On 6 July 2026, the FCA published the Mills Review: a 147-page look at how AI will reshape retail financial services by 2030, led by outgoing executive director Sheldon Mills. It is the most detailed statement yet from the UK regulator on what agentic finance requires to work safely.
Read against Invela's own thesis, it reads like independent confirmation. The Review sets out an "autonomy spectrum" running from Operator, through Collaborator, Consultant and Approver, to Observer, where a human sets boundaries and an AI agent acts continuously within them. It states plainly that as firms and consumers move further along that spectrum, accountability becomes harder to trace, particularly where firms depend more heavily on third-party models and external agents.
That is not a hypothetical risk. It is the working definition of the open finance chain.
The Review names six things agentic finance needs before it can move forward safely: data, identity, authorisation and delegation, payments, liability attribution, and supervision and audit at scale. On data specifically, it goes further than most regulatory commentary we have seen: open finance could be the observation data layer for agentic finance, giving AI agents a standardised, portable view of a consumer's financial position across providers.
That is the case for open finance as infrastructure, not just as a data-sharing standard. But the Review is equally direct about what happens if the rest of the stack is missing. Today's open banking consent model asks a human to click approve, once, for a bounded action. It has no way to represent a mandate that runs for days or weeks while an agent acts on someone's behalf. Extending that consent model to genuinely autonomous agents is, in the Review's own words, a structural problem the current framework was not built to solve.
The most direct validation of Invela's own argument sits in the Review's section on liability attribution. Its logic is simple: a regulated firm that cannot clearly allocate liability for a loss caused by a third-party agent will rationally fall back on requiring its own human-authenticated confirmation at every step, regardless of what the consumer has pre-authorised. Without a liability framework, autonomy does not happen. Friction does.
This is the logic behind Invela's Warranty. Accreditation establishes who is trusted to act. The Risk Indicator monitors that trust continuously. Warranty is being developed because standardised accreditation and monitoring only remove friction from delegation if there is also a clear, insurance-backed answer to who pays when something goes wrong.
The Review also confirms something Invela has long argued: that shared reliance on the same models, vendors and infrastructure creates correlated risk across firms that no single firm's controls can see. It notes that dependence on third-party models introduces challenges for control and assurance, and that evidencing "reasonable steps" under the Senior Managers Regime becomes materially harder as firms rely more on AI systems and providers operating upstream of them.
The Review's proposed answer, an Agentic Supervisory Model giving the FCA AI-enabled tools to monitor system-wide risk, is a regulator-level version of what Invela does at network level: continuous, near real-time visibility into where risk sits across a chain, rather than a point-in-time assessment that goes stale the moment a third party changes what it is doing.
One gap the Review is unusually blunt about: the UK currently has no registry of AI agent operators and no standard for verifying an agent's identity or authority. If an agent initiates a payment or requests a data release, it can arrive at a firm with no verified identity and no way to distinguish it from an impersonator. The Review calls this a fragmented approach that limits agent capability to whatever each platform allows, and warns that it disadvantages smaller firms who lack the resource to navigate multiple incompatible schemes.
This is precisely the problem standardised accreditation exists to solve: establishing, in a way every participant in the network recognises, who is trusted to act and on what basis.
The Review does not resolve any of this on its own; it is a set of recommendations to the FCA Board, not new rules. But it puts a regulator's name behind an argument Invela has been making in market for two years: that the open finance chain needs infrastructure, not just policy intent, to make delegation, liability and third-party AI risk manageable at scale.
If your third-party risk register does not yet have a line for "agent identity and authority" or "liability attribution across delegated AI actions," this is the moment to add one. The Review makes clear the FCA expects firms, not just regulators, to have already started working through it.
---
Invela is the infrastructure layer that makes open finance trustworthy: accrediting who's in the network, monitoring risk in real time, and ensuring liability lands in the right place.
Invela is the infrastructure layer that makes open finance trustworthy - accrediting who's in the network, monitoring risk in real time, and ensuring liability lands in the right place.