Version: 1.0.0-Stable
FAGF-FS is a comprehensive specification and reference implementation for governing autonomous AI agents in financial services. As artificial intelligence transitions from advisory roles to autonomous transaction execution, this framework provides the architectural blueprints, safety protocols, and regulatory alignment needed to deploy AI agents responsibly in production financial systems.
The rapid advancement of AI agents capable of autonomous decision-making has created a critical gap: how do we ensure these agents operate safely within financial regulations while maintaining the speed and efficiency that makes them valuable? Traditional post-execution auditing is insufficient when agents can execute transactions in milliseconds. FAGF-FS addresses this by introducing pre-execution governance through deterministic validation.
- Financial Institutions: Banks, fintechs, and payment processors deploying AI agents for autonomous operations
- Regulatory Bodies: Organizations seeking standardized frameworks for AI governance in finance
- AI Developers: Teams building autonomous agents that handle financial transactions
- Compliance Officers: Professionals responsible for ensuring AI systems meet regulatory requirements
- Researchers: Academics studying safe AI deployment in high-stakes domains
Unlike general AI safety frameworks, FAGF-FS is purpose-built for financial services with:
- Regulatory Mapping: Direct alignment with MAS, GDPR, ISO 20022, and other financial standards
- Deterministic Validation: Same input always produces same output - critical for auditing
- Financial-First Design: Built-in concepts like spending limits, velocity controls, and HITL thresholds
- Production-Ready: Reference implementation with real-world mandate examples
The Foundational Agentic Governance Framework for Financial Services (FAGF-FS) is a standardized specification for building safe, compliant, and auditable autonomous AI agents in financial ecosystems. As AI agents evolve from advisory tools to autonomous executors of financial transactions, FAGF-FS provides the architectural blueprints and operational mandates necessary to ensure every action is governed by human-defined policy and regulatory requirements.
Modern AI agents can propose and execute financial transactions autonomously, but without proper governance:
- Risk: Agents could execute unauthorized high-value transactions
- Compliance: Regulatory requirements (MAS, GDPR, AML) may be violated
- Safety: PII leakage, hallucinations, or reasoning errors could cause harm
- Auditability: Lack of transparency in decision-making processes
FAGF-FS introduces a deterministic validation layer that sits between the AI agent and financial rails, ensuring:
- ✅ Immutability: Governance rules are enforced before execution, not after
- ✅ Interpretability: Every decision has a verifiable audit trail
- ✅ Regulatory Parity: Financial regulations are mapped into executable code
- ✅ Human-in-the-Loop: High-risk actions require explicit human approval
Every agent action is wrapped in a structured envelope containing:
- Transaction: The proposed financial action (amount, merchant, category)
- Reasoning: The agent's explanation for why it's taking this action
- Context: Metadata like merchant history, risk scores, and flags
A collection of deterministic rules that define what's allowed:
- Authorization Mandates: New merchant checks, confirmation thresholds
- Spending Mandates: Transaction limits, approval requirements
- Velocity Mandates: Rate limiting, cooldown periods
- Custom Mandates: Region-specific rules (e.g., Singapore MAS compliance, PII protection)
The validator evaluates mandates in priority order:
- Block-Before-Commit: Hard blocks (e.g., gambling, unlicensed activities)
- Human-in-the-Loop (HITL): Flagged for approval (e.g., high-value transactions)
- Autonomous Execution: Approved for immediate execution
- Shadow Logging: Logged for audit but not blocked
A standalone service that:
- Receives governance envelopes from agents
- Evaluates them against the mandate stack
- Returns a validation result (APPROVED, BLOCKED, or HITL)
- Maintains an immutable audit log
┌─────────────────┐
│ AI Agent │
│ (Proposes) │
└────────┬────────┘
│
▼
┌─────────────────────────────────┐
│ Governance Envelope │
│ ┌───────────────────────────┐ │
│ │ Transaction: $2,500 │ │
│ │ Merchant: Apple Inc │ │
│ │ Reasoning: "New laptop" │ │
│ │ Context: isNewMerchant=no │ │
│ └───────────────────────────┘ │
└────────┬────────────────────────┘
│
▼
┌─────────────────────────────────┐
│ Deterministic Validator │
│ ┌───────────────────────────┐ │
│ │ ✓ Check Category Block │ │
│ │ ✓ Check Spending Limit │ │
│ │ ⚠ Exceeds $1k threshold │ │
│ │ ✓ Check PII Leakage │ │
│ │ ✓ Check Content Safety │ │
│ └───────────────────────────┘ │
│ Result: HITL Required │
└────────┬────────────────────────┘
│
▼
┌─────────────────┐
│ Human Approver │
│ (Reviews) │
└────────┬────────┘
│
▼
┌─────────────────┐
│ Financial Rail │
│ (Executes) │
└─────────────────┘
- Categorical Blocklists: Prevent transactions in prohibited categories (gambling, high-risk investments)
- PII Protection: Detect and block Singapore NRIC/FIN numbers in agent reasoning
- MAS Compliance: Enforce licensing requirements for financial services
- Content Safety: Filter profanity, scam keywords, and malicious intent
- Spending Limits: Configurable thresholds for autonomous vs. human approval
- Velocity Controls: Rate limiting to prevent rapid-fire transactions
- New Merchant Authorization: Require approval for first-time vendors
- Payment Method Restrictions: Control which payment methods are allowed
- Audit Trail: Every validation decision is logged with full context
- Triggered Mandates: See exactly which rules were evaluated and why
- Reasoning Transparency: Agent explanations are preserved and auditable
- Risk Scoring: Contextual risk assessment for every transaction
- SPECIFICATION.md: Complete technical specification
- Sample Application: Reference TypeScript implementation
- AI-Guardrails-Sandbox: Interactive demo with live validation
npm install --legacy-peer-deps
npm run devimport { GovernanceValidator } from './core/validator';
import { STANDARD_MANDATES } from './core/mandates';
const envelope = {
transaction: {
amount: 500,
merchantName: 'Microsoft',
category: 'Software Subscription',
// ...
},
reasoning: 'Monthly Office 365 renewal',
context: { isNewMerchant: false }
};
const result = GovernanceValidator.validate(
envelope,
STANDARD_MANDATES,
[]
);
console.log(result.allowed); // true
console.log(result.reason); // "Transaction approved"AI agents can autonomously pay recurring bills, office supplies, and subscriptions while requiring human approval for large purchases.
Ensure all trading activities comply with MAS regulations, blocking unlicensed activities and flagging high-risk transactions.
Automatically detect and prevent PII leakage in agent reasoning, protecting customer data.
Extend the framework with region-specific mandates (Singapore, EU, US) while maintaining a consistent validation architecture.
- Deterministic: Same input always produces same output
- Stateless: Validator can be horizontally scaled
- Extensible: Add custom mandates without changing core logic
- Framework-Agnostic: Works with any AI agent architecture
- Language-Agnostic: Specification can be implemented in any language
FAGF-FS provides templates for mapping to:
- MAS (Monetary Authority of Singapore): Financial services licensing, AML/CFT
- GDPR: Personal data protection, PII handling
- ISO 20022: Financial messaging standards
- PCI-DSS: Payment card industry security
This is a conceptual framework maintained as a reference implementation. For production use, adapt the specification to your specific regulatory and operational requirements.
MIT License - See LICENSE file for details
Maintained by the Agentic Financial Standards Org (Conceptual)
For questions or feedback, please open an issue in this repository.