At a glance

FCA-commissioned review sets seven-point AI agenda for retail finance

  • Insight
  • 8 minute read
  • July 2026

The FCA-commissioned Mills Review (the Review), published on 6 July 2026, considers the long-term impact of artificial intelligence (AI) on retail financial services. 

The Review sets out a seven-point agenda for the FCA to prepare retail financial services for AI-enabled, agent-led finance.

Its recommendations include securing and adapting the regulatory perimeter, strengthening system-wide oversight, developing a trusted framework for AI agent participation in financial services, and building an AI-enabled supervisory model.

The Review draws on 140 written submissions, meetings, panels and roundtables across financial services, technology, academia, consumer groups and regulation, as well as new consumer research on AI use and attitudes.

What does this mean?

The Mills Review is a forward-looking assessment of how AI could reshape retail financial services by 2030 and beyond. Its central finding is that AI adoption is likely to move from assistive tools, such as summarising information or supporting customer service, towards more autonomous and agent-led models where AI can recommend, prepare or execute actions on behalf of firms or consumers.

The Review identifies advances in AI capability as the key systemic driver of change and sets out four expected shifts: 

  • the transformation of firms 

  • new consumer journeys

  • a reshaped competition landscape

  • amplified financial crime and cyber risk.

For firms, this means AI could become embedded across customer support, underwriting, complaints, fraud detection, compliance, regulatory reporting and product design. For consumers, AI agents could help compare products, manage savings, support debt decisions or switch providers within agreed limits.

The Review’s consumer research found that 67% of UK adults use AI, while 16% use AI for financial services, mainly for information or suggestions. It also found that 20% of consumers would consider using AI that acts autonomously within pre-set goals, rising to 28% among existing AI users. However, trust remains a constraint: around two-thirds of consumers reported concerns about data misuse, lack of protection and concentration of power among large firms.

The Review highlights several challenges and risks from more autonomous AI, including how firms evidence good consumer outcomes, maintain meaningful human oversight, allocate accountability across complex AI supply chains, manage dependencies on third-party models and infrastructure, and provide clear routes for challenge and redress. 

It also points to broader system-wide risks, including shared model dependencies, correlated behaviour, market concentration, AI-enabled fraud and cyber risk, and potential regulatory gaps where general-purpose AI tools influence financial decisions from outside the perimeter.

The Review makes seven priority recommendations for the FCA to consider:

  • securing and adapting the regulatory perimeter, including reviewing general-purpose AI tools and considering new FCA powers under the Designated Activities Regime and the Digital Markets, Competition and Consumers Act

  • strengthening system-wide coordination and oversight, covering shared AI dependencies, cyber, fraud, data and competition risks

  • monitoring the transition to more autonomous AI models and adapting regulatory frameworks, tracking AI autonomy and clarifying how the Consumer Duty, the Senior Managers Regime and governance expectations apply

  • scaling up the FCA’s AI Lab, building capability to assess AI models and systems used in financial services - focusing on emerging architectures, more capable models and their application to regulated use cases

  • enabling the foundations for agentic finance through trusted AI agent frameworks covering consent mandates, identity, control and liability

  • building an AI-enabled agentic supervisory model, to deliver continuous, AI-enabled supervision and earlier detection of firm-level and system-wide risks

  • developing a public-interest AI-enabled financial capability service to support free, trusted consumer information and guidance.

Overall, the Review points to a progressive adaptation of the current regulatory framework in response to AI developments, rather than its replacement. It concludes that existing regulatory foundations remain sound where AI supports human decisions but may come under increasing pressure as financial services become more AI-enabled, continuous and delegated.

What do firms need to do?

Assess AI deployments against the Senior Managers Regime, model risk, operational resilience and third-party risk frameworks.

Evidence AI-enabled customer outcomes against Consumer Duty expectations, including how remediation and redress will operate in AI-mediated journeys.

Implement continuous validation and monitoring of AI systems for model performance, data quality, drift, cyber and financial crime risks - not only at deployment but throughout operation.

Firms should treat the Review as an early indication of where the FCA may focus as AI becomes more autonomous, although the FCA may not choose to proceed with all the Review’s recommendations. 

Boards and senior management should ensure there is a clear view of current and planned AI use, including whether systems are assisting, recommending, preparing actions or moving closer to execution.

Existing governance frameworks should be tested against more autonomous AI use cases, including the Senior Managers Regime, model risk management, data quality, human oversight, third-party risk and operational resilience. This should include more dynamic model governance, monitoring and assurance across the AI lifecycle. Firms should be able to evidence outcomes and controls through continuous validation, from deployment through to live operation, and respond to issues such as model drift, data bias and opacity.

Consumer-facing AI should be assessed through the Consumer Duty, including customer understanding, fair outcomes, bias, and how complaints, remediation and redress will operate in AI-mediated and agentic journeys. Where AI agents may act for consumers, firms should also consider identity, consent, delegation, control and liability.

Firms outside the regulatory perimeter should assess whether future FCA review activity could affect them, particularly AI providers, platforms and aggregators, influencing retail financial decisions.

Firms should monitor how the FCA responds to the Review’s recommendations and consider opportunities to engage, including through the AI Lab, where relevant, as future work on agentic finance and AI-enabled consumer support develops.

“The Mills Review is a timely contribution to the debate on AI in financial services. As the sector moves towards more agentic models, the opportunity to drive innovation, improve productivity and support better customer outcomes is significant. Realising that opportunity will require responsible deployment, supported by robust governance, clear accountability and frameworks that remain appropriate, proportionate and responsive as the technology and its use cases evolve.”

Leigh Bates
Partner, PwC

Next steps

The FCA Board will consider whether to take forward the Review’s recommendations. The FCA is also working on a good and poor practice publication on AI, expected later this year.

Contacts

Leigh Bates

PwC UK AI Transformation Leader, London, PwC United Kingdom

+44 (0)7711 562381

Email

Sajedah Karim

Partner, PwC United Kingdom

+44 (0)7483 413622

Email

Lilia Christofi

Partner, PwC United Kingdom

+44 (0)7990 447188

Email

Chris Heys

Partner, PwC United Kingdom

+44 (0)7715 034667

Email

Conor MacManus

Managing Director, London, PwC United Kingdom

+44 (0)7718 979428

Email

Follow us

Required fields are marked with an asterisk(*)

Your personal information will be handled in accordance with our Privacy Statement. You can update your communication preferences at any time by clicking the unsubscribe link in a PwC email or by submitting a request as outlined in our Privacy Statement.

Hide