MICKAI
Article · 4 July 2026

The FCA Just Warned Banks About Agentic AI. The Answer Is A Signed Trail On Every Action

The regulator wants explainability and audit trails as autonomous tools reach live customer trials. Autonomy without a per-action, cryptographically-signed record is exactly the risk it fears.

The FCA Just Warned Banks About Agentic AI. The Answer Is A Signed Trail On Every Action
Author
Micky Irons
Published
4 July 2026
Follow Micky Irons
LinkedInX
agentic AIFCAfinancial servicesaudit trailConsumer Duty

By Micky Irons

A regulator does not usually tell you what is coming twelve months out. This time the Financial Conduct Authority did. Jessica Rusu, the FCA's Chief Data, Information and Intelligence Officer, said she expects the first wave of consumer-facing agentic AI to reach the market early in 2026. In the same breath the FCA signalled that it will enforce the rules it already has, the Senior Managers Regime and the Consumer Duty, to keep bank executives personally accountable for what these tools do to customers. Rusu put it plainly: those two regimes give the FCA enough regulatory bite that it does not need to write new rules for AI.

That is the whole story in one sentence. The capability is arriving faster than the governance, and the regulator is not planning to write a brand new rulebook. It is planning to point the existing one at autonomous software and ask a very old question in a very new context: who did what, why, and on whose authority.

We build for that question. So let me be direct about what agentic AI actually changes, and why a signed record on every action is not a nice-to-have but the load-bearing wall of the whole thing.

What the FCA is actually worried about

Look at who is already in the water. NatWest is piloting agentic AI to speed up complaints handling. Lloyds has launched a pilot aimed at helping customers manage their money, with an agentic assistant heading across its digital banking platform in early 2026. Starling is building budgeting tools that can set predictive spending caps and automate financial tasks on a customer's behalf. These are not chatbots that draft an email for a human to send. They are tools that take actions.

That is the shift the Bank of England has flagged from the other side of the same coin. Sarah Breeden, a deputy governor, has warned that these systems can now chain together sequences of actions without human approval, and that if enough agents react to a shock the same way they could amplify ordinary market stress into something wider. On the markets side the Bank is even weighing circuit breakers, market-wide kill switches that could halt trading if faulty models trigger instability. When the central bank is discussing an off switch for autonomous systems, the direction of travel is not subtle.

An agent that chains actions is the governance problem. A single model output can be reviewed. A sequence of twenty steps, where step four was a decision the agent made about a real customer's real money, cannot be reviewed after the fact unless every step was recorded at the moment it happened, in a form nobody can quietly edit later.

The FCA has already named the two things it wants. Explainability: the firm must be able to explain a material AI-driven decision to a customer when asked. Auditability: when a decision causes harm, the firm must have a trail good enough to investigate it and report accurately to the regulator. The FCA has said it will publish practical guidance on applying these expectations by the end of 2026. The expectation itself is already here.

Classical marble scene, Eos, gold rim light on void black

Why autonomy without a signed record is the exact risk

Here is the trap most firms are walking into. They are treating the audit trail as a log. Logs are written by the same system that took the action, stored in the same database, and editable by anyone with the right credentials. When a complaint lands and the customer's lawyer asks whether the record was changed after the incident, "trust our logs" is not an answer a Senior Manager wants to give under the accountability regime.

The Consumer Duty, in force since July 2023, raised the bar again. It is not enough to show an aggregate outcome looked fine. A firm has to evidence good outcomes across customer segments, including vulnerable customers, decision by decision. An agent that quietly declined a forbearance option for a struggling borrower, or set a spending cap that pushed someone into a missed payment, is a Consumer Duty event. If you cannot reconstruct exactly what the agent did and why, you cannot prove the outcome was fair. You can only hope it was.

So the real requirement is sharper than "keep a log." It is a per-action, tamper-evident, cryptographically-signed record. Every action the agent takes, at the instant it takes it, sealed with a signature that proves three things: what happened, that it has not been altered since, and which authority the action ran under. That is the difference between a story you tell the regulator and a fact you can hand them.

This is why we treat the signed audit record as core infrastructure rather than a compliance add-on. In our system every action an agent takes is written once and signed, so the trail is evidence, not narration.

Why ownership is where the guarantee lives

You can bolt signing onto a cloud deployment, and many firms will. But there is a difference between a signature and a guarantee, and the difference is control of the substrate.

If the model, the orchestration layer, the keys and the log store all sit inside a vendor's tenancy, then the party you are asking to prove the record is intact is the same party who could alter it. The FCA does not bar regulated firms from using cloud. Almost every regime, the Consumer Duty, the Senior Managers Regime, DORA, the EU AI Act, permits cloud with the right controls. This is not a legal wall. It is a question of where the proof lives, and for the small set of workloads where the record has to be unimpeachable, the honest answer is that it lives most cleanly on infrastructure you own and run inside your own walls.

