Skip to main content

Risk Taxonomy as Governance Infrastructure: Adaptation, Traceability and Industry-led Use Cases for Fintech Innovation

Risk taxonomies in financial services are often presented as stable classification models: a hierarchy of principal risks that supports aggregation, governance oversight, and regulatory reporting. This paper argues that such a view is incomplete. In practice, a risk taxonomy is a governance infrastructure shared across stakeholder communities, including firms, supervisors, regulators, and the risk profession. Its value depends on traceability.

By traceability, we mean the practical ability to track and explain how risk categories, data, judgments, mapping rules, and mitigations are defined, applied, changed, and communicated within and beyond an organisation. Traceability matters because the quality of risk management is rarely observable in real time. Weaknesses may only become visible much later as business performance outcomes, operational incidents, or supervisory concerns, at which point feedback is costly, and remediation may be too late for firms and the wider system.

For CFO and related decision-makers, the central issue is not whether a taxonomy contains the right high-level categories (which tend to be stable across major firms), but whether the organisation can operate the taxonomy reliably: govern changes, manage mappings and aggregation, and produce assurance-grade evidence that connects categories to decisions and outcomes

Conceptually, we position risk taxonomy as a boundary object: a shared artefact that different communities can use for their own purposes while recognising it as “the same thing.” A taxonomy must be robust enough to maintain comparability across firms and reporting regimes, yet flexible enough to adapt to local realities: portfolio differences, organisational structure, data maturity, and changes in technology and competition. This predictable tension does not imply failure; it highlights that the taxonomy is doing coordination work across communities. The design challenge is to make this coordination auditable.

Empirically, we review risk management disclosures in the annual reports of three large UK banks over 2022–2024. We code for risk categories, implied hierarchies, grouping logic, and signals of year-on-year change. We observe strong stability at the top level (credit, market, liquidity/capital, operational, conduct, financial crime, model risk and climate-related risk as recurring themes), with change occurring mainly through shifting emphasis, greater granularity, and increased attention to non-financial and resilience-related risks. The implication is that innovation opportunities are less about reinventing categories and more about strengthening the socio-technical system around the taxonomy: data lineage, mapping logic, change control, governance workflows, assurance, and explainability, including for data-sparse or emerging risks where judgement and scenario processes play a larger role.

The paper’s contribution is a proposal for industry-led use cases, as a portfolio of well-specified problem statements that large financial services firms can publish to invite targeted innovation from fintechs. Each use case is designed to be procurement-ready and assurance-aware. The portfolio is organised by decision ownership, minimum data inputs, workflow controls (audit trail, segregation of duties, approvals), outputs (MI, reporting support, evidence packs), and success measures (time and cost saved, reduction in reconciliation burden, fewer classification disputes, improved supervisory confidence).

We conclude with implications for the UK supervisor. Rather than advocating new rules, we propose that supervisory engagement can be strengthened by encouraging firms to set expectations for traceability-by-design around taxonomies. By this, we mean controlled change, transparent mapping between internal granularity and external reporting, auditable lineage from source data to risk decisions, and explicit governance of data-sparse risks., including scenarios, assumptions logs, and review cycles. These steps can reduce reporting friction while improving the credibility of risk disclosures and the resilience of firms and the system.

Read this research

About FRIL

The project is part of the Glasgow City Region Innovation Accelerator programme, funded through Innovate UK on behalf of UK Research and Innovation. The Innovation Accelerator programme is investing £130 million in 26 transformative R&D projects to accelerate the growth of three high-potential innovation clusters, including the Glasgow City Region.
Read more

Building Pre-Commercial Challenge Spaces: Innovation Calls, Regulatory Adaptation and Productivity Pathways in Financial Services

This paper examines how challenge-led innovation calls can help shape and guide the emergence of a business and policy ecosystem around current regulatory problems in financial services. Drawing on field materials from the first three Financial Regulation Innovation Lab (FRIL) innovation calls held in 2024, it argues that relatively small publicly supported challenge programmes can identify promising firms. As importantly, they can create structured pre-commercial spaces in which financial services companies, fintechs, and intermediaries can articulate common problems, test emerging solutions, and develop pathways towards pilots and adoption.


