The Consumer Duty changed what good looks like for an FCA-regulated firm. It is not a regime you satisfy by describing a process; it is one you satisfy by evidencing an outcome. Under Principle 12 a firm must act to deliver good outcomes for retail customers, and it must monitor and prove that it is doing so with data, not assertions, with the board or governing body reviewing an assessment of those outcomes at least once a year. Artificial intelligence sits directly on top of that obligation, because every AI system that touches a retail-customer outcome becomes one more thing the firm must be able to explain, monitor, and stand behind.
This page sets out how the Duty applies to AI, where accountability sits, and where a private, auditable, in-environment architecture genuinely helps. We are an engineering firm, not a regulatory adviser, so the framing throughout is honest: we build the systems that make the evidence easier to produce, and the compliance judgement stays with the firm. The deeper decision framework for regulated AI is in private AI for UK regulated businesses, and this page goes one level down into the Consumer Duty specifically.
The Duty is an outcomes-and-evidence regime
The Duty came into force on 31 July 2023 for open products and 31 July 2024 for closed ones, and it lives in the Handbook as PRIN 2A. It sets four outcomes: products and services that meet the needs of an identified target market, price and value that is fair, consumer understanding through communications customers can act on, and consumer support without unreasonable barriers. Underneath those sit three cross-cutting rules: act in good faith, avoid foreseeable harm, and enable and support customers to pursue their financial objectives. The shift that matters for AI is the evidential one. The Duty expects outcomes testing, not process compliance, which means a firm running AI has to monitor the outcomes that AI produces and be able to show they are good.
How AI intersects each outcome
AI touches the Duty wherever it shapes what a customer experiences. In price and value, AI-driven or personalised pricing is the sharpest case: the firm must be able to show that differential outcomes are fair value and do not amount to unfair discrimination, which is impossible if the model cannot be explained. In consumer understanding, AI that generates customer communications must produce material that is clear, fair, and not misleading, the standard Principle 7 already sets. In consumer support, an AI chatbot or triage system must meet customer needs without creating barriers, and a system that confidently gives wrong answers is a foreseeable harm. And across all of them, the avoid foreseeable harm rule means a biased credit or affordability model, or an unmonitored one, can breach the Duty regardless of intent. The FCA's position, set out in its 2024 AI Update and its standing approach, is that firms remain fully accountable for AI outcomes; a lack of explainability or inadequate monitoring is not a defence, it is part of the failing.
Accountability does not move
This is the point firms most often get wrong: AI does not dilute the Senior Managers and Certification Regime. A senior manager can be held personally accountable for AI use within their remit, and accountability cannot be delegated to a vendor or to the model itself. There is no single FCA rule that one Senior Management Function owns all AI; the allocation flows from the firm's responsibilities map and typically touches the functions for technology, operations, and risk, which is a governance decision for the firm rather than a fixed answer we or anyone else can supply. The FCA has also leaned into engagement rather than prohibition, through its AI Lab, the Supercharged Sandbox run with NVIDIA, and AI Live Testing for firms ready to deploy, alongside an AI Consortium with the Bank of England. The direction is supportive of AI adoption, on the firm condition that the firm can govern and evidence it.
Where private, auditable AI helps
None of this requires a particular technology, but the architecture makes the evidence either easy or impossible to produce. The artefacts a Consumer Duty assessment and an FCA supervisor ask for map almost exactly onto the properties of a well-built private system. End-to-end decision logging gives you the audit trail that shows how an AI-influenced outcome was reached. Explainable outputs let you satisfy the consumer-understanding and fair-value tests rather than pointing at a black box. Routing low-confidence outputs to a human, instead of auto-resolving them, is both good Duty practice and good engineering. Monitoring and management information, generated as the system runs, is what the board reviews. And keeping customer data inside your environment removes a whole category of risk before it starts. A private, on-premise build is described in private AI on-premise, and the principle of automating the paperwork while a person owns the decision is in AI compliance automation.
The honest limit is the important part. This engineering supports your Duty work; it does not discharge it. We do not conduct your outcomes assessment, set your fair-value methodology, or determine your risk appetite, and we do not make anyone compliant. Those are decisions for your compliance function and your senior managers, and the EU-level comparison, the AI Act and DORA, is covered separately in our Amsterdam guide for firms that operate across both regimes.
Working with us
Ayoob AI is an engineering firm based in Newcastle upon Tyne with a second office in Dubai, building private, full-code AI that financial firms own and run inside their own environment. We are ISO 27001:2022 and Cyber Essentials certified, with five pending UK patents on private on-device compute. We are not a compliance consultancy or a regulatory adviser; we build the auditable, explainable, in-environment systems that help your people evidence good outcomes, while the Consumer Duty accountability stays with the firm and its senior managers. The reasoning for an owned build over a generic tool is in build vs buy and what is full-code AI automation, and the broader UK-regulator picture is on our UK automation hub.
If you are deploying AI into a retail financial business and want it built so the Consumer Duty evidence comes out of the system rather than being reconstructed after the fact, that is what a discovery call is for, and you can start one through our AI automation service.
