All posts

Compliance Shifts

When AI takes the decision, the compliance function doesn't disappear - it moves further up the design layer.

When an AI agent takes a decision in your institution, the audit trail doesn’t vanish. What you’re auditing does.

A human approves a transaction. You audit the behavior: the policy they followed, the checklist they completed, the judgment they documented. An agent approves the same transaction. You audit the design: whether the procedure is correctly encoded, whether the failure modes were mapped before deployment, whether the output is interpretable after the fact.

The control question is identical. The control object is not.

I run risk and internal control at a regulated fintech. I’m also building AI agents. The two aren’t in tension. They’re the same function applied at a different layer. The compliance work just moved upstream.

The risk officer who waits for AI to produce a compliance problem is already behind. The work is in the design review, not the incident report.