AI in financial services: Treasury Committee criticises regulators for “wait-and-see approach”

On 20 January 2026, the Treasury Committee published its report on AI in financial services, expressing concerns that the UK’s financial services regulators are not “doing enough” to address the risks posed by AI to the financial services sector and, as a result, are exposing the public and financial system to harm.

The report is the culmination of the inquiry launched by the Treasury Committee in February 2025. The inquiry asked whether the financial services regulators should be doing more to manage the potential impact of AI on both consumers and financial stability. As part of the inquiry, the Treasury Committee heard evidence from witnesses across industry associations, academia, regulatory bodies and government.

Findings

The Treasury Committee concludes that AI presents risks to both consumers and financial stability. 

Risks to financial stability arise from:

1. heightened cyber security vulnerabilities;
2. reliance on a small number of US technology firms; and
3. “herding behaviour” driven by AI-driven market trading.

Turning to consumers, evidence presented to the committee identified that:

1. AI-driven decision-making in credit and insurance lacks transparency;
2. AI financial decision-making and AI-enabled product tailoring threaten financial exclusion for the most disadvantaged consumers;
3. unregulated financial advice from AI search engines such as ChatGPT risks misleading or misinforming consumers; and
4. AI usage may result in an increase in fraud.

For those in the financial services sector working with AI or exploring the use of AI, these findings are unlikely to come as a surprise. However, the Treasury Committee’s criticism of the sector’s regulators is likely to be of interest.

In short, the evidence presented to the committee painted a picture of a reactive regulatory approach where the burden of working out how to apply the existing regulatory framework is placed on firms. The Treasury Committee concludes that “the current approach gives firms little practical clarity as to how existing rules apply to the use of AI. This leads to uncertainty for firms and potentially increases risks to consumers and the integrity of the financial system”. There is also a concern that confusion around the regulatory framework could impact AI adoption in the sector.

Recommendations

Whilst the Treasury Committee has no powers to impose legal obligations, the report sets out its recommendations to the regulators. 

In light of its findings, the Treasury Committee recommends that:

1. the FCA publishes guidance for firms on the application of its rules to the use of AI and the accountability of senior managers under the Senior Managers and Certification Regime for harm caused through AI usage;
2. the FCA and PRA conduct AI-specific stress testing; and
3. HM Treasury designates major AI and cloud providers as critical third parties for the purposes of the Critical Third Parties Regime.

Analysis

The Treasury Committee’s conclusion that the financial services regulators taking a “wait-and-see” approach to AI in financial services exposes consumers and the financial system to potentially serious harm appears partially at odds with the thinking of other industry bodies and organisations.

As early as 2024, the OECD stated that “governments should adopt outcome-based approaches that provide flexibility in achieving governance objectives”, and “should review and adapt, as appropriate, their policy and regulatory frameworks and assessment mechanisms as they apply to AI systems to encourage innovation and competition for trustworthy AI“.

Additionally, the IRSG (International Regulatory Strategy Group) has stated that “as AI technology and use cases evolve quickly, prescriptive regulations run the risk of being out of date by the time they are written. A more flexible, principles-based approach stands a better chance of managing rapid change and enable safe innovation of AI with effective risk management“.

However, although the Treasury Committee has accused the regulators of not taking sufficient action, it has refrained from advocating for the introduction of an AI-specific regulatory regime in its recommendations.

As highlighted by industry bodies and organisations, introducing detailed or prescriptive regulation to the use of a rapidly evolving technology is unlikely to offer a satisfactory solution to the issues highlighted. Rather than focussing on developing what is likely to be an ever-increasing set of rules, the focus should be applying the existing framework to evolving challenges.

The existing principles-based regulatory framework arguably has scope to address the concerns highlighted in the Committee’s report. Consider, for instance, the risk of financial exclusion faced by disadvantaged customers as a result of AI-personalised products. In this scenario, the outcomes under the Consumer Duty—especially those relating to consumer support—and the requirements of the PROD 4 section of the FCA’s Product Intervention and Product Governance Sourcebook, remain applicable. These obligations must be met irrespective of whether decisions are made by human judgement or by automated AI systems. Simply put, the involvement of AI in the decision-making process does not absolve firms of their regulatory responsibilities.

FCA response

Whilst the FCA has not responded directly to the report (although it gave evidence to the inquiry), its recent announcement of a review into the long-term impact of AI (The Mills Review) is appropriately timed and notes the interest of the Treasury Committee in the FCA’s regulatory approach. The announcement reiterates the FCA’s intention to continue to rely on its existing principles-based framework rather than introducing extra regulations. Introducing the review, Sheldon Mills, Executive Director of the FCA, maintained that “I want to explore a range of plausible futures and offer clear recommendations to ensure the FCA remains prepared, adaptive and able to support a thriving, innovative UK financial services sector“.

With insurers being highlighted by the Treasury Committee among those firms with the largest take-up of AI, the FCA’s review provides a platform for insurance firms to have their thoughts on the relationship between adoption of AI and the regulatory framework heard.

Edward Stembridge, Trainee Solicitor, assisted in the preparation of this article.

Published

26 February 2026

Reading Time

7 minutes

Share

Authors

Alison Mynott

Associate

Main Bulletin

Bulletin

Insurance Bulletin February 2026

Also in this Bulletin

Briefing

FCA reports back on premium finance

William Reddie

Briefing

Public domain documents pilot: What insurers need to know

Nigel Wick

Briefing

Demonstrating enforceability of UK insurance business transfers in foreign jurisdictions: Clarifying the test

Bob Haken

James Leigh

Jake Whitfield-Tomlinson