Compliance
Authorised And Invisible: What The UK's Mills Review Misses
.jpg)
The UK regulator is looking at how AI is changing retail financial services and other topics including fraud risk. A problem, the author writes, is that in fraud cases, it is assumed that the attacker is outside the account. With coerced debt, where someone is forced to take debt under their own name, the pattern runs in the opposite course.
The Financial Conduct Authority’s landmark AI review names fraud amplification as a major shift. Unsurprisingly, reactions are coming in from the wealth management sector.
One individual who has strong views about what is at stake is Caroline Wells, whom we interviewed recently about her new business, Iris. Her business focuses on using tech to help wealth managers and others spot signs of economic abuse and coerced debt. Wells argues that the FCA's latest review is relevant to this area, and explains the benefits and limits of the FCA's review.
The editors are pleased to share these views and invite replies and feedback. As ever, editorial disclaimers apply to views of outside contributors. Email tom.burroughes@wealthbriefing.com and amanda.cheesley@clearviewpublishing.com
The Financial
Conduct Authority published the Mills Review on 3 July
– the first board-commissioned study by any regulator of how
AI will reshape retail financial services. Its own research found
that 11 million UK adults would let AI act autonomously on their
money within pre-set goals.
The review names four shifts: firm operations, consumer journeys,
competition, and the amplification of fraud and cyber risk. Read
the fraud scenarios closely and every one of them makes the same
assumption: the attacker is outside the account.
Coerced debt runs in the opposite direction. It is debt incurred
by an abuser forcing, deceiving or controlling someone
into taking on in their own name – loans, cards and
overdrafts opened through the victim’s own logins, under duress.
Nothing is hacked. The right person signs.
Around 1.6 million UK adults have experienced it. Almost seven in
10 have never heard the term. Polling published in June by
the Home Office and Surviving Economic Abuse found that 58 per
cent of victims never sought debt advice and only 28 per cent
secured any write-off.
Wealth managers shouldn’t assume that affluence protects. In this
market the instruments of control are the legitimate ones: joint
accounts, powers of attorney, discretionary mandates, family
structures. The sums are simply bigger.
Ashley Alder, FCA chair, anchors the FCA’s whole AI approach in
the Consumer Duty and the Senior Managers Regime. I would argue
that settles the question: harm executed through a client’s own
credentials is a consumer outcome, and the Duty already reaches
it.
As this publication
reported in June, detection technology now exists
– deterministic, auditable, not generative – and the
review commits the FCA to publishing AI good and poor practice
later this year. Recognising detection of coercion through a
client’s own accounts as good practice would cost the regulator
nothing and change firm behaviour by year end.
That expectation is at the heart of the coerced-debt campaign
that Iris is now putting to regulators and creditors: read for
the pattern at the point of lending, and give debt shown to arise
through coercion a route to discharge, the way a fraudulent
transaction is reversed.
To a fraud model watching the perimeter, an agentic AI acting
within pre-set goals and a coercive partner holding the password
looked identical: authorised. The review plans for the first.
Until the second is named, “authorised” will keep doing the
abuser’s work.
About the author
Caroline Wells (pictured below) is the founder of Iris and
has 25 years’ financial services experience, including Coutts,
Barclays and CBRE Investment Management. The coerced-debt
campaign can be reached at https://www.trustiris.com/tech-for-good/
.
Caroline Wells