



Internet Engineering Task Force                               T. Adebayo
Internet-Draft                                                O. Apalowo
Intended status: Informational                             F. Makanjuola
Expires: 7 October 2026                                      Veridom Ltd
                                                            5 April 2026


  OMP Domain Profile: FCA Consumer Duty, SM&CR Accountability, and AI
          Governance Evidence for UK Retail Financial Services
                        draft-veridom-omp-fca-00

Abstract

   This document defines a domain profile of the Operating Model
   Protocol (OMP) for AI systems deployed in UK retail financial
   services contexts subject to the Financial Conduct Authority (FCA)
   Consumer Duty (PS22/9, effective July 31, 2023), the Senior Managers
   and Certification Regime (SM&CR), and the FCA's emerging AI
   accountability framework as informed by the Mills Review (2026) and
   the FCA's research on algorithmic decision-making.

   The profile -- designated DutyMark -- specifies how OMP's
   deterministic routing invariant, Watchtower enforcement framework,
   and three-layer cryptographic integrity architecture satisfy the
   evidence requirements for Consumer Duty outcome testing, SM&CR named
   accountability, and FCA supervisory examination of AI-assisted retail
   financial services decisions.  The profile covers the four Consumer
   Duty outcome areas and FCA agent distribution oversight.

   The OMP core specification is defined in the Operating Model Protocol
   Internet-Draft (draft-veridom-omp).

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 7 October 2026.



Adebayo, et al.          Expires 7 October 2026                 [Page 1]

Internet-Draft        OMP FCA Consumer Duty Profile           April 2026


Copyright Notice

   Copyright (c) 2026 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   4
   3.  FCA Regulatory Framework Analysis . . . . . . . . . . . . . .   4
     3.1.  Consumer Duty (PS22/9)  . . . . . . . . . . . . . . . . .   5
     3.2.  SM&CR: Named Accountability for AI Decisions  . . . . . .   5
     3.3.  FCA Mills Review and AI Accountability  . . . . . . . . .   5
     3.4.  FCA Agent Distribution Oversight  . . . . . . . . . . . .   5
   4.  OMP DutyMark Profile  . . . . . . . . . . . . . . . . . . . .   6
     4.1.  Routing States Under This Profile . . . . . . . . . . . .   6
     4.2.  Named Accountable Officer: The FCA-Accountable
           Individual  . . . . . . . . . . . . . . . . . . . . . . .   6
     4.3.  Confidence Score Configuration  . . . . . . . . . . . . .   7
     4.4.  Watchtower Definitions  . . . . . . . . . . . . . . . . .   7
       4.4.1.  WT-FCA-01: Foreseeable Harm Prevention Gate . . . . .   7
       4.4.2.  WT-FCA-02: Price and Value Fairness Gate  . . . . . .   7
       4.4.3.  WT-FCA-03: Vulnerable Customer Gate . . . . . . . . .   7
       4.4.4.  WT-FCA-04: Consumer Understanding Gate  . . . . . . .   8
       4.4.5.  WT-FCA-05: Suitability and Appropriateness Gate . . .   8
       4.4.6.  WT-FCA-06: Agent Distribution Chain Gate  . . . . . .   8
     4.5.  Audit Trace Schema Extensions . . . . . . . . . . . . . .   9
   5.  Consumer Duty Outcome Mapping . . . . . . . . . . . . . . . .  10
   6.  Agent Distribution Oversight  . . . . . . . . . . . . . . . .  10
   7.  The DutyMark Invariant  . . . . . . . . . . . . . . . . . . .  10
   8.  SM&CR Accountability Record . . . . . . . . . . . . . . . . .  11
   9.  FCA Supervisory Examination Package . . . . . . . . . . . . .  11
   10. Security Considerations . . . . . . . . . . . . . . . . . . .  12
   11. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  12
   12. References  . . . . . . . . . . . . . . . . . . . . . . . . .  12
     12.1.  Normative References . . . . . . . . . . . . . . . . . .  12
     12.2.  Informative References . . . . . . . . . . . . . . . . .  13
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  14







Adebayo, et al.          Expires 7 October 2026                 [Page 2]

Internet-Draft        OMP FCA Consumer Duty Profile           April 2026


1.  Introduction

   The FCA's Consumer Duty (PS22/9) established a new standard of
   conduct for retail financial services firms, requiring that firms act
   to deliver good outcomes for retail customers across four outcome
   areas: products and services, price and value, consumer
   understanding, and consumer support.  The Duty requires firms to take
   positive action to deliver good outcomes -- a substantive shift from
   the previous Treating Customers Fairly (TCF) standard.

