Smartflow AI Governance for Regulated Industries

Executive Summary

Summary for Compliance Officers and CISOs

AI is now present in every line of business at regulated financial institutions. The existing compliance, risk, and audit frameworks — SR 11-7, FINRA Rule 3110, FFIEC, and the EU AI Act — were not written with AI agents, LLM outputs, or semantic caching in mind. Banks are adapting by hand, at enormous cost, with inconsistent results.

Smartflow 1.6 introduces three enterprise capabilities that directly address the gaps regulators are asking about: a cryptographic identity and authorization protocol for AI agents (AIDA), automated enforcement of information barriers at the AI gateway level, and a one-click regulatory examination evidence package. Together, they make Smartflow the first AI infrastructure platform that a regulated financial institution can deploy and defend to an examiner.

3

New regulatory frameworks supported

0

Code changes required to existing request path

24h

To examination-ready audit package from existing data

0

Additional services to deploy — Redis is bundled in the Smartflow stack

The Regulated Industry AI Problem

Financial institutions face four distinct pressures when deploying AI that no existing vendor addresses in a single platform:

AI Agents as Economic Actors

AI agents are initiating wire transfers, executing trades, and accessing customer accounts. There is no standard for who authorized them, what they're permitted to do, or how to audit their actions. KYC has no equivalent for non-human clients.

Information Barriers Are Porous

Every AI assistant deployed across business lines is a potential conduit for MNPI. Research analysts and trading desks now share the same LLM endpoint. No existing AI platform enforces Chinese walls at the content and identity level simultaneously.

Examiners Are Asking Questions

OCC, FINRA, and ECB examiners are now including AI in examination scope. Banks are assembling evidence packages by hand from spreadsheets and logs. A single examination preparation cycle costs $500K–$2M in consulting time.

Model Risk Has No Inventory

SR 11-7 requires banks to maintain a model inventory with risk classification, validation status, and outcomes monitoring. Most institutions have no automated inventory of their AI models — they're discovered manually during examinations.

Regulatory Signal

In 2025, the OCC issued examination guidance requiring banks to demonstrate AI governance controls equivalent to those required for traditional model risk. FINRA published guidance specifically addressing AI-assisted supervision failures. The EU AI Act's high-risk system provisions took effect in August 2025. These are not future risks — they are current examination criteria.

Feature 1: AIDA — AI Agent Identity & Delegated Authority

AIDA is a cryptographic identity and authorization protocol for AI agents operating in regulated environments. It answers the question that banks cannot currently answer: "What was this AI agent authorized to do, who authorized it, and did it stay within those boundaries?"

SR 11-7 §2.1 OCC 2023 AI Guidance EU AI Act Art. 22 CFPB AI Policy 2024

Protocol Design

An Agent Credential is a signed, revocable authorization document that binds an AI agent to a human or institutional principal. It encodes exactly what the agent may do — no more, no less.

Credential Field	Purpose	Regulatory Function
`cred_id`	Unique credential identifier (bearer token)	Audit trail anchor — every VAS log references the credential
`principal_id`	Human who authorized this agent	Maps to KYC record; establishes liability chain
`authorized_scopes`	Enumerated action set (ReadOnly, InitiatePayments, ExecuteTrades, etc.)	Defines delegated authority; directly comparable to power-of-attorney scope
`max_transaction_usd`	Per-transaction amount cap	Anti-fraud control; BSA/AML requirement for autonomous agents
`allowed_account_ids`	Explicit account allowlist (empty = all principal accounts)	Principle of least privilege; reduces unauthorized access risk
`expires_at`	Hard expiry timestamp	Forces periodic re-authorization; limits exposure from compromised credentials
`fingerprint`	SHA-256 of credential contents + server secret	Tamper detection; credential integrity for examiner review

Agent Scopes Available

Scope	Permitted Actions	Typical Use Case
`read_only`	Query accounts, balances, history. No mutations.	Financial planning AI, reporting agents
`query_account_data`	Access statements, transaction history	Reconciliation bots, audit agents
`initiate_transfers`	Internal account-to-account transfers only	Treasury management AI
`initiate_payments`	ACH / wire to pre-approved counterparties	AP automation, payroll agents
`execute_trades`	Buy/sell orders within approved instruments	Algorithmic trading, portfolio rebalancing
`submit_filings`	Regulatory report submission	Compliance reporting AI
`custom:{name}`	Institution-defined action	Bespoke workflows

Enforcement at the Gateway

AIDA enforcement runs inside the Smartflow proxy and api-server before any LLM call or A2A task execution. The ScopeEnforcer checks revocation → expiry → fingerprint integrity → scope authorization → transaction limits → account allowlist in sequence, failing closed on any error. Every enforcement decision is recorded in the VAS audit log with aida_credential_id and aida_scope_verified fields.