The paper is situated in a wider policy context in which productivity, innovation and sector growth have again become central concerns in UK policy. The UK’s Modern Industrial Strategy identifies Financial Services and Digital and Technologies among priority sectors for long-term growth, while recent policy developments around procurement innovation show growing interest in reducing barriers between innovative smaller firms and large institutional end users (UK Government, 2025a). The Productivity Institute, meanwhile, has argued for a broader understanding of productivity centred not only on output-input ratios but also on coordination, knowledge use, capability development and diffusion (Coyle, 2021; Jones, 2023; UK Government, 2025b; van Ark, de Vries and Pilat, 2024).


The paper treats FRIL as an intervention in productivity-relevant processes. Across the first three calls, the immediate challenges for financial-services firms were compliance-related: AI-enabled compliance simplification, ESG and sustainability compliance, and Consumer Duty compliance. Yet the practical work extended beyond compliance into data, reporting, governance, customer processes, and operational change. The first call was structured around sponsor-specific use cases, provided strong lead-user access, and tended towards concentrated matching within particular firms. Later calls, especially the ESG-focused second call, moved towards co-developed challenge statements and multi-sponsor backing, creating stronger conditions for shared learning, diffusion, and wider ecosystem formation.


It is too early to claim direct measured productivity gains at the programme level. However, the evidence from the three calls is sufficient to identify several plausible productivity pathways: clearer problem articulation, reduced search and matching frictions, faster pre-commercial validation, reduced manual effort in compliance-related processes, and stronger conditions for diffusion and reuse. The central policy lesson is that innovation calls work best when they are treated both as competitions for technical ideas, and as mechanisms for shaping and guiding pre-commercial ecosystems around current business and policy problems.

Read this research

About FRIL

About FRIL The project is part of the Glasgow City Region Innovation Accelerator programme, funded through Innovate UK on behalf of UK Research and Innovation. The Innovation Accelerator programme is investing £130 million in 26 transformative R&D projects to accelerate the growth of three high-potential innovation clusters, including the Glasgow City Region.
Read this reserach

Future-Ready Skills in Financial Regulation: AI, RegTech and ESG Leadership

Alessio Azzutti, John Finch and Xiang Li, of the University of Glasgow, introduce two new professional courses for our FinTech, Financial Services and Financial Regulation communities, introduced as part of the Financial Regulation Innovation Lab project.  Please do follow up with us by alessio.azzutti@glasgow.ac.uk, john.finch@glasgow.ac.uk, or xiang.li@glasgow.ac.uk

In today’s fast-changing and increasingly complex regulatory landscape, financial institutions face mounting challenges: rising compliance costs, increasingly sophisticated financial crime, outdated technological capabilities, and growing sustainability demands/pressures from stakeholders and activists. Faced with these pressures, professionals need to reskill and upskill, in particular in areas of AI, RegTech, and ESG leadership, to thrive and remain competitive.

About the Financial Regulation Innovation Lab (FRIL)

As part of the Financial Regulation Innovation Lab (FRIL), we are committed to promoting the flourishing of human capital, particularly deepening the expertise in financial regulation among financial services, fintechs and regulators. We aim to make our university’s educational offering easily accessible and directly relevant to industry professionals to support both career and organisational development. Aspiring to excellence in what we do, we introduce learner-centred active learning approaches and incorporate real-life challenges into our teaching that help our course participants address the challenges they experience at work and develop and implement appropriate solutions.

Our FRIL team at the University of Glasgow has spent two and a half years living and breathing financial regulation innovation alongside our colleagues in financial services, fintech and regulation. The FRIL project involves us all in co-developing and collaborating on action research, knowledge exchange, and innovation calls, and our skills development theme,  professional education courses, presented as short micro-credentials. By drawing together our insights from the FRIL project together with our expertise in research and learning and teaching in the University of Glasgow’s Adam Smith Business School and School of Law, we have developed two professional education courses in ‘AI, RegTech and Financial Compliance’ and ‘ESG Leadership’.

