A report from the London Foundation for Banking and Finance and the Institute and Faculty of Actuaries says generative Artificial Intelligence is creating governance challenges for financial services firms that cannot be fully solved, only managed. The study found that 70% of respondents agreed Artificial Intelligence risks are among the greatest facing their sector over the next five years, while 75% said those risks had increased substantially since generative Artificial Intelligence became widely available. Cyber threats, misleading outputs and knowledge gaps emerged as the top three concerns.
The report argues that the most serious risks stem from structural features of generative Artificial Intelligence rather than isolated defects. Its persuasiveness, accessibility and capacity to operate at scale are also the qualities that make it harder to govern, explain, trust and contain. The framework identified nine risks grouped into three categories: outcomes, operating environment and system. It also warns that as firms embed Artificial Intelligence into tools and infrastructure, risk increasingly shifts beyond individual firms and into the wider financial ecosystem, where common dependencies can turn rational outsourcing decisions into shared points of failure.
In UK insurance, adoption is already widespread. The Bank of England and the FCA’s 2024 joint survey found that 95% of insurance firms were already using Artificial Intelligence, the highest rate of any financial services subsector. Yet 46% of firms reporting only a partial understanding of the Artificial Intelligence they use, against just 34% claiming complete understanding. The report links that gap to governance pressure as insurers deploy Artificial Intelligence in underwriting, claims triage, pricing and customer communications.
Dependence on external providers is becoming a central concern. A third of all Artificial Intelligence use cases in UK financial services now rely on third-party implementations, up from 17% in 2022, with the top three providers accounting for the lion’s share of cloud, model and data supply. Regulators have also warned that Artificial Intelligence-driven hyper-personalisation in pricing could improve premiums for some customers while making others uninsurable. Where customer-facing systems generate misleading outputs, firms remain accountable for the consequences whether the model was built in-house or sourced externally.
The UK continues to take a principles-based approach to governance. The FCA’s strategy for 2025 to 2030 commits the regulator to a tech-positive stance focused on outcomes rather than prescriptive rules, and no Artificial Intelligence-specific regulation is planned. In December 2025, FCA chief executive Nikhil Rathi said the technology evolves every three to six months, reinforcing the case against fixed rules. At the same time, the Critical Third Parties regime introduced in November 2024 is expanding oversight of providers of critical Artificial Intelligence and cloud services, with formal designations expected in 2026, while firms serving EU clients may also face obligations under the EU Artificial Intelligence Act.
