Start with an inventory
AI arrives in advice firms informally, one tool and one adviser at a time. The first control is simply knowing what is in use: which models, which versions, and where they touch advice.
A model registry, kept current and tied back to the advice each model produced, is the foundation everything else rests on. You cannot govern what you cannot see.
Keep a human accountable for every recommendation
The FCA holds the firm responsible for advice however it was produced. A model cannot be the decision-maker on suitability.
Human review in front of AI-assisted advice is the single most effective control. It means a model’s error is caught inside the firm, before it reaches the client or the regulator.
Assess the risk before you deploy
Treat a new model, or a material change to one, like any other significant process change: work through what it does, where it could cause harm, and what controls sit around it, before it touches real advice.
Keep the assessment current as the tool changes. This is what separates deliberate adoption from hoping for the best, and it is the record you will be asked for.
Monitor for bias and drift
Models do not stay still. Behaviour drifts as the world around them changes, and skew can creep into outcomes for particular customer groups.
Monitor both, set thresholds that flag for human review rather than waiting for complaints, and keep the evidence that you are doing it. Under Consumer Duty, showing you actively check for foreseeable harm is part of the obligation.
Be ready for the AI incident
Assume something will go wrong. Decide in advance how an AI-related issue gets logged, contained, assessed for customer impact, and reported.
A clear incident record turns a model failure from a crisis into a demonstration of control, which is much of what the regulator is looking for.