API Reference

POST /api/aida/credentials Issue a new agent credential

GET /api/aida/credentials List all credentials

GET /api/aida/credentials/{cred_id} Retrieve a specific credential

POST /api/aida/credentials/{cred_id}/revoke Revoke a credential immediately

POST /api/aida/credentials/verify Verify scope authorization (real-time enforcement check)

GET /api/aida/agents/{agent_id}/credentials List all credentials for a given agent

Feature 2: Financial Information Barrier Enforcement

The AI Chinese Wall detects and enforces regulatory information barriers at the gateway level, combining user identity (from existing LDAP/AD integration) with real-time content classification (from the existing compliance engine) to prevent MNPI and other restricted content from crossing a barrier.

FINRA Rule 4511 SEC Rule 17a-4 Investment Advisers Act §204A OCC Insider Trading Controls

How Barriers Work

A Barrier Definition names two groups (side_a_groups, side_b_groups) and a set of content labels that are restricted from flowing between them. Groups are matched against the user's LDAP/AD group memberships, already resolved by Smartflow's enterprise auth layer.

Barrier Field	Example Value	How It Works
`side_a_groups`	`["Research-Analysts", "MA-Advisory-*"]`	Wildcard-aware match against LDAP CN group names
`side_b_groups`	`["Trading-Desk", "Sales-Trading-*"]`	Any user in these groups cannot receive side_a's restricted content
`restricted_content_labels`	`["mnpi", "earnings_data", "merger_acquisition_target"]`	Labels produced by the existing compliance detector
`action`	`Block` / `Log` / `Alert`	Block returns an error; Log permits but records; Alert notifies compliance officer

Standard MNPI Content Labels

The following labels map directly to existing compliance detector classifications and can be used in any barrier definition:

mnpi earnings_data merger_acquisition_target customer_npi trading_position regulatory_filing

Supervision Records (FINRA Rule 3110)

Every barrier violation is automatically recorded as a supervision record and retained for 90 days (the FINRA minimum). Violations include:

Which barrier was triggered
The user's identity and LDAP groups
Which content labels were detected
Action taken (Block/Log/Alert)
A content excerpt (first 200 characters) for supervisor review
Whether the violation has been reviewed and by whom
Cross-reference to the full VAS audit log record

Attestation Reports

The GET /api/barriers/attestation endpoint generates a FINRA-style supervision attestation summary for any date range: total violations, blocked vs. logged, reviewed vs. pending, violations by barrier, and critical/high severity counts. This is the document a compliance officer signs quarterly to attest that AI supervision controls are functioning.

API Reference

POST /api/barriers Create a new information barrier

GET /api/barriers List all barriers

GET /api/barriers/{barrier_id} Get a specific barrier definition

DELETE /api/barriers/{barrier_id} Remove a barrier

GET /api/barriers/violations Query violation records (filterable by date, barrier, unreviewed)

POST /api/barriers/violations/{id}/review Mark a violation as reviewed (supervisor attestation)

GET /api/barriers/attestation Generate FINRA-style attestation report for a date range

Feature 3: Regulatory AI Examination Suite

The Examination Suite turns Smartflow's existing VAS audit data into examiner-ready evidence packages. What used to take months of consulting preparation now takes a single API call. Reports are cached for 24 hours and can be exported as structured JSON for ingestion into GRC platforms.

SR 11-7 Model Risk FINRA 3110/3120 FFIEC IT Exam GDPR Art. 22 EU AI Act Basel IV

AI Model Inventory

The AI Inventory is an auto-maintained register of every model and provider flowing through Smartflow. Each entry captures:

Field	Purpose
`risk_tier`	SR 11-7 Tier 1 (High) / Tier 2 (Moderate) / Tier 3 (Low) — manually assigned, auto-flagged Unclassified on discovery
`data_sensitivity`	Public / Internal / NonPublicPersonalInfo / MNPI / PHI / Mixed
`applicable_frameworks`	SR117 / FINRA3110 / FFIEC / GDPR / EuAiAct / Basel IV / DoddFrank
`validation_status`	NotStarted / InProgress / Validated / ConditionallyApproved / Failed / Expired
`total_requests`	Auto-updated from VAS logs
`avg_compliance_score`	Running average from VAS compliance scans
`total_cost_usd`	Cumulative cost for financial reporting

Report Frameworks

SR 11-7 Model Risk Management

Model inventory with risk tiers, validation gaps for Tier 1/2 models, upcoming validation due dates, and per-model performance outcomes. Exactly what OCC examiners ask for.

