# AI for Brokers — Full Editorial Content This is the complete plain-text content of AI for Brokers, formatted for LLM ingestion. Last updated: 18 May 2026. For the structured summary, see https://aiforbrokers.co.uk/llms.txt --- ## About AI for Brokers AI for Brokers (AIfB) is an independent UK publication on AI, FCA regulation, and UK broking — for mortgage, commercial finance, and protection brokers. Founded in 2026 by Yasmin Gee. A trading name of Certta Ltd, registered in England and Wales. Editorially independent. No vendor money. Not authorised or regulated by the Financial Conduct Authority. Educational content only. ## About Yasmin Gee, Founder Yasmin Gee has more than thirty years combined experience across software engineering, business operations, and broking — mortgage, commercial finance, and protection. Credentials: BA Leadership and Professional Development, Computer Science, CeMAP Level 3, ILM Level 6, Anthropic Certified. In 2026 she stepped away from active broking to lead AI for Brokers full-time. ## Editorial position The FCA AI Update (April 2024) is a statement of regulatory jurisdiction, not a permissive framework. The FCA chose not to introduce AI-specific rules because the existing regulatory framework, which is principles-based and outcomes-focused, already applies. Senior Managers and Certification Regime (SM and CR), Consumer Duty, UK GDPR, and SYSC obligations all apply in full to AI use in regulated activity. The Mills Review (January 2026) extends this position by examining whether the existing framework remains sufficient through 2030. ## The three streams Regulator Decoded — Plain-English analysis of what the FCA, ICO, lenders, and HM Treasury are actually saying about AI in financial services. Compliance Reality Check — The compliance risks UK brokers are already carrying without realising. Illustrative scenarios mapped against FCA, ICO, and UK GDPR obligations. The Future of Broking — Strategic analysis of UK broking's evolution under principles-based AI regulation. --- # ARTICLE: What the FCA Actually Said About AI Stream: Regulator Decoded Author: Yasmin Gee Publication: AI for Brokers The FCA published its AI Update in April 2024. It is twenty-six pages long. It does not contain a single new rule. That has been widely interpreted, including across mortgage, commercial finance, and protection broking, as confirmation that AI in regulated firms is a permitted, low-friction activity. It is the opposite. The FCA's central message is that AI use by regulated firms is already comprehensively governed, by rules brokers already operate under, and that the regulator now expects firms to demonstrate they understand which rules apply and how. The Update is not a green light. It is a statement of jurisdiction. The FCA describes itself as technology-agnostic, principles-based and outcomes-focused. Technology-agnostic means the FCA does not plan to write AI-specific rules in the short term. Principles-based means it will not need to. Outcomes-focused means that when supervisory action follows, it will follow on the basis of what AI use produced for the consumer, not whether a specific AI rule was breached. The Update makes this explicit at section 3.5: many risks related to AI are not necessarily unique to AI itself and can therefore be mitigated within existing legislative and regulatory frameworks. Translated: the FCA is not building a new regime. It is telling firms that the existing regime already applies. The Government identified five principles for AI regulation: safety, security and robustness; transparency and explainability; fairness; accountability and governance; and contestability and redress (section 3.6). The FCA's job in this Update is to demonstrate that each principle is already covered by existing Handbook provisions. On fairness, the FCA points directly at Consumer Duty. Section 3.22 states that the regulator's approach to AI fairness rests on Principles for Businesses, detailed rules and guidance, including the Consumer Duty. The Duty requires firms to deliver good outcomes, design products that meet customer needs, communicate in ways customers can act on, and avoid foreseeable harm. None of these obligations contain an AI carve-out. The Update is unambiguous at section 3.26: firms using AI technologies in a way that embeds or amplifies bias, leading to worse outcomes for some groups of consumers, might not be acting in good faith for their consumers. On accountability, the FCA confirms that the Senior Managers and Certification Regime applies in full. Section 3.40 states that any use of AI in relation to an activity, business area, or management function of a firm would fall within the scope of a SMF manager's responsibilities. Section 3.41 reinforces this by reminding firms that Senior Managers must take reasonable steps to ensure that the business of the firm, for which they are responsible, is effectively controlled. For a sole-trader broker authorised under Limited Scope SM and CR, this is personal. For an AR firm, it is the principal's exposure. For a network, it is firm-wide. On data, the FCA defers to the ICO and to UK GDPR Article 22. Section 3.31 confirms that firms using AI to process personal data must comply with data protection law, and section 3.32 specifies that automated decision-making which produces legal or similarly significant effects triggers Article 22 safeguards, including the data subject's right to contest the decision. The Update does not introduce a Senior Manager Function dedicated to AI. The FCA considered the question, consulted on it, and concluded against it (section 3.40). Existing governance structures, the regulator argues, are sufficient. This is not a relaxation. It is a confirmation that AI is the existing Senior Manager's problem. The Update does not provide safe harbour. The Update does not exempt small firms. Limited Scope SM and CR firms carry the