How banks can trust AI to make decisions
Why a single AI agent cannot meet financial regulatory requirements and what actually works.
The Regulatory Reality
In a creative context, an occasional AI error is a minor inconvenience. In a retail bank, the same error applied to a mortgage application or a payment instruction can result in a significant regulatory breach, financial loss, and reputational damage.
The underlying challenge is straightforward. AI language models do not always produce the same output from the same input. This makes it impossible to guarantee safe behaviour through configuration or instruction alone. Financial regulators, including bodies such as APRA and the SEC, require organisations to demonstrate clear, auditable explanations for every decision an AI system makes. A standalone AI model cannot provide this by design.
Building a System You Can Audit
The response is to surround the AI with a layer of structured, rule-based controls that it cannot bypass. This research explores four components of that approach.
A second AI to check the first. Rather than allowing a single AI agent to act on its own judgement, a second independent agent reviews every proposed action before it is executed. Both must agree before anything happens. This mirrors the four-eyes principle already common in financial services risk management.
Governance rules built into the reviewer. The reviewing agent operates according to a precise set of regulatory requirements and business rules. Its sole function is to assess whether the first agent's proposed action is compliant, and to block it if not. It has no other purpose.
A final rule-based checkpoint. Before any AI-approved instruction reaches a core system such as a payment ledger, it passes through conventional business logic and strict data validation. This checkpoint operates independently of the AI entirely, providing a deterministic safety net that cannot be influenced by either agent.
A tamper-proof record of every decision. Every action, approval, and rejection is recorded in a log that cannot be altered after the fact. This gives auditors a clear, verifiable answer to the question regulators will always ask: why did the system do this, and who authorised it?