FINRA Rule 3110/3120

Supervision records, barrier attestation summary, active control inventory, and exception reports. Documents that your AI supervision program functions as required.

FFIEC IT Examination

Third-party AI provider inventory, access control evidence (virtual keys, SSO, LDAP), audit log completeness metrics, and policy enforcement summary.

GDPR / EU AI Act

High-risk AI system documentation, human oversight control evidence, data subject rights controls, and automated decision documentation per Article 22.

Comprehensive Package

The COMPREHENSIVE report type generates all four framework sections in a single report. This is the document you hand to a multi-regulator examination team (e.g., a joint OCC + FINRA examination of a bank-broker dealer) without assembling separate packages.

API Reference

GET /api/examination/inventory Get full AI model inventory

POST /api/examination/inventory Add or classify a model manually

GET /api/examination/inventory/{entry_id} Get a specific model's record

POST /api/examination/report Generate an examination report (specify type + date range)

GET /api/examination/reports List all cached reports

GET /api/examination/reports/{report_id} Retrieve a cached report

Combined Architecture

All three features are additive layers on top of Smartflow's existing infrastructure. No changes are made to the core request path, caching logic, or compliance engine.

Layer	Existing Component	New Feature Builds On It
Identity	LDAP/AD auth, JWT claims, `CallerIdentity`, `UserContext`	AIDA (principal binding), Chinese Wall (group matching)
Agent Protocol	A2A gateway, `AgentProfile`, `AgentRegistry`	AIDA (credential issued per agent, enforced at A2A task dispatch)
Policy / Guardrails	`GuardrailPolicyManager`, `PolicyAttachment`, ad_groups	Chinese Wall (barrier as a named guardrail type)
Compliance Engine	`ComplianceDetector`, `ComplianceScanResult`, violation types	Chinese Wall (content label source), Examination Suite (violation stats)
VAS Audit Log	`VASLog`, user_id, user_groups, compliance fields	All three features: VAS is the evidence base for every report
Redis	Included in the Smartflow container stack — cache, counters, policy store, session store	AIDA credentials, barrier definitions, violations, inventory, reports — all use the bundled Redis, no additional services required
Virtual Keys	`VirtualKey`, owner_id, tags, budget	AIDA maps `cred_id` into virtual key tags for chargeback and rate limiting

Regulatory Framework Mapping

Requirement	Regulatory Source	Smartflow Control
AI model inventory with risk classification	SR 11-7 §2.1, OCC 2023	AI Inventory auto-populated from VAS, manual tier assignment
Independent model validation evidence	SR 11-7 §4, Basel IV	SR 11-7 Report validation gap analysis, due-date tracking
AI supervision records	FINRA 3110/3120	Barrier violations + attestation report, 90-day retention
Information barrier enforcement	SEC 17a-4, Investment Advisers Act §204A	Chinese Wall enforced at gateway, LDAP group + content classification
Third-party AI vendor risk management	OCC 2023-17, FFIEC IT Exam	FFIEC Report provider inventory, access controls, audit completeness
Delegated authority for AI agents	OCC AI Guidance, CFPB 2024	AIDA signed credentials with scope enumeration and transaction limits
Automated decision documentation	GDPR Art. 22, EU AI Act Art. 49	EU AI Act Report high-risk system registry, human oversight evidence
Full AI interaction audit trail	All frameworks	Existing VAS logging — every request, compliance scan, cost, and identity recorded

Implementation Timeline

Week 1

Deploy & Configure

Deploy Smartflow 1.6 with AIDA_SIGNING_SECRET environment variable set. Configure LDAP/AD integration (if not already done). Redis is already bundled in the Smartflow container stack — all three features are available immediately with no additional services to provision.

Week 2

Define Barriers & Issue Credentials

Create information barriers via POST /api/barriers for each of your regulatory Chinese walls. Issue AIDA credentials for active AI agents via POST /api/aida/credentials. The AI model inventory begins auto-populating from VAS traffic immediately.

Week 3–4

Risk Classify the Inventory

Review auto-discovered models via GET /api/examination/inventory. Assign SR 11-7 risk tiers, data sensitivity, and applicable frameworks via PUT /api/examination/inventory/{id}. Flag Tier 1 models for validation scheduling.

Ongoing

Examination Ready

Generate examination packages on demand: POST /api/examination/report with "report_type": "COMPREHENSIVE" and your examination period. Review barrier violations and attest via GET /api/barriers/attestation. The governance score in the executive summary tracks your readiness continuously.

Caddy Routing

Add these path prefixes to your Caddy configuration, routing all three to localhost:7778 (api-server):

handle /api/aida* handle /api/barriers* handle /api/examination*