That is what Mickai is. Mickai is a Sovereign Intelligence Operating System. A regulated organisation owns it, runs it air-gapped inside its own perimeter, and every action any agent takes lands in a cryptographically-signed audit record the organisation controls end to end. The keys are yours. The trail is yours. When the FCA asks a Senior Manager to explain a decision, the answer is not a support ticket to a vendor. It is a signed record the firm can produce on demand.

The autonomy the FCA is warning about is real and it is useful. Faster complaints, better budgeting, genuine help for people who need it. We are not arguing against agentic AI. We are arguing that the record of what the agent did has to be as robust as the agent is autonomous, and that ownership is how you make that a guarantee instead of a promise.

Classical marble scene, Eos, gold rim light on void black

The takeaway

The regulator has told you the timeline and the test. Consumer-facing agents in 2026. Accountability under rules that already exist. Explainability and auditability as the price of entry. The firms that win the trials will not be the ones with the cleverest agent. They will be the ones who can prove, action by action, signature by signature, exactly what their agent did and why.

Build the trail before you need it, own the substrate it sits on, and the FCA's warning stops being a threat and becomes your competitive edge. That is the whole architecture. If you want to see how the per-action signed record works alongside human-in-the-loop controls, or how an owned, sovereign deployment changes the accountability question, that is what we built.

Frequently asked questions

Is the FCA banning banks from using agentic AI?

No. The FCA expects consumer-facing agentic AI in 2026 and is encouraging responsible innovation through its sandbox and AI Lab. It is not writing a new rulebook. It plans to apply the Senior Managers Regime and the Consumer Duty to autonomous tools, which means executives stay personally accountable for outcomes, and firms must be able to explain and audit what their agents do.

What does a cryptographically-signed audit trail actually give you that a normal log does not?

A signature proves the record has not been altered after the fact and ties each action to the authority it ran under. A normal log can be edited by whoever controls the database. Under the Consumer Duty and the Senior Managers Regime, "trust our logs" is weak evidence. A signed, tamper-evident record per action is proof you can hand a regulator or a court.

Does this mean regulated firms cannot use cloud AI?

No, and we will not claim otherwise. The Consumer Duty, the Senior Managers Regime, DORA and the EU AI Act all permit cloud with proper controls. The genuine no-cloud cases are narrow and workload-specific. The broader case for owned, sovereign infrastructure is preference and proof: for the records that must be unimpeachable, control of the keys and the trail is cleanest when you own the substrate.

How does Mickai fit the FCA's explainability and audit expectations?

Mickai is a Sovereign Intelligence Operating System that a firm owns and runs inside its own perimeter. Every agent action is written once and cryptographically signed into an audit record the firm controls, with human-in-the-loop points where they matter. That maps directly onto the FCA's two asks: explain a material decision on demand, and produce a trail good enough to investigate harm.

Mickai is built and privately held by founder Micky Irons. Our patent estate stands at 104 filed UK applications with roughly 2,340 claims across 13 families, named inventor Mickarle Wagstaff-Irons, building toward examination and grant.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/fca-warns-agentic-ai-consumer-rollout. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles
4 Jul 2026
Spain Just Made AI Provenance a Legal Duty. Owning the Stack Settles It
Spain has moved to one of the strictest national AI regimes in the EU, making the labelling of AI-generated and AI-altered content a legal duty backed by its supervisory agency AESIA and fines up to 35 million euros. When AI runs inside your own walls with a cryptographically-signed audit record on every action, provenance and disclosure stop being a promise and become something you can prove.
4 Jul 2026
The GPAI Enforcement Switch Flips On 2 August 2026: What Regulated Buyers Should Actually Do
On 2 August 2026 the European Commission can start fining general-purpose AI providers up to 15 million euros or 3 percent of global turnover. Most coverage treats this as a model-maker story. For the regulated buyer it is a supply-chain story. I explain why, and what changes when the model runs inside your own walls with a signed audit record on every action.
4 Jul 2026
The Omnibus Bought You Time On High-Risk AI. It Did Not Buy You Control
On 16 June 2026 the European Parliament adopted the Digital Omnibus and on 29 June the Council signed it off, pushing most high-risk AI obligations to 2 December 2027. The deadline moved. The accountability did not. We make the honest case for building governed, on-premise infrastructure while the pressure is off.
4 Jul 2026
CADA Draws A Line Through The Public-Sector Cloud. Here Is Where Owned Infrastructure Sits
On 3 June 2026 the European Commission proposed the Cloud and AI Development Act, a four-tier sovereignty framework for public-sector procurement. It is not a blanket cloud ban. It is a graduated preference that runs from EU data residency at the baseline to effective immunity from foreign law at the top. I explain where each tier sits, and where owned infrastructure belongs.