same Statement of Responsibilities obligations as Enhanced firms. For UK brokers, three practical implications follow. Any AI use in a regulated activity needs to be capable of being defended on Consumer Duty grounds. Senior Manager accountability extends fully to AI use, with no separate framework planned. Data handling matters before everything else. The FCA has told the industry where the lines are. The lines were there already. The Update simply confirmed that they apply. --- # ARTICLE: The Broker Who Used ChatGPT to Summarise a Client Call Stream: Compliance Reality Check Author: Yasmin Gee Publication: AI for Brokers A broker takes a fact-find call with a new client. The client mentions, somewhere around minute eleven, that they have been off work for four months following a bereavement. The conversation moves on. The broker takes the call recording, drops the transcript into ChatGPT, and asks for a summary and recommended next steps. The summary comes back clean. Affordability looks fine. Two product options are suggested. The broker emails the summary to the client. The deal proceeds. Nothing in that workflow looks like a regulatory failure. It is, however, four of them. The fact pattern: a regulated broker has taken personal data of a retail client, including a verbal disclosure that contains a vulnerability signal, and has transferred that data to a third-party large language model owned by a US company. The model has produced output that informed a regulated activity. The output was acted on. No human review of the model's reasoning was documented. Failure one: Consumer Duty vulnerability obligations. The client mentioned a bereavement and four months out of work. Under FCA guidance, this is a vulnerability signal of two types simultaneously. The Consumer Duty requires firms to take account of the different needs of their customers, including those with characteristics of vulnerability (FCA AI Update section 3.24). The FCA's Guidance for firms on the fair treatment of vulnerable customers is explicit that vulnerability must be considered at all stages of the product and service design process (Update section 3.28-3.29). ChatGPT did not flag the vulnerability. Summarisation is not vulnerability detection. The Consumer Duty does not allow the broker to outsource that detection. Section 3.29 confirms: this includes where the product or service is heavily reliant on an AI or data solution. Failure two: UK GDPR Article 22. The summary informed the broker's recommendation. The broker emailed the recommendation to the client. This is automated decision-making with significant effect on the data subject, and Article 22 of UK GDPR applies. The FCA confirms this at section 3.32. The defence to an Article 22 challenge is to demonstrate meaningful human intervention. The ICO's guidance is clear that this requires the human to have the authority, capacity, and information to override the automated output. The broker read the ChatGPT summary and proceeded. The human is present. The intervention is not meaningful. Failure three: Senior Manager accountability. The broker is a Limited Scope SM and CR firm. The broker holds the Senior Management Function for the firm's activities. Under the Senior Manager Conduct Rules, the broker must take reasonable steps to ensure that the business is effectively controlled (FCA AI Update section 3.41). The FCA AI Update is explicit at section 3.40: any use of AI in relation to an activity, business area, or management function of a firm would fall within the scope of a SMF manager's responsibilities. Failure four: Data security under SYSC. Section 3.12 of the Update reminds firms that the Senior Management Arrangements, Systems and Controls sourcebook requires sound security mechanisms in place relating to data. When the broker pasted the transcript into ChatGPT, client personal data left the firm's controlled environment and entered a third-party system over which the firm has no contractual data processing agreement, no audit rights, no deletion guarantees, and limited ability to confirm whether the data was used in training future model versions. Each of the four failures, in isolation, is recoverable. In combination, they describe a firm whose use of AI is operating outside the regulatory framework it sits inside. None of these failures requires the FCA to write new rules. Every one of them is enforceable on the existing Handbook. The corrective path: the firm needs a documented AI policy that sets out which tools are approved for which workflows, what data may and may not be transferred to each, and what review process applies before AI output is acted on. The firm needs vendor due diligence on any AI tool used in regulated activity. The firm needs a vulnerability screening step that does not rely on AI. The firm needs an audit log. The FCA AI Update is the regulator's notice that absence of complaint is not absence of breach. --- # ARTICLE: The Brokers Who Will Win the Next Five Years Stream: The Future of Broking Author: Yasmin Gee Publication: AI for Brokers When the FCA chose, in April 2024, not to write AI-specific rules, what kind of broker did that decision favour? Most commentary read the Update as a technical clarification. It is more interesting than that. The FCA's choice of regulatory architecture, principles-based and outcomes-focused, is a directional bet on which firms can adapt. The bet is not neutral. A principles-based regime measures firms on outcome and process. Outcome is the result. Process is the documented reasoning behind it. The FCA AI Update reinforces both. Section 3.43 commits firms to annual Consumer Duty assessments evidenced with data. Section 3.40 confirms that any AI use sits within Senior Manager responsibilities. Section 3.32 requires explainability where automated decisions produce significant effects on consumers. The common thread is documentation. Not