Monday, 6 July 2026 · Independent · Unbought
Latest
UK · Analysis

FCA to share UK bank accounts, transactions with Trump-linked Palantir

Millions of UK bank accounts and financial records will be processed by Palantir, the AI firm used by ICE and the Israeli military.

Palantir CEO Alex Karp
Image: Presidencia de la República del Ecuador / Wikimedia Commons, Public Domain

The FCA is sending British financial data into Palantir’s meat grinder

The financial data of millions of UK bank account holders is now flowing to Palantir, the US surveillance contractor whose AI platforms power Israeli military targeting in Gaza, immigration raids across the United States, and the harvesting of sensitive NHS patient information.

On June 1, the Financial Conduct Authority confirmed a 12-week trial is live, granting Palantir access to case files, fraud reports, consumer complaints, and social media trawls spanning the regulator’s jurisdiction over 42,000 businesses. The deal positions the firm, co-founded by Donald Trump supporter Peter Thiel, at the heart of British financial surveillance.

By handing data to Palantir, the FCA is pushing UK residents’ financial information into the same systems already deployed against populations with no recourse to British legal protections.

What Palantir does elsewhere

The company’s track record provides the only honest context for understanding what happens when British financial data enters this architecture.

In Gaza, Palantir’s Foundry platform forms part of the Israeli military’s Project Nimbus infrastructure, analysed by +972 Magazine and documented by Drop Site News. The system has been used to coordinate targeting that human rights organisations say amounts to unlawful attacks on civilians. Families in Gaza have no way of removing their data from systems designed to predict their movements.

In the United States, Palantir’s Predator and Gotham platforms process data for Immigration and Customs Enforcement, powering the deportation apparatus that has detained thousands of migrants. Internal documents reviewed by The Intercept showed Palantir’s algorithms flagging individuals for enforcement based on patterns derived from housing, employment, and social connections, the same categories of data the FCA now hands over.

In Britain, Palantir already holds contracts worth over £500 million with the NHS and Ministry of Defence. In 2024, MPs on the Joint Committee on Human Rights labelled the company’s access to identifiable NHS patient data dangerous. The NHS contract was awarded despite warnings from Declassified UK that Palantir’s systems had been used to build surveillance profiles on vulnerable populations.

These are not hypothetical risks. They are existing uses of identical technology applied to people who cannot vote in British elections and have no standing to challenge the judgment.

The legal cover does not hold

The FCA’s public position rests on two claims: that it remains data controller, not Palantir; and that US law, specifically the Cloud Act, does not apply because the data never leaves Palantir’s encryption.

Mariano delli Santi, legal and policy officer at the Open Rights Group, dismissed this distinction as misleading. “US law gives the right to access data held by US-based businesses,” he said. “The Cloud Act compels disclosure regardless of where data is technically stored if the company is US-domiciled. Palantir is a US company. The claim that encryption keys make this impossible only holds if you trust that Palantir cannot be compelled to provide key material in secret.”

Martin Wrigley, a Liberal Democrat MP on the science and technology select committee, put it more directly: “In the days of Donald Trump, control means whatever Trump thinks it means.”

The FCA has pointed to documents sent to the Treasury select committee in March stating that Cloud Act does not apply and that the regulator remains data controller. But the legal distinction between controller and processor, according to unnamed legal experts cited in the Guardian, collapses when a US-based processor holds the technical architecture. The Patriot Act explicitly covers financial data. The Foreign Intelligence Surveillance Act permits warrantless monitoring of non-citizens’ digital communications.

The contract permits Palantir to apply AI to the data. What the system learns, where that learning is applied, and whether US authorities can compel disclosure of derived insights rather than raw data remain unanswered questions, ones the FCA has not forced Palantir to clarify publicly.

The counter-argument that does not hold

The strongest defence of the trial is technical: Palantir claims encryption keys held by the FCA make US government requests “technically impossible” without FCA involvement. The company cites three reasons, warrants required, guidance stating requests go to controllers not processors, and FCA-controlled encryption.

This argument assumes three things that have not been independently verified: that no backdoor exists in Palantir’s UK infrastructure; that US authorities cannot compel key disclosure under FISA warrant in secret; and that the derived intelligence generated by Palantir’s AI models is not covered by the same legal frameworks as the underlying data.

No independent legal analysis has confirmed the FCA’s position. No freedom of information request has yet revealed the full scope of the trial, data fields shared, or provisions for data deletion. The burden of proof logically rests on the regulator that chose a company with existing contracts for military targeting and deportation enforcement, not on the public expected to trust an unverified assurance.

The deal Sadiq Khan already blocked

The timing is not incidental. On May 21, Mayor of Sadiq Khan blocked a £50 million contract between the Metropolitan Police and Palantir, citing a “serious breach” of procurement rules. Khan said Londoners wanted money spent with companies that “share the values of our city.” The FCA deal is now the live test of whether that principle extends to financial regulation.

The regulator’s chief data officer, Jessica Rusu, told the Treasury committee there would not be any intelligence shared. But intelligence is precisely what Palantir builds its business on, extracting patterns from disconnected datasets to produce actionable insights. Handing a company that commercialises that capability access to the financial histories of millions is not a neutral act. It is a political choice to embed an architect of apartheid and deportation infrastructure into the core of British financial oversight.

What British bank customers should ask

The FCA regulates institutions holding the savings, transactions, and financial lives of every person who trusts British banks. That trust is now being tested. Every consumer complaint processed through Palantir’s AI, every fraud report run through its models, every social media post scraped for financial crime signals becomes part of a dataset with a company whose other clients include forces responsible for documented war crimes and mass deportations.

The 12-week trial is advertised as temporary. It will not be. Once Palantir’s systems are embedded in FCA workflows, the technical and institutional momentum to continue will be overwhelming. The only question is whether the public will be told when it happens, and whether any of the 42,000 businesses regulated by the FCA will be asked to consent.