Our Learning Design Approach

Experiential and active learning inform our course design and approach to learning. This approach has been proven impactful in leadership, entrepreneurial, and professional education. It draws on wide-ranging experiences of working professionals in roles connected with the courses, across careers, supports participants in applying concepts and tools introduced in the course to workplaces, and facilitates reflections and discussions among participants through practical cases and in-course exercises.

The focus of the course content is informed by leading industry professionals involved in the action research and innovation calls, thereby ensuring close alignment with industry demands. Alongside expert-led lectures and interviews, participants immerse themselves in interactive activities—from tackling real-world compliance scenarios and innovation challenges to collaborative problem-solving with peers. This ensures learners move beyond concepts into the skills and confidence to navigate the complex intersection of financial regulation, compliance demands, sustainability, and AI solutions.

Course 1: AI, RegTech and Financial Compliance

Led by: Alessio Azzutti and Ian MacNeil

Context

With exploding regulatory requirements, rising costs, increasingly sophisticated financial crime, outdated systems, and shifting consumer expectations, financial compliance is becoming ever more demanding for regulated institutions. This urgent need for both business and technological innovation is driving the rise of Regulatory Technology (RegTech)—and particularly Artificial Intelligence (AI)—which is transforming how organisations respond. Lasting success, however, depends not only on innovative technology but also on professionals equipped to harness it.

Course details

This course progresses from AI and RegTech foundations to real-world applications, governance, emerging regulations, and future-ready compliance strategies. Assessment is fully practice-based: instead of traditional exams or theoretical essays, learners will complete a Capstone Project where they design an AI-enabled compliance solution, analyse its risks and governance, and map a personalised professional development pathway.

If you’re interested in this course, please email Alessio Azzutti at Alessio.Azzutti@glasgow.ac.uk.

Intended Learning Outcomes

By the end of the course, participants will be able to:

  • Critically analyse and evaluate AI applications in financial compliance contexts.
  • Design theory-informed, effective, responsible, and future-ready solutions.
  • Position themselves as compliance professionals prepared to lead digital transformation in banking, finance, FinTech, consultancy, and regulatory bodies.

Course 2: ESG Leadership

Led by: Erika Anderson, John Finch and Xiang Li

Context

Complex and dynamic regulation remains a feature of sustainability and ESG reporting, with notable differences across regions and jurisdictions. Given the long-lived qualities of reputation, product and process, and the global reach of supply chains, investors, consumers, and business customers want to know about an organisation’s sustainability offer and profile. We focus on that point of transition—from compliance to strategy and leadership—highlighting the strategic approach to leveraging ESG insights to achieve both the organisation’s competitive advantage and reduction of material risks embedded in sustainability.

Course details

This course covers the regulatory framework and its implications for organisations and their supply chains, including sustainability reporting and disclosures as these address risk management and inform investment and investor stewardship.  From reporting to transition, the course highlights the critical roles of strategic development, leadership and organisational change. We draw on case studies, short lectures, interviews with the community of practice, evaluations of current sustainability plans, and discussions among participants and our teaching team to facilitate participants’ learning.

View course details.

Intended Learning Outcomes

By the end of the course, participants will be able to:

  • Evaluate an organisation’s sustainability performance from multiple perspectives.
  • Develop a comprehensive ESG/sustainability plan, integrating compliance with business strategy.
  • Lead organisational change by embedding ESG considerations into leadership and strategy.

Practical Information

  • AI, RegTech and Financial Compliance course: to be delivered in-person at the University of Glasgow between 16 October and 27 November 2025.
  • ESG Leadership course: to be delivered online in six weekly modules from late September 2025, with an option for participants to complete the assessment and claim 10 credits at the postgraduate level, which are recognised by the University of Glasgow.
  • Both courses will also be available online in early 2026.
  • Participants from both courses can receive a certificate of participation

Future-Proof Your Expertise

Whether your focus is mastering AI-enabled compliance or leading ESG transformation, these short courses will position you at the forefront of professional development. Join us to upskill/reskill, strengthen your expertise, prepare for your organisation’s transition, and lead confidently in a rapidly evolving financial landscape.

