The FCA's Mills Review is not a new rulebook. That is the first thing firms should understand.
It is also why it matters.
Published on 6 July 2026, the review looks at how artificial intelligence could reshape retail financial services by 2030 and beyond. Its central point is simple enough: financial services may move from human-led, occasional decisions to AI-enabled, continuous and delegated activity. In plainer English, customers may increasingly let systems find, compare, recommend and eventually act for them.
For lenders, credit brokers and firms operating in consumer finance distribution, that is not some distant science fiction issue. The review specifically points to consumer finance use cases such as prequalification, broker-like comparison, affordability and document automation. That is very close to the commercial engine room of many firms.
The temptation will be to treat the review as an innovation paper. It is more useful to read it as an accountability paper.
The FCA is not saying firms should stop using AI. Quite the opposite. The review recognises that AI can improve access, reduce friction, detect harm earlier and help consumers make better decisions. It may help address long-standing weaknesses in retail finance, including low switching, protection gaps and the difficulty many consumers face when navigating complex products.
But the FCA's optimism has a sharp edge. The more autonomous the technology becomes, the harder it may be to answer the oldest regulatory questions in the book: who made the decision, who checked it, who understood the customer impact, and who is responsible when the outcome is poor?
That matters because consumer credit and credit broking already live in a world where firms are expected to evidence judgement, not merely point to process. A lender using AI in affordability assessment cannot simply admire the efficiency of the model. A broker using AI to route customers to products cannot shrug if the system quietly favours speed, commission, conversion or narrow eligibility over good outcomes.
The review is careful on the legal position. The existing framework remains the starting point. The FCA's press release notes that its principles-based, outcomes-focused approach, including the Consumer Duty and the Senior Managers Regime, remains central to its thinking. The Mills Review says those foundations are broadly sound, but under increasing strain as AI moves from assisting people to acting on their behalf.
That distinction is crucial.
A staff member using AI to draft a customer email is one thing. A system deciding which customers are shown which finance option, which vulnerability cues matter, which documents are sufficient, or which application should be escalated is another. A consumer-facing AI agent that narrows choices and steers a customer toward a credit product is different again.
The further firms move along that spectrum, the weaker the defence of "it was only a tool" becomes.
Perimeter risk for credit brokers
For credit brokers, there is a second issue hiding in plain sight: perimeter risk. The review recommends that the FCA consider a further review within three to six months into how consumers are using general-purpose large language models for personal financial management, including debt management, mortgages and other retail finance areas. The concern is that tools such as ChatGPT, Gemini or Claude may shape financial decisions in ways that look and feel like guidance or advice, while sitting outside the usual regulatory routes to redress.
This is not just a problem for big technology firms. It could change how consumers arrive at brokers and lenders. If an AI assistant has already shaped the customer's assumptions before they reach a regulated journey, firms may inherit a customer whose understanding has been formed elsewhere, possibly inaccurately. The regulated firm still has to deliver good outcomes. It cannot assume the upstream journey was neutral, accurate or compliant.
There is also a competition point. If AI agents become the new shop window for financial products, the firms that control access to those agents may gain enormous influence over distribution. Paid placement, preferential ranking, referral arrangements and embedded comparison tools could all create conduct questions. In consumer credit, where disclosure, customer understanding and fair presentation already matter, that should make compliance teams sit up.
What firms should be asking now
If a credit broker uses an AI chatbot, lead-scoring model, automated qualification tool or third-party comparison engine, the firm needs to understand it. Not necessarily at the level of source code, but certainly at the level of customer impact, governance, escalation and accountability.
What data is being used? What claims are being made? Are vulnerable customers being identified or filtered out? Are customers being nudged toward unsuitable routes? Are declined applications and complaints telling the firm something uncomfortable?
Those are not abstract technology questions. They are ordinary compliance questions wearing new clothes.
The practical response should be proportionate, but not leisurely. Firms do not need to build an AI constitution by Friday. They do need an inventory of where AI is already being used, including by introducers, outsourced providers and marketing teams. They need clear ownership. They need testing that looks beyond whether the tool works and asks whether it produces fair and explainable outcomes. They need to know when human review is required, and whether that review is real or decorative.
They should also revisit financial promotions and customer communications. AI-generated content can be fluent and wrong at the same time. That is a dangerous combination in regulated credit markets, where a phrase can alter a customer's understanding of cost, eligibility, risk or obligation. Firms should be especially wary of AI tools used to personalise adverts, landing pages, email journeys or chatbot responses without proper compliance sign-off.
The FCA has also said it will publish AI good and poor practice later this year. That may become the more immediately useful document for compliance teams. But firms should not wait for it before doing the basics. The direction of travel is already visible.
The real compliance test
The Mills Review is not a ban on AI, and it should not be read as one. Used well, AI could make financial services faster, cheaper and more responsive. In consumer finance, it could reduce friction for customers who currently abandon processes because they are confusing, repetitive or badly designed.
But the compliance test will not be whether a firm has adopted AI. It will be whether the firm can show that AI has been adopted with control, accountability and evidence of good customer outcomes.
That is where Authorised Compliance Ltd expects the real work to begin. Not in the glossy strategy deck, but in the operating model: permissions, oversight, customer journey testing, MI, complaints analysis, supplier governance and senior manager accountability.
The future may be agentic. The FCA's message is that responsibility must remain human.
Source note: Based on the FCA's Mills Review page and report, published 6 July 2026, plus the FCA press release on the review.

