Compliance
Authorised And Invisible: What The UK's Mills Review Misses
.jpg)
The UK regulator is looking at how AI is changing retail financial services and other topics including fraud risk. A problem, the author writes, is that in fraud cases, it is assumed that the attacker is outside the account. With coerced debt, where someone is forced to take debt under their own name, the pattern runs in the opposite course.
The Financial Conduct Authority’s landmark AI review names fraud amplification as a major shift. Unsurprisingly, reactions are coming in from the wealth management sector.
One individual who has strong views about what is at stake is Caroline Wells, whom we interviewed recently about her new business, Iris. Her business focuses on using tech to help wealth managers and others spot signs of economic abuse and coerced debt. Wells argues that the FCA's latest review is relevant to this area, and explains the benefits and limits of the FCA's review.
The editors are pleased to share these views and invite replies and feedback. As ever, editorial disclaimers apply to views of outside contributors. Email tom.burroughes@wealthbriefing.com and amanda.cheesley@clearviewpublishing.com
The Financial Conduct Authority published the Mills Review on 3 July – the first board-commissioned study by any regulator of how AI will reshape retail financial services. Its own research found that 11 million UK adults would let AI act autonomously on their money within pre-set goals.
The review names four shifts: firm operations, consumer journeys, competition, and the amplification of fraud and cyber risk. Read the fraud scenarios closely and every one of them makes the same assumption: the attacker is outside the account.
Coerced debt runs in the opposite direction. It is debt incurred by an abuser forcing, deceiving or controlling someone into taking on in their own name – loans, cards and overdrafts opened through the victim’s own logins, under duress. Nothing is hacked. The right person signs.
Around 1.6 million UK adults have experienced it. Almost seven in 10 have never heard the term. Polling published in June by the Home Office and Surviving Economic Abuse found that 58 per cent of victims never sought debt advice and only 28 per cent secured any write-off.
Wealth managers shouldn’t assume that affluence protects. In this market the instruments of control are the legitimate ones: joint accounts, powers of attorney, discretionary mandates, family structures. The sums are simply bigger.
Ashley Alder, FCA chair, anchors the FCA’s whole AI approach in the Consumer Duty and the Senior Managers Regime. I would argue that settles the question: harm executed through a client’s own credentials is a consumer outcome, and the Duty already reaches it.
As this publication reported in June, detection technology now exists – deterministic, auditable, not generative – and the review commits the FCA to publishing AI good and poor practice later this year. Recognising detection of coercion through a client’s own accounts as good practice would cost the regulator nothing and change firm behaviour by year end.
That expectation is at the heart of the coerced-debt campaign that Iris is now putting to regulators and creditors: read for the pattern at the point of lending, and give debt shown to arise through coercion a route to discharge, the way a fraudulent transaction is reversed.
To a fraud model watching the perimeter, an agentic AI acting within pre-set goals and a coercive partner holding the password looked identical: authorised. The review plans for the first. Until the second is named, “authorised” will keep doing the abuser’s work.
About the author
Caroline Wells (pictured below) is the founder of Iris and
has 25 years’ financial services experience, including Coutts,
Barclays and CBRE Investment Management. The coerced-debt
campaign can be reached at https://www.trustiris.com/tech-for-good/
.
Caroline Wells