From my perspective, SYSC 9 is the FCA rule that every advisor knows exists but few actively think about until the audit visit. The core requirement is straightforward: you must keep sufficient records for the FCA to reconstruct any piece of advice you gave a client. In the pre-Ai world this meant the client file, the fact-find, the suitability report, the research. In the Ai-assisted world, if you’re drafting any of these with Ai help, SYSC 9 reaches deeper than most firms realise.
I believe the gap specially opens when advisors start using Ai for suitability report drafting. The final suitability report is in the file. But the reasoning — what data the Ai saw, what alternatives it considered, what prompts led to the recommendation — is missing. If the FCA asks “reconstruct the advice you gave Mr & Mrs Hargreaves,” pointing at the final PDF isn’t enough. The reconstruction question includes how you got there.
What SYSC 9 actually requires
SYSC 9.1.1R(1) requires firms to “make, and retain, orderly records of its business and internal organisation, including all services and transactions undertaken by it.” 9.1.2R adds that the records must be “sufficient to enable the FCA or any other relevant competent authority to monitor the firm’s compliance.” Apart from this, COBS 9.5R requires firms advising retail clients to keep records demonstrating suitability, for at least five years (or longer for pension business).
None of this mentions Ai directly. But “sufficient to reconstruct” is the standard — and Ai-assisted advice, without an audit trail of the Ai interaction, is hard to reconstruct. The FCA reviewer would, reasonably, ask how the advice was reached. “The Ai drafted it” is not a complete answer. “The Ai drafted it; here is the prompt, here is the data it saw, here is the partner sign-off” is.
The three evidence streams good firms maintain
Specially in the mortgage and IFA space, I tend to focus on three evidence streams when helping a firm think about this. First, input record — what client data the Ai saw (fact-find, pre-populated fields, uploaded documents). Second, reasoning record — the prompt the advisor used, and the Ai’s output. Third, sign-off record — which qualified advisor reviewed the draft, what they changed, when they signed.
With a well-built governed Ai platform, these three streams are captured automatically on a tamper-evident audit chain. Without one, they’re scattered across email, the CRM, maybe a notes field, maybe just the advisor’s memory. The reconstruction under FCA review becomes a scavenger hunt.
Where firms get this wrong
The common mistake is thinking “the Ai just helped with wording, the advice is mine.” This is correct in one sense — regulated advice is always the advisor’s. But SYSC 9 doesn’t distinguish between wording help and advice-generation help. If Ai touched the file, the record-keeping standard applies. Apart from this, when the FCA reconstructs advice, they do it backwards — from outcome to inputs — and if an Ai-generated paragraph materially informed the recommendation, that paragraph is part of the chain.
The second mistake I see is treating the audit log as a separate system. Firms set up Ai tooling in one place, compliance logging in another, and the two never talk. When the reviewer asks for reconstruction, someone has to merge them manually. Good governance puts the audit inside the Ai tool, so every draft generated ships with its evidence attached.
What good looks like
Basis firms I’ve seen pass FCA audits post-Ai-introduction, “good” has five elements. One, every Ai-assisted suitability report carries its input data trace (what fact-find fields, what uploaded documents). Two, every draft records the advisor’s prompt and the model’s output. Three, every sign-off is logged with advisor ID, timestamp, and draft version. Four, PII is auto-redacted before the model sees it — NINOs, DOBs, income figures go into the model as placeholder tokens. Five, the whole chain is tamper-evident — if anyone altered a record after the fact, the chain breaks.
Other Me provides all five out of the box for FCA-regulated practices. The Mortgage and IFA solution page explains the workflow specifically — fact-find to suitability report in 15 minutes, with the audit chain generated automatically.
Consumer Duty adds another layer
Specially since the Consumer Duty reforms, the FCA expects firms to evidence good outcomes, not just absence of bad ones. For wealth and IFA advisors, this means every client communication should carry metadata: was the language plain, did the client likely understand it, does the recommendation offer fair value. Ai tooling that auto-attaches this metadata saves your Consumer Duty Champion reconstructing it at month-end. We’ve written separately about Consumer Duty and Ai for wealth planners.
Apart from this, the FCA’s expectations on data use under Principle 11 (cooperation with regulators) implicitly extend to Ai — firms should be prepared to explain how Ai tools process client data. “We use ChatGPT Team but don’t have records of what client data we’ve entered” is not a cooperative answer.
What to do this week
If you’re a compliance lead at a mortgage or IFA brokerage, three practical steps. First, audit which Ai tools your advisors use for client work — have the honest conversation. Second, set a policy that client work must happen in a governed tool with audit chain (we have a free Ai policy template adaptable for FCA-regulated firms). Third, trial a governed Ai platform for one advisor for a week. Compare the audit chain it produces against what you currently have. If it’s materially better, roll it out before the next compliance monitoring visit.
You can start a free 7-day trial, no credit card, and have the first SYSC 9-ready suitability report drafted within the hour.