Prioritizing Supervision: Navigating Evolution in an AI-Driven Era

Regulatory priorities are shifting, but not always in the ways firms expect.

At Kroll’s Alternatives and Asset Management Conference 2026, a clear message emerged: this is not a story of regulatory retreat, but of regulatory recalibration. In a panel "Supervisory and Enforcement Priorities: What Will Shape the Next 12 Months" experts discussed that the UK Financial Conduct Authority (FCA) is becoming more interventionist, more data-driven and more focused on outcomes. Simultaneously, the FCA is grappling with the implications of artificial intelligence (AI), rising fraud risk and growing political scrutinys.

For senior leaders, the implications are significant. The regulatory perimeter is not necessarily expanding, but expectations within it are intensifying.

 

From Enforcement to Supervision

One of the most notable shifts underway is the FCA’s move away from high-volume enforcement toward impactful deterrence. Rather than pursuing numerous cases, the regulator is focusing on fewer, more complex matters that send clear signals to the market.

At the same time, supervision has become sharper and more consequential. Tools like skilled person reviews, voluntary requirements and structured remediation programs are being deployed earlier and more frequently. These mechanisms, while technically supervisory, can carry consequences comparable to enforcement in terms of cost, operational disruption and reputational impact.

The practical outcome is a convergence of supervision and enforcement. A formal distinction still exists, but supervisory intervention can be just as intrusive and, in some cases, just as damaging.

For leadership teams, this creates a new operating environment where regulatory engagement is continuous rather than episodic.

 

AI Regulation: Flexibility Meets Friction

The FCA has chosen not to introduce AI-specific rules. Instead, it is applying existing frameworks such as Consumer Duty, SMCR and operational resilience in a technology-neutral, outcomes-based way. This approach is designed to preserve flexibility and support innovation. Yet this flexibility introduces complexity.

AI systems are often opaque, dynamic and increasingly autonomous. They do not align neatly with traditional governance frameworks, making it harder to demonstrate accountability, explain decisions and maintain effective oversight.

Currently, the FCA’s emphasis remains firmly on outcomes, particularly under Consumer Duty. However, explainability is becoming essential. Firms must be able to justify how decisions are made and demonstrate that controls are working as intended.

This balance is unlikely to remain stable. External pressure is building for greater transparency, stronger model governance and clearer accountability. The direction of travel points toward increased scrutiny of how AI is deployed, not just what it delivers.

 

Accountability in the Age of Automation

AI also represents an accountability challenge. Responsibility is often distributed across multiple stakeholders—internal teams, external vendors, data providers and cloud platforms. Audit trails can be incomplete and decision pathways difficult to reconstruct.

However, regulatory expectations remain unchanged. Senior management remains accountable. This creates a shift in focus. Leaders are responsible not only for individual decisions, but for the systems that generate them.

In practice, this requires:

• Clear ownership of AI use cases and associated risks
• Robust model validation and continuous monitoring
• The ability to challenge model assumptions, data inputs and outputs
• Strong documentation and governance frameworks

Oversight is moving from transaction-level review to system-level control. Firms that fail to adapt risk a widening gap between how decisions are made and how they can be defended.

 

Fraud and Financial Crime: Raising Expectations

Alongside AI, fraud remains a major area of regulatory focus. Financial crime is becoming more sophisticated, with AI enabling increasingly convincing scams, synthetic identities and falsified documentation. Regulators are responding by treating fraud primarily as a systems and controls issue rather than simply a criminal matter.

Importantly, firms can face regulatory action not only for direct involvement, but also for facilitating fraud through weak controls.

Recent enforcement activity demonstrates the bar has risen. Failures in due diligence, monitoring and reassessment of risk, even indirect relationships, can lead to significant penalties.

The expectations are increasingly proactive:

• Firms must understand their exposure to fraud risk across the business.
• Controls must be both preventative and detective.
• Cyber resilience must be embedded across operations and third-party relationships.
• Internal risks, including collusion and misconduct, must be actively managed.

For boards, fraud is a core component of governance and operational resilience.

 

The New Rules of Engagement

As supervision intensifies, the way firms engage with the regulator is becoming critical. Acting early, communicating clearly and maintaining control of the narrative represent key themes. Firms that identify issues quickly and demonstrate proactive remediation are more likely to retain credibility and avoid escalation. Conversely, delay or incomplete disclosure increases regulatory risk.

Effective engagement now requires:

• Rapid identification and escalation of issues
• Transparent communication with the regulator
• A clear remediation plan with defined timelines
• Ongoing updates and evidence of progress

In this context, regulatory strategy is not just about compliance. It is about how firms position themselves under scrutiny.

 

A More Assertive Regulator

These developments reflect a broader transformation within the FCA. Its strategy for the coming years emphasizes early intervention, greater use of data and a more proactive role in shaping market behavior. At the same time, political pressure is increasing to ensure that innovation does not come at the expense of consumer protection.

This creates dual expectations where firms must innovate but must do so within a framework of demonstrable control and accountability.

 

What Should Leaders Prioritize?

Against this backdrop, several priorities stand out for senior leadership:

• Governance and Clarity of Responsibility
  Roles, responsibilities and decision-making frameworks must be well defined and documented.
• AI Strategy and Oversight
  Firms need structured approaches to AI deployment that align with regulatory expectations and can be clearly evidenced.
• Fraud Prevention and Resilience
  Controls must evolve in line with increasingly sophisticated threats.
• Regulatory Responsiveness
  The ability to provide accurate, timely information and manage regulatory interactions effectively is critical.
• Culture and Conduct
  Regulators continue to view culture as central to delivering good outcomes and managing risk

 

Looking Ahead

The coming 12 months are unlikely to be defined by a surge in enforcement cases. However, this should not be interpreted as a relaxation of regulatory intensity. Supervision is becoming more intrusive, expectations are rising and consequences remain significant, whether through enforcement or supervisory action.

Firms best positioned for this environment will anticipate regulation, embed it into their operating models and engage with regulators in a structured and transparent way.

In a landscape shaped by AI, financial crime and evolving supervision, credibility is not assumed. It is demonstrated through governance, responsiveness and the ability to adapt under scrutiny.