The UK's Financial Conduct Authority has stated it will consider whether payments regulation needs to change to support agentic AI. That is not guidance. It is not a warning. It is a statement that the rules themselves may not be fit for purpose.

On March 25, the Financial Conduct Authority published its 2026 Payments Regulatory Priorities report. Buried in the forward-looking section was a line that should have set off alarms across every compliance department in financial services: the FCA will consider "whether change or development of regulation is needed to support agentic AI payments."

That sentence does something no other financial regulator has done. It draws a direct line between the current regulatory framework for payments and the reality that autonomous AI systems are about to start initiating, routing, and completing transactions. And it acknowledges, on the record, that the existing rules were not written for that world.

We have spent months documenting the regulatory vacuum around agentic payments. The dispute layer is missing. Liability is unclear. Consent frameworks assume a human is pressing the button. The FCA just became the first major regulator to say, publicly, that the vacuum is a problem it intends to address.

The 2026 Payments Regulatory Priorities report covers the FCA's supervisory agenda across the payments sector. Most of it addresses familiar territory: safeguarding, APP fraud, consumer protection under the new payments landscape. But the section on innovation and technology breaks new ground.

The FCA stated it is working with HM Treasury to "future-proof" the UK's payment services regulation. That work explicitly includes evaluating whether current rules can accommodate agentic AI, or whether new regulation is required. The report also references the UK government's broader programme to modernise the regulatory framework, which includes support for both tokenisation and agentic AI in financial services.

This is not a sandbox experiment or a discussion paper. It is a regulatory body stating, in its official priorities document, that the rules governing how payments work may need to be rewritten.

The FCA is also running two parallel programmes designed to let firms test AI in controlled environments. The Supercharged Sandbox gives companies a space to trial new products, including AI-driven payment services, under modified regulatory requirements. The AI Live Testing programme goes further, allowing firms to deploy AI systems in live market conditions with FCA oversight. An evaluation report on these trials is expected by the end of 2026.

The significance here is not just what the FCA said. It is what nobody else has said.

The European Union passed the AI Act in 2024, the most comprehensive AI regulation in the world. It classifies AI systems by risk level, imposes transparency requirements, and establishes compliance obligations. But it does not address payments. It does not ask who bears liability when an AI agent initiates a transaction on someone's behalf. It does not define consent for autonomous financial activity. The AI Act treats payments infrastructure as someone else's problem.

The United States has no federal framework for AI in payments. As we covered in our analysis of the FTC's debanking letters to Visa, Mastercard, PayPal, and Stripe, US regulation remains reactive. The FTC sends warning letters after the fact. The SEC clarifies token classifications when pressed. Nobody in Washington has said the payments rulebook itself needs updating for agentic AI.

The FCA just did. And it did so as part of a coordinated programme with the Treasury, not as a standalone position paper or a commissioner's speech at a conference.

Saying the rules may need to change is the easy part. The hard part is answering the questions that the current framework was never designed to address.

Consent. Current payment services regulation assumes a person authorises each transaction, or at least sets up recurring instructions with clear terms. When an AI agent acts on a consumer's behalf, what constitutes valid consent? A one-time delegation? A broad mandate? A per-transaction approval? The Payment Services Regulations 2017 were written for a world where the person paying knows they are paying.

Liability. When an agent-initiated transaction goes wrong, who is responsible? The consumer who deployed the agent? The company that built it? The payment processor that cleared the transaction? The dispute crisis we have been tracking makes this question urgent. Existing chargeback and dispute frameworks require evidence of human intent, transaction records that assume a person clicked "confirm." Agent transactions generate a different kind of evidence trail entirely.

Accountability. If an AI agent routes a payment through one processor over another based on its own optimisation logic, who is accountable for that routing decision? If the agent selects a payment method that costs the consumer more, or exposes them to fraud risk, current regulations do not clearly assign responsibility.

These are not theoretical questions. Stripe has already shipped the Machine Payments Protocol. Mastercard deployed Agent Pay. Visa launched the Trusted Agent Protocol. The infrastructure for agent-initiated payments exists. The rules that govern it do not.

The FCA is also thinking beyond payments. It has commissioned the Mills Review, a comprehensive examination of the long-term impact of AI on retail financial services. Led by Dame Elizabeth Mills, the review will assess how AI, including agentic systems, could reshape financial products, advice, and consumer outcomes over the next decade.

The Mills Review is separate from the payments-specific work, but the two are connected. If agentic AI changes how consumers interact with financial services at the product level, choosing insurance, managing investments, selecting credit products, then the payments layer underneath those interactions changes too. An AI agent that selects a financial product and then initiates payment for it collapses two regulated activities into a single automated action.

Baker McKenzie noted that the FCA's approach positions the UK as a potential first mover in agentic payments regulation. That is a deliberate strategic choice. The UK has been competing with the EU and Singapore for fintech regulatory leadership since Brexit. Being the first jurisdiction to establish clear rules for AI-initiated payments could attract firms that want regulatory certainty before scaling.

We have written extensively about the gap between agentic payments infrastructure and the regulatory frameworks that are supposed to govern it. The dispute layer is missing. Credit unions and smaller institutions lack guidance on how to handle agent-initiated disputes. The evidence frameworks for chargebacks assume human participation at every step.

The FCA's announcement does not close that gap. But it is the first official acknowledgement, from a major financial regulator, that the gap exists and needs closing.

That matters because regulatory signals shape industry behaviour. When the FCA says it will consider new rules for agentic payments, processors, banks, and fintechs operating in the UK start preparing. Compliance teams begin scoping. Legal departments start asking the right questions. The signal itself moves the industry, even before the rules arrive.

The contrast with the US approach is stark. American regulators are still fighting yesterday's battles: debanking letters, crypto classification debates, enforcement-by-lawsuit. The FCA is looking at what comes next and asking whether the rulebook is ready. It has concluded, publicly, that it probably is not.

The FCA has said the payments rulebook may need rewriting for agentic AI. The EU has not said it. The US has not said it. If you are building, processing, or regulating payments, what are you waiting for before you start preparing?