technology. Documentation. In 2030, the question a supervisor asks a broker will not be "do you use AI?" It will be "show me how you control it." Firms with mature documentation discipline answer that question in an afternoon. Firms without it answer it over six months of enforcement action. The Update treats explainability as central. Section 3.34 establishes that AI systems should be appropriately transparent and explainable, and section 3.32 confirms that automated decisions with significant effect on consumers must include meaningful information about the logic involved in the decision. Firms that build their workflows around explainability will scale into the next five years. Firms that adopt AI tools they cannot explain will hit a regulatory ceiling. The Update positions AI use as a governance question, not a technology question. Section 3.13 brings AI inside operational resilience obligations. Section 3.15 brings it inside outsourcing rules. Section 3.40 places it inside SM and CR. Section 4.4 commits the FCA to deepening operational resilience scrutiny increasingly relevant to firms' safe and responsible use of AI. This sounds like overhead. It is competitive infrastructure. Brokers who treat their CRM, their AI tools, their lead management systems and their compliance software as governed infrastructure will sell their firms in 2030 for materially higher multiples than brokers who treat them as a stack of free trials and one-person accounts. Network principals will pay premiums for AR firms that demonstrate AI governance maturity. Lenders will accept introductions on better terms from brokers who can evidence Consumer Duty compliance through their AI use rather than despite it. PI insurers will price risk on the basis of AI governance. A principles-based AI regime makes some kinds of broking less viable. It makes sole-trader broking dependent on consumer AI tools, with no governance documentation, hard to defend in supervisory engagement. It makes networks that rely on AR self-reporting of AI use without verification, exposed at the principal level. It makes opaque AI vendors increasingly unattractive. It makes credential-light advisory less defensible. It favours brokers who treat their craft as continuous professional development. It favours firms with operational discipline. It favours networks that build firm-wide AI policy. It favours specialist brokers in defensible niches. It favours the brokers who read FCA documents. The brokers who win will not be the brokers with the best AI. They will be the brokers who built the governance to use any AI safely, and who can prove it. --- # WELCOME ESSAY: If You're a UK Broker Reading This, You're Already Exposed By Yasmin Gee, Founder Publication: AI for Brokers If you are a UK broker reading this, here is the position you are in. You are operating under three regulatory frameworks, Consumer Duty, the Senior Managers and Certification Regime, and UK GDPR, all three of which apply to AI tools the same way they apply to anything else you do in your firm. You probably already use AI in your daily workflow. You almost certainly do not have a documented policy for it, a vendor due diligence file for the tools, an audit log of what you put into them, or a defensible answer for the FCA if they ask how you control it. The FCA published its AI Update in April 2024. It is twenty-six pages. It contains no new rules. What it does contain is the regulator's clear position that AI use by regulated firms is already comprehensively governed by the existing Handbook, and that firms are responsible for proving they understand how. Almost nobody in broking has read it. AI for Brokers runs three streams. Regulator Decoded is the analytical stream. Compliance Reality Check is the uncomfortable stream. The Future of Broking is the strategic stream. The next five years will reshape UK broking. Firms that adapt will compound an advantage that becomes visible in 2028 and decisive in 2030. Firms that do not will spend the same period dealing with consequences they did not need to incur. --- ## Editorial standards summary AI for Brokers is editorially independent. We do not accept payment, sponsorship, or affiliate commission from AI vendors, technology providers, lenders, networks, compliance consultancies, or training providers. We do not endorse specific products or services. Where we name a tool, a platform, or a firm, we do so for editorial reasons only. AI for Brokers is a publication. It is not a regulated advisory service. Nothing published here constitutes financial advice, regulatory advice, legal advice, or compliance advice for any individual firm or transaction. The content is for educational and informational purposes only. Readers should take qualified professional advice before acting on the analysis in their own firms. AI for Brokers is a trading name of Certta Ltd, a company registered in England and Wales. The publication is not authorised or regulated by the Financial Conduct Authority. Quotations and paragraph references from FCA, ICO, PRA, and other public bodies are used under the fair dealing provisions of UK copyright law for the purposes of criticism, review, reporting current events, and quotation. AI for Brokers is not affiliated with, authorised by, endorsed by, or otherwise connected to the Financial Conduct Authority or any other UK regulator. We use AI tools in our editorial process, specifically large language models for research synthesis, drafting assistance, and editorial review. Every article is written, edited, and signed off by a named human author. Full editorial standards: https://aiforbrokers.co.uk/editorial-standards.html ## Contact Yasmin Gee, Founder AI for Brokers, a trading name of Certta Ltd Editorial enquiries: contact@aiforbrokers.co.uk Website: https://aiforbrokers.co.uk Newsletter: https://aiforbrokers.substack.com LinkedIn: https://linkedin.com/company/ai-for-brokers