Playbook · United Kingdom · Financial services

AI governance for UK banks & financial services:
a supervisor-ready roadmap

The UK has no AI-specific rulebook for finance — the FCA, PRA and Bank of England expect you to prove AI governance through Consumer Duty, SM&CR accountability, operational resilience and UK GDPR. Enterprise buyers ask for the same evidence in every security review. Here is the 5-phase roadmap they inspect, and the runtime gap your existing stack cannot close.

FCA / PRA Consumer Duty · SM&CR UK GDPR + FCA–ICO code OWASP LLM Top 10 · MITRE ATLAS
The mandate

How the UK holds firms accountable for AI

No bespoke AI rules — existing regimes carry the weight. Three sets of expectations set the bar for any UK financial firm building or deploying AI.

FCA / PRA / Bank of England

Supervisory · outcomes-based

Technology-neutral, principles-based. Consumer Duty, SM&CR senior-manager accountability and operational resilience apply to AI directly — no AI-specific rulebook (reaffirmed 2025–26).

UK GDPR + FCA–ICO code

Enforceable · data & ADM

UK GDPR / DPA 2018 automated-decision rules, plus the new joint FCA–ICO statutory code for AI decision-making. Transparency, fairness testing and the right to an explanation.

Critical Third Parties regime

Systemic · third-party & resilience

BoE/FCA oversight of critical AI & cloud providers, the FPC's systemic-AI lens, and the FCA's AI Live Testing for safe deployment.

Overlays that may apply: ISO/IEC 42001 (a rising vendor-review requirement) · NIST AI RMF as a control baseline · EU AI Act if you serve the EU · OWASP LLM Top 10 & MITRE ATLAS for AI security.
The through-line

What every UK expectation converges on

Accountability sits with a named senior manager
Good outcomes for customers, by design
Operational resilience & human oversight
Documented evidence, not assertions
The roadmap

Five phases the FCA, PRA & buyers will inspect

A supervisor-ready sequence that maps to Consumer Duty, SM&CR accountability, operational resilience and UK GDPR.

PHASE 0
Govern
Own the risk before AI ships
AI policy & SM&CR ownership · AI/model inventory · Consumer Duty risk framing · board oversight
PHASE 1
Build & Test
Prove it's safe & fair before it ships
Validation & red-teaming · OWASP LLM Top 10 & MITRE ATLAS · fairness & bias testing · DPIA under UK GDPR
PHASE 2
Deploy & Enforce
Control what the AI can access & do
Access control & agent guardrails · human oversight · shadow-AI controls · third-party / CTP resilience
PHASE 3
Monitor & Respond
See it, contain it, explain it
Monitoring & logging · customer-outcome testing · explainability & contestability · incident response
CONTINUOUS
Assure & Disclose
Answer supervisors, buyers & the board
Audit-ready evidence · ISO 42001 alignment · SM&CR assurance · security-questionnaire responses
The readiness gap

Why this is urgent, not theoretical

Adoption has outpaced control — and that gap is the exposure.

88%
had a confirmed or suspected AI-agent security incident this year
80%
report moderate-to-pervasive shadow AI
18%
have a formal AI security policy
21%
have mature governance for AI agents
Sources: Gravitee (survey of 919 organizations), ISACA & industry surveys, 2026.
The blind spot

The gap your existing stack cannot close

Your IAM/PAM, WAF and API gateways, DLP/CASB, SIEM and EDR are built for deterministic software. None can catch a legitimately-authorised AI agent, driven by untrusted input, doing something inside its permissions but outside your policy — the dominant 2026 failure mode (prompt injection, the "lethal trifecta", agentic data exfiltration).
IAM / PAM
identity authenticated, in scope
waved through
WAF / API gateway
request well-formed
waved through
DLP / CASB
sanctioned tool & channel
waved through
SIEM / EDR
no known-bad signature
waved through
Every layer says "yes." None can see the AI's intent vs your policy.
Where Trampolyne fits

Make your AI stay within intended bounds — and prove it

From pre-deployment testing, through runtime, to audit-ready evidence. Trampolyne supplies the technical controls and evidence that make each phase credible — the policies, documentation and processes stay yours.

Product Govern Build & Test Deploy & Enforce Monitor & Respond Assure
AI Red-Teaming
Shadow AI Detection & Runtime Control
Enterprise AI Security & Runtime Control
AI Compliance Assistant
core control & evidence Trampolyne provides  ·  supporting input.

AI Red-TeamingAWS Marketplace

Continuous adversarial testing on a scheduled cadence and on every material change. 27+ attack classes, working exploits + fixes, mapped to OWASP LLM Top 10 & MITRE ATLAS — the validation and buyer evidence your security reviews ask for.

OWASP LLM Top 10MITRE ATLASNIST MAP + MEASUREModel validation input

Enterprise AI Security & Runtime Control

Sits inline and evaluates every request before the model or agent acts — RBAC/ABAC/PBAC/NGAC enforcement in milliseconds. A deterministic guardrail over a non-deterministic model. No model rewrites.

Human oversightOperational resilienceISO 42001 controls

Shadow AI Detection & Runtime Control

Sits between employees and every public AI tool. Classifies data by type, provenance and role, blocks sensitive data before it leaves, and logs every interaction — without killing productivity.

Data leakage to public AIUK GDPRISO 42001 data controls

AI Compliance Assistant

Turns enforcement, red-team and runtime evidence into review-ready answers — a continuous, per-decision audit trail for SM&CR assurance, your board and enterprise-buyer security questionnaires.

ISO 42001 audit evidenceSM&CR assuranceConsumer Duty evidence
FAQ

AI governance questions we hear from UK financial firms

How does the UK regulate AI in financial services?
The UK has deliberately chosen not to introduce AI-specific rules for finance. The FCA, PRA and Bank of England apply a technology-neutral, principles-based approach through existing frameworks: the Consumer Duty, the Senior Managers & Certification Regime, and operational resilience rules — reaffirmed by the FCA in December 2025 and the Bank of England and PRA in April 2026.
Who is accountable for AI harm under SM&CR?
A named senior manager. Accountability for outcomes — including harm caused through the use of AI — sits with an identifiable individual, not the model or vendor. The Treasury Committee has asked the FCA to publish guidance by end of 2026 on the assurance senior managers should hold. In practice that means documented oversight, validation and a per-decision evidence trail.
What data-protection rules apply to AI decisions in the UK?
UK GDPR and the Data Protection Act 2018, including rules on automated decision-making and profiling, plus ICO guidance. In June 2025 the FCA and ICO announced a joint statutory code of practice for firms deploying AI for automated decision-making. Firms need transparency, fairness testing and the ability to explain and contest outcomes.
Can our existing security stack secure AI agents?
No. IAM, DLP, WAF and SIEM are built for deterministic software. They cannot catch a legitimately-authorised AI agent, driven by untrusted input, doing something inside its permissions but outside your policy — the dominant 2026 failure mode. Under operational resilience and the Critical Third Parties regime, that runtime gap is exactly what supervisors expect firms to close.
More playbooks

Governance playbooks for other markets

Same 5-phase structure, tuned to each market’s regulators and buyers.

See where your UK AI program stands

Take the 2-page roadmap to your board, supervisors and buyers — then pressure-test your position in a 20-minute call.

Positioning collateral, not legal advice. Trampolyne AI helps you align with regulatory and supervisory expectations; it does not issue certifications.