AI Policy
Manage, distribute and track acknowledgment of AI governance policies
AI Acceptable Use Policy
v1.0PublishedGoverns how employees may use AI tools, which tools are permitted, data handling requirements, and disciplinary consequences for misuse.
Owner: Chief Compliance OfficerUpdated: 14 Mar 2026Review due: 14 Mar 2027
SYSC 13.9 — OutsourcingConsumer Duty — PRIN 2ASM&CRUK GDPR Art.28
Employee acknowledgment38/52 (73%)
Distribute
Data Classification Policy
v1.2DraftDefines data categories (Confidential, Restricted, Public) and prohibits input of classified data into unapproved AI tools without explicit authorisation.
Owner: Head of TechnologyUpdated: 10 Mar 2026Review due: 10 Sep 2027
SYSC 13.9 — OutsourcingUK GDPR Art.32 — SecurityFCA MAR
Employee acknowledgment0/52 (0%)
Distribute
AI Vendor Approval Process
v2.1PublishedDefines the formal workflow for evaluating, approving and onboarding third-party AI vendors — including DPA requirements, security review checklist, and sign-off authority.
Owner: Head of TechnologyUpdated: 1 Feb 2026Review due: 1 Feb 2027
SYSC 13.9 — OutsourcingUK GDPR Art.28 — Data ProcessorConsumer Duty
Employee acknowledgment24/52 (46%)
Distribute
Regulatory Framework Coverage
Which FCA regulatory obligations each policy addresses
| Policy | SYSC 13.9 | SM&CR | Consumer Duty | FCA MAR | UK GDPR |
|---|---|---|---|---|---|
| AI Acceptable Use Policy | |||||
| Data Classification Policy | — | ||||
| AI Vendor Approval Process | — | — | — |