   As AI systems take increasing roles in retail financial services
   decisions, the Consumer Duty creates a specific evidence problem.
   The FCA requires firms to monitor and evidence consumer outcomes.
   Where AI systems contribute to those outcomes, firms must demonstrate
   that the AI system's contribution was consistent with the Duty: that
   it supported good outcomes, treated vulnerable customers
   appropriately, and did not introduce systematic unfairness.

   Simultaneously, the SM&CR requires that firms identify named Senior
   Managers responsible for each material area of firm activity.  Where
   AI systems make or materially contribute to decisions, firms must
   demonstrate that a named, accountable Senior Manager bears
   responsibility and exercises genuine oversight of individual
   decisions at scale.

   The Mills Review (2026) identified the inability to demonstrate AI
   decision accountability at the interaction level as a material gap in
   current firm compliance architectures.  The FCA has signalled that
   its supervisory expectations for AI governance evidence will increase
   as AI deployment in retail financial services accelerates.

   This document defines the DutyMark profile: the domain-specific
   instantiation of OMP [I-D.veridom-omp] for FCA-regulated AI
   deployments in UK retail financial services.  DutyMark denotes that
   each AI decision is cryptographically marked against the firm's
   Consumer Duty obligations, producing a tamper-evident record
   demonstrating positive action to deliver good outcomes at the
   individual interaction level.

   Related OMP domain profiles include the AI Liability Insurance
   profile [I-D.veridom-omp-aiins] and the EU AI Act Article 12 profile
   [I-D.veridom-omp-euaia].  The OMP specification is also archived at
   [ZENODO-OMP].

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119] [RFC8174].




Adebayo, et al.          Expires 7 October 2026                 [Page 3]

Internet-Draft        OMP FCA Consumer Duty Profile           April 2026


2.  Terminology

   This document uses the terminology defined in [I-D.veridom-omp].  In
   addition:

   Consumer Duty  The FCA's Consumer Principle (PRIN 12) and associated
      cross-cutting rules and outcome rules established by Policy
      Statement PS22/9, effective July 31, 2023.

   Good Outcome  A consumer outcome that meets the standard required
      under Consumer Duty: the firm has acted to deliver what a
      reasonable firm would consider a good outcome for the retail
      customer in the relevant circumstances.

   Vulnerable Customer  A customer who, due to their personal
      circumstances, is especially susceptible to harm, particularly
      when a firm is not acting with appropriate levels of care, as
      defined in FCA Guidance FG21/1 [FCA-FG21-1].

   Accountable Executive  The Senior Manager with SM&CR responsibility
      for the AI system's governance or for the business area in which
      the AI system operates.  The Named Accountable Officer for
      ASSISTED and ESCALATED interactions above the configured
      significance threshold under this profile.

   Consumer Duty Outcome Area  One of the four outcome areas specified
      in PS22/9: products and services, price and value, consumer
      understanding, consumer support.

   DutyMark Invariant  The two-property invariant defined in Section 7:
      every AI-assisted retail financial services interaction generates
      a sealed DutyMark Audit Trace demonstrating Consumer Duty
      consistency, independently verifiable without access to the firm's
      infrastructure.

   Principal Firm  An FCA-authorised firm that appoints agents and bears
      regulatory responsibility for the conduct of those agents under
      FSMA Section 39.

