TL;DR
The UK government is considering a proposal to independently test the general-purpose AI models that British banks rely on, after the Bank of England warned lenders last October that their own monitoring was “not frequent enough”. The pitch, from Starling Bank’s chief information officer Harriet Rees, would lean on the AI Security Institute — though officials have already pushed back on expanding its remit.
A Centralised Backstop for US Models
Rees, who co-chairs the BoE’s AI task force and is a government financial services AI “champion”, made the case to the Department for Science, Innovation and Technology last month. Her argument is that every UK lender currently runs its own due diligence on the same handful of US frontier models, producing duplication, inconsistency, and no shared baseline of confidence. A central evaluation, she told the FT, would act as a “fail-safe” rather than replacing in-house testing.
The proposal lands against an awkward backdrop: there is no UK law requiring AI models to be evaluated before regulated industries deploy them, and the country’s biggest banks are increasingly dependent on systems built and trained in the United States. OpenAI and Anthropic have voluntarily submitted models to AISI on a frontier-risk basis, but nothing equivalent exists for the bank workflows where those same models now sit.
Whitehall Cool on AISI Remit Expansion
Rees argues AISI is the “most obvious body” for the role, and says the idea was “well received” by AI director-general Ollie Ilott in early March. A government spokesperson, however, told the FT that AISI’s mandate is “frontier-AI security research” and that ministers are “not exploring expanding its remit into assurance or any testing of third-party AI models”. That leaves an open question about which body, if any, would take it on.
Looking Forward
For UK lenders, the practical stakes are real: the PRA has already signalled that current model monitoring falls short, and a future enforcement action would land on individual banks rather than the labs that built the models. A standardised assessment regime would push some of that exposure upstream. The regulatory architecture for it, though, doesn’t yet exist — and if AISI is off the table, the next question is who fills the gap before the BoE’s patience runs out.