The awkward moment comes next

An AI agent can compare flights, choose a hotel and build an itinerary. The awkward moment comes next: should it be allowed to pay?

The UK has started working on that question.

On 14 July, HM Treasury published a new AI adoption plan for financial services. It was written by two independent industry figures appointed as the government's AI champions for the sector: Starling Bank technology chief Harriet Rees and Lloyds Banking Group AI lead Rohit Dhawan.

Most of the plan deals with familiar problems such as regulation, skills and dependence on a small group of cloud and model providers. Its final recommendation is more specific. It asks the government, regulators and industry to prepare a trust framework for payments initiated by AI agents.

The idea is not to give software a free hand with people's money. It is to work out the rules before the technology becomes common.

The point where assistance becomes action

AI tools already help people search, compare and decide. A payment agent goes further. It can act within limits set by its user: buying an item when its price falls, moving money between accounts or renewing a service without asking for approval at every step.

That convenience creates a basic accountability problem.

If an agent pays the wrong merchant, exceeds a limit or is manipulated by a fraudulent website, who carries the loss? The customer, the bank, the agent provider or the business that accepted the payment?

Today's payment rules were mostly written around people, cards, accounts and identifiable companies. A chain involving several software agents and third-party services can make responsibility harder to see.

The UK plan says the existing legal and regulatory framework does not yet provide enough clarity for those situations. That is the authors' assessment, not a new legal finding.

Three parts of a proposed trust framework

The plan suggests three foundations.

The first is a legal and liability framework. In plain English, someone must be clearly responsible when an autonomous transaction goes wrong. The authors want defined legal roles and dispute mechanisms rather than a long argument after the money has moved.

The second is what they call Know Your Agent, or KYA. Banks already verify customers and businesses. The plan argues that autonomous software will also need a standard identity that other systems can check. That could help a merchant distinguish an authorised shopping agent from a malicious bot pretending to be one.

The third is authentication and governance. Different agents, banks and payment services would need interoperable ways to prove who they are, what they are allowed to do and whether a transaction fits the user's instructions.

Those three headings are sensible. They are also only headings. The plan does not yet define a technical standard, a transaction limit, a consent screen or a reimbursement rule.

Why the question is arriving now

The Financial Conduct Authority has been studying a wider shift in how people may use AI for money decisions.

Research commissioned for its recent Mills Review found that one in five UK adults, about 11 million people, were likely to use AI that can act autonomously within goals they set. The FCA is also inviting firms to test agentic payment services and other financial AI systems in its regulatory sandbox.

That does not mean 11 million people are ready to hand over their bank accounts today. A survey measures stated interest, not actual use. But it gives regulators a reason to deal with the question before adoption is widespread.

The same review warns that autonomous systems could make fraud and cyber risks worse. An agent that can complete a legitimate purchase can also become a useful target for anyone who learns how to redirect or impersonate it.

A proposal, not a payment rule

The distinction matters here.

The government says it accepts the recommendations directed at government. It will consider the plan alongside the FCA's Mills Review and work with regulators and industry on next steps.

But the agentic-payments framework itself has not been adopted as law. The plan recommends using an upcoming HM Treasury consultation on modernising payment regulation to begin the work. Industry would help develop practical standards, with government and regulators providing the legal framework and possibly legislation where needed.

So nothing in this publication gives an AI agent a new legal power to spend. It does not change a customer's rights today. And it does not settle who is liable for an autonomous payment.

What to watch next

The useful part of the plan is that it names the unresolved questions early.

The consultation will need to explain how a person gives, limits and withdraws consent. It will need to decide whether an agent can be identified independently from the company that built it. It will also have to deal with fraud, refunds and situations where several agents take part in one purchase.

There is a harder question underneath all of this: how much freedom should an agent receive before convenience becomes loss of control?

The UK does not have an answer yet. For now, it has a list of the right problems and a proposal to turn them into shared rules. That is less dramatic than an AI buying things on its own. It is also the work that has to happen first.

Sources

  1. HM Treasury — AI Adoption Plan: Financial ServicesOfficial publication page, government response and summary of the ten recommendations.
  2. HM Treasury — Financial Services AI Adoption PlanFull plan, including recommendation 10 and its proposed legal, identity and authentication pillars.
  3. Financial Conduct Authority — Mills Review press releaseRegulator summary and consumer-research figure on likely use of autonomous financial AI.
  4. Financial Conduct Authority — Supercharged SandboxCurrent FCA testing programme, including agentic payment services among the use cases sought for its second cohort.