FCA misconduct reports more than double since 2020 as Palantir gains access to sensitive UK financial regulatory data in a deal raising acute data privacy concerns
Two significant FCA (Financial Conduct Authority) developments landed over the weekend. First, the number of misconduct reports received by the FCA has more than doubled in the past five years, according to analysis by law firm Littler. The scale of the increase reflects both heightened awareness of reporting obligations and a broader shift in the regulator's posture — the FCA has invested heavily in supervisory capacity and whistleblowing infrastructure since 2020, and the data suggests those investments are generating substantially more incoming intelligence. Secondly, and more controversially, Palantir — the US AI and data analytics firm — is to be granted access to a trove of highly sensitive financial regulation data held by the FCA, in a deal exclusively reported by the Guardian. The arrangement has been structured so that Palantir acts as a data processor (a party that handles data on instruction, under the UK GDPR) rather than a data controller (a party with independent decision-making power over the data). The FCA has confirmed it will retain exclusive control over encryption keys and that Palantir is contractually prohibited from copying the data to train its own AI products. The data in question includes information gathered during FCA enforcement investigations — which can include entire email accounts, full financial records, and personal information of individuals caught up in investigations who have not themselves been accused of wrongdoing. Christopher Houssemayne du Boulay of Hickman & Rose, a barrister specialising in financial crime defence, stated publicly that ingesting such data into an AI system raises very significant privacy concerns. The FCA ran a competitive procurement process and states that strict controls are in place.
Sign up to read →