Britain should consider whether large language models such as ChatGPT, Claude, and Gemini ought to be regulated as they increasingly influence how consumers make financial decisions, a senior official at the Financial Conduct Authority has said.
Sheldon Mills, an executive director at the FCA, argued that the existing rulebook will have to evolve as firms lean on a small number of tech providers, a concentration he warned could create system-wide risk. It is a notable intervention from a regulator that has, until now, mostly stuck to the UK’s pro-innovation, principles-based line.
The concern Mills is pointing at is specific rather than abstract. More than a quarter of UK consumers, he noted, already trust tools such as OpenAI’s ChatGPT, Anthropic’s Claude, and Google’s Gemini for financial advice, often without realising that the protections wrapped around regulated financial services do not extend to those systems. People are taking money decisions on the strength of software that sits entirely outside the perimeter the FCA polices.
That gap is the crux of the argument. When a regulated adviser gives poor guidance, a consumer has recourse; when a general-purpose chatbot does the same, the lines of responsibility are far less clear.
Mills’s point is that the technology has quietly taken on a role the regulatory framework never anticipated, and that pretending otherwise is its own kind of risk.
His proposed remedy is procedural but pointed. Mills recommended that the FCA decide, within the next three to six months, whether to “secure and adapt” the regulatory perimeter by reviewing the scale, nature, and impact of the general-purpose models that currently fall outside it. That stops short of demanding immediate rules, but it puts a clock on the question of whether foundation models belong inside financial regulation at all.
He went further on what oversight might eventually look like. Mills floated new powers to require firms to explain how their AI models reach decisions, to audit algorithms for fairness, and to impose fines on systems that cause consumer harm.
Each of those touches the hardest problem in AI governance, which is that the models are often opaque even to the companies deploying them.
The intervention sits awkwardly alongside the government’s broader posture. The UK has deliberately avoided a bespoke AI law, preferring to hand oversight to existing regulators in the hope of building a pro-innovation edge over the EU.
Mills is not calling for a UK AI Act, but he is suggesting that the sector-by-sector model has a hole in it where general-purpose systems are concerned, and that the FCA may need to fill it.
There is a live debate here about where responsibility should sit, and it is not settled. Regulating the models themselves, rather than the regulated firms that use them, would be a meaningful shift in approach, and one that cuts against the light-touch instinct the UK has cultivated. It also runs into the practical problem that the largest models are built by a handful of American companies the FCA does not regulate.
The concentration point Mills raised is arguably the more serious of the two. If most regulated firms come to depend on the same two or three model providers, a failure or a flaw in one of those systems could ripple across the financial sector at once, the kind of correlated risk regulators usually try to design out. That is a familiar worry in cloud computing, and it is now migrating to the models built on top of it.
For now, Mills’s comments are a signal rather than a policy. But they land at a moment when governments everywhere are conceding that AI is outpacing the rules meant to govern it, and a financial regulator saying the perimeter may need to move is not a small thing. The next few months will show whether the FCA treats it as a genuine review or a talking point.
Get the TNW newsletter
Get the most important tech news in your inbox each week.