Agents span multiple enterprise platforms. Policies defined in one system are not enforced in another. No federated governance layer exists.
Enterprise systems are composed of multiple applications, each with its own governance layer. A bank's loan origination system enforces lending policies. A compliance system enforces regulatory constraints. A risk reporting system enforces data accuracy standards. A settlement system enforces operational procedures.
When an agent spans multiple systems, governance becomes fragmented. The agent may be required to comply with policies from multiple systems, but no single governance layer coordinates these policies. A policy enforcement mechanism in one system may not be aware of constraints in another system. Contradictions between policies in different systems cannot be resolved. Edge cases that require coordination across systems cannot be handled.
A cross-system governance gap emerges: policies that are enforced in one system are not enforced in another. An agent operating in the loan origination system may follow lending policies but ignore compliance policies because compliance governance does not extend into the loan system. An agent operating in the settlement system may ignore credit limits that are enforced in the risk reporting system.
The governance gap grows as the agent's scope expands. The more systems the agent spans, the more potential policy conflicts and enforcement gaps emerge.
A global payments bank implements an agentic system for transaction routing and settlement. The system spans multiple operational systems: (1) a transaction origination system that accepts payment orders from customers, (2) a regulatory compliance system that checks transactions against sanctions lists and AML rules, (3) a liquidity management system that manages available funds and payment capacity, (4) a settlement system that routes transactions to payment networks (SWIFT, CHIPS, local clearing houses), and (5) a reporting system that compiles transactions for regulatory reporting.
The agent is required to comply with policies from all five systems: process transactions in order of receipt, block transactions from sanctioned entities, do not commit funds in excess of available liquidity, route transactions to the most cost-effective settlement path, and ensure all transactions are accurately classified for regulatory reporting.
In practice, these policies are enforced inconsistently. The compliance system applies hard blocks but does not notify the origination system why a transaction was blocked. The liquidity system operates on a different update frequency than the origination system, so liquidity may change between origination and settlement. The settlement system has batching rules that conflict with origination ordering policies. The reporting system uses classification schemes that do not align with settlement classifications.
The agent attempts to optimize transaction routing while complying with all policies. But the policies are not formally coordinated. When policies conflict, the agent makes local optimization decisions that may violate policies in other systems.
A transaction from a customer in a high-risk jurisdiction arrives. The compliance system flags it for additional scrutiny and marks it as "under review" but does not block it. The origination system, not aware of the compliance review status, routes the transaction forward. The settlement system settles it. Hours later, a compliance reviewer determines the transaction is suspicious and should be reversed. The transaction has already settled and cleared. The governance gap between the origination system and compliance system led to a settlement that should not have occurred.
Regulators investigating this transaction find that the bank's governance did not prevent an improperly reviewed transaction from settling. The bank did not implement cross-system governance to ensure that transactions flagged for compliance review could not settle without completion of review.
| Dimension | Score | Rationale |
|---|---|---|
| D - Detectability | 4 | Governance gaps are not visible until an agent makes a decision that violates a policy in a system different from where the agent operates. Policy violations become apparent through audits or when external parties (regulators, customers) complain. |
| A - Autonomy Sensitivity | 4 | Governance gaps are most severe for autonomous agents spanning multiple systems. For agents with human oversight, humans can coordinate across systems. For autonomous agents, cross-system coordination must be built into the system architecture. |
| M - Multiplicative Potential | 4 | Governance gaps compound as the agent spans more systems. Each new system the agent touches introduces new policies and new governance gaps. |
| A - Attack Surface | 4 | Governance gaps can be exploited by adversaries who understand where policy enforcement boundaries are. An adversary could structure transactions to exploit gaps between systems. |
| G - Governance Gap | 5 | Most enterprises do not have federated governance layers that coordinate policies across systems. Each system has its own governance. Coordinating across systems requires explicit architectural work that most organizations have not done. |
| E - Enterprise Impact | 4 | Governance gaps can lead to policy violations, regulatory findings, and enforcement action. Remediation requires system redesign to implement cross-system governance. |
| Composite DAMAGE Score | 4.0 | Critical. Requires federated governance architecture and cross-system policy coordination. |
How severity changes across the agent architecture spectrum.
