The demo phase is ending
The UK Financial Conduct Authority’s second AI Live Testing cohort is easy to misread. The surface story is familiar: a regulator picks a group of firms, lets them test advanced models, and says it wants innovation to happen safely.
That is not the useful part.
The useful part is that the FCA is shifting the hard question from “does the model work?” to “can the firm prove it is still working when customers, markets and compliance teams are involved?”
The FCA announced the second cohort on 21 April 2026, naming eight firms including Barclays, Experian, Lloyds Banking Group’s Scottish Widows and UBS. The use cases are not confined to lab research. They include targeted investment support, consumer credit-score insights, agentic payments, anti-money-laundering detection and Know Your Customer workflows.
Those are deployment problems. They touch regulated advice boundaries, credit access, fraud controls, financial-crime monitoring and customer communications. If the systems fail quietly, the failure is not a bad benchmark score. It is a conduct risk.
Live testing means evidence, not theater
The FCA’s own description makes the direction clear. AI Live Testing is designed for firms that are already further along in development and ready to use AI in live markets. Eligibility requires more than a proof of concept. Firms must have considered pre-deployment testing and show post-deployment monitoring plans.
That last requirement is the tell.
Financial AI is moving into systems where one-time validation is not enough. A customer-facing support model can drift as products change. An AML model can learn the wrong proxy if criminals adapt faster than the firm’s monitoring. An agentic payment workflow can become risky because a tool permission, prompt boundary or exception path changes. A credit-insight system can create harm without ever making a formal lending decision.
The new discipline is operational. It asks whether the firm can produce a control record after the fact. What version of the model ran? What data was visible? What guardrail fired? Who reviewed exceptions? How quickly did the firm detect degradation?
That is not as photogenic as a model leaderboard. Good. Finance has enough photogenic technology.
Existing rules are doing the work
The FCA is also trying to avoid a common AI policy trap: building a new rulebook before anyone has a stable view of the deployment pattern.
In its April announcement, the FCA said the programme helps firms explore risk management and live monitoring questions. In January, when the FCA launched the Mills review, it again said its approach to artificial intelligence is grounded in its principles-based regulatory framework, including the Consumer Duty.
That matters because financial AI governance is less likely to arrive as a neat “AI rule” and more likely to arrive as supervisory evidence under familiar obligations. Treat customers fairly. Manage operational resilience. Control financial crime risk. Keep communications clear. Govern outsourcing and third-party dependencies. Maintain senior management accountability.
AI does not remove those duties. It makes proof harder.
For firms, that changes the compliance posture. It is no longer enough to say a model is “in pilot” if real users, real customers or real transaction flows are involved. A pilot with live exposure needs a monitoring plan, escalation path, rollback route and decision log. The distinction between experiment and production becomes a governance question, not a marketing label.
The cohort points to the next supervision pattern
The second cohort’s use cases map where the FCA expects pressure. Targeted investment support tests whether firms can personalize help without crossing into unsuitable recommendations. Credit-score insights test whether explainability can survive consumer-facing presentation. Agentic payments test autonomy in workflows where money moves. AML and KYC test whether AI can improve detection without making surveillance unchallengeable or brittle.
Each area creates a different evidence burden.
For customer support, firms need records showing that personalization did not become unfair steering. For credit insights, they need to show that explanations are meaningful to consumers and not just internally plausible. For financial crime, they need human review paths and defensible false-positive handling. For agentic workflows, they need permission boundaries and failure containment.
The FCA’s partnership with Advai, described by the regulator as a technical partner for automated AI assurance, is another clue. The regulator is not only asking firms to narrate their governance. It is moving toward technical evidence that supervisors can inspect.
That should make boards uncomfortable in the right way. Many financial institutions have AI policies that read well. Fewer have clean telemetry across model versions, prompts, data access, human overrides and exception queues. The second category is what supervisors will care about when something goes wrong.
Mills makes this bigger than one cohort
The Live Testing programme also sits inside a broader FCA review of AI in retail financial services. The regulator launched the Mills review on 27 January 2026, led by Sheldon Mills, to consider how advanced AI could affect consumers, retail markets, firms and regulators. The FCA said recommendations would go to its Board in summer 2026, followed by external publication.
That review is looking toward 2030 and beyond. The live cohort is happening now.
The combination is important. The review can describe where retail finance may go. Live testing can show where control systems break when firms try to get there. If the FCA does this well, its eventual guidance will be based less on speculative model anxiety and more on evidence from actual deployments.
That is the right sequencing. AI regulation fails when it treats all model use as one category. A summarization tool inside a compliance team is not the same risk as an agentic payments flow. Live testing gives the regulator a way to separate use cases by operational hazard.
What firms should hear
The message for banks and fintechs is not “wait for the FCA to bless your model.” It is narrower and more demanding: if you put AI into regulated workflows, be able to show the control evidence.
That evidence should be designed before launch. Monitoring cannot be bolted on after a customer incident. Audit trails cannot be reconstructed from screenshots and Slack messages. Human-in-the-loop controls are not serious unless someone can show when humans intervened, what they saw, what they changed and whether the model learned from the outcome.
This is where the economics of AI deployment may slow down. Model access is cheap compared with governance integration. The hard cost is connecting the model to risk systems, customer-record systems, case-management tools and incident processes. The technology team can ship the first demo quickly. The regulated firm has to ship the second system: the one that can be supervised.
The FCA’s second AI Live Testing cohort is not a permission slip for financial AI. It is a preview of the audit standard that will form around it. The firms that understand that will treat live testing as control design. The firms that do not will arrive with a product demo and discover that the regulator is asking for receipts.
Discussion
Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.