Does Consumer Duty apply to all AI agents at FCA-regulated firms?

It applies to any agent affecting retail customer outcomes. Internal-only agents (e.g. operational support) are largely out of scope. Agents that touch a retail product or service, even indirectly, are in scope.

What's the difference between PRIN 12 and the existing FCA conduct rules?

PRIN 12 raises the standard — it's an outcomes-focused obligation rather than the previous process-focused 'TCF' (Treating Customers Fairly). The four outcomes (products/services, price/value, consumer understanding, consumer support) are tested against the actual experience customers receive, not the firm's stated intent.

Deep dive

FCA Consumer Duty (GC23/2) outcomes monitoring for AI-driven decisioning

Consumer Duty PRIN 12 demands outcomes monitoring on a cross-cutting basis. For AI agents making retail-customer decisions, this means runtime evidence tagged to the four Duty outcomes.

By Dipankar Sarkar June 1, 2026 4 min read

fcaconsumer-dutyprin-12outcomes-monitoringgc23-2

The FCA’s Consumer Duty (PRIN 12, effective 31 July 2023 for new products and 31 July 2024 for closed-book products) is the most material UK regulatory change for retail financial services since MiFID II. For firms running AI agents that touch retail customers, GC23/2 (December 2023) makes the AI-specific expectations explicit.

This article is the runtime view: what outcomes monitoring looks like in an LLM-agent audit chain, how the four outcomes attach per event, and what an FCA supervision visit will ask for.

The four outcomes #

PRIN 12 is built around four outcomes that firms must deliver:

Products and services. Designed to meet the needs and objectives of the target market, with foreseeable harm avoided.
Price and value. Reasonable relationship between price paid and benefit received.
Consumer understanding. Communications support good consumer outcomes; the consumer can make informed decisions.
Consumer support. Customers can use products as reasonably expected, with timely and friction-free support.

Plus three cross-cutting rules — act in good faith, avoid foreseeable harm, enable customers to pursue financial objectives.

For an LLM agent, every customer-affecting event needs to land in the audit chain with the outcome it relates to, the consumer- segment, and any vulnerability indicators.

How the audit envelope captures it #

The Regulus fca-sysc profile adds outcome-tagging to every event:

event {
  ts: "2026-06-01T22:14:03Z",
  agent: "credit-decision",
  decision: "DENY",
  clause: "fca-sysc-4.1.7: lending decisions outside stated income require independent review",
  outcomes: ["price-value", "consumer-understanding"],
  consumer_segment: "near-prime",
  vulnerable: false,
  principal: { sub: "...", smf_responsible: "smf-26" },
  framework_citations: [
    "fca-prin:12.2.b",
    "nist-ai-rmf:GOVERN-1.2"
  ]
}

The outcomes array marks which of the four outcomes this event is evidence for. The consumer_segment is your firm’s customer- segmentation taxonomy (typically near-prime, prime, super-prime plus relevant sub-segments). The vulnerable flag captures whether the calling Principal has the vulnerability claim from your customer- data IdP.

What the quarterly board pack looks like #

The FCA expects firms to produce a board-level Consumer Duty review, typically quarterly. For a firm running AI agents, the board pack needs:

Per-outcome quantitative view #

For each outcome, broken down by consumer segment:

Total events processed.
ALLOW / DENY / HITL distribution.
Adverse-outcome incidents (where the firm later identified the decision was wrong).
Fairness deltas (material differences in outcome distribution across protected characteristics).

The Regulus quarterly export (regulus duty board-pack) produces this from the audit chain.

Vulnerable-customer view #

A separate slice for customers flagged vulnerable. The FCA’s expectations for vulnerable customers are heightened:

Decisions affecting vulnerable customers should preferentially go through HITL, not pure-automation.
Communications need to be calibrated for the vulnerability type (cognitive, financial, situational).
Adverse outcomes for vulnerable customers trigger root-cause review.

Cross-cutting rule evidence #

For each of the three cross-cutting rules:

Good faith. Examples of agent decisions where the firm’s interest was deprioritised in favour of the customer’s. (E.g. the agent recommended the cheaper product variant when the more expensive one would have been profitable for the firm.)
Avoid foreseeable harm. Cases where the agent denied an invocation that would have caused foreseeable harm. The DENY events in the chain are these.
Enable customers to pursue financial objectives. Cases where the agent escalated to a human reviewer when the right path wasn’t clear, rather than defaulting to “no” or “yes” blindly.

What an FCA supervision visit asks for #

A real FCA supervision visit on an AI-driven retail product:

“Show me your Consumer Duty board pack for the last four quarters.” The quarterly exports.
“For Q1 2026, walk me through three adverse outcomes.” Pick three; show the agent’s decision trail, the matched clause, the downstream outcome, the root-cause analysis.
“How are vulnerable customers handled differently?” The vulnerability claim, the enhanced HITL gating, the communications adjustments.
“What’s your fairness-delta posture?” Distribution of outcomes across protected characteristics. Material deltas trigger documented review by the second-line.
“Who’s the SMF responsible?” SMF-26 (firm’s AI strategy) and SMF-24 (CIO/CTO with operational AI oversight) are the typical accountabilities; both should be named.

What GC23/2 adds specifically #

GC23/2’s specific AI guidance on top of base Consumer Duty:

AI deployments need senior-management approval. SMF-26 (or equivalent) must approve the deployment before production use.
Outcomes monitoring is a continuous obligation. Quarterly board pack is a minimum; firms running consequential AI typically have monthly second-line review.
Vulnerable-customer handling is a focus area. The FCA has signalled in supervisory letters that AI deployments mishandling vulnerable customers will attract enforcement attention.
Transparency to customers. When AI materially influences a decision, customers should be informed in a way that supports good outcomes. (Cross-references EU AI Act Article 50 for firms operating cross-border.)

What this doesn’t cover #

Three Consumer Duty obligations the runtime audit chain doesn’t fully address:

Product design. PRIN 12 outcome 1 is largely a design-time question. The agent’s runtime decisions are evidence of how the design plays out, but the design itself is an upstream artefact.
Price and value assessment. The agent might decide whether a customer is offered Product A vs Product B, but the underlying value assessment of each product is a separate firm-level exercise.
Communications materials. Static marketing materials, T&Cs, pre-contract disclosures — all governance artefacts, not runtime.

For the broader UK conduct landscape, see the FCA SYSC + Consumer Duty profile page.