Skip to main content

In Compliance, AI Agents Find Their Value in the Network

Matt Van Buskirk

Co-Founder & CEO, Regulatory

Introduction

Imagine this: sometime in the near future, a government regulator walks into a bank to check on its new AI agent. The agent talks to customers, moves money, and makes decisions on their behalf. The bank's team hands the regulator a set of paperwork: it’s a description of what the agent does, the instructions it runs on, and the tests it passed.

The regulator reads it, asks a few reasonable questions, and signs off. Based on the way we examine today, the job is done.

Then a real customer interaction occurs. The agent calls another agent, which calls a tool, which calls a service operated by a vendor nobody in the room has heard of. A handoff happens. A decision gets made. None of it appears in the agent description the supervisor just approved. The thing that was examined is not the thing that acted.

What was signed off on was a node. But the network is where everything happened.

I recently had breakfast with a friend of mine. He’s building agentic finance tools, and had a perfect description of this incongruity. "Agents aren't what we thought they were," he said. "They aren't a single thing. They’re the entity, connections, and activity all at once. Like the heart, the blood, and the circulatory system – separate, but indivisible."

There is no atomic agent to point at.

To the extent that it exists, the current supervisory debate for agents has treated them as a discrete object — something that can be licensed, audited, or examined the same way a banking application or a credit model can be. Something to be translated into documentation and inspected on its own terms. That assumption holds as long as an agent is a single closed loop acting on someone's behalf. It collapses the moment one agent calls another, reaches for another tool in the system, or encounters a consumer's own agent negotiating from the other side.

At that point, there’s no single “agent” to look at. It’s the system, connections, and activity that needs examining.

The risk lives in the outcomes, not just the nodes.

Static evaluation of an agent is not the same thing as evaluation of agentic activity, for the same reason that inspecting an employee's résumé is not the same thing as supervising their work. Each connection in an agentic system is a decision point carrying attribution, authority, and consequence: which entity authorized which handoff, to which counterparty, under which user's intent, with what permission to act. We have processes to ensure that a human counterparty arrives wrapped in context that lets you judge all of these things. An agent arriving over a protocol does not, unless the connection itself carries the answer.

This is where the human role inside compliance teams at financial institutions is heading. The people building AI-native financial institutions describe compliance teams whose work shifts from executing rote processes like filing reports and clearing alerts to monitoring the behavior of automated systems and creating guardrails that keep them in line.

This sounds quite similar to the current role of a chief compliance officer overseeing a team of human analysts, doesn't it?

We already know how to supervise error-prone actors. We call them people.

If we treat agents like models, the closest existing regulatory regime is the model risk governance framework that grew out of the financial crisis. It was written for models that an independent validation team could inspect periodically and sign off on. It was also effectively obsolete the moment it was published, because the world had moved on and was running machine-learning systems that no validator could meaningfully read (the oft-cited “black box” challenge) and that changed too frequently to have a “version number”.

The mistake may be in the choice of parallel. We keep reaching for the model framework because agents seem like models, but half a century of financial regulation offers a closer analogy. Nearly everything in the supervisory toolkit – procedure documentation, training and certification, dual controls, authority limits, escalation paths, second-line review, surveillance of communications, individual accountability regimes — exists because humans are the ultimate black box and can make errors, exceed their authority, and occasionally act against the interests of the customers they serve. We never solved human fallibility. We built an apparatus to control unavoidable risks. That body of understanding is enormous, battle-tested, and almost entirely unused in the agent debate.

It also happens to map better onto activity and outcomes rather than objects. We do not certify an employee once and assume their future conduct will always be perfect. We observe their work and check the results. Supervising agents in the same way is not a metaphorical stretch. So the question for regulators is not whether we can shoehorn agents into the existing model risk framework. It is: what would it take to monitor agents the way we already monitor human activity?

The answer is guardrails controlling the outcomes of a process and testing those outcomes against what we expect.

Supervisors who stay distant from the builders will be structurally wrong.

“Agentic regulation is never going to work if we treat agents the way we’ve treated past tech innovations,” my friend said. “It’d be like using traffic laws to regulate the weather.” I agree with him. Supervisors who treat agents the same way they have treated RPA, or even LLM usage, are going to find themselves caught out if they don’t adjust their frame of reference. They need to adjust their understanding of the overall structure of things. Because it’s the structure – the combination of actor, connection, and activity – that is being changed through agentic intervention. And with the space changing as fast as it is, the only way to develop a reliable understanding is to be hands on.

That may sound like a big mountain to climb. And it is. But there’s also a silver lining to the clouds that exist at the summit, namely: agentic activity produces vastly more legible signal than the analog world it is replacing. Every handoff can carry attribution, every decision can leave a record. With the proper framework and structures in place, things like compliance and other anti-fincrime work stand to become vastly more effective. But this will only be possible if supervisors can agree on a framework not just for agents, but the overall environment in which their connections and actions are orchestrated.

For regulators, agents are a conundrum. They break the status quo in so many ways, but the parts they break are often the most unnecessarily detailed, prescriptive, and calcified parts of the practice. So while they offer a significant challenge, they also give us a rare opportunity: the chance to go back to our first principles, examine why regulations were written in the first place, and explore all the possible ways these lofty and worthwhile goals can be achieved.

Stay Connected

Subscribe to receive new content from Hummingbird