Biphoo News

collapse
Home / Daily News Analysis / A senior FCA official says Britain should weigh regulating AI models directly

A senior FCA official says Britain should weigh regulating AI models directly

Jul 07, 2026  Twila Rosenbaum  12 views
A senior FCA official says Britain should weigh regulating AI models directly

A senior official at the UK's Financial Conduct Authority (FCA) has signaled that the country should consider directly regulating large language models (LLMs) such as OpenAI's ChatGPT, Anthropic's Claude, and Google's Gemini. Sheldon Mills, an executive director at the FCA, argued that the current regulatory framework is being outpaced by the rapid adoption of general-purpose AI tools in financial decision-making. His comments mark a notable departure from the UK's prevailing pro-innovation, principles-based stance, raising the possibility of a more interventionist approach.

Mills stated that the existing rulebook must evolve as financial firms increasingly rely on a small number of technology providers. He warned that this concentration of dependency could create system-wide risks, a concern that echoes earlier debates about the dominance of a few cloud computing platforms in the financial sector. According to Mills, more than a quarter of UK consumers already trust tools like ChatGPT, Claude, and Gemini for financial advice, often without understanding that these systems fall outside the FCA's regulatory perimeter. This leaves consumers with no clear recourse when AI-generated advice leads to poor outcomes.

The core of Mills's argument is that general-purpose AI has quietly taken on a role that the regulatory framework never anticipated. When a regulated financial adviser gives bad guidance, the consumer can seek redress through the FCA's complaints procedures or the Financial Ombudsman Service. But when a chatbot offers erroneous investment tips or misrepresents the risks of a financial product, the lines of responsibility are far less clear. The technology itself is often opaque—even to the companies that deploy it—making it difficult to audit algorithms for fairness or to assign liability for harm.

Proposed Review and Potential New Powers

Mills recommended that the FCA make a decision within the next three to six months on whether to "secure and adapt" the regulatory perimeter. This would involve a formal review of the scale, nature, and impact of general-purpose models that currently operate outside financial regulation. While he stopped short of demanding immediate rule changes, he put a clock on the question of whether foundation models—like those powering ChatGPT—should be considered financial instruments or services in their own right.

Looking ahead, Mills floated the possibility of new regulatory powers. These might include requiring firms to explain how their AI models reach decisions, auditing algorithms for fairness and bias, and imposing fines on systems that cause consumer harm. Each of these touches on the hardest problem in AI governance: explainability. Even the companies that build these models often cannot fully explain why they produce certain outputs, especially when they are used in complex, real-world financial contexts.

Live Debate on Responsibility

Mills's intervention lands awkwardly alongside the UK government's broader posture. The UK has deliberately avoided a bespoke AI law, preferring instead to hand oversight to existing regulators like the FCA, the Competition and Markets Authority (CMA), and the Information Commissioner's Office (ICO). This sector-by-sector model was designed to give the UK a pro-innovation edge over the European Union, which is pursuing a more prescriptive AI Act. Mills is not calling for a UK AI Act, but his argument suggests that the sector-by-sector model has a gap where general-purpose systems are concerned—and that the FCA may need to fill it.

There is an intense, unresolved debate about where responsibility should sit. Regulating the models themselves, rather than the regulated firms that use them, would represent a significant shift in approach. It would cut against the light-touch instinct the UK has cultivated over the past decade. It also runs into a practical problem: the largest models are built by a handful of American companies—OpenAI, Anthropic, Google, Meta, and Microsoft—that the FCA does not directly regulate. Any attempt to impose rules on those firms would likely require international coordination or extraterritorial enforcement, which is notoriously difficult.

Concentration Risk Beyond AI

The concentration point Mills raised is arguably the more serious of the two. If most regulated financial firms come to depend on the same two or three model providers, a failure or a flaw in one of those systems could ripple across the sector almost instantly. This kind of correlated risk is exactly what regulators try to design out of the financial system. A single vulnerability—such as a model hallucinating false interest rates—could simultaneously affect hundreds of banks, investment platforms, and insurance companies that rely on the same underlying AI. This is not an abstract worry; it is a familiar pattern from cloud computing, where the failure of Amazon Web Services or Microsoft Azure has disrupted major financial institutions. Now that risk is migrating to the AI models built on top of those clouds.

For context, the UK has been a global leader in financial technology regulation. The FCA's sandbox approach, which allows fintech firms to test products in a controlled environment, has been widely cited as a model for balancing innovation and consumer protection. However, the rise of generative AI has challenged this framework. Unlike fintech apps that are clearly defined as financial services, LLMs are general-purpose tools that can be used for anything from writing poetry to giving investment advice. The FCA's current perimeter catches the latter only when a regulated firm explicitly offers advice using its own proprietary AI; it does not catch a consumer who asks ChatGPT for stock tips on a personal account.

Mills's comments also come at a time when governments worldwide are conceding that AI is outpacing the rules meant to govern it. In the United States, the White House has issued an executive order on AI safety but Congress has not passed comprehensive legislation. The European Union is finalizing the AI Act but it will not fully take effect until 2026 or later. China has some of the strictest AI rules, but they are focused on content control rather than consumer protection in finance. The UK's approach—wait and see—may no longer be tenable if consumer harm becomes widespread.

Sheldon Mills is a well-known figure in UK financial regulation. Before joining the FCA in 2019, he held senior roles at the Financial Ombudsman Service and the Competition and Markets Authority. He has been instrumental in the FCA's work on consumer duty, a landmark rule that requires firms to deliver good outcomes for customers. His track record suggests that when he raises a concern, he is likely to follow through with policy proposals. The next few months will show whether the FCA treats his call for a perimeter review as a genuine exercise or merely a talking point. If the review proceeds, it could lead to a fundamental reshaping of how AI is governed in one of the world's largest financial centers.

In summary, Mills's intervention highlights the tension between innovation and consumer protection. The UK financial regulator is grappling with a technology that was not designed for financial advice but is increasingly being used for it. The decision to regulate the models directly, rather than just the firms that use them, would be a bold move—but one that could set a global precedent. For now, the industry is watching closely, and the clock is ticking.


Source: TNW | Government-Policy News


Share:

Your experience on this site will be improved by allowing cookies Cookie Policy