The FCA's consultation on AI in retail financial services - Which? response

Which? welcomes the opportunity to contribute to the Financial Conduct Authority’s (FCA) Review into the long-term impact of AI on retail financial services (The Mills Review), and ongoing engagement. As AI applications in financial services evolve at pace, we are committed to ensuring the consumer voice is at the heart of the use of AI in retail financial markets. We are exploring more ways to meaningfully engage consumers on new AI-driven financial services to understand their views. 

Our response highlights the following core issues: 

• Consumer benefits and risks: We recognise the potential consumer benefits from the use of AI tools in retail financial services if those tools are designed for the benefit of consumers, such as reducing search costs, and improved product-matching. However, we also recognise the risks to consumers, including AI tools that generate poor-quality information, misleading information or enable exploitative personalisation.
• Consumer protection: We support the FCA’s use of sandboxes to foster AI innovation, provided they serve a dual purpose: enabling development while rigorously identifying regulatory blind spots. Sandboxes must be used to stress-test existing frameworks against AI applications including autonomous AI agents. For instance, the 'consumer standard of caution' may become obsolete if a consumer is no longer the primary actor, and some vital protections of the Consumer Credit Act could be undermined if AI intermediaries disrupt the traditional debtor–creditor–supplier chain.
• Exclusion and vulnerability: In addition to considering traditional financial and digital exclusion, the FCA must be mindful of new forms of disadvantage caused by data gaps of different kinds (including for consumers with high privacy standards who opt-out of data-sharing). The FCA should also expand the risk factors of consumer vulnerability to consider low levels of AI literacy.  
• Regulatory join-up: The development and deployment of AI in retail financial services cannot be governed in isolation. Effective coordination is imperative between the FCA and regulators such as the ICO on data privacy issues, and regulators such as the CMA on consumer protection and digital competition.
• Regulatory approach: As new and innovative AI products may quickly lead to consumer harm, the FCA should carefully consider whether it has the powers and toolbox to intervene promptly to address those harms.