The UK financial regulator faces calls to demonstrate that its contract with Palantir will not give the current US administration indirect access to large amounts of sensitive personal and business information. A US statute allowing authorities to require technology firms to hand over records could apply to the arrangement, according to Martin Wrigley, a member of the Commons science and technology committee. The American company, valued at $375 billion and co-founded by investor Peter Thiel, is set to use its artificial intelligence tools on FCA records that include investigation files, lender reports on fraud, customer complaints and social media monitoring. The project remains in a twelve-week pilot phase. Wrigley warned that the FCA is conducting major inquiries into confidential material through a foreign entity that might be directed to transfer information to US officials. The agreement, first disclosed in March, has already prompted questions from lawmakers and advocacy groups. Palantir also provides tools to US immigration enforcement and the Israeli military, and holds contracts worth more than £500 million with NHS England and the Ministry of Defence. In May the London mayor halted a separate £50 million deal with the Metropolitan Police over procurement concerns. The FCA oversees roughly 42,000 firms and handles tasks ranging from consumer protection to fighting financial crime. Worries about control of British public data have grown as agencies increasingly rely on American technology companies for artificial intelligence projects. In March the regulator told the Treasury committee that the US Cloud Act does not apply and that it will retain data control. Chief data officer Jessica Rusu stated no intelligence would be shared and that Palantir acts only as a processor. Wrigley replied that definitions of control could shift under the present US administration. He has asked the FCA for further legal clarification. A data specialist noted that the controller-processor distinction does not automatically exclude firms from the US law. The most reliable safeguard would be ensuring the company cannot access readable information. The Open Rights Group argued that US authorities can obtain data held by American-based businesses. Its policy officer added that UK definitions of data control do not bind the United States and that the material could also fall under the Patriot Act and parts of the Foreign Intelligence Surveillance Act. Palantir rejected the concerns, stating the Cloud Act requires a criminal probe and court order, that guidance directs requests to data controllers, and that FCA-held encryption keys make compliance impossible without regulator approval. An FCA spokesperson said the trial aims to improve detection of financial crime, that all data stays encrypted under its control, and that no one can view unencrypted material without authorisation.
