What Does the Bank of England and PRA’s Approach to AI Mean for Retail Banking?

The debate around artificial intelligence in retail banking has shifted from “should we use it?” to “how do we govern it at scale?”.

This shift was firmly solidified by a landmark joint publication from the Bank of England (BoE) and the Prudential Regulation Authority (PRA) outlining their definitive plans for safe AI innovation. As highlighted in legal analysis by TLT LLP, regulators have made one thing clear: the era of "wait-and-see" is officially over. AI adoption has been formally designated as a core PRA supervisory priority.

For high-street banks and building societies, this creates intense operational tension. Front-office teams are eager to deploy generative AI chatbots for customer service, while risk and compliance teams are navigating the PRA’s aggressive mapping of Model Risk Management (MRM) principles (SS1/23) onto AI workloads.

Here at Robiquity we view this regulatory milestone not as a restriction, but as a blueprint. To scale safely, retail banks must transition away from isolated AI pilots and embrace a highly structured, enterprise-grade Centre of Excellence for Microsoft Power Platform and AI - combining rapid development with ironclad governance.

The Retail Banking Challenge: Algorithmic Fairness vs. Consumer Duty

A critical takeaway from the BoE/PRA plans is that the UK is maintaining a principles-based, technology-agnostic approach. Instead of introducing a wave of brand new AI laws, they are applying existing strictures to AI.

In retail banking, where automation directly impacts millions of consumers every day, this intersects heavily with the FCA's strict consumer duty outcomes:

• The Credit Risk "Black Box": Traditional credit scoring models are tightly controlled. But as banks graduate to machine learning and generative AI for credit risk assessments, mortgage underwriting or overdraft decisioning, the "black box" problem emerges. Regulators expect firms to eliminate data bias and explain exactly how AI reached a lending conclusion.
• The Chatbot Proliferation: Generative AI-driven customer service bots and personalised financial assistants are scaling rapidly. Under SS1/23, any system processing input data to generate an output or recommendation is legally classified as a "model". This means automated customer service tools require the same rigorous validation, data drift monitoring and auditing as a capital-adequacy model.
• Systemic Third-Party Concentration: The BoE's AI Consortium is heavily investigating the sector's dependency on a tiny handful of dominant foundational LLM infrastructure providers. If a major retail bank's automated fraud-detection or loan-processing ecosystem relies entirely on one external model, an outage poses a systemic operational resilience failure.

Using Microsoft AI and Automation Services in Retail Banking

The biggest risk in retail banking right now isn't a lack of tools. It is shadow AI. When individual branch networks, mortgage desks or collections teams build isolated apps or use unsecured public LLMs to summarise customer documentation, it creates massive data-leak vulnerabilities that conflict directly with the PRA’s strict compliance thresholds.

As a solution, at Robiquity we specialise in designing and implementing well-governed Centres of Excellences for the sector specifically for Microsoft Power Platform and Microsoft AI Services.

Rather than locking down the technology and killing productivity, a Robiquity CoE creates a secure sandbox that enables controlled,safe innovation:

• Ironclad Guardrails: We implement rigorous Data Loss Prevention (DLP) policies to ensure that there is no movement of data from business applications to non-business applications. Additionally, building guardrails around which LLM models are accessible to use for business solutions will stop data leaking into public AI models.
• Auditability for Compliance: By deploying Microsoft Copilot Studio, Power Apps and Power Automate within a governed framework, every decision path taken by an automated financial assistant or loan-triage flow is logged, traceable and ready for regulatory scrutiny under the Senior Managers and Certification Regime (SM&CR).
• Agile Model Independence: To mitigate the third-party concentration risks highlighted by the PRA, a unified Power Platform ecosystem allows banks to build low-code, automation and AI interfaces that can easily swap or layer different underlying AI models as regulatory or operational needs dictate.

The Path Forward: Accountability and the CoE

Individual retail banking executives continue to bear personal accountability for AI failures. Flawed, unmonitored automation pilots are an unacceptable commercial and regulatory liability. Safe innovation requires a centralised CoE that wraps every low-code, automation and AI solution,and generative customer-facing agents in a robust framework of continuous monitoring, independent validation and strict "human-in-the-loop" guardrails.

Ultimately, I view the Bank of England and Prudential Regulation Authority’s guidelines as a massive opportunity. By establishing a robust, governed Microsoft automation and AI CoE, retail banks don't just satisfy the regulators - they build a stable, scalable foundation to unlock the true potential of the AI-first era.

If you’d like to learn more about how Robiquity can help your organisation get started with a CoE, get in touch with us today.

‍