AI and the Consumer Duty: how to evidence good outcomes.

The Consumer Duty does not have an AI clause. It does not need one. The four outcomes apply whether a journey is fully advised, fully digital, or stitched together with an AI summariser in the middle. What changes when AI enters the journey is the evidence pack you need to keep, and where the FCA expects you to look for harm.

This guide is the operational lens — what to monitor, how to thread AI through the four outcomes, where the board MI needs an extra line, and what a credible Consumer Duty evidence pack looks like when a model is doing some of the work.

The position to hold

Firms remain accountable for outcomes regardless of how decisions or communications are generated. That is the position to hold internally and the position to present externally. AI is a tool inside a regulated journey, not a regulated entity in its own right. The model has no permissions. The firm does.

Firms are responsible for the outcomes their customers receive, whether those outcomes are produced by a person, a system, or a combination of both.

- David Geale, FCA Director of Retail Banking, Treasury Committee, January 2026

Once that position is internalised, the four outcomes become a simple monitoring grid: products and services, price and value, consumer understanding, consumer support. Each row gets a column for the AI-touched part of the journey.

The four outcomes, AI-mapped

Products and services

AI rarely changes the product itself. It changes the journey into and out of the product. The question for this outcome is whether target-market criteria are still being honoured when AI is triaging, summarising or pre-qualifying. If a model is filtering who gets to talk to an adviser, the filter is part of the product distribution and needs the same target-market sign-off.

Price and value

AI lowers cost to serve. Fair value is a price-for-benefit assessment, not a cost-plus calculation, so the saving can stay inside the business or flow to the customer. Either is defensible. What is not defensible is a fair-value assessment that ignores the change in cost base or a refresh cycle that does not pick up the AI-driven change.

Consumer understanding

This is where AI footprint is largest and where the evidence gap is widest. The moment AI drafts a customer letter, summarises a suitability rationale or generates fact-find narrative, the firm has to show the customer can act on what they receive. Reading-age tooling is the floor. Sample review against the firm's customer-understanding policy is the standard. Both run on a defined cadence.

Consumer support

AI in support journeys is a velocity decision. Faster is not automatically better. The Duty asks whether support is as easy to access as the original sale. If a complaint or vulnerability disclosure has to navigate an AI triage layer before reaching a human, the friction differential is itself a Duty issue. Easy in, easy out.

Vulnerable customers and the AI step

Vulnerability flags belong upstream of the AI step. The risk pattern I see most often is an AI summariser flattening signals a human would have caught — a passing phrase about bereavement in a fact-find, hesitation captured in a call recording, an unusual delay in a digital journey. The control is structural: vulnerability characteristics drive routing, AI never overrides them, and the management information shows vulnerable-customer outcomes tracked separately from the main book.

In practice this means the AI step needs a documented exclusion rule. If the upstream system flags the customer as vulnerable, the AI summary is suppressed or downgraded to a draft for human review. The audit log captures the flag and the suppression. That single control answers most vulnerable-customer questions an FCA visit would raise.

The Consumer Duty AI evidence pack

The evidence pack is the artefact the firm produces to show the Duty is being met when AI is in the journey. It sits inside or alongside the annual Consumer Duty board report. It is not a separate regime, just a focused annex.

• AI use map. Every customer journey, with the AI-touched steps flagged. One row per journey, one column per outcome, traffic-light status against the firm's monitoring standard.
• Customer-understanding sample review. Quarterly sample of AI-generated communications scored against the firm's plain-English standard and reading-age threshold. Outliers triaged into a remediation log.
• Vulnerable-customer outcomes split. Outcomes data for vulnerable customers reported separately, with a specific check that AI-touched journeys do not underperform the human-only baseline.
• Fair-value reassessment trigger. A documented trigger that fires when AI changes the cost base of a journey by more than a defined threshold, forcing a refresh of the fair-value assessment.
• Complaint thematics with an AI tag. Intake tagging so any complaint touching AI-generated comms, AI influence on a decision or an AI summary is themable. The tag, not just the volume, is the early warning.
• Model-change log. Every retrain, prompt update or vendor-side change recorded against the journeys it touches, with a customer-impact note attached.

Monitoring cadence

Annual fair-value reviews are the floor. AI-touched journeys deserve a quarterly line of their own because the model can drift in ways the underlying product does not. A retrained model, a new prompt, a silent vendor-side update — each one can change the customer experience without changing the documented journey. Quarterly cadence catches that. Annual cadence does not.

The pragmatic rhythm I recommend for SME firms: monthly operational MI on AI-touched volumes and exceptions, quarterly outcomes review by the Consumer Duty Champion, annual board report with the AI annex.

The board MI pattern

Boards do not need a separate AI dashboard. They need the existing Consumer Duty MI to include an AI lens. Concretely: every outcomes metric gets a sub-split for AI-touched journeys, every exceptions report carries an AI tag where relevant, and the Champion's annual report has a dedicated AI-and-outcomes annex.

That pattern keeps accountability with one person — the Consumer Duty Champion, sitting under SMF — and avoids the common failure mode of an AI committee that runs in parallel to the Duty governance and never quite syncs with it.

Appointed representatives and AI

For principals with ARs, AI is now one of the higher-risk areas of AR oversight. The principal is responsible for the AR's conduct under SMCR and the Duty. If an AR brings its own AI tooling, the principal has to approve it through the same governance applied to its own tools, and the AR has to feed outcomes data back into the principal's monitoring.

AR-side AI without principal oversight is the structural risk to flag at board level. The fix is contractual and operational: AI tooling listed in the AR agreement, pre-approval required for new tools, and outcomes data flowing back on the same cadence as everything else the principal monitors.

How this lands in a real firm

In firms I have walked through this, the Consumer Duty AI evidence pack is rarely a new document set. It is the existing Duty pack with two or three columns added, one new annex, and a clearer line on who owns the AI lens. The work is in the routing — making sure vulnerability flags fire before the AI step, that complaint intake captures the tag, that the fair-value trigger is documented and tested.

None of this is new regulation. It is the Duty applied with its eyes open to what has changed in the journey. The firms that do this well will not need to explain themselves on a future supervisory visit. The firms that do not will be explaining themselves on the back foot.

Read more in this series