MICKAI
Article · 1 July 2026

FCA Consumer Duty: Evidencing Good Customer Outcomes With a Tamper-Evident AI Record

Consumer Duty asks firms to prove good customer outcomes, not merely to intend them. A signed record of every AI-assisted decision turns that burden of proof into a standing asset.

FCA Consumer Duty: Evidencing Good Customer Outcomes With a Tamper-Evident AI Record
Author
Micky Irons
Published
1 July 2026
Follow Micky Irons
LinkedInX
Sovereign AIMickaiArtificial IntelligenceOpen Audit RecordPatents

The Duty moved the goalposts from intent to evidence

FCA Consumer Duty: Evidencing Good Customer Outcomes With a Tamper-Evident AI Record, illustration 1

The FCA Consumer Duty did something the old treating-customers-fairly regime never quite forced. It shifted the standard from what a firm meant to do to what a firm can show it did. Under PRIN 2A, boards must review outcomes annually, monitor for foreseeable harm, and hold data that demonstrates good outcomes across the four areas: products and services, price and value, consumer understanding, and consumer support. The word that trips firms up is demonstrate. A well-drafted policy is not evidence. A dashboard that was rebuilt last quarter is not evidence a regulator will trust without asking who changed it and when.

That gap widens the moment artificial intelligence enters the journey. When a model shapes a customer's price, a support triage, a suitability nudge, or a vulnerability flag, the firm has to answer a harder question. Not just what the outcome was, but what the AI saw, what it decided, on which version of which policy, and whether that record has been altered since. Most AI stacks cannot answer that question honestly, because they were never built to preserve it.

What outcomes-testing gaps actually look like

FCA Consumer Duty: Evidencing Good Customer Outcomes With a Tamper-Evident AI Record, illustration 2

An outcomes-testing gap is the space between the story a firm tells about fairness and the trail it can produce on demand. In practice it shows up as reconstructed logs, screenshots pasted into a remediation pack, model outputs that no one can tie back to the exact prompt and context that produced them, and monitoring data sitting in a warehouse that a privileged administrator could edit without leaving a mark. None of that is fraud. It is the ordinary state of systems assembled for speed rather than for proof.

The regulator does not need to allege bad faith to make this expensive. A skilled-person review under section 166, a Dear CEO letter, or a past-business review can simply ask for the underlying records and let the absence speak. When the records are mutable, incomplete, or dependent on a third party's cloud retention policy, the firm carries the cost of doubt. The point of a tamper-evident record is to remove the doubt before anyone asks.

The OAR: a signed account of every AI-assisted decision

FCA Consumer Duty: Evidencing Good Customer Outcomes With a Tamper-Evident AI Record, illustration 3

Mickai is a sovereign AI operating system. Regulated businesses own it and run it inside their own walls, on-premises and, where the risk demands, air-gapped. Every action the system takes is written to the Outcome and Action Record, the OAR, a tamper-evident audit trail signed with post-quantum cryptography.

For Consumer Duty the OAR captures, per decision, the inputs the model received, the retrieved context it reasoned over, the policy and model versions in force at that instant, the output, and any human override. Each entry is signed with ML-DSA-65, a lattice-based scheme built to survive both classical and quantum attack, and chained so that altering one record breaks the signature on every record after it. The identity that signs is bound to hardware, so a log line cannot be forged from another machine or backdated by an administrator with database access. When your Head of Internal Audit or a skilled person asks to see the decisions behind a cohort of customers, you produce a cryptographically verifiable account rather than a reconstruction.

That record is generated as a by-product of the work, not assembled afterwards for the exam. This is the difference between evidencing outcomes and performing them.

Architecture built for the burden of proof

FCA Consumer Duty: Evidencing Good Customer Outcomes With a Tamper-Evident AI Record, illustration 4

Underneath, Mickai runs fifty specialised brains under a deterministic arbiter. The arbiter matters for compliance because it makes the same inputs resolve the same way, which is what turns a probabilistic model into something a firm can govern and a board can attest to. Retrieval runs against an air-gapped RAG index, so the knowledge the AI reasons over stays inside your estate and never trains anyone else's system. Where an outcome must be reversed, compensating rollback unwinds the action and records the reversal in the same signed trail, so remediation is itself evidenced.

