Published on 3 July, the Mills Review marks the first regulator-led study into how AI will reshape retail financial services. While it highlights the amplification of cyber risk, its fraud scenarios consistently assume an intruder is breaching an account from the outside. This framework fails to account for the 1.6 million UK adults who have experienced coerced debt—a practice where abusers force victims to open loans or overdrafts using their own credentials. Because these transactions appear authorized, they bypass traditional fraud detection systems entirely.
The Blind Spot in the FCA’s AI Strategy on Coerced Debt
The Financial Conduct Authority’s recent Mills Review identifies AI-driven fraud as a primary risk to retail finance, yet its focus remains tethered to external attackers. This assessment ignores the growing prevalence of coerced debt, where victims are manipulated into authorizing financial liabilities themselves, leaving them invisible to current detection models.

Caroline Wells, founder of the firm Iris, argues that the FCA’s reliance on the Consumer Duty and the Senior Managers Regime provides a clear path for reform. If the regulator officially recognizes the detection of coercion as a standard of good practice, firms would be compelled to adjust their monitoring. By shifting the focus from perimeter defense to identifying patterns of control at the point of lending, the industry could offer victims a route to debt discharge similar to standard fraud reversals. Until the FCA expands its definition of risk, the label of "authorized" will continue to serve as a powerful tool for financial abuse.




Comments (0)
No comments yet. Be the first!