PIMFA
What is Artificial Intelligence?
A recent Financial Conduct Authority (FCA) discussion paper, DP22/4: Artificial Intelligence, offered the following definition of Artificial Intelligence (AI):
‘It is generally accepted that AI is the simulation of human intelligence by machines, including the use of computer systems, which have the ability to perform tasks that demonstrate learning, decision-making, problem solving, and other tasks which previously required human intelligence. Machine learning is a sub-branch of AI.
AI, a branch of computer science, is complex and evolving in terms of its precise definition. It is broadly seen as part of a spectrum of computational and mathematical methodologies that include innovative data analytics and data modelling techniques.’
- WHAT DO FIRMS NEED TO CONSIDER?
Many PIMFA members are already using AI systems and tools in their everyday operations, and it is likely that the adoption of AI in financial services will increase rapidly over the next few years.
PIMFA firms already use AI tools for several purposes. For example, they analyse large volumes of data quickly, easily, and accurately, which enables their employees to spend more time working with and for their clients.
There are concerns that as AI becomes more advanced, it could introduce new risks, for example:
system develops biases in its decision making
leading firms to make bad decisions
rESULTING IN Poor outcomes for their clients
This is why it is essential that firms deploying AI systems have a suitably robust control framework around their AI components to keep a careful check on what they are doing.
As with any innovation, AI has the potential to make fundamental and far ranging improvements in how firms can serve their clients. However, we must ensure it is continually monitored and checked regularly to manage the risk and maximise the benefit.
- What are regulators doing?
A number of government departments are asking regulators such as the Financial Conduct Authority (FCA), Bank of England (BoE), Information Commissioners Office (ICO) and Competition and Markets Authority (CMA) to publish an update on their strategic approach to AI and the steps they are taking according to the White Paper. The Secretary of State is asking for this update by 30 April 2024.
On 13 March 2024, the EU Parliament approved the EU Artificial Intelligence Act. The EU AI Act sets out a comprehensive legal framework governing AI, establishing EU-wide rules on data quality, transparency, human oversight and accountability. It features some challenging requirements, has a broad extraterritorial effect and potentially huge fines for non-compliance.
Read this article from PIMFA journal #33 by Edward Russell at Solve about how talent and controls aid successful AI adoption.
Read this article from the PIMFA Journal #33 by Vicky Pearce at B-Compliant about how to use AI safely and compliantly.
Read this article from PIMFA journal #33 by Richard Doherty and Sumit Johri at Publicis Sapient about the traditional playbook built on manual processes, siloed business and technology functions, and relationship-driven models is no longer sufficient.
latest news
The Financial Stability Board (FSB) consultation report on Sound Practices for Responsible Adoption of AI
The FSB has identified 12 sound practices for the responsible adoption of AI by financial institutions. Drawing on real-world implementation case studies, the practices are non-binding and are intended to support firms in governing AI responsibly across their organisations.
The practices span two broad areas: organisation-wide AI governance, covering board oversight, accountability and risk frameworks; and management of the AI lifecycle, covering data governance, model selection, monitoring and human oversight. The report acknowledges the benefits AI can bring, including improved efficiency, customer service and risk management, while also highlighting emerging risks around model complexity, cyber threats and financial stability.
The FSB is inviting feedback on the consultation report by 22 July 2026.
FCA Blog on its approach to AI in Financial Services
In a recent blog, the FCA set out how it is engaging with industry to shape its approach to AI in financial services. The FCA reaffirmed its support for firms using AI to drive efficiency, improve decision-making and deliver better outcomes for consumers and markets, while emphasising that innovation must remain safe, responsible and well governed.
The FCA indicated that it does not currently intend to introduce new AI-specific regulation, instead looking to apply existing frameworks, including the Consumer Duty, the Senior Managers & Certification Regime (SM&CR), and its expectations on governance and controls, to AI-related activity. Firms should note, however, that this position may develop in light of ongoing work in this area, including the forthcoming independent Mills Review into the long-term impact of AI on retail financial services, which is expected to be published this summer.
To build an evidence base, the FCA has launched its AI Input Zone survey, through which stakeholders can share AI use cases, highlight challenges and contribute to the FCA’s understanding of emerging risks. The survey closes on 19 June 2026.
The FCA also continues to engage with industry through its wider AI Lab, which includes the Supercharged Sandbox, AI Live Testing and AI Spotlight initiatives.
Read the blog here.
Financial Conduct Authority (FCA) publishes its first Technology Horizon Scan Report for Financial Services
The Technology Horizon Scan report highlights how emerging technologies such as AI and distributed ledger technologies (DLT) could combine to create new opportunities and associated risks for consumers, firms, and markets. The report is not intended as regulatory guidance, but as an aid to facilitate informed debate and knowledge-sharing across the UK’s financial service ecosystem.
Key themes include the rise of AI tools and agents in personalised intelligence, growing financial crime risks from the speed and scale of AI deployment and the expansion of programmable finance using DLT, tokenisation, and digital currencies.
The report outlines a significant opportunity for UK firms to harness these technologies to drive innovation, strengthen cyber resilience and deliver better outcomes for consumers and markets.
Read the full report here.
Frontier AI and Cyber Security: National Cyber Security Centre Guidance for Organisations
The National Cyber Security Centre (NCSC) has published guidance outlining how frontier AI is accelerating the discovery and exploitation of vulnerabilities, increasing the speed, scale and accessibility of cyberattacks.
While these developments lower the barrier to entry for sophisticated threats, the guidance also highlights the potential for AI to strengthen defensive capabilities when deployed effectively.
For firms, key considerations include:
- Embedding strong cyber security fundamentals, which remain the primary defence against both traditional and AI enabled threats
- Ensuring board level ownership of cyber risk, with sustained focus, oversight and investment
- Establishing clear governance over emerging technologies such as agentic AI, particularly in relation to system and data access
- Considering how AI can support defence, including faster identification and remediation of vulnerabilities
Firms that prioritise cyber resilience and treat AI adoption as a controlled and strategic decision will be better positioned to manage emerging risks.
Read the full guidance here.
New PIMFA Podcast: Beyond the hype: what a real human-AI operating model looks like
On the latest PIMFA podcast, Richard Doherty, Publicis Sapient and Richard Preece, DA Resilience argue that bolting AI onto existing workflows isn’t transformation, it’s window dressing. The real work is redesigning how humans and machines share the work itself, repeatable, data-heavy tasks to AI; high-risk, trust-critical calls to humans; everything else human-in-the-loop.
Maria Fritzsche
Senior Policy Adviser - Operational Policy, Regulation and Innovation Lead
Click to expand.