The AI Insider Problem

The FCA’s inside information page, updated on 22 May 2026, outlines systems and controls for identifying, controlling, and disclosing inside information under the UK Market Abuse Regulation. Although the page is framed as a best practice note for government departments, industry regulators and public bodies, it provides useful considerations for firms handling inside information.

The regulation prohibits insider dealing, unlawful disclosure of inside information, and market manipulation. The FCA describes inside information broadly as information that is precise, non-public, relates directly or indirectly to one or more issuers or financial instruments, and would be likely to have a significant effect on price if made public.

As firms increasingly deploy generative and agentic AI across research, operations and client-facing activities, compliance teams are reassessing whether existing information control frameworks remain fit for purpose.

” Machines take me by surprise with great frequency”.

For chief compliance officers, chief operating officers, chief technology officers, legal, compliance, surveillance, and data governance teams, this is a practical control issue.

The way information is created, accessed, and reused within firms has changed. AI tools materially alter how inside information can move within an organisation. As a result, the risk of misuse increases, and the deployment of agentic AI may amplify that risk.

The point is not that AI changes the legal character of inside information. It is that AI can make the same control failure faster, broader, and harder to detect.

How AI Can Increase Inside Information Risk

  • A document that once sat in a restricted deal folder can now be copied into a prompt and summarised by a model.
  • A restricted analyst note can be uploaded to an AI tool to produce client talking points, creating a broader and less controlled distribution of the original content
  • An AI agent may draft and send a briefing note based on restricted material before a human has checked whether the recipients are wall‑crossed.
  • An AI agent tasked with “prepare everything we know about this client” may cross information barriers by accessing connected systems too broadly.

AI Does Not Change the Rules

The FCA’s current position is not that AI sits outside regulation. Its AI approach states that the FCA does not plan to introduce additional AI-specific regulation and will instead rely on existing regulatory frameworks, including accountability and governance requirements. Firms therefore need to test whether their existing controls still work when information is retrieved, combined or acted on by AI.

The key message is that AI (in whatever form) should not bypass existing market abuse controls. If AI contributes to a poor outcome, the firm and its senior managers remain accountable. Responsibility for these controls should be clearly allocated across compliance, legal, technology, and business stakeholders, with appropriate senior management oversight.

Lessons from FCA Enforcement

The enforcement implications are clear. Although recent FCA cases such as Dinosaur Merchant Bank and Sigma Broking were not AI enforcement cases, they show the FCA’s concern with weak data flows, poor change control and failures to detect, investigate, and report suspicious activity.

AI can create the same risks where prompts, outputs, logs, enterprise search results, or agent actions are not captured by information barriers, surveillance, and suspicious transactions and order reporting controls.

Reviewing AI Controls for Inside Information

Firms should consider the following questions when assessing AI controls related to inside information:

Information does not stop being sensitive because it is entered into an AI tool. A summary of inside information may still be inside information. Outputs that reproduce, summarise, combine, or infer information from multiple non-public data points may themselves constitute inside information, depending on the underlying facts. The FCA’s guidance is clear that data which is not inside information in isolation can become inside information when combined.

Arrangements should identify where inside information and potential inside information is created, received, stored, and shared. This may include deal folders, market soundings, unpublished research, investment committee materials, client orders, trading strategies, and surveillance outputs. Without this baseline, AI‑related controls rest on weak foundations.

Controls should specify which AI tools are permitted to access or ingest which data sources, including email, document management systems, chats, meeting transcripts, customer relationship management systems, research platforms, and order management systems. Restrictions should be explicit, documented, and communicated.

Controls should address whether material marked “inside information”, “restricted”, “deal confidential” or “do not ingest” is blocked, escalated, or subject to approval before it can be used by an AI tool. Where possible, firms should use labels, filters, de-identification tools, or warning prompts so safeguards operate before ingestion, not only after outputs are generated.

AI tools should not have broader access than the users they support. General productivity tools should not be able to search restricted deal folders. A junior employee should not be able to ask an AI tool to summarise a confidential board pack because the tool has inherited excessive permissions from a poorly configured data source.

Access controls for AI‑connected systems should be reviewed alongside group permissions, document labels, information barriers, restricted lists, insider lists, project workspaces, and data loss prevention controls. Where AI tools use retrieval or search, testing should confirm that restricted locations and restricted‑list information cannot be retrieved or inferred.

Compliance teams should test whether AI tools can retrieve restricted documents or restricted‑list information.

Prompts and outputs should be treated as records of potentially sensitive activity. Controls should support logging who used an AI tool, when it was used, what data sources were queried, what documents were uploaded, what outputs were generated, and whether outputs were copied, shared, or relied upon in decision-making.

Where a firm submits a suspicious transaction and order report, receives FCA enquiries or investigates suspicious trading, it should be able to reconstruct the full information chain. This includes who had access to relevant inside information, when access occurred, which systems were used, and whether AI tools retrieved, summarised, stored, reused, or disclosed that information.

Firms do not need a separate market abuse framework for AI. They do, however, need confidence that existing controls remain effective when information is retrieved, combined, analysed, or acted upon by AI systems.

Embed AI Governance into Your Market Abuse Controls

Firms can reduce the risk of AI-enabled information control failures by independently assessing whether governance, surveillance, and information barrier controls remain effective in an AI-enabled environment.

ACA’s AI risk and controls expertise can help firms assess whether AI tools are appropriately governed within their market abuse framework. This may include reviewing AI governance, information barriers, permissions, data loss prevention controls, surveillance coverage, recordkeeping, policies and procedures, training, and assurance testing.

Speak to an ACA specialist to discuss how your firm can adopt AI safely and responsibly without weakening market abuse controls.