Summary
- The FCA has published The Mills Review on how AI could reshape retail financial services by 2030 and beyond.
- The review identifies shifts in firm operations, consumer journeys, competition and market power, and fraud and cyber risk.
- It recommends work on the regulatory perimeter, system-wide oversight, agentic finance foundations, and AI enabled supervision.
The Financial Conduct Authority has published a major review into how artificial intelligence could reshape retail financial services by 2030 and beyond, moving the regulatory conversation beyond chatbots, efficiency tools, and back office automation into the more difficult terrain of agentic finance.
The Mills Review, led by FCA executive director Sheldon Mills and commissioned by the regulator’s board, identifies four broad AI-driven shifts: transformation of firm operations, evolution of consumer journeys, reshaping of competition and market power, and amplification of fraud and cyber risks.
The review also makes seven recommendations for the FCA to consider, including securing and adapting the regulatory perimeter, strengthening system-wide coordination, monitoring the transition to autonomous models, scaling the FCA’s AI Lab, enabling the foundations for agentic finance, building an AI enabled supervisory model, and developing a trusted public interest AI enabled financial capability service.
The most commercially significant part of the review is its treatment of autonomy. AI is already used across financial services for fraud detection, customer segmentation, credit decisions, compliance support, software engineering, and operations. The more difficult question is what happens when AI systems can act within pre-set goals, carry out tasks across multiple services, and influence consumer decisions in real time.
The FCA says consumer research found a fifth of retail financial services consumers would be likely to use AI capable of acting autonomously within pre-set goals. That suggests potential demand for tools that manage budgeting, savings, switching, debt, insurance, or investments. It also raises hard questions about consent, liability, explainability, conflicts of interest, and what happens when an AI agent’s recommendation is wrong, biased, manipulated, or commercially steered.
Retail finance is particularly exposed because many consumers already struggle to compare products, assess risk, understand fees, or challenge poor outcomes. AI could improve access to guidance and personalise financial management, but it could also deepen dependency on intermediaries that control the customer interface. If agentic systems become the route through which people choose products, switch providers, or manage money, market power may move towards the platforms that operate those agents.
That possibility cuts directly into competition policy. A small number of AI systems could become gatekeepers between consumers and financial providers, shaping visibility, ranking, pricing, and product selection. Incumbent banks and insurers may use proprietary data to strengthen their position. Big technology companies could extend consumer relationships into finance. Smaller providers may face new distribution barriers if they cannot integrate into agentic ecosystems.
The review’s fraud and cyber concerns are equally grounded. AI can improve detection, but it can also make scams more convincing, automate social engineering, create synthetic identities, and accelerate attacks on firms’ systems. In retail finance, fraud is not only a security issue. It affects trust, liability, customer redress, and the cost of operating digital services.
The FCA’s own role is also changing. An AI enabled supervisory model could help the regulator monitor markets, identify harm earlier, and analyse firm behaviour more effectively. Yet regulators using AI face similar governance questions to the firms they supervise: data quality, model explainability, bias, audit trails, and accountability for decisions informed by automated systems.
The review does not present AI as a novelty. Its stronger argument is that recognised trends in digital finance — personalisation, automation, platformisation, fraud pressure, and data-driven competition — may be reinforced and accelerated by more capable AI. Regulators now have to prepare for that acceleration without freezing useful innovation behind overly rigid rules.
Financial firms will be judged against outcomes, not only technical controls. Senior managers will need to understand how AI affects customer journeys, product governance, operational resilience, cyber exposure, and market conduct. Procurement teams will need stronger assurance from AI vendors, while compliance teams will need evidence that autonomous tools operate within approved boundaries.
The FCA has so far leaned on existing principles, the Consumer Duty, and the Senior Managers Regime rather than creating a standalone AI rulebook. The Mills Review suggests that approach may continue, but with a sharper focus on where autonomy changes the risk perimeter. Agentic finance will not wait for perfect regulation. The FCA is trying to make sure supervision is not left reacting after consumers, firms, and markets have already changed.










