The FCA Just Warned Banks About Agentic AI. The Answer Is A Signed Trail On Every Action
The regulator wants explainability and audit trails as autonomous tools reach live customer trials. Autonomy without a per-action, cryptographically-signed record is exactly the risk it fears.
By Micky Irons
A regulator does not usually tell you what is coming twelve months out. This time the Financial Conduct Authority did. Jessica Rusu, the FCA's Chief Data, Information and Intelligence Officer, said she expects the first wave of consumer-facing agentic AI to reach the market early in 2026. In the same breath the FCA signalled that it will enforce the rules it already has, the Senior Managers Regime and the Consumer Duty, to keep bank executives personally accountable for what these tools do to customers. Rusu put it plainly: those two regimes give the FCA enough regulatory bite that it does not need to write new rules for AI.
That is the whole story in one sentence. The capability is arriving faster than the governance, and the regulator is not planning to write a brand new rulebook. It is planning to point the existing one at autonomous software and ask a very old question in a very new context: who did what, why, and on whose authority.
We build for that question. So let me be direct about what agentic AI actually changes, and why a signed record on every action is not a nice-to-have but the load-bearing wall of the whole thing.
What the FCA is actually worried about
Look at who is already in the water. NatWest is piloting agentic AI to speed up complaints handling. Lloyds has launched a pilot aimed at helping customers manage their money, with an agentic assistant heading across its digital banking platform in early 2026. Starling is building budgeting tools that can set predictive spending caps and automate financial tasks on a customer's behalf. These are not chatbots that draft an email for a human to send. They are tools that take actions.
That is the shift the Bank of England has flagged from the other side of the same coin. Sarah Breeden, a deputy governor, has warned that these systems can now chain together sequences of actions without human approval, and that if enough agents react to a shock the same way they could amplify ordinary market stress into something wider. On the markets side the Bank is even weighing circuit breakers, market-wide kill switches that could halt trading if faulty models trigger instability. When the central bank is discussing an off switch for autonomous systems, the direction of travel is not subtle.
An agent that chains actions is the governance problem. A single model output can be reviewed. A sequence of twenty steps, where step four was a decision the agent made about a real customer's real money, cannot be reviewed after the fact unless every step was recorded at the moment it happened, in a form nobody can quietly edit later.
The FCA has already named the two things it wants. Explainability: the firm must be able to explain a material AI-driven decision to a customer when asked. Auditability: when a decision causes harm, the firm must have a trail good enough to investigate it and report accurately to the regulator. The FCA has said it will publish practical guidance on applying these expectations by the end of 2026. The expectation itself is already here.
Why autonomy without a signed record is the exact risk
Here is the trap most firms are walking into. They are treating the audit trail as a log. Logs are written by the same system that took the action, stored in the same database, and editable by anyone with the right credentials. When a complaint lands and the customer's lawyer asks whether the record was changed after the incident, "trust our logs" is not an answer a Senior Manager wants to give under the accountability regime.
The Consumer Duty, in force since July 2023, raised the bar again. It is not enough to show an aggregate outcome looked fine. A firm has to evidence good outcomes across customer segments, including vulnerable customers, decision by decision. An agent that quietly declined a forbearance option for a struggling borrower, or set a spending cap that pushed someone into a missed payment, is a Consumer Duty event. If you cannot reconstruct exactly what the agent did and why, you cannot prove the outcome was fair. You can only hope it was.
So the real requirement is sharper than "keep a log." It is a per-action, tamper-evident, cryptographically-signed record. Every action the agent takes, at the instant it takes it, sealed with a signature that proves three things: what happened, that it has not been altered since, and which authority the action ran under. That is the difference between a story you tell the regulator and a fact you can hand them.
This is why we treat the signed audit record as core infrastructure rather than a compliance add-on. In our system every action an agent takes is written once and signed, so the trail is evidence, not narration.
Why ownership is where the guarantee lives
You can bolt signing onto a cloud deployment, and many firms will. But there is a difference between a signature and a guarantee, and the difference is control of the substrate.
If the model, the orchestration layer, the keys and the log store all sit inside a vendor's tenancy, then the party you are asking to prove the record is intact is the same party who could alter it. The FCA does not bar regulated firms from using cloud. Almost every regime, the Consumer Duty, the Senior Managers Regime, DORA, the EU AI Act, permits cloud with the right controls. This is not a legal wall. It is a question of where the proof lives, and for the small set of workloads where the record has to be unimpeachable, the honest answer is that it lives most cleanly on infrastructure you own and run inside your own walls.
That is what Mickai is. Mickai is a Sovereign Intelligence Operating System. A regulated organisation owns it, runs it air-gapped inside its own perimeter, and every action any agent takes lands in a cryptographically-signed audit record the organisation controls end to end. The keys are yours. The trail is yours. When the FCA asks a Senior Manager to explain a decision, the answer is not a support ticket to a vendor. It is a signed record the firm can produce on demand.
The autonomy the FCA is warning about is real and it is useful. Faster complaints, better budgeting, genuine help for people who need it. We are not arguing against agentic AI. We are arguing that the record of what the agent did has to be as robust as the agent is autonomous, and that ownership is how you make that a guarantee instead of a promise.
The takeaway
The regulator has told you the timeline and the test. Consumer-facing agents in 2026. Accountability under rules that already exist. Explainability and auditability as the price of entry. The firms that win the trials will not be the ones with the cleverest agent. They will be the ones who can prove, action by action, signature by signature, exactly what their agent did and why.
Build the trail before you need it, own the substrate it sits on, and the FCA's warning stops being a threat and becomes your competitive edge. That is the whole architecture. If you want to see how the per-action signed record works alongside human-in-the-loop controls, or how an owned, sovereign deployment changes the accountability question, that is what we built.
Frequently asked questions
Is the FCA banning banks from using agentic AI?
No. The FCA expects consumer-facing agentic AI in 2026 and is encouraging responsible innovation through its sandbox and AI Lab. It is not writing a new rulebook. It plans to apply the Senior Managers Regime and the Consumer Duty to autonomous tools, which means executives stay personally accountable for outcomes, and firms must be able to explain and audit what their agents do.
What does a cryptographically-signed audit trail actually give you that a normal log does not?
A signature proves the record has not been altered after the fact and ties each action to the authority it ran under. A normal log can be edited by whoever controls the database. Under the Consumer Duty and the Senior Managers Regime, "trust our logs" is weak evidence. A signed, tamper-evident record per action is proof you can hand a regulator or a court.
Does this mean regulated firms cannot use cloud AI?
No, and we will not claim otherwise. The Consumer Duty, the Senior Managers Regime, DORA and the EU AI Act all permit cloud with proper controls. The genuine no-cloud cases are narrow and workload-specific. The broader case for owned, sovereign infrastructure is preference and proof: for the records that must be unimpeachable, control of the keys and the trail is cleanest when you own the substrate.
How does Mickai fit the FCA's explainability and audit expectations?
Mickai is a Sovereign Intelligence Operating System that a firm owns and runs inside its own perimeter. Every agent action is written once and cryptographically signed into an audit record the firm controls, with human-in-the-loop points where they matter. That maps directly onto the FCA's two asks: explain a material decision on demand, and produce a trail good enough to investigate harm.
Mickai is built and privately held by founder Micky Irons. Our patent estate stands at 104 filed UK applications with roughly 2,340 claims across 13 families, named inventor Mickarle Wagstaff-Irons, building toward examination and grant.