3.  FCA Regulatory Framework Analysis











Adebayo, et al.          Expires 7 October 2026                 [Page 4]

Internet-Draft        OMP FCA Consumer Duty Profile           April 2026


3.1.  Consumer Duty (PS22/9)

   The Consumer Duty [FCA-PS22-9] has three elements: Consumer Principle
   (PRIN 12) requiring firms to act to deliver good outcomes; cross-
   cutting rules requiring firms to act in good faith, avoid foreseeable
   harm, and enable customers to pursue their financial objectives; and
   outcome rules across the four outcome areas.  Firms must monitor,
   regularly review, and be able to demonstrate to the FCA how their
   activities deliver good outcomes.  Where AI systems contribute to
   outcomes, firms must demonstrate consistency with the Duty at the
   interaction level.

3.2.  SM&CR: Named Accountability for AI Decisions

   The SM&CR requires named Senior Managers responsible for each
   material area of firm activity.  For AI systems, firms must
   demonstrate that a named Senior Manager has been allocated AI
   governance responsibility, exercises genuine oversight of AI
   decisions (not merely formal responsibility), and that this oversight
   is evidenced at the interaction level.  The OMP Named Accountable
   Officer mechanism maps directly onto this structure: for every
   ASSISTED or ESCALATED interaction, the Accountable Executive is
   identified and their review decision sealed in the DutyMark Audit
   Trace.

3.3.  FCA Mills Review and AI Accountability

   The Mills Review (2026) identified four material gaps: firms can
   describe AI governance processes but cannot demonstrate at the
   interaction level that those processes were followed; AI
   recommendations are not consistently recorded alongside human
   decisions; vulnerable customer identification and treatment by AI
   systems is not evidenced at the interaction level; and the
   accountability chain from individual AI decisions to named SM&CR
   Senior Managers is absent in most firms.  These are precisely the
   gaps the DutyMark profile closes.

3.4.  FCA Agent Distribution Oversight

   Under FSMA Section 39, principal firms bear regulatory responsibility
   for appointed representatives' conduct.  For Consumer Duty purposes,
   principal firms are responsible for ensuring AI-assisted decisions
   made by appointed representatives deliver good outcomes -- even where
   the AI system is deployed by the representative, not the principal.
   Section 6 specifies how OMP's chain integrity architecture addresses
   this challenge.





Adebayo, et al.          Expires 7 October 2026                 [Page 5]

Internet-Draft        OMP FCA Consumer Duty Profile           April 2026


4.  OMP DutyMark Profile

4.1.  Routing States Under This Profile

   AUTONOMOUS  Permitted only where: the interaction type and customer
      segment have been assessed as appropriate for autonomous
      determination; AI confidence meets the AUTONOMOUS threshold; no
      Watchtower has triggered; and the customer has not been flagged as
      potentially vulnerable by WT-FCA-03.  The DutyMark Audit Trace
      MUST document the basis for autonomous determination.

   ASSISTED  Standard routing for interactions above the significance
      threshold, involving potentially vulnerable customers, or where
      Consumer Duty considerations require Accountable Executive review.
      The Accountable Executive's identity, review timestamp, and
      outcome assessment are sealed in the DutyMark Audit Trace.

   ESCALATED  Triggered by Watchtower detection of potential foreseeable
      harm (WT-FCA-01), price or value unfairness (WT-FCA-02),
      vulnerable customer indicator (WT-FCA-03), consumer understanding
      failure (WT-FCA-04), or suitability concern (WT-FCA-05).  The
      interaction MUST NOT be finalised until Accountable Executive
      review.

4.2.  Named Accountable Officer: The FCA-Accountable Individual

   The Named Accountable Officer under this profile is the Accountable
   Executive: the Senior Manager with SM&CR responsibility for the AI
   system's governance.  Required fields in the Accountable Executive
   record:

   *  accountable_executive_id: FCA Individual Reference Number (IRN) or
      stable internal identifier;

   *  accountable_executive_smcr_function: SM&CR Senior Manager Function
      designation (e.g., SMF3, SMF4, SMF16);

   *  review_timestamp: ISO 8601 UTC of the review action;

   *  outcome_assessment: one of GOOD_OUTCOME, REMEDIATION_REQUIRED,
      ESCALATION_TO_COMPLAINTS;

   *  vulnerability_response: REQUIRED where WT-FCA-03 was triggered.








