How I govern AI agents using the same framework I use for employees

Most organizations treat AI governance as a new problem requiring new frameworks. I don't.

I treat an AI session the same way I treat an employee. You give that employee roles and responsibilities. You give them scope. You put policies and controls around how they do their work. Then they use their know-how to get from A to B.

A to B is what you measure. How they get from A to B—as long as they're within the bounds—the employee's good to go.

The governance gap is organizational, not technological

Only 30% of organizations have reached maturity level three or higher in strategy, governance, and agentic AI controls. The other 70% are scaling agents on a governance foundation designed for a different era.

The bottleneck for AI adoption in 2026 isn't the technology itself. It's trust.

When you go from dozens of agents to thousands and tens of thousands—which is exactly what's happening now—governance approaches that rely on human review, spreadsheet-based inventories, and team-by-team policy implementation simply cannot keep up.

The failure of multi-agent systems is an organizational and orchestration problem. Not a technological one.

The key in both cases: clarity of role before deployment. What is this digital worker responsible for, where does the work come from, where does it go, and when does a human need to make a call?

Owner, Operator, User, Agent: scoped-based sessions

I categorize AI interactions into four types of scoped-based sessions: Owner, Operator, User, Agent.

Owner: The principal who authorizes the agent. The person accountable for outcomes. The one who defines what success looks like and sets the boundaries.

Operator: The person or system responsible for configuring, monitoring, and maintaining the agent. The one who ensures the agent has the right tools, data, and permissions to do its job.

User: The person interacting with the agent to get work done. The one who provides input, receives output, and evaluates whether the agent delivered what was needed.

Agent: The AI session itself. The digital worker executing tasks within defined scope, using its capabilities to move from A to B.

Every action taken by an agent can be tied to a cryptographically verifiable identity and a clearly defined delegation from the principal who authorized the agent. This allows systems to confirm not just that an agent is legitimate, but that its actions align with the scope, purpose, and limits assigned to it.

This isn't theory. This is how you govern at scale.

The trust agent: verification as infrastructure

These agents are never alone. There's always a trust agent whose only job is to make sure that everything being done is verified and not let it go past.

The trust agent is not a human reviewer. It's not a compliance checklist. It's a continuous verification layer built into the system.

Agentic AI breaks checkpoint-based security. You can't rely on one-time authentication when an agent is making decisions and taking actions autonomously across multiple systems and data sources.

Continuous trust enforces identity, access, and control at runtime. The trust agent validates every action against the agent's defined scope before allowing it to proceed.

This is how you enable autonomous operation without sacrificing accountability.

Governance as constitutional layer, not compliance theater

More than 70% of banking firms report using agentic AI to some degree. 16% have fully deployed solutions. 52% are running pilot projects.

Yet governance frameworks lag behind.

The EU AI Act was negotiated before the explosion of agentic AI systems. Its risk categories assume AI systems that assist human decision-making, not systems that make and execute decisions independently.

NIST's AI Risk Management Framework similarly focuses on risk management for AI predictions and recommendations. Not for autonomous multi-step actions.

APRA's 30 April 2026 industry letter is the most explicit prudential regulator statement on AI to date. It expects regulated entities to use globally recognized control frameworks and apply integrated assurance across cyber security, data governance, model performance risk, operational resilience, privacy, and conduct.

The federal government has officially passed the baton. The financial services industry now bears primary responsibility for supervising, monitoring, and assuring the safety of generative and agentic AI models.

You need practical frameworks now. Not commentary. Not aspirational principles. Buildable infrastructure.

The implementation model: CHARTER → NOMARK → CLAUDE → SOLUTION → PRD → PROGRESS

I use a fixed sequential model for every AI governance implementation:

CHARTER: Define the constitutional rules. What can this agent do? What can't it do? Who authorized it? What outcomes is it accountable for?

NOMARK: Remove assumptions. Strip back inherited beliefs about how AI governance should work. Separate reality from briefing documents and org charts.

CLAUDE: Design the system. Build the trust agent. Define the verification mechanisms. Encode the constitutional rules into executable logic.

SOLUTION: Implement the agent and trust agent together. Deploy them as a paired system, not as separate components added later.

PRD: Document the product requirements. Make the governance model repeatable. Turn the implementation into a blueprint others can follow.

PROGRESS: Measure outcomes honestly. Track what the agent accomplished. Verify the trust agent caught what it should have caught. Identify where the model broke down.

This is how you go from crisis recovery to capability building.

What this means for regulated industries

Artificial intelligence is no longer experimental in financial services. It's operational. Embedded across credit decisioning, fraud detection, risk assessment, and customer service.

AI is already regulated. Financial institutions waiting for a single comprehensive AI law are missing the point and falling behind.

The employee-management analogy works because it translates existing operational principles into AI governance. You already know how to manage people with defined roles, responsibilities, and scope. You already have policies and controls around how work gets done. You already measure outcomes.

Apply the same framework to AI sessions.

Every agent added to a system introduces new trust boundaries, privilege escalation risks, and points of failure. In single-agent deployments, governance is straightforward. One agent to monitor. One set of permissions to enforce. One audit trail to maintain.

In multi-agent architectures, those assumptions break down. You need role clarity. You need scope definition. You need continuous verification.

The Owner/Operator/User/Agent categorization addresses this complexity through clear role definition. The trust agent provides the verification layer that makes autonomous operation possible.

The shift from tactical intervention to strategic architecture

I've spent years fixing derailed projects. Investment platform engineering. Vendor management. Requirements authorship. Transformation leadership.

The pattern I've seen: most AI governance failures are not technology failures. They're organizational failures. Unclear roles. Undefined scope. Missing verification mechanisms.

The work is shifting from "fix this crisis" to "build this capability." From tactical intervention to strategic architecture.

The AI governance model I'm engineering isn't commentary. It's buildable infrastructure for regulated industries that need tamper-evidence, independence properties, and constitutional reasoning embedded in the system. Not bolted on afterward.

The outcome is the only proof that matters. If you're still needed when you leave, you didn't finish the job.

Make the governance model repeatable. Encode it into systems. Transfer the capability to the team. Then step back.

That's how you know it worked.