FCA Mills Review turns agentic finance consent into KYA evidence
The FCA's Mills Review is not a formal Know Your Agent rule, but it gives financial-services operators a clear warning: when AI systems recommend actions, initiate transactions, and execute decisions within agreed parameters, consent, mandate scope, transaction authority, and accountability must be reconstructable.
Daily signal: On July 6, 2026, the FCA published The Mills Review on AI and the future of retail financial services. The review says future systems are likely to move beyond assistance into delegated financial decision-making. KYA implication: every retail-finance agent needs a reviewable evidence file linking the consumer, operator, agent, consent boundary, transaction instruction, execution route, outcome monitoring, and complaint path.
Why this matters for KYA
Agentic finance changes the evidence question. A conventional digital journey can often be reviewed around a customer instruction, a product disclosure, a login session, and a transaction record. An agentic journey inserts a software actor between the customer and the financial action. The agent may search products, interpret goals, recommend options, select timing, initiate a transfer, rebalance savings, switch providers, or prepare a payment within parameters that the customer approved earlier.
That creates a gap between broad consent and transaction-level accountability. If a consumer authorizes an agent to improve savings yield, reduce fees, manage subscriptions, or complete a financial task, a reviewer still needs to know which action was actually authorized, which products or venues were eligible, what data the agent used, whether the recommendation was fair, whether the execution stayed inside mandate, and who is liable when the outcome is harmful.
Screenshot-ready KYA compliance comparison table
| KYA dimension | Weak agentic-finance posture | Production-grade KYA posture | Evidence reviewers should expect |
|---|---|---|---|
| Operator identity | The customer sees a branded app or assistant, but logs do not clearly separate the regulated firm, vendor, model runtime, orchestrator, and accountable human owner. | Every retail-finance agent has a stable identity tied to a legal operator, regulated entity, deployment owner, model or runtime version, vendor chain, and revocation route. | Agent ID, regulated firm, vendor, controller, model/runtime version, deployment environment, owner, activation date, change log, retirement or suspension record. |
| Agent mandate | Consent is captured as a broad goal such as optimize my finances, find a better product, or manage payments, without action-level limits. | The mandate separates advice, recommendation, initiation, execution, switching, cancellation, and escalation, with value limits, duration, product scope, and prohibited actions. | Consent text, mandate version, allowed action classes, product scope, value and timing limits, expiry, renewal, revocation, human-review triggers, customer confirmation receipt. |
| Wallet and custody | Bank accounts, card credentials, open-banking connections, wallets, stablecoins, or payment instruments are treated as downstream settlement details. | Each credential and value rail is mapped to custody authority, access scope, authentication method, payment limit, balance exposure, and pause or dispute mechanism. | Credential type, account or wallet scope, card or token reference, open-banking permission, payment rail, authentication result, spending cap, settlement receipt, dispute status. |
| Tool and venue access | The agent can access search, product comparison, account data, payment APIs, brokers, wallet tools, or customer-service channels without risk-tier boundaries. | Tools and venues are split by observe, compare, recommend, draft, initiate, execute, switch, cancel, and complain, with venue-specific eligibility checks. | Tool inventory, API scopes, product universe, venue eligibility, blocked tools, comparison inputs, quote or offer records, execution venue, customer-service or complaint route. |
| Audit trail | The firm stores the final transaction or recommendation but cannot reconstruct the agent run, customer objective, data inputs, policy checks, explanation, and outcome monitoring. | The audit trail links the customer goal, consent boundary, data inputs, model or policy run, recommendation, human or automated approval, transaction, outcome, and exception handling. | Run ID, task hash, customer objective, data snapshot, recommendation rationale, policy decision, approval receipt, transaction ID, outcome metrics, complaint or remediation record. |
| Security and abuse | Controls focus on normal account authentication while ignoring prompt injection, malicious product feeds, manipulated comparison data, account takeover, or over-delegated autonomy. | The agent uses least privilege, phishing and prompt-injection defenses, source integrity checks, anomaly monitoring, transaction throttles, kill switches, and incident playbooks. | Authentication logs, source validation, prompt/tool inspection, anomaly alerts, blocked execution, throttle events, customer notification, kill-switch event, incident ticket. |
| Jurisdiction fit | The same agent workflow is deployed across markets without mapping advice rules, payment regulation, open-finance permissions, data residency, consumer duty, outsourcing, or complaints. | The agent checks jurisdiction, customer segment, regulated activity, advice boundary, product eligibility, data transfer, outsourcing chain, and complaint-handling obligation before action. | Jurisdiction matrix, regulated-activity assessment, product eligibility, advice boundary, data location, outsourcing record, vulnerable-customer control, complaint and redress pathway. |
The compliance lesson
The Mills Review makes the KYA problem practical for retail finance. Agentic systems can improve access, personalization, switching, financial capability, and operational efficiency, but only if firms can show that the agent acted inside a clear mandate and that consumers were not pushed into opaque or unsuitable outcomes. A customer-facing agent should not be treated as a normal chatbot once it can initiate or execute a financial decision.
The strongest control is mandate granularity. A firm should not ask whether an agent is generally trusted. It should ask whether this specific agent, under this specific mandate, using these tools and data, may perform this specific action for this customer in this jurisdiction. That question is the bridge between AI governance and KYA.
Practical KYA checklist
- Create a KYA record for every retail-finance agent that can recommend, initiate, execute, switch, cancel, rebalance, or complain on behalf of a consumer.
- Separate education, guidance, regulated advice, payment initiation, product switching, trading, wallet action, and customer-service escalation.
- Bind each action to a consent artifact, mandate version, data snapshot, tool call, product or venue choice, policy result, transaction receipt, and outcome record.
- Use human approval for vulnerable-customer indicators, high value, new payees, new products, cross-border activity, unclear suitability, and mandate ambiguity.
- Preserve evidence for reversibility: revocation, pause, complaint, remediation, dispute, refund, and model or runtime suspension.
- State the caveat clearly: the Mills Review is an FCA review and roadmap signal, not formal adoption of Know Your Agent by the FCA, a bank, or an exchange.
Bottom line
Retail-finance agents will be judged by the evidence chain between consent and action. If an AI system can move from recommending a financial decision to initiating or executing it, KYA becomes the control file that proves who controlled the agent, what the customer allowed, which tools and value rails were available, why the action was selected, and how the outcome can be challenged or reversed.
Sources reviewed: FCA, "AI and the future of retail financial services (The Mills Review)" (July 6, 2026); FCA press release on The Mills Review (July 6, 2026); Retail Banker International, "Mills Review - AI review and the future of agentic payments" (July 7, 2026); PaymentExpert, "UK FCA looks to regulate AI for a transformative 2030" (July 7, 2026). These are regulatory-review and industry-commentary signals, not formal regulatory adoption of Know Your Agent.