Governing agentic AI in the reporting stack
A copilot answers a question. An agent takes the next step — and then several more on its own: it queries systems, joins data, computes a figure, drafts the commentary, and increasingly acts. That autonomy is exactly what makes agentic AI valuable in reporting, and exactly what makes it the hardest thing in your stack to govern.
Why agents slip through the cracks
Your model-risk framework was built for a model that takes an input and returns an output you can validate. An agent is a moving target: it's non-deterministic, multi-step, and it holds access — to data, to tools, sometimes to systems that change state. Tellingly, the OCC's revised model-risk guidance explicitly leaves generative and agentic AI out of scope. So the most consequential AI in your reporting stack is also the least covered by the controls your second line actually runs.
An ungoverned agent doesn't make one wrong number — it makes a chain of decisions, fast, with no one watching the steps.
The five controls that matter
You don't need to ban agents — you need to put rails around them. Five controls do most of the work:
- Inventory & risk-tier every agent. What does it touch, what can it access, and how close is it to a regulated decision? An agent near credit or the reporting pack is a different risk class than one summarizing a wiki.
- Constrain it to governed inputs. Point the agent at a semantic layer and approved, certified sources — never raw tables. It should be physically unable to invent a definition or reach data it shouldn't.
- Least privilege, like any identity. Treat the agent as a service account: scoped permissions, no standing access to systems it doesn't need, and approvals for anything that changes state.
- Human-in-the-loop on high-stakes actions. Autonomy is fine for low-risk steps; anything that hits the board pack, a customer, or a filing gets a human checkpoint. Accountability never disappears — it relocates.
- Provenance, monitoring, and a kill-switch. Every action carries its sources and as-of date; you monitor for drift and anomalies; and you can stop the agent cleanly when something looks wrong.
Done right, you keep the speed and the leverage — and the agent's every move is traceable, bounded, and explainable. That's governance an examiner recognizes, applied to systems your existing framework was never written for.
Is your agentic AI governed — or just live?
Take the free 4-minute readiness assessment to find the gaps, or book a call to scope a full, expert-led review.
Take the free assessment See pricing & engagement →