The FCA's call for expanded powers to regulate AI in financial services—following the Mills Review's finding that 40% of Britons now use AI for financial advice—is a necessary wake-up call. But it is also, frankly, late. The regulator is right to worry about autonomous AI models recommending mortgages, pensions and investments without human judgment, and right to propose a public-interest AI guidance service to fill the gap left by commercial chatbots. The problem is that between now and formal regulatory expansion, mid-market financial services firms, insurers, accountancies and law firms are already deploying AI at scale with minimal governance frameworks. The FCA Consumer Duty (PS22/9) already requires these firms to act in clients' interests—but it says nothing about how to do that when the advice is generated by a large language model trained on Reddit.
This story reveals a familiar British regulatory pattern: the problem gets real before the rules catch up, and firms caught in the gap face impossible choices. Consumer adoption is accelerating faster than governance matured. Chatbots like ChatGPT, Microsoft Copilot and Claude have moved from novelty to trusted advisor in the eyes of everyday Britons in under 18 months. Meanwhile, purpose-built financial AI tools—some genuinely useful, others marketed with more enthusiasm than rigour—continue to proliferate without uniform standards for accuracy, bias or explainability. The EU AI Act will force some standardization by 2025, but UK firms cannot wait for Brussels to solve this. The PRA, FCA and ICO are moving in parallel directions without yet speaking the same language about what 'responsible AI' actually means in regulated context.
Here is where most firms are getting this wrong: they are treating AI governance as a compliance problem to be solved with policies, when it is actually an operational problem requiring architecture. When a firm deploys ChatGPT or Claude as a client-facing advisor using Trovix Reach, that tool is only as good as the guardrails, knowledge sources and human oversight surrounding it. Too many mid-market firms are using generic LLMs with no domain-specific knowledge, no real-time verification against FCA product rules, and no audit trail. The result is that the AI gives plausible-sounding advice that is sometimes wrong—and the firm discovers this only when the FCA knocks, or a client complains. Better-architected AI assistants like Harvey (for legal due diligence) or Luminance (for document review) work because they are built on knowledge graphs tied to real data and human expertise, not on statistical pattern matching. Trovix's approach embeds compliance logic into the AI itself, not as an afterthought. That distinction matters enormously under FCA Consumer Duty and will matter even more when the Mills Review becomes hard law.
Here is what a mid-market regulated firm should do on Monday morning: first, audit every AI tool currently in use—not just ChatGPT on client-facing websites, but also internal LLMs used for case review, claims assessment, tax analysis or financial modeling. For each tool, ask: what knowledge sources feed this model, who validates the outputs, what bias testing has been done, and can we prove compliance with FCA Handbook rules or SRA Code obligations? Second, implement governance dashboards like Trovix Audit that give you visibility of AI decision-making in real time, so you can show the regulator that you are in control, not the algorithm. Third, retire any client-facing AI system that cannot produce a clear audit trail linking outputs to verified sources. And fourth, build internal AI use cases—like document triage with Trovix Sift or knowledge retrieval with Trovix Aria—where accuracy failures cost you efficiency, not client trust or regulatory capital. The Mills Review will become binding rules. Firms that have already built proper governance will adapt painlessly. Firms still using uncontrolled LLMs will face remediation bills and credibility damage.
Source: City AM