Consumer Duty, which came into force in July 2023, represents the most significant shift in FCA conduct regulation in a generation. It moves firms from a rules-based compliance model to an outcomes-based one — and it creates a specific challenge for firms deploying AI in customer-facing or customer-impacting workflows.
The core question the FCA will ask is not "did you follow the process?" but "did the customer get a good outcome?" When an AI system influences that outcome — through a recommendation, a risk score, a decision, or a communication — the firm bears full regulatory responsibility for what the AI produced.
This whitepaper sets out the four Consumer Duty outcome areas, explains where AI creates the most acute compliance risk in each, and provides the governance framework we use with FCA-regulated clients at Valren.
The Four Consumer Duty Outcome Areas
The FCA's Consumer Duty rule (PRIN 12) requires firms to deliver good outcomes across four areas. Each creates distinct considerations when AI is involved in delivery.
Products & Services
Products and services must be designed to meet the needs of the target market and distributed appropriately. Where AI recommends or scores suitability, it must demonstrably reflect actual consumer need — not proxy variables that correlate with protected characteristics.
Price & Value
Firms must be able to demonstrate that the price charged is reasonable relative to the benefit received. AI-driven pricing must not produce outcomes that systematically disadvantage certain consumer groups, even where the pricing model appears facially neutral.
Consumer Understanding
Communications must be clear, fair, and not misleading. AI-generated communications — summaries, recommendations, explanatory text — must be tested to ensure they do not introduce confusion, inaccuracy, or material omission at scale.
Consumer Support
Consumers must be able to get the help they need. Where AI is the first or primary support interface, the firm must ensure that AI-deflection does not prevent vulnerable customers from reaching appropriate human assistance.
Where AI Creates the Most Acute Risk
Explainability and the FCA's Evidence Expectations
The FCA has been explicit: firms must be able to explain how AI-influenced decisions were reached. Black-box models — where the output cannot be attributed to interpretable factors — are not acceptable in consumer-facing contexts, regardless of their predictive accuracy.
This does not mean firms must avoid sophisticated models. It means firms must maintain audit trails that connect AI outputs to the inputs and logic that produced them, and must be able to present this to the FCA on request.
In our experience, most firms have a significant gap between what their AI vendors claim is logged and what is actually retrievable in a format that would satisfy an FCA information request. Test your retrieval process before you need it.
Vulnerable Customers and AI Triage
Consumer Duty places particular emphasis on the outcomes delivered to customers in vulnerable circumstances. AI triage systems — which route customers to self-service or AI-assisted pathways — carry significant risk here. If a vulnerable customer is systematically directed away from human support because the AI does not correctly identify their circumstances, this is a Consumer Duty failure regardless of the stated intent of the system.
Firms deploying AI in customer support contexts must:
- Define and document the signals their AI uses to identify potential vulnerability
- Set clear thresholds at which AI routing defaults to human escalation
- Test those thresholds regularly with scenario-based reviews, not just complaint data
- Maintain data on AI-deflection rates segmented by customer characteristics
AI-Generated Communications at Scale
When AI generates customer-facing text — whether that is a product summary, a policy explanation, or a personalised communication — the firm is responsible for every instance of that output, across every customer who receives it. A single prompt error or model degradation event can create a Consumer Understanding failure at a scale that would be impossible with human-authored content.
The mitigation is not to avoid AI-generated communications. It is to build systematic testing into the production process — including red-teaming for misleading or inaccurate outputs — and to maintain version control over prompts and model configurations so that problematic batches can be identified and remediated.
The Valren Governance Framework
The framework we use with FCA-regulated clients structures AI governance around three layers: pre-deployment, in-production, and ongoing review.
Pre-Deployment
Before any AI system goes live in a consumer-impacting workflow, the firm should complete a Consumer Duty impact assessment. This maps each AI output type to the relevant outcome area, documents the model's known limitations and failure modes, and defines the human oversight structures that compensate for those limitations.
In-Production Monitoring
Every AI system touching consumer outcomes should have defined monitoring metrics — accuracy rates, escalation rates, complaint attribution, output consistency — reviewed at least monthly. Monitoring dashboards should be accessible to compliance, not just the technical team that built the system.
Periodic Review
Consumer Duty requires annual board sign-off on consumer outcomes. AI systems must feed into this process with documented performance data. The board report should address whether AI-influenced outcomes are consistent across different customer segments, and should include any adverse findings from ongoing monitoring.
The FCA's supervisory approach to Consumer Duty is outcomes-led. When they come to review your AI use, they will ask to see outcome data. The firms that navigate this well are the ones that started collecting that data before the supervision visit, not in response to it.
Conclusion
Consumer Duty does not prohibit AI in regulated contexts. It requires firms to take explicit ownership of AI-influenced outcomes and to demonstrate that ownership through documentation, monitoring, and evidence. The firms that approach this as a governance challenge — rather than a compliance checkbox — will be better positioned both regulatorily and commercially.
If you would like to discuss how this framework applies to your specific AI deployment, the Valren team is available for a confidential conversation.