Adebayo, et al.          Expires 7 October 2026                 [Page 6]

Internet-Draft        OMP FCA Consumer Duty Profile           April 2026


4.3.  Confidence Score Configuration

   C_p (policy compliance) reflects the AI system's evaluation against
   the firm's Consumer Duty policies.  A value of 0.0 MUST force
   ESCALATED routing.  C_d (data completeness) reflects the completeness
   of customer data; where data is incomplete in ways that may affect
   outcome quality, C_d MUST be reduced to trigger ASSISTED routing.
   C_m reflects the AI system's own confidence in its recommendation.

4.4.  Watchtower Definitions

4.4.1.  WT-FCA-01: Foreseeable Harm Prevention Gate

   *Trigger:* AI recommendation would foreseeably cause harm based on
   the firm's Consumer Duty harm assessment framework.

   *Action:* HARD_BLOCK for immediate harm; FORCE_ESCALATED for
   foreseeable harm requiring Accountable Executive assessment.

   *Rationale:* The Consumer Duty cross-cutting rule requires firms to
   avoid causing foreseeable harm.  This Watchtower enforces the
   avoidance obligation structurally: AI recommendations that
   foreseeably harm retail customers cannot proceed without Accountable
   Executive review, and cannot proceed at all where immediate harm is
   detected.

4.4.2.  WT-FCA-02: Price and Value Fairness Gate

   *Trigger:* AI pricing or value determination falls outside the firm's
   Consumer Duty price and value framework.

   *Action:* FORCE_ESCALATED.  Accountable Executive reviews and either
   approves with documented justification or modifies the outcome.

   *Rationale:* PS22/9 [FCA-PS22-9] requires firms to ensure price
   represents fair value.  AI-assisted pricing must be evidenced at the
   interaction level as consistent with this requirement.  Watchtower
   configuration MUST be reviewable by the FCA upon supervisory request.

4.4.3.  WT-FCA-03: Vulnerable Customer Gate

   *Trigger:* Any indicator of characteristics of vulnerability as
   defined in FCA Guidance FG21/1 [FCA-FG21-1]: disclosed financial
   difficulty, health condition, recent life event, low financial
   capability score, or pattern consistent with vulnerability
   indicators.





Adebayo, et al.          Expires 7 October 2026                 [Page 7]

Internet-Draft        OMP FCA Consumer Duty Profile           April 2026


   *Action:* FORCE_ASSISTED for a single vulnerability indicator;
   FORCE_ESCALATED for multiple indicators or confirmed vulnerability
   disclosure.

   *Rationale:* FG21/1 requires firms to identify and respond
   appropriately to vulnerable customers.  AI systems applying standard
   processing to customers displaying vulnerability indicators fail this
   obligation.  This Watchtower ensures vulnerability indicators
   generate a mandatory review record and Accountable Executive
   response.

4.4.4.  WT-FCA-04: Consumer Understanding Gate

   *Trigger:* AI-generated customer communication does not meet the
   firm's Consumer Duty consumer understanding standards.

   *Action:* FORCE_ESCALATED.  Accountable Executive reviews and
   approves or requires revision before delivery.

   *Rationale:* PS22/9 [FCA-PS22-9] requires firms to ensure retail
   customers receive communications they can understand.  AI-generated
   communications failing the firm's understanding standards cannot be
   sent without Accountable Executive approval.

4.4.5.  WT-FCA-05: Suitability and Appropriateness Gate

   *Trigger:* For AI-assisted investment, pension, or protection
   recommendations: recommendation does not meet suitability or
   appropriateness standards under COBS or ICOBS.

   *Action:* HARD_BLOCK for unsuitable recommendations; FORCE_ESCALATED
   for appropriateness questions.

   *Rationale:* Suitability and appropriateness requirements under COBS
   and ICOBS are not discharged by AI recommendations without human
   oversight.  AI-assisted suitability determinations failing the
   applicable standard are blocked before reaching the customer.

4.4.6.  WT-FCA-06: Agent Distribution Chain Gate

   *Trigger:* For principal firms: any distribution chain AI interaction
   where the appointed representative's system has not generated a
   conformant DutyMark Audit Trace.

   *Action:* FORCE_ESCALATED.  Principal firm's Accountable Executive is
   notified of the distribution chain evidence gap.





Adebayo, et al.          Expires 7 October 2026                 [Page 8]

Internet-Draft        OMP FCA Consumer Duty Profile           April 2026


   *Rationale:* Principal firms bear Consumer Duty responsibility for
   their distribution chain under FSMA Section 39.  This Watchtower
   enables principal firms to identify distribution chain evidence gaps
   before they become FCA supervisory issues.

4.5.  Audit Trace Schema Extensions

   The following fields are REQUIRED under the DutyMark profile, in
   addition to core fields in [I-D.veridom-omp] Section 7:

   *  consumer_duty_outcome_area: string, REQUIRED.  One of:
      "products_and_services", "price_and_value",
      "consumer_understanding", "consumer_support".

   *  consumer_outcome_assessment: string, REQUIRED.  One of:
      "good_outcome", "outcome_uncertain", "remediation_required".

   *  vulnerability_indicators: array of strings, REQUIRED if WT-FCA-03
      triggered; empty array otherwise.  Values from FCA FG21/1
      taxonomy.

   *  accountable_executive_id: string, REQUIRED for ASSISTED and
      ESCALATED; NULL for AUTONOMOUS below significance threshold.
      SHOULD be the FCA IRN.

   *  accountable_executive_smcr_function: string, REQUIRED where
      accountable_executive_id is non-null.

   *  outcome_assessment: string, REQUIRED for ASSISTED and ESCALATED.
      One of: GOOD_OUTCOME, REMEDIATION_REQUIRED,
      ESCALATION_TO_COMPLAINTS.

   *  distribution_chain_flag: boolean, REQUIRED.  True if interaction
      was generated by or on behalf of an appointed representative.

   *  principal_firm_id: string, REQUIRED if distribution_chain_flag is
      true.  FCA Firm Reference Number (FRN) of the principal firm.

   *  consumer_duty_board_report_period: string, OPTIONAL.  Identifier
      for the Consumer Duty annual board reporting period.

   *  profile_version: string, REQUIRED.  MUST be "VERIDOM-DUTYMARK-
      v1.0".








Adebayo, et al.          Expires 7 October 2026                 [Page 9]

Internet-Draft        OMP FCA Consumer Duty Profile           April 2026


5.  Consumer Duty Outcome Mapping

   For products and services: WT-FCA-05 MUST be active for all AI-
   assisted product recommendations where suitability or appropriateness
   requirements apply under COBS or ICOBS. consumer_duty_outcome_area
   MUST be set to "products_and_services".

   For price and value: WT-FCA-02 MUST be active for all AI-assisted
   pricing interactions, with documented fairness parameters derived
   from the firm's Consumer Duty price and value assessment framework
   and reviewable by the FCA upon supervisory request.

   For consumer understanding: WT-FCA-04 MUST be active for all AI-
   generated communications to retail customers, with documented
   readability and comprehension standards appropriate to the customer
   segments served.

   For consumer support: WT-FCA-01 and WT-FCA-03 MUST be active for all
   AI-assisted customer support interactions.  AI-assisted systems MUST
   immediately route to ESCALATED any customer who indicates they wish
   to speak to a human representative.

6.  Agent Distribution Oversight

   The DutyMark profile addresses principal firm distribution oversight
   through a two-level architecture.  At the appointed representative
   level, the representative's AI system implements DutyMark and
   generates Audit Traces for each interaction, provided to the
   principal firm as part of the distribution oversight framework.  At
   the principal firm level, WT-FCA-06 verifies that distribution chain
   interactions are generating conformant DutyMark Audit Traces.  Where
   a chain interaction lacks a conformant Trace, WT-FCA-06 triggers
   ESCALATED at the principal firm level.

   The OMP chain integrity architecture ensures that DutyMark Audit
   Traces from appointed representative systems are sealed in a way the
   principal firm and FCA can verify independently, without relying on
   the appointed representative's self-reporting.  Principal firms MUST
   document their distribution chain oversight arrangements in their
   Consumer Duty monitoring framework.

7.  The DutyMark Invariant

   Implementations of this profile MUST satisfy the following two-
   property invariant:

   Property 1 (Outcome evidence completeness)  Every AI-assisted retail




Adebayo, et al.          Expires 7 October 2026                [Page 10]

Internet-Draft        OMP FCA Consumer Duty Profile           April 2026


      financial services interaction contributing to a consumer outcome
      MUST generate a sealed DutyMark Audit Trace documenting the
      Consumer Duty outcome area, consumer outcome assessment, any
      vulnerability indicators, and (for ASSISTED and ESCALATED
      interactions) the Accountable Executive's identity and outcome
      determination.

   Property 2 (Immutable trail)  The DutyMark Audit Trace MUST be sealed
      with the three-layer integrity architecture defined in
      [I-D.veridom-omp] Section 7, using JSON canonicalization per
      [RFC8785].  Any modification to any historical record MUST be
      detectable by any third party -- including the FCA -- without
      access to the firm's or OMP implementer's infrastructure.

   A firm satisfying the DutyMark Invariant can demonstrate to the FCA,
   for any interaction: the Consumer Duty outcome area; whether the AI
   system assessed a good, uncertain, or remediation-required outcome;
   whether vulnerability indicators were detected and how they were
   responded to; whether the Accountable Executive reviewed the
   interaction and their outcome determination; and that the record has
   not been altered since sealing.

8.  SM&CR Accountability Record

   The accountable_executive_id and accountable_executive_smcr_function
   fields create a sealed SM&CR Accountability Record for every ASSISTED
   and ESCALATED interaction: a tamper-evident record naming the Senior
   Manager who exercised oversight of the specific AI recommendation.
   Firms undergoing FCA supervisory examination of their SM&CR mapping
   for AI systems can present the DutyMark Audit Trace stream as
   contemporaneous evidence that SM&CR accountability is exercised in
   practice, not only in governance documentation.

   For Consumer Duty annual board reporting, firms MAY use the DutyMark
   Audit Trace stream aggregated by consumer_duty_board_report_period as
   the primary evidence source for the board's Consumer Duty outcome
   monitoring.

9.  FCA Supervisory Examination Package

   Upon FCA supervisory request, a firm implementing DutyMark MUST
   produce a Supervisory Examination Package for any specified period
   containing: all sealed DutyMark Audit Traces organised by
   consumer_duty_outcome_area and routing_outcome; chain integrity proof
   (SHA-256 Merkle root and chain paths); Timestamp Authority (per
   [RFC3161]) verification from the OMP Reference Validator
   [OMP-OPEN-CORE]; outcome distribution summary by outcome area and
   interaction type; vulnerability response record summarising WT-FCA-03



Adebayo, et al.          Expires 7 October 2026                [Page 11]

Internet-Draft        OMP FCA Consumer Duty Profile           April 2026


   activations; SM&CR accountability record listing Accountable
   Executives and their SM&CR functions; and for principal firms, a
   distribution chain summary of WT-FCA-06 activations.

   The package MUST be producible within 30 seconds for any specified
   period.  It is self-contained: the FCA, a skilled person reviewer, or
   an independent auditor can verify its integrity using only the OMP
   Reference Validator and the Timestamp Authority's public key
   material, without access to the firm's systems.

10.  Security Considerations

   The security considerations of [I-D.veridom-omp] apply in full.

   Accountable Executive identity: accountable_executive_id SHOULD be
   the FCA IRN.  Where it is not, operators MUST maintain an audit-grade
   mapping between the internal identifier and the individual's IRN,
   available for FCA supervisory inspection.

   Vulnerability data sensitivity: The vulnerability_indicators field
   may contain sensitive personal data.  Operators MUST implement
   appropriate access controls consistent with UK GDPR and FCA consumer
   data protection expectations.

   Distribution chain integrity: For principal firms, chain integrity of
   DutyMark Audit Traces from appointed representative systems MUST be
   verifiable by the principal firm.  Appointed representative systems
   MUST implement the full three-layer integrity architecture, not
   merely local logging.

   Retrospective documentation: DutyMark Audit Traces MUST be generated
   at the moment of the AI decision, not retrospectively.  Any mechanism
   allowing retrospective creation or modification of Audit Traces is
   inconsistent with this profile.

11.  IANA Considerations

   This document has no IANA actions.

12.  References

12.1.  Normative References









Adebayo, et al.          Expires 7 October 2026                [Page 12]

Internet-Draft        OMP FCA Consumer Duty Profile           April 2026


   [I-D.veridom-omp]
              Adebayo, T., Apalowo, O., and F. Makanjuola, "Operating
              Model Protocol (OMP): A Deterministic Decision-Enforcement
              Protocol with Externalized Proof-of-Integrity", Work in
              Progress, Internet-Draft, draft-veridom-omp-00, March
              2026, <https://datatracker.ietf.org/doc/html/draft-
              veridom-omp-00>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC3161]  Adams, C., Cain, P., Pinkas, D., and R. Zuccherato,
              "Internet X.509 Public Key Infrastructure Time-Stamp
              Protocol (TSP)", RFC 3161, August 2001,
              <https://www.rfc-editor.org/info/rfc3161>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, May 2017,
              <https://www.rfc-editor.org/info/rfc8174>.

   [RFC8785]  Rundgren, A., Jordan, B., and S. Erdtman, "JSON
              Canonicalization Scheme (JCS)", RFC 8785, June 2020,
              <https://www.rfc-editor.org/info/rfc8785>.

12.2.  Informative References

   [FCA-FG21-1]
              Financial Conduct Authority, "FG21/1: Guidance for firms
              on the fair treatment of vulnerable customers", February
              2021.

   [FCA-PS22-9]
              Financial Conduct Authority, "PS22/9: A new Consumer Duty
              -- Feedback to CP21/36 and final rules", July 2022.

   [I-D.veridom-omp-aiins]
              Adebayo, T., Apalowo, O., and F. Makanjuola, "OMP Domain
              Profile: AI Liability Insurance Underwriting and
              Parametric Claims Evidence", Work in Progress, Internet-
              Draft, draft-veridom-omp-aiins-00, April 2026,
              <https://datatracker.ietf.org/doc/html/draft-veridom-omp-
              aiins-00>.

   [I-D.veridom-omp-euaia]
              Adebayo, T., Apalowo, O., and F. Makanjuola, "OMP Domain
              Profile: EU AI Act Article 12 Logging and Traceability
              Requirements for High-Risk AI System Operators", Work in



Adebayo, et al.          Expires 7 October 2026                [Page 13]

Internet-Draft        OMP FCA Consumer Duty Profile           April 2026


              Progress, Internet-Draft, draft-veridom-omp-euaia-00,
              April 2026, <https://datatracker.ietf.org/doc/html/draft-
              veridom-omp-euaia-00>.

   [OMP-OPEN-CORE]
              Veridom Ltd, "OMP Open Core: Reference Validator and
              Schema Library",  Apache 2.0,
              https://github.com/veridomltd/omp-open-core, 2026.

   [ZENODO-OMP]
              Adebayo, T., Apalowo, O., and F. Makanjuola, "OMP --
              Operating Model Protocol: A Deterministic Routing
              Invariant for Tamper-Evident AI Decision Accountability in
              Regulated Industries", Zenodo DOI 10.5281/zenodo.19140948,
              March 2026.

Authors' Addresses

   Tolulope Adebayo
   Veridom Ltd
   London
   United Kingdom
   Email: tolulope@veridom.io


   Oluropo Apalowo
   Veridom Ltd
   Awka
   Nigeria
   Email: ropo@veridom.io


   Festus Makanjuola
   Veridom Ltd
   Toronto
   Canada
   Email: festus@veridom.io














Adebayo, et al.          Expires 7 October 2026                [Page 14]
