## Read this first This article is general information for UK mortgage and financial advice firms considering AI-driven client communication. It is not legal or compliance advice, and it does not replace the judgment of your compliance officer or your firm's SM&CR-accountable individuals. Every firm's Statement of Responsibilities, permissions and client mix are different, and your compliance function has the final word. ## What automation can and cannot do under the current FCA framework The distinction that matters is between regulated advice and unregulated activity. Regulated advice — an assessment of a specific product's suitability for a specific client — remains the responsibility of the adviser and cannot be delegated to an automated system. Unregulated first-contact communication (introducing the firm, confirming that the firm can help, collecting factual information, booking a fact-find) can be automated with appropriate controls. ## Consumer Duty is the more important regulatory question in 2026 The Consumer Duty (PRIN 2A, in force since July 2023 for open products) applies to every touchpoint with a retail customer, not just the advice conversation. Automated communication has to deliver good outcomes across the four Duty pillars: products and services, price and value, consumer understanding and consumer support. In practice this means: plain-English messages, no dark-pattern nudges, honest disclosures, and — critically — the ability to spot vulnerability indicators and route those customers to human-only handling. ## Vulnerability handling The single most important design decision when automating client communication in regulated financial services is vulnerability routing. Any automated system must detect signals of vulnerability (bereavement, ill-health, financial difficulty, cognitive difficulty, language barriers, indications of pressure or coercion) and escalate to human handling immediately, with the interaction flagged in the client file. This is not optional. Our [AI for Mortgage Brokers and IFAs](/mortgage-brokers) is built with vulnerability triggers co-defined with the firm's compliance officer. ## Data protection: UK GDPR, DPA 2018 and the ICO Automated client communication is personal-data processing. That means: a lawful basis (legitimate interests for existing clients, consent for cold contact where applicable), a written DPA with the AI provider naming them as processor, a documented retention policy, encrypted storage in the UK/EU where possible, a clear no-training clause preventing your client data from training foundation models, and up-to-date sub-processor disclosure. Any AI vendor that will not provide these in writing should not be deployed on a regulated firm's client line. ## Financial promotions rules PERG 8, the Financial Promotions rules and the amended Financial Services and Markets Act 2000 (financial promotions gateway from 2024) all apply to automated communications the same way they apply to human ones. Any promotional content generated or served by AI must be signed off by an authorised person, must be fair, clear and not misleading, and must include appropriate risk warnings. Automation makes the volume of communications higher, which makes sign-off discipline more important, not less. ## Record-keeping and audit Every automated interaction should be time-stamped, logged to the client file within the firm's CRM (Intelliflo, Plannr, 360 Lifecycle, HubSpot), retained per the firm's data retention policy, and accessible on a subject access request. Done correctly, the audit trail on an AI-supported firm is stronger than on an all-human firm. ## Where automation genuinely helps compliance Automation isn't a compliance risk to be tolerated — done well, it is a compliance improvement. Standardised, sign-off-controlled first-contact messages remove the risk of an adviser saying something unregulated in an unrecorded phone call. Automated audit trails remove file-note omissions. Vulnerability triggers built into the workflow catch signals a busy adviser might miss. ## Where to start The mortgage-broker Professional tier — from £597/month, see [pricing](/pricing) — is the tier where compliance-aware CRM automation is fully embedded. Every deployment starts with a compliance-officer sign-off session before a single message goes live. ## Book a free 30-minute AI audit We'll map exactly which communications can be safely automated in your firm and which must remain human. [Book a Free AI Audit](/contact).