Regulation & Safety
Different infrastructure does not mean less safe. ADHD Financial Guardian operates within UK financial services regulation, prioritizing consumer protection and vulnerable customer safeguards.
FCA Authorization Pathway
FLI is pursuing Financial Conduct Authority (FCA) authorization as a Payment Initiation Service Provider under the Payment Services Regulations 2017.
This authorization permits direct bill payment execution on behalf of customers. It is the same regulatory framework that Starling Bank, Monzo, and Revolut operate under.
Innovation Pathways Programme
Application prepared for FCA Innovation Pathways programme, designed to support innovative firms navigating authorization. Provides dedicated case officer support, regulatory feedback, and streamlined authorization process.
Regulatory Sandbox Option
Following Innovation Pathways, FLI may enter FCA Regulatory Sandbox for controlled testing with 1000 real customers under FCA supervision. Sandbox enables evidence gathering while maintaining full consumer protection.
Current Status
Pre-authorization phase. System operational through manual execution pending PISP authorization. Innovation Pathways application submission target Q1 2026.
Open Banking Infrastructure
ADHD Financial Guardian operates on UK Open Banking infrastructure, mandatory since January 2018 following Competition and Markets Authority ruling.
This is not experimental technology. It is the same system your bank app uses.
Regulated Access
Open Banking provides FCA-regulated access to customer bank accounts via standardized APIs. All access requires explicit customer consent, revocable at any time.
Security Standards
Open Banking mandates strong customer authentication (two-factor), encrypted data transmission, and regular security audits. Customer credentials never stored by third parties.
Payment Initiation Controls
PISP authorization permits payment initiation only with explicit per-transaction consent. No standing authorities for payment execution without user authorization.
Account Information Access
Real-time transaction monitoring and balance visibility provided through Account Information Service Provider (AISP) permissions. Read-only access. Cannot initiate payments without separate PISP authorization.
Vulnerable Customer Protections
FLI voluntarily adopts FCA vulnerable customer guidance as core design principle, not compliance minimum.
This means higher standards applied to everyone, not just identified vulnerable customers.
Consumer Duty Obligations
Good outcomes: System designed to deliver measurable financial harm reduction (late fee prevention, emergency spending avoidance). Not claims — evidence.
Fair value: Pricing transparent, aligned with demonstrable benefit. Clinical validation establishes evidence base for value claims.
Consumer understanding: Clear explanation of autonomous operation model, override mechanisms, and data usage. No financial jargon without plain English tooltip.
Consumer support: Monthly structured reviews, responsive assistance, community peer support access. Real person reachable via email, not chatbot.
Why Voluntary Higher Standards
FCA recognizes executive dysfunction as vulnerability characteristic. FLI responds by eliminating rather than accommodating the coordination requirement that creates harm.
Product design incorporates vulnerability-aware features universally: graduated intervention frameworks preventing harm while preserving autonomy, evening-optimized communication timing, structured conversation formats reducing cognitive load.
Everyone gets clinical-grade protection. Not because it is required. Because it is right.
Data Protection & Privacy
GDPR Compliance
Full compliance with UK GDPR requirements including:
Lawful basis: Explicit consent for processing, legitimate interest for fraud prevention
Data minimization: Collect only essential information for autonomous operation
Purpose limitation: Data used only for stated autonomous operation purposes, never sold or shared for marketing
Sensitive Data Handling
Financial transaction data classified as sensitive. Additional safeguards include encryption at rest and in transit, access controls and audit logging, regular security assessments, incident response procedures.
Data Retention
Transaction data retained for regulatory compliance period (six years). Customers can request data deletion subject to legal retention obligations. Right to data portability enables export to alternative services.
Third-Party Sharing
Customer data never sold or shared for marketing purposes. Limited sharing only for regulated banking connections (Open Banking APIs), clinical research (with separate explicit consent, anonymized where possible), regulatory requirements (FCA supervision, law enforcement requests).
Clinical Validation & Ethics
This system makes health claims. Late fee reduction affects mental health. Financial security reduces anxiety.
Those claims require clinical evidence, not marketing assertions.
Research Ethics Approval
Clinical validation research requires NHS Research Ethics Committee approval before commencement. Ensures vulnerable population protections, informed consent procedures, and data governance standards.
Participant Safeguards
Research participation entirely voluntary. Withdrawal permitted at any time without affecting service access. Independent ethics oversight monitors participant wellbeing throughout study.
Community Involvement
ADHD community co-design throughout development ensures lived experience informs system design. Patient and Public Involvement (PPI) integrated into research protocols from inception.
What "Safe" Actually Means
Safe does not mean "prevents all risk." Safe means "quantified risk with informed consent."
You are not safe now. You are losing £880 to £1,320 annually to preventable coordination failures. That is the baseline risk.
ADHD Financial Guardian reduces that risk through autonomous execution while maintaining your control through override mechanisms.
Different infrastructure requires different safeguards. We are building those safeguards from day one, not adding them later when regulators notice.
FCA authorization. Clinical validation. Ethics approval. Audit trails. Override mechanisms. Transparent decision logging.
Not because they are minimum requirements. Because this system handles your money and your wellbeing deserves maximum protection.
Questions About Safety?
For enquiries about regulatory compliance, data protection, or vulnerable customer safeguards: