The UK didn’t create “AI-only” rules for finance. Instead, the FCA and PRA are applying existing regimes—and adding targeted programmes—so firms can deploy AI without waiting for a new act of Parliament.

1) FCA: clarity without new rules

The FCA’s message in 2025: we don’t need new AI rules for oversight; firms should meet outcomes under existing conduct, operational-resilience, and Consumer Duty frameworks. The AI Input Zone (Nov 2024–Jan 2025) gathered pain points, and the AI Live Testing pilot (2025) is the sandbox-style path to trial AI with supervision. Translation: you can innovate—but prove safety and customer outcomes. FT AdviserFCA+1

2) PRA: SS1/23 makes model risk a board-level discipline

The PRA’s SS1/23 model-risk principles (effective 17 May 2024) formalised governance for all material models—including ML. Expect to show inventories, validation independence, challenger models, and board reporting—plus controls for data drift and LLM behaviour. KPMGBank of England

3) Synthetic data is moving from idea to guidance

In Aug 2025, the FCA published governance considerations for synthetic data—nine principles around accountability, transparency, fairness, and monitoring. This matters because privacy + data-sharing constraints often bottleneck AI; synthetic data offers a way to prototype and validate without exposing customers. Use it to accelerate fraud R&D, RAG evaluation, and SCA experiments—but document the gap to production. FCAJD Supra

4) Open Banking “Future Entity” and standards momentumFS25/4 sets out the design for the future open-banking entity, cementing a durable standards body to support things like cVRP and anti-fraud data-sharing. If you’re building A2A experiences, align early to avoid rewrites. FCA