| Agent Type | Impact | How This Risk Manifests |
|---|---|---|
| Digital Assistant | Low | DA operates within a single system or with human coordination across systems. Humans coordinate policies. |
| Digital Apprentice | Low | AP is supervised and learns within single system context. Supervisors coordinate cross-system policies. |
| Autonomous Agent | Medium | AA operates within a single system. If the agent's scope is contained, governance is enforced within that system. Governance gaps emerge only if the agent spans multiple systems. |
| Delegating Agent | High | DL invokes tools across systems. Policy coordination becomes complex because the agent operates through multiple systems' APIs and governance layers. |
| Agent Crew / Pipeline | Critical | CR chains multiple agents across systems. Each agent operates in a different system with different governance. Cross-system governance gaps are inevitable unless explicitly designed. |
| Agent Mesh / Swarm | Critical | MS features dynamic peer-to-peer delegation across systems. Governance cannot be enforced centrally. Agents operate across system boundaries with no coordinating governance layer. Governance gaps are ubiquitous. |
| Framework | Coverage | Citation | What It Addresses | What It Misses |
|---|---|---|---|---|
| NIST AI RMF 1.0 | Partial | GOVERN | Requires documented AI governance. Does not address cross-system governance coordination. | No guidance on coordinating governance across multiple systems. |
| DORA | High | Article 15 (Third-party risk) | Requires firms manage AI/ML vendors and third-party services. Implies cross-system governance should account for third-party systems. | Does not specifically address agent-driven cross-system coordination. |
| EU AI Act | Partial | Article 8 (Technical Documentation) | Requires documentation of high-risk AI systems. Scope can extend to systems that interact with other systems. | Does not mandate federated governance mechanisms. |
| MAS AIRG | Partial | Section 4 (Accountability and Governance) | Requires clear governance and accountability. Scope can extend to systems spanning multiple platforms. | No specific guidance on implementing federated governance. |
| SR 11-7 | Partial | Ongoing monitoring | Requires governance of model risk and performance. | Predates agentic systems. No specific guidance on cross-system coordination. |
| ISO 42001 | Partial | Section 6 (AI management system) | Requires governance. Does not mandate cross-system coordination. | No guidance on implementing cross-system governance mechanisms. |
| OCC Guidance | Partial | Third-party risk management | Requires governance of third-party services. | No specific guidance on agents spanning multiple systems. |
In banking and payments, transactions must comply with policies from regulatory (AML, sanctions), operational (liquidity, settlement), and reporting systems. If an agent spans these systems without coordinated governance, transactions can violate policies in one system while appearing compliant in another. This creates regulatory risk.
In insurance, claims must comply with underwriting policies (fraud prevention), operational policies (claims processing timelines), and regulatory policies (fair claims handling). If an agent spans these systems without coordinated governance, claims can be processed in violation of underwriting or fair claims handling standards.
In capital markets, trades must comply with trading policies (pre-trade compliance, position limits), operational policies (settlement procedures), and regulatory policies (reporting, surveillance). If agents span these systems without coordinated governance, trades can be executed in violation of regulatory constraints.
In healthcare, clinical decisions must comply with clinical policies (evidence-based care), operational policies (resource allocation), and regulatory policies (patient rights, informed consent). If agents span these systems without coordinated governance, clinical decisions can be made in violation of regulatory or ethical standards.
The Cross-System Governance Gap requires federated governance architecture that coordinates policies across enterprise platforms. Our advisory engagements are purpose-built for banks, insurers, and financial institutions subject to prudential oversight.
Schedule a Briefing