Consumers as Innovators and the UK Financial Conduct Authority’s Consumer Duty

We address the scope, purpose, and initial implementation from July 2023 of the UK Financial Conduct Authority’s (FCA) Consumer Duty. As an instance of financial regulation innovation, the Consumer Duty is having a major impact in the financial services sector and has impacted on the organisation of markets for financial services and in the interactions of consumers and providers.

The Duty brings to prominence the ways in which the production, marketing and use of financial services products and services are strongly interrelated. It highlights: (1) Consumers’ financial literacy; (2) Providers’ confidence that their products and services and communications about these are being understood; and (3) How providers are anticipating and coping with vulnerability among their customers.

Together, these recognise consumers as being active, engaged, adaptive and innovative. We position the paper in terms of active consumption and market and marketing channels so as to focus on active consumers, and consumer vulnerability. To illustrate how the Consumer Duty is shaping the development, marketing and uses of financial services, we explore a sample of cases reported by the Financial Ombudsman Service, in which the issues referenced are akin to the elements addressed in the Consumer Duty.

We find that consumer understanding is a prominent factor, which also impacts on a number of other categories and subcategories. We also see, through the perspective of Consumer Duty, a somewhat pacified or pacifying view of consumers and in some instances, tensions emerging between consumer adaptations and the contractual terms for financial products and services. This adds to our conceptual framing of market channel and its implications for consumer vulnerability.

Read the research

The Consumer Duty at One Year – Can we have a more active and engaged view of consumers?

John Finch and Chuks Otioma draw on their research with the Financial Regulation Innovation Lab, arguing that the Duty would benefit from a clearer understanding of consumers being active, engaged and innovative

The UK Financial Conduct Authority held webinar at the end of July marking twelve months since introducing the Consumer Duty.  The webinar provides a welcome opportunity to reflect on the ways in which the Duty has changed our understandings of financial products and services as consumers experience these. While there are antecedents to the Consumer Duty, and it exists alongside other regulations such as Advertising Standards and General Data Protection, the simple force of the term Consumer Duty is remarkable. The landscape is changed.  Financial services providers have a duty to show how their products and services provide good quality outcomes for their consumers. We argue that the next steps for the Consumer Duty should embrace a more nuanced view of consumers as engaged, active, and co-developing, partners in innovation.

Outcomes-based regulation

The Consumer Duty is an example of outcomes regulation. In other words, regulation and corporate activity meet in compliance as much around how they have met performance expectations and have in place processes to continue to do so. The Consumer Duty sets out four dimensions or qualities of good outcomes for consumers: price and value, consumer understanding, consumer support, and governance of products and services. Additionally, providers should pay attention specifically to vulnerable consumers, that suppliers – often to include FinTechs – are included where having a material effect, and with the outcomes of understanding and support comes an implication for enhancing consumers’ financial literacy.

As engaged researchers, we have had an interesting year following the Consumer Duty. We have organised workshops internationally where researchers and practitioners have discussed their approaches. We also highlight presentations at the Market Research Society’s annual financial services research conference. The November 2023 meeting was particularly good.  Fair4All Finance focussed on financial inclusion and the more effective uses of market segmentation techniques to draw out consumer experiences in enchaining financial inclusion (https://fair4allfinance.org.uk/segmentation/).  Cowry Consulting reported on applying behavioural science to providers’ product service development in complex financial products, and in enhancing consumer understanding and support (https://2547826.fs1.hubspotusercontent-na1.net/hubfs/2547826/On%20The%20Brain%20-%20ESG%20Edition.pdf).

Both these themes (segmentation in support of financial inclusion, and applications of behavioural science) speak to a need for a more thorough integration of consumers’ experiences and practices, of how they go about engaging with and using financial services products. As the FCA webinar highlighted, one source of data is complaints and resolution through the Financial Ombudsman. This vital work is though something of a last resort for consumers and providers where things could have gone wrong. Otherwise, drawing in consumers and understanding their experiences, is a longstanding challenge, reflected in stakeholder theory, regulation, and responsible innovation and science, of how to gather consumers and consumer practices into groups in a way that has some comparability with service providers.