Consumer Duty rarely travels alone. The same OAR that evidences good outcomes also feeds SM&CR accountability, giving a named senior manager a defensible line of sight into what the automated systems under their prescribed responsibilities actually did. It supports PRA and FCA operational resilience testing, because you can show the decision path held through a severe but plausible stress scenario. And it maps cleanly onto the EU AI Act's high-risk logging duties for firms operating across both regimes. One signed substrate, many overlapping obligations.

Who reaches for this first

FCA Consumer Duty: Evidencing Good Customer Outcomes With a Tamper-Evident AI Record, illustration 5

The Chief Compliance Officer wants outcomes evidence that survives challenge without a fire drill. The General Counsel wants records that hold up if a complaint becomes a claim. The Chief Risk Officer wants the model governance story to be inspectable rather than asserted, in line with the direction of travel under SS1/23 model risk management. The Data Protection Officer wants special-category data to stay inside the walls, which air-gapped operation delivers by design, and a DPIA that can point to real controls rather than promises. And the board, including non-executive directors signing the annual Consumer Duty report, wants to attest without taking the outcome on trust. The OAR gives each of them the same source, read at their own altitude.

This is not a rip-and-replace proposition. Mickai runs alongside the systems a firm already has, and the OAR can sit beneath existing customer journeys, signing the AI-assisted decisions without rewiring the front end. Mickai is an ally to the wider AI ecosystem, not a replacement for it. The differentiator is where the AI runs and what it leaves behind.

Built, live, and moving

FCA Consumer Duty: Evidencing Good Customer Outcomes With a Tamper-Evident AI Record, illustration 6

Mickai is built and live, and building to scale. The company is UK-based, with Birmingham manufacturing secured for the HELIOS hardware line. The intellectual property estate stands at 104 filed UK patent applications and roughly 2,340 claims, held by Mickai LTD, establishing a priority and prior-art position around sovereign, tamper-evident AI. As a third-party momentum signal, founder Micky Irons was ranked number four on Crunchbase in June 2026, with the company placed in the top one to two percent globally. Those are markers of trajectory, not the argument. The argument is that regulated firms increasingly cannot run public-cloud AI over their most sensitive decisions, and they need a substrate that proves what it did.

The market reflects that pressure. Sovereign AI is estimated at forty billion dollars in 2025, rising toward one hundred and forty-eight billion by 2032, and a large share of UK and EU firms are legally constrained from putting these workloads on shared infrastructure at all. That is the wedge Mickai was built for, and the reason a category like this is one a hyperscaler would eventually want to own rather than rebuild.

A defined conversation

If you carry Consumer Duty accountability and want AI whose every decision arrives pre-evidenced, the conversation is open. Mickai is designed for firms whose regulatory posture already fits what the system does today, not for those who need it rebuilt around them.

Micky Irons, founder and CEO, Mickai. Reach me directly at micky@mickai.co.uk.

Frequently asked questions

How does the OAR help a firm evidence Consumer Duty outcomes?

The Outcome and Action Record captures, per AI-assisted decision, the inputs the model saw, the context it retrieved, the policy and model versions in force, the output, and any human override. Each entry is signed with ML-DSA-65 post-quantum cryptography and chained, so records are tamper-evident and can be produced on demand for a skilled-person review or a board attestation rather than reconstructed after the fact.

What does tamper-evident actually mean here?

Every record is cryptographically signed and linked to the one before it. Altering any single entry breaks the signature on every record that follows, and the signing identity is bound to hardware, so a log line cannot be forged from another machine or backdated by an administrator with database access.

Does Mickai replace our existing systems?

No. Mickai runs on-premises alongside the systems a firm already has, and the OAR can sit beneath existing customer journeys, signing AI-assisted decisions without rewiring the front end. It is designed as an ally to the wider AI ecosystem, not a replacement for it.

Which regulations beyond Consumer Duty does the same record support?

The same signed substrate feeds SM&CR accountability, supports PRA and FCA operational resilience testing, informs SS1/23 model risk governance and GDPR DPIA work, and maps onto the EU AI Act's high-risk logging duties for firms operating across both regimes.

Where does the data live?

Inside the firm's own walls. Mickai runs on-premises and, where the risk demands, air-gapped, with retrieval against an air-gapped RAG index, so special-category and sensitive data never leaves the estate and never trains another party's system.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/fca-consumer-duty-evidencing-good-outcomes-with-a-tamper-evident-ai-record. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles