27 May 2026

Mercury hitting a $5.2 billion valuation is interesting enough, but the real story is the OCC approval to become a federally regulated bank. That is the moment fintech stops being a distribution layer bolted onto someone else's balance sheet and becomes the actual institution.

The partner bank model has always been a constraint dressed up as a feature. You get speed to market, regulatory shelter, and someone else's banking licence. In return, you accept margin compression, dependency risk, and a ceiling on what products you can actually build. Mercury has grown to $650 million annualised revenue inside that constraint. Imagine what the unit economics look like when they remove the intermediary.

This matters for UK consumer finance leaders because we are watching the same structural tension play out here, just on a different regulatory timeline. The FCA's authorisation process is long and expensive, so most fintechs partner with e-money institutions or credit licence holders rather than applying themselves. That produces exactly the same ceiling Mercury is now trying to break through.

• The fintechs that own their regulatory permissions will eventually outcompete those that rent them, on margin and on product flexibility.
• Four years of profitability before pursuing a charter is the right sequencing. You build the business first, then the infrastructure.

What strikes me about Mercury is that they have been disciplined about this. They did not chase a banking licence as a founding ambition. They built a product customers wanted, got to sustainable economics, and now they are removing the structural cap on growth. That is a more credible path than the UK fintechs that applied for full bank authorisation on the back of a pitch deck and a promise.

The question for anyone building in UK consumer credit right now is whether your regulatory model is an asset or a liability five years from now.

Marc Benioff telling the world he wishes customers could fully deploy Salesforce before signing is an extraordinary thing for a CEO to say out loud. He's describing a procurement model that his entire business was built to prevent. The fact he said it anyway tells you how much pressure the agentic era is putting on enterprise software's oldest trick: sell the vision, then spend three years making it real.

This matters directly for anyone buying or building loan origination or decisioning platforms in the UK right now.

For years, the sales cycle in financial services technology ran on relationships, reference customers, and roadmap promises. You'd buy the platform that had the right logo on slide four and the right people at the golf day. Delivery was a later problem. That model worked when switching costs were high and integrations took eighteen months anyway.

AI agents are collapsing that timeline from both ends. The tools that actually work show results in weeks, not quarters. And the tools that don't work are visibly failing by week six, not hidden behind a two-year implementation programme. There's nowhere to hide anymore.

For technology leaders in consumer credit, this creates two immediate pressures:

• Your existing vendors are going to repackage their roadmaps as agentic capability. Demand working pilots, not slide decks.
• Your own build versus buy calculus has shifted. The cost of getting it wrong early is lower than it used to be, which means experimentation is cheaper and waiting is more expensive.

Benioff's honesty is useful precisely because it's uncomfortable. The biggest SaaS company in history is publicly acknowledging that proof of value now has to come before commitment, and that growth belongs to the founders who can demonstrate $2M becoming $500M, not the ones who can promise it.

The question for anyone signing a significant technology contract in UK financial services this year is simple: what does day 30 actually look like, and will the vendor put that in writing?

Microsoft open-sourcing RAMPART and Clarity this week should matter to anyone running AI agents in a regulated environment. Most of the conversation in UK fintech about agentic AI has focused on what these systems can do. Very little attention is being paid to what they can be made to do.

Cross-prompt injection is the attack pattern worth understanding here. An AI agent processing a customer document, summarising an email thread, or pulling data from a third-party source can be manipulated through content embedded in that source material. The agent follows instructions it was never meant to receive. In a consumer credit context, that is not an abstract security risk. It touches affordability assessments, fraud checks, and customer communication, all areas where the FCA has direct supervisory interest.

The more interesting of the two tools is Clarity, the design-phase pressure-tester. The instinct in most delivery teams is to bolt security onto a system once it is built. Clarity pushes back on that by forcing design assumptions to be examined before a line of code is written. For teams building loan origination workflows with agentic components, that kind of structured challenge at the design stage is genuinely valuable. It is also the kind of documented governance artefact that a regulator might reasonably want to see.

RAMPART being Pytest-native is a practical signal too. This is not a specialist security tool requiring a separate team. It sits inside the development workflow that engineering teams already use.

The FCA's expectations around model risk and AI governance are still forming, but the direction of travel is clear. Firms that treat agent security as a development concern owned entirely by engineers are going to find themselves exposed. The question for technology and compliance leaders is whether their current AI governance frameworks even contemplate the attack surface that agentic systems introduce.

Google's agentic web announcements from I/O 2026 deserve more attention from UK financial services than they're getting. The WebMCP standard and dedicated agent DevTools aren't incremental browser features. They represent a formal infrastructure layer for AI agents to interact with websites autonomously, and that changes the threat and opportunity surface for every consumer credit platform.

Think about what that means in practice. An AI agent running in a customer's browser can now navigate loan comparison journeys, extract product terms, complete application forms, and act on behalf of the user with far greater reliability than today's scraping-based approaches. That's not a future scenario. The tooling to build this is shipping now.

For consumer credit brokers, two things follow from this directly:

• Your customer journey was designed for humans. Form logic, affordability question sequencing, consent flows - none of it was built with autonomous agents in mind. Some of that will break in unexpected ways.
• The FCA's consumer duty obligations apply regardless of whether a human or an agent completes an application. If an agent misrepresents a product's terms or skips a disclosure, accountability doesn't disappear. It just becomes harder to trace.

The on-device angle is equally significant. Gemma 197M running locally in Chrome means inference without a server call, without data leaving the device. For open banking and affordability assessment, that's a genuine privacy architecture shift worth exploring.

Most lenders and brokers are still treating AI as a back-office automation question. The browser is becoming the deployment environment. The question worth sitting with is whether your origination platform is visible and navigable to agents, or whether it's about to become a dead end in someone else's automated journey.

The most expensive lesson in enterprise AI right now is that the hard part was never the model. It was always the plumbing.

Boomi's positioning at their 2026 event makes complete sense once you've tried to deploy anything beyond a demo-grade AI agent in a real financial services environment. The moment your agent needs to check a customer's credit file, update a CRM record, trigger a workflow in your loan origination system, and log the interaction for compliance purposes, you're not solving an AI problem anymore. You're solving the same fragmented SaaS integration problem that's been sitting in your architecture backlog for five years.

For consumer credit brokers and lenders specifically, this matters more than in most sectors. We operate across a stack that typically includes:

• A loan origination system that predates most modern API standards
• Credit bureau connections with their own authentication quirks
• Affordability and open banking data providers running separate identity models
• FCA-mandated audit trails that need to capture decision logic, not just outcomes

An AI agent sitting on top of that without proper orchestration and governance isn't an intelligent system. It's a liability that moves faster than your controls can track.

The iPaaS vendors stepping back into the centre of architecture conversations isn't a backward move. It reflects something that AI enthusiasm glossed over: identity, workflow coordination, and API governance aren't solved problems in most enterprises. They were tolerable problems when humans were doing the joining up. Agents executing at machine speed make the gaps catastrophic.

The question for technology leaders in UK consumer finance isn't whether to adopt agentic AI. It's whether your integration layer can actually support it with the auditability that the FCA will eventually require. Most organisations I talk to would struggle to answer that with confidence.

Automation Anywhere's EnterpriseClaw launch is getting attention for the brand names attached to it — Cisco, NVIDIA, OpenAI, Okta. But the detail that matters for anyone running financial services technology is what sits between those names: centralised orchestration and governance controls built into the stack from the start.

Most AI agent deployments I see in consumer finance are still being built the other way around. Teams ship an agent, it works, then someone asks the obvious questions about audit trails, access controls, and what happens when it touches customer data. Governance gets retrofitted, which is always messier and more expensive than designing for it upfront.

What this launch signals is that the enterprise software market is starting to treat agent governance as a first-class problem. Identity (Okta), security (Cisco), and infrastructure (NVIDIA) are not bolted on here — they're positioned as the foundation. That's a meaningful shift.

For UK consumer finance, this matters for two reasons.

• FCA expects firms to demonstrate control over automated decision-making. An agent that can act across cloud, desktop, and on-prem systems without a clear governance layer is a regulatory exposure, not just a technical risk.
• Multi-vendor stacks are where accountability gets blurry. When an AI agent fails or produces a poor customer outcome, you need to know which component failed and why. Centralised orchestration makes that traceable.

The honest question is whether a multi-vendor platform actually delivers coherent governance or just moves the complexity somewhere less visible. Four major technology companies aligning on a shared architecture is commercially interesting. Whether the integration is deep enough to give compliance and risk teams what they actually need is something we won't know until firms start running it in production.

Anyone evaluating agentic AI for loan origination or customer servicing should be asking vendors that question directly, before the pilot, not after.