Your guide to this week in regulation

As UK borrowers brace for mortgage rate hikes stemming from geopolitical events, this week we lead with latest developments as regulators look to re-set expectations for high loan to income (LTI) lending. Meanwhile, we share latest insights from the Financial Conduct Authority (FCA) regarding how it is using credit data and innovative analytics to assess consumer journeys and better understand indicators of financial distress.

Elsewhere this week, we explore an eclectic mix of topics including the promise of open finance to the industry, guardrails for use of AI by audit firms, and useful and widely applicable guidance on good and bad practice in financial crime controls.

High LTI mortgages consultation

The Bank of England, through the PRA and FCA, has launched Consultation Paper CP6/26 on proposed changes to the loan to income mortgage lending framework. The regulators propose removing the current firm‑level cap that limits high loan to income lending to 15 per cent of new mortgages, while keeping the overall market limit at 15 per cent in aggregate.

The proposals would give individual lenders more flexibility to set their own high loan to income strategies, provided they remain within their risk appetite and maintain strong governance and risk controls. The PRA would publish the aggregate level of high loan to income lending each quarter to support market transparency and manage adjustments if the aggregate exceeds the 15 per cent threshold.

Key points for firms include:

• greater freedom to lend above 15 per cent at firm level when the aggregate allows,
  stronger expectations on board oversight and risk management where firms exceed the threshold, and
• exclusion of further advances and retirement interest only mortgages from the limit.

The consultation closes on 1 July 2026.

Read more on high loan to income lending consultation paper

Tracking credit risk earlier

The FCA sets out how it uses credit file data and advanced analytics to spot financial distress earlier across consumer credit markets. The approach tracks whole consumer credit journeys rather than single indicators, giving the FCA a market-wide view that goes beyond firm-level data.

Firms should consider:

• early warning signs such as rising credit use, recent missed payments and multiple new unsecured accounts often appear well before arrears,
• consumers tend to move through identifiable stages from stability to stress and distress, rather than deteriorating suddenly, and
• traditional metrics may miss direction, speed and persistence of financial pressure, which this model seeks to capture.

The FCA says this insight helps it focus supervision, assess affordability and vulnerability more sharply, and engage with firms earlier where harm may be emerging. It also links to existing rules requiring tailored support before customers fall into arrears.

Looking ahead, the FCA plans to extend this work using product sales data and to include deferred payment credit, including buy now pay later.

Read more on early tracking consumer credit journeys

FCA sets out open finance vision

The FCA has published its vision for open finance, setting out how wider data sharing could give consumers and businesses greater control over their financial information and access to better outcomes. Open finance aims to allow secure sharing of financial data beyond payments, including savings, investments, pensions and mortgages, with trusted providers. This could support more tailored services, sharper pricing and stronger fraud controls.

Key points likely to interest firms include:

• a clear FCA focus on using open finance to improve SME access to credit and speed up loan applications,
• work to support better mortgage access and management for consumers,
• engagement with industry, consumer groups and other regulators during 2026 to develop practical use cases, including through the Smart Data Accelerator and PRISM Taskforce, and
• collaboration with HM Treasury on options for an open finance regulatory framework by the end of 2027.

Read more on FCA vision for open finance

FRC sets guardrails for AI use

The Financial Reporting Council has published guidance on the use of generative and agentic AI in audits, aimed at teams designing and overseeing these tools within audit firms. The FRC supports innovation where it improves quality but warns that AI use creates new risks that need active control.

Key points for the third line include:

• the FRC identifies three core risks to audit quality: deficient outputs, misuse of outputs, and non‑compliant methodologies,
  Generative AI can appear confident even when wrong, increasing the risk of hallucinations, omissions and faulty reasoning,
• agentic AI brings added complexity because systems may plan and execute tasks with a degree of autonomy, and
• strong governance matters. The FRC expects firms to focus on system design, certification, staff training and clear human review and oversight.

The guidance underlines that professional judgement remains central, especially where AI outputs contribute to audit evidence. Firms should consider whether their existing controls, certification processes and training are fit for AI‑enabled work.

Read more on FRC AI guardrails 

FCA flags CDD control gaps

The FCA has published the findings of a multi‑firm review of customer due diligence (CDD), enhanced due diligence (EDD) and ongoing monitoring controls, carried out in 2025 across a range of authorised and registered firms.

The review highlights clear strengths and recurring weaknesses. Better‑performing firms clearly distinguish CDD from EDD, document EDD steps in detail, and set out when senior management approval is required. Weaker practices included policies that lack practical guidance for staff, limited detail on periodic and event‑driven reviews, and poor evidence of EDD for higher‑risk customers. The FCA also raised concerns where firms failed to record key information such as the purpose and intended nature of the business relationship.

On assurance, the FCA saw strong practice where firms use independent audit or thematic reviews to test CDD controls. In contrast, some firms lacked effective second line assurance or clear version control over key documents.

Read more on customer due diligence processes and controls