The UK government has accepted the recommendations of its independent AI Adoption Plan for financial services, produced by FS AI Champions Harriet Rees (Starling Bank) and Dr Rohit Dhawan (Lloyds Banking Group).
The plan's ten recommendations span five areas: the regulatory framework, AI-powered financial advice and the regulatory perimeter, resilience, skills and talent, and agentic payments. Government has confirmed it will work with regulators and industry on next steps, alongside the FCA's own Mills Review into how AI could reshape retail financial services by 2030.
Government has now confirmed that regulators should clarify how existing rules apply to AI, and that the FCA and government should specifically review whether the regulatory perimeter needs to change for AI-generated financial guidance.
That is a different statement to ‘AI will be supervised under existing rules.’ It is an acknowledgment that AI-generated guidance may be operating in territory the current perimeter was not built to reach. The Treasury Committee made a similar point in January, when it warned that a wait-and-see approach to AI carries real consumer risk, and called for clarity on senior manager accountability under the SMCR once AI systems are making or shaping decisions.
This is a familiar shape. Regulators are organized vertically, by jurisdiction and by mandate. AI-generated advice, like open finance data, moves horizontally through the market, faster than any single regulator's remit was designed to track. Clarifying the perimeter is necessary. It does not, on its own, tell an institution who is accountable when an AI agent, operating through a third party, gets it wrong.
Agentic payments made the Adoption Plan's five headline areas. That sits alongside April's payments package, in which government committed to exploring how payment services regulation should evolve to account for payments made by AI agents, and confirmed new FCA powers over the next phase of Open Banking.
Put those two announcements together and the direction is clear: AI agents are moving from advising on financial decisions to executing them, inside an Open Banking framework that is itself still being built out. Every one of those agents will be operating on behalf of, or through, a third party. That is a third-party risk question before it is anything else.
The government's posture across both AI and payments is consistent: proportionate, principles-based, technology-agnostic regulation, with regulators clarifying rather than rebuilding from scratch. That is the right instinct for a fast-moving market. But clarity on paper does not answer the operational question every financial institution is already facing: which third parties, aggregators, and now AI agents are actually accredited, actually monitored, and actually accountable when something goes wrong.
That is the gap between regulation and infrastructure. Regulation tells the market what good looks like. It does not, by itself, verify who is in the network, monitor risk in real time as agentic AI scales, or ensure liability lands in the right place when a breach or a bad agent decision reaches a customer relationship.
Invela is the infrastructure layer that makes open finance trustworthy - accrediting who's in the network, monitoring risk in real time, and ensuring liability lands in the right place. As agentic AI moves from advice to execution, that accountability layer becomes the thing standing between a well-intentioned policy and a well-managed risk.
Invela is the infrastructure layer that makes open finance trustworthy - accrediting who's in the network, monitoring risk in real time, and ensuring liability lands in the right place.