FCA Mills Review turns agentic finance consent into KYA evidence

The FCA's Mills Review is not a formal Know Your Agent rule, but it gives financial-services operators a clear warning: when AI systems recommend actions, initiate transactions, and execute decisions within agreed parameters, consent, mandate scope, transaction authority, and accountability must be reconstructable.

Daily signal: On July 6, 2026, the FCA published The Mills Review on AI and the future of retail financial services. The review says future systems are likely to move beyond assistance into delegated financial decision-making. KYA implication: every retail-finance agent needs a reviewable evidence file linking the consumer, operator, agent, consent boundary, transaction instruction, execution route, outcome monitoring, and complaint path.

Why this matters for KYA

Agentic finance changes the evidence question. A conventional digital journey can often be reviewed around a customer instruction, a product disclosure, a login session, and a transaction record. An agentic journey inserts a software actor between the customer and the financial action. The agent may search products, interpret goals, recommend options, select timing, initiate a transfer, rebalance savings, switch providers, or prepare a payment within parameters that the customer approved earlier.

That creates a gap between broad consent and transaction-level accountability. If a consumer authorizes an agent to improve savings yield, reduce fees, manage subscriptions, or complete a financial task, a reviewer still needs to know which action was actually authorized, which products or venues were eligible, what data the agent used, whether the recommendation was fair, whether the execution stayed inside mandate, and who is liable when the outcome is harmful.

Screenshot-ready KYA compliance comparison table

KYA dimensionWeak agentic-finance postureProduction-grade KYA postureEvidence reviewers should expect
Operator identityThe customer sees a branded app or assistant, but logs do not clearly separate the regulated firm, vendor, model runtime, orchestrator, and accountable human owner.Every retail-finance agent has a stable identity tied to a legal operator, regulated entity, deployment owner, model or runtime version, vendor chain, and revocation route.Agent ID, regulated firm, vendor, controller, model/runtime version, deployment environment, owner, activation date, change log, retirement or suspension record.
Agent mandateConsent is captured as a broad goal such as optimize my finances, find a better product, or manage payments, without action-level limits.The mandate separates advice, recommendation, initiation, execution, switching, cancellation, and escalation, with value limits, duration, product scope, and prohibited actions.Consent text, mandate version, allowed action classes, product scope, value and timing limits, expiry, renewal, revocation, human-review triggers, customer confirmation receipt.
Wallet and custodyBank accounts, card credentials, open-banking connections, wallets, stablecoins, or payment instruments are treated as downstream settlement details.Each credential and value rail is mapped to custody authority, access scope, authentication method, payment limit, balance exposure, and pause or dispute mechanism.Credential type, account or wallet scope, card or token reference, open-banking permission, payment rail, authentication result, spending cap, settlement receipt, dispute status.
Tool and venue accessThe agent can access search, product comparison, account data, payment APIs, brokers, wallet tools, or customer-service channels without risk-tier boundaries.Tools and venues are split by observe, compare, recommend, draft, initiate, execute, switch, cancel, and complain, with venue-specific eligibility checks.Tool inventory, API scopes, product universe, venue eligibility, blocked tools, comparison inputs, quote or offer records, execution venue, customer-service or complaint route.
Audit trailThe firm stores the final transaction or recommendation but cannot reconstruct the agent run, customer objective, data inputs, policy checks, explanation, and outcome monitoring.The audit trail links the customer goal, consent boundary, data inputs, model or policy run, recommendation, human or automated approval, transaction, outcome, and exception handling.Run ID, task hash, customer objective, data snapshot, recommendation rationale, policy decision, approval receipt, transaction ID, outcome metrics, complaint or remediation record.
Security and abuseControls focus on normal account authentication while ignoring prompt injection, malicious product feeds, manipulated comparison data, account takeover, or over-delegated autonomy.The agent uses least privilege, phishing and prompt-injection defenses, source integrity checks, anomaly monitoring, transaction throttles, kill switches, and incident playbooks.Authentication logs, source validation, prompt/tool inspection, anomaly alerts, blocked execution, throttle events, customer notification, kill-switch event, incident ticket.
Jurisdiction fitThe same agent workflow is deployed across markets without mapping advice rules, payment regulation, open-finance permissions, data residency, consumer duty, outsourcing, or complaints.The agent checks jurisdiction, customer segment, regulated activity, advice boundary, product eligibility, data transfer, outsourcing chain, and complaint-handling obligation before action.Jurisdiction matrix, regulated-activity assessment, product eligibility, advice boundary, data location, outsourcing record, vulnerable-customer control, complaint and redress pathway.

The compliance lesson

The Mills Review makes the KYA problem practical for retail finance. Agentic systems can improve access, personalization, switching, financial capability, and operational efficiency, but only if firms can show that the agent acted inside a clear mandate and that consumers were not pushed into opaque or unsuitable outcomes. A customer-facing agent should not be treated as a normal chatbot once it can initiate or execute a financial decision.

The strongest control is mandate granularity. A firm should not ask whether an agent is generally trusted. It should ask whether this specific agent, under this specific mandate, using these tools and data, may perform this specific action for this customer in this jurisdiction. That question is the bridge between AI governance and KYA.

Practical KYA checklist

Bottom line

Retail-finance agents will be judged by the evidence chain between consent and action. If an AI system can move from recommending a financial decision to initiating or executing it, KYA becomes the control file that proves who controlled the agent, what the customer allowed, which tools and value rails were available, why the action was selected, and how the outcome can be challenged or reversed.

Sources reviewed: FCA, "AI and the future of retail financial services (The Mills Review)" (July 6, 2026); FCA press release on The Mills Review (July 6, 2026); Retail Banker International, "Mills Review - AI review and the future of agentic payments" (July 7, 2026); PaymentExpert, "UK FCA looks to regulate AI for a transformative 2030" (July 7, 2026). These are regulatory-review and industry-commentary signals, not formal regulatory adoption of Know Your Agent.