Insights can be gained by catching some of the hints about consumers’ process and capabilities reflected into providers through principles of outcomes regulation. If we accept consumers and consumption as active, requiring capability, literacy, understanding subject to behavioural bias, contending with complexity, and varied across individual – even if proxied through segmenting – this rich experience should find a way into the Consumer Duty and our reflections of its implementation.

Active, engaged consumers

Let’s sketch this in a little more detail. Consumer Duty implies a rebalancing of power towards that age-old principle in economics of consumer sovereignty. This is not easily achieved. The Consumer Duty has four dimensions of good outcomes, and only one is price and value. So, as with many consumer activities, outcomes of Consumer Duty are not simply of consumption being a purchase then ‘value sink’.  Consumers need to work hard to access the value designed into and intended in their financial products and services. Just as an example, and with relevance to FinTech too, financial inclusion is tensioned against the investments expected of consumers to participate in the market, in financial services, of a mobile phone with an up-to-date operating system and perhaps paid-for apps. Consumers co-invest and through their personalised adaptions in use, modify the digital infrastructure presumed for many financial services.

New technologies can support drawing insights from consumers. Leveraging AI solutions that provide capabilities for richer data, real time analysis and consumer insights, Fintech and financial service providers have a vantage potin from which to understand customer characteristics and preferences, engage with and offer personalised products that match consumer expectations. This way, financial products and services can extend beyond segmentation and stand a better chance to be directed towards good consumer outcomes. As a note of caution, sole deployment of cutting-edge technologies and data per se can narrow the scope for improved consumer experiences and good outcomes. This sounds the importance of business models that promote co-creation with consumers through product design, development and delivery that allow consumers to interact with and tinker around both products and services, and the platforms on which they are delivered.

Furthermore, consumers often make their own financial bundles and portfolios. With respect to financial inclusion and vulnerability, they do so with great ingenuity, in mind-occupying and time-consuming ways, through trial and error, shared experiences, and, crucially, cutting across providers and product categories. This can perhaps include juggling credit cards, short-term loans, welfare payments, and overdrafts. These are consumer experiences: innovative, imaginative, adaptive, ingenious, sometimes urgent and under pressure. Our challenge is to draw consumer experiences and actions into the view of the Consumer Duty. To vary our focus or unit of analysis to, of course, include individual products and services from providers, but also recognising the additional consumption activities among consumers, and how these vary significantly. This can also allow us to reflect on the definitions of, and contributions to, Consumer Duty categories of – taken together – price and value, consumer understanding, and consumer support. And such an approach can be part of and arguably improve the governance of products and services.

Professor John Finch and Dr Chuks Otioma are at the University of Glasgow’s Adam Smith Business School and the Financial Regulation Innovation Lab (a partnership between FinTech Scotland, University of Strathclyde, and University of Glasgow).  We can be contact at john.finch@glasgow.ac.uk, and chuks.otioma@glasgow.ac.uk.

We acknowledge funding from Innovate UK, award 10055559.

Open Access. Some rights reserved. 

Open Access. Some rights reserved. The publishers, the University of Glasgow and FinTech Scotland, and the authors, John Finch and Chuks Otioma, want to encourage the circulation of our work as widely as possible while retaining the copyright. We therefore have an open access policy which enables anyone to access our content online without charge. Anyone can download, save, perform or distribute this work in any format, including translation, without written permission. This is subject to the terms of the Creative Commons By Share Alike licence. The main conditions are:

  • The University of Glasgow, FinTech Scotland, and the authors are credited, including our web addresses www.gla.ac.uk, and www.fintechscotland.com
  • If you use our work, you share the results under a similar licence

A full copy of the licence can be found at

https://creativecommons.org/licenses/by/4.0

You are welcome to ask for permission to use this work for purposes other than those covered by the licence.

We gratefully acknowledge the work of Creative Commons in inspiring our approach to copyright. To find out more go to www.creativecommons.org