Why immutable records matter for AI-assisted advice

Financial advice has always required documentation. When an adviser recommends a pension transfer or an investment strategy, the firm needs to record what was said, why it was said, and whether it was properly reviewed. This is not new.

What is new is the speed at which advice is now being generated. AI tools can draft a suitability report in seconds. They can produce client risk assessments, investment recommendations, and annual review summaries faster than any human adviser. The quality of this advice is improving rapidly.^[4] But the infrastructure for recording and proving that it was properly overseen has not kept pace.

The problem with traditional record-keeping

Most firms today store compliance records in a combination of CRM systems, shared drives, and email threads. These records are editable. They can be backdated. They can be deleted. In a regulatory investigation, the burden of proof falls on the firm — and "we have a PDF on a shared drive" is not a compelling answer.

Even firms with robust compliance processes face a fundamental issue: their records are only as trustworthy as the systems they are stored in. A database administrator can alter a record. A backup can be restored to an earlier state. There is no way for an external party — a regulator, an auditor, or a client — to independently verify that a record has not been tampered with. The FCA's general organisational requirements under SYSC 4.1.1R require firms to maintain "sound administrative and accounting procedures and effective control and safeguard arrangements for information processing systems"^[2] — a standard that editable records struggle to meet.

What immutability actually means

An immutable record is one that cannot be changed after it has been written. Not by the firm, not by the platform provider, not by anyone. This is not a policy — it is a mathematical property.

Bedrock achieves immutability through hash-chaining. When a record is written to the ledger, it receives a SHA-256 hash — a unique mathematical fingerprint of its contents. This hash is then incorporated into the next record in the chain. If anyone alters a past record, its hash changes, and every subsequent record in the chain becomes invalid. The tampering is immediately and automatically detectable.

Each record is also digitally signed using ECDSA P-256 cryptographic signatures. This proves that the record was created by the Bedrock platform at a specific point in time, and that it has not been modified since.

Why this matters for AI-assisted advice

When a human adviser writes a suitability report, there is an implicit chain of accountability. The adviser wrote it, a compliance officer reviewed it, and both can attest to the process. When an AI generates that same report, the chain is less clear. Who reviewed it? When? What did they approve? The FCA has emphasised that firms using AI remain responsible for compliance, including consumer protection.^[1]

Immutable records make this chain explicit and verifiable. Every piece of AI-generated advice is recorded the moment it enters the system. Every review action — approval, modification, rejection — is recorded with the reviewer's identity, timestamp, and reasoning. The entire lifecycle is preserved in an unalterable sequence that satisfies SYSC 9.1.1R record-keeping requirements.^[3]

This is not about distrusting AI. It is about building the same level of accountability for AI-assisted advice that has always existed for human advice — and making it provable to anyone who asks.

What regulators will expect

The FCA has been clear that firms using AI to generate advice remain fully responsible for the quality and suitability of that advice. The Consumer Duty's annual board assessment must be "evidenced with data"^[5] — and as AI adoption accelerates, the expectation for robust, verifiable record-keeping will only increase.

Firms that invest in immutable compliance infrastructure now will be well-positioned when that scrutiny arrives. Those that rely on editable spreadsheets and email trails may find themselves unable to prove what they need to prove, at exactly the moment it matters most.