The FCA’s position – that existing rules are sufficient if applied rigorously – carries real weight for those of us designing the next generation of credit and risk systems. It reinforces the need to embed governance, auditability, and fairness into AI solutions
from the ground up, not retrofitted after deployment.

In credit decisioning, AI is shifting from an efficiency tool to a structural component of decision infrastructure. Yet its long-term implications for fairness, bias, and accountability remain unsettled.

The Mills Review represents a valuable chance to align innovation with regulatory clarity, ensuring that automation enhances rather than complicates our duty to customers.

These clarifications would help firms and consumers:

1. Best practice for AI transparency in credit

Provide a model notice that meets expectations (logic, data sources, human review rights) and dovetails with the Consumer Duty’s “customer understanding” outcome – so firms can standardise disclosures without dumbing them down.

2. Minimum expectations for intervention

Set clear rules for when a real person must step in to review credit refusals, credit limit reductions, and debt‑related actions – especially when there are signs the customer may be vulnerable.

3. Operational resilience for AI supply chains

Re-emphasise the expectations on cloud concentration, audit rights, data residency/transfers, and exit plans for AI tooling and models so that boards can evidence control over third-party AI and model hosting.

Why we believe this clarification is necessary …

AI is already delivering benefits across the credit lifecycle. In AML/KYC, AI-assisted identity verification and anomaly detection are becoming more accurate and scalable, supporting faster onboarding, consistent screening, and earlier detection of complex financial-crime patterns.

All without requiring proportionately greater resource.

AI is also transforming quality assurance. Rather than relying on manual sampling, AI can review all relevant calls and interactions – enabling faster thematic analysis and giving compliance a fuller view of customer understanding and agent conduct. The FCA has stressed that boards must use data to evidence outcomes and respond to emerging harms; AI‑driven QA strengthens a firm’s ability to do so.

Beyond monitoring, AI improves efficiency and standardisation. Automated affordability assessments and policy-driven decisioning can reduce inconsistencies – demonstrating fair value and helping firms avoid foreseeable harm.

By reducing decision variance, AI supports more transparent, repeatable and auditable credit outcomes – all vital in an environment focused on fairness and accountability.

Despite its benefits, AI also brings risks that require active management.

• Transparency. UK data protection law requires firms to tell customers when automated decision-making is used, explain the logic in accessible terms, and provide clear routes to human intervention and challenge – particularly where decisions have legal or similarly significant effects (e.g., credit approvals).
• Automation. Where a human underwriter might explore fluctuations in spending or probe unusual activity, a model may simply decline an application – reinforcing thin-file disadvantages and denying customers the chance to provide context. As the industry adopts more sophisticated AI, one principle must remain non-negotiable: customers must be able to speak to a human where a decision is complex or sensitive.
• Cross-border processing. Many AI models depend on cloud infrastructure hosted outside the UK, raising questions about how outsourcing, operational resilience, and data-location rules apply when AI supports critical decisioning.
• Accountability. Current SM&CR rules establish that responsibility cannot be delegated to an algorithm – but as AI models become more autonomous, it is increasingly unclear how senior managers should evidence “effective oversight” of complex AI/ML systems.
• Vulnerability & Consumer Duty. The Consumer Duty increases the standard of care owed to customers, with heightened expectations for vulnerable customers. AI introduces two particular tensions:
  • If eligibility criteria are overly rigid, AI may exclude customers who could manage products – contradicting the Consumer Duty’s goal of enabling positive outcomes.
  • AI can spot warning signs, but judging vulnerability still needs a person to listen, ask appropriate questions and apply judgement.

The FCA’s guidance is clear on this matter – firms must avoid foreseeable harm and provide channels that secure good outcomes for vulnerable consumers. Could over-automation undermine this?

AI has clear potential to enhance credit decisioning – but only if the adoption is transparent, and grounded in meaningful human oversight. That is why the areas where we are seeking clarification from the Mills Review remain so important.

These clarifications would give firms a stable foundation on which to innovate, helping the industry lean confidently into AI’s benefits while introducing safeguards that prevent foreseeable harm. In particular, ensuring that increasing automation does not reduce customer agency, undermine fairness, or create opaque risks within complex ecosystems.

The Mills Review signals the FCA’s growing focus on real-world outcomes. Our hope is that the results expand access and strengthen trust – not replace the human judgement that remains essential to responsible lending.