The UK Financial Conduct Authority (FCA) has released a report outlining the governance requirements for using synthetic data in financial services. Synthetic data, which replicates the statistical properties of real data while protecting individual privacy, is increasingly used by banks to test machine learning and artificial intelligence models, improve security, and share insights responsibly.

The FCA's Synthetic Data Expert Group (SDEG) developed nine principles for managing synthetic data within model risk management (MRM) frameworks. Key principles include accountability throughout the synthetic data lifecycle, ensuring safety and suitability of models, rigorous fairness testing to avoid bias, transparency through comprehensive documentation, and continuous monitoring of data quality and model impact.

According to the FCA report, "Clear roles and responsibilities must be assigned for the entire synthetic data lifecycle, from generation to model deployment." The report also states that "the resulting model must be proven robust and reliable, and synthetic data should only be used where its quality demonstrably meets the required risk threshold." On fairness, it notes: "Rigorous testing is mandatory to ensure synthetic data does not introduce, amplify, or fail to mitigate existing historical bias within the real-world dataset." The importance of transparency is emphasized: "Firms must maintain comprehensive documentation to allow auditors and risk teams to fully understand the generation methodology and its limitations." Continuous monitoring is also highlighted: "Like any critical data input, the quality and integrity of synthetic data, and its impact on the resulting model, must be continually assessed."

The FCA highlights that risks are introduced during the synthetic data generation phase. The SDEG recommends that institutions document methodologies and assumptions used in generating artificial datasets. It stresses establishing auditability so firms can demonstrate how synthetic datasets were created from original sources.

Managing bias is identified as a core aspect of governance. The SDEG advises that fairness validation should be embedded in the generation process to ensure outcomes are not skewed based on sensitive attributes.

A significant recommendation from the FCA concerns model validation. The SDEG asserts that statistical similarity between real and synthetic datasets alone does not guarantee a model’s reliability. Instead, it mandates use of Train-Synthetic-Test-Real (TSTR) validation: models are trained on synthetic data but tested against independent sets of real-world information. This approach aims to prevent overfitting to artifacts in generated datasets.

The FCA concludes that while adoption of synthetic data offers innovation opportunities for financial institutions, these benefits depend on strong governance practices. Updating MRM frameworks with clear controls specific to synthetic datasets will help organizations balance innovation with compliance and reliability.

For more details about these guidelines see the FCA report on synthetic data.