The action comes first.
The check never comes.
Agentic AI systems make decisions and execute actions in milliseconds. Model alignment is probabilistic. Post-hoc review is retrospective. There is no standard mechanism to enforce authorization at the individual tool-call level before execution.
SR 26-2 · Footnote 3 · Verbatim · April 17, 2026
“Generative AI and agentic AI models are novel and rapidly evolving. As such, they are not within the scope of this guidance. Nonetheless, a banking organization’s risk management and governance practices should guide the determination of appropriate governance and controls for any tools, processes, or systems not covered in this document.”
Federal Reserve SR 26-2, April 17, 2026. Most relevant to banking organizations with over $30 billion in assets, with risk-based applicability to others.
Three Converging Liability Vectors
Regulators expect examination evidence for systems that have no defined evidence standard.
Vendor contracts cap indemnification at 12 months of fees — no relationship to potential regulatory fines.
Carriers now specifically exclude generative and agentic AI incidents from standard coverage.
When the examiner asks,
what does the institution produce?
A regulator requests the governance record for an AI-assisted decision. The institution goes to the AI vendor. The vendor provides its own log. That is not a defensible examination record.
You don’t own the record
Vendor audit trails are vendor property. An independent governance record must be institution-owned and institution-sealed.
Logs record. They don’t enforce.
Audit logs capture what happened. An examiner wants to see that a policy check occurred before the action — not a record of the action itself.
Which policy version governed it?
If your AI system cannot produce the policy version, authority level, and threshold state that governed each specific decision — sealed and tamper-evident — you cannot reconstruct the governance record.
Every existing tool operates
on the wrong side of execution.
| Tool Category | What It Does | What It Does Not Do |
|---|---|---|
| Governance dashboards | Report on AI risk metrics over time | Do not intercept individual actions before execution |
| Model risk management tools | Validate traditional statistical models under SR 26-2 | SR 26-2 Footnote 3 explicitly excludes agentic AI from scope |
| Vendor audit logs | Record what the AI system did after execution | Vendor-owned. Cannot prove pre-execution policy check occurred |
| AI safety guardrails | Filter model outputs for content policy | Probabilistic, operate inside the model, no cryptographic enforcement record |
| GRACE | Intercepts every agentic AI action before execution. Evaluates against policy. Seals a cryptographically tamper-evident institution-owned record. | Closes all four gaps simultaneously |