattern. The EU AI Act came into force while most UK firms were still piloting document AI tools. Generative AI matured in 2023 and 2024 while boards were still debating governance frameworks. Now agentic systems—AI that can act independently, retrieve information, make decisions, and execute transactions without human approval—are in production at firms where the Chief Risk Officer is still writing the oversight policy. The pattern is always the same: technology adoption velocity outpaces risk management velocity. The difference this time is that agentic AI is not just a backend efficiency tool. It touches client outcomes directly. A Harvey contract analysis system makes a lawyer smarter. An autonomous AI agent that routes insurance claims or executes financial transactions on a client's behalf is a regulated activity. The liability profile is completely different.
Here is Trovix's honest view: most agentic AI implementations in regulated firms are currently running on a hybrid model that looks more like automation than true agency. Systems like Microsoft Copilot for Finance, Luminance's AI-assisted case management, and even specialized legal AI like Legora are built to assist, not to act alone. That is correct. But the industry is moving toward genuine autonomy—agents that retrieve client data, consult regulatory rules, and execute transactions with minimal human handoff. When you deploy genuine agentic systems, you are accepting a new class of risk: compound errors, where one AI mistake cascades into downstream decisions made by another agent. The FCA is aware of this. PRA SS1/23 on operational resilience hints at it. But there is no explicit rule on agentic AI governance yet. You need tools that can audit what your agents have actually done, explain their reasoning to a regulator, and show that each decision met your duty of care. This is where most firms are failing. They have the agents. They do not have the governance.
What should you do right now? Stop asking whether agentic AI is safe in the abstract. Start asking what agents you are already running, what decisions they make, and who is accountable when they fail. Map your agentic systems against the FCA Consumer Duty and PRA SS1/23. Implement an audit trail for every agent decision—not just logs, but explainable records that show how the agent applied your firm's rules and policies. Use Trovix Watch to track regulatory guidance as it emerges over the next 12 months; the FCA will publish agentic AI supervisory expectations soon, and you need to know immediately when they do. Deploy Trovix Audit to build a compliance dashboard that shows regulators how your agents are governed. And be honest with your board: autonomous agents are a competitive advantage, but they are also a liability vector. The firms that will survive the coming regulatory crackdown are not the ones with the most advanced agents. They are the ones with the best audit of what their agents actually did.
Source: CNN