Platform
OverviewThe engineEvidence & auditEnterprise foundationHuman-in-the-loopGateways
Solutions
AI GovernanceRisk & ComplianceTrust & SafetyEnterprise-ready Code-leak preventionPersonal data & secretsPrompt-injection defenseKeep AI on-policyAgent permissions Healthcare (PHI)EU AI ActNIST AI RMFLegalAgent identity (ERC-8004)
More
Compare ResourcesStandardsSecurityCases AI Control Maturity ModelDecision System MapPrompt injection guidePMI AI standardPet, Cattle, or CrewAgent vs control layer Docs About
Book a demo

Resource · Risk & Compliance

Agent layer vs control layer

SR 26-2, the revised model-risk guidance the Federal Reserve issued on 17 April 2026, supersedes SR 11-7 and puts generative and agentic AI out of scope: the guidance calls them "novel and rapidly evolving" and states they "are not within the scope of this guidance" - while the underlying obligation remains: banks must still apply their existing risk management to anything not covered. The regulator paused. The obligation did not.

Read as a builder, not a compliance expert: here is how those obligations land on AI agents. Source: Federal Reserve SR 26-2 (the gen-AI exclusion is in the attached guidance).

One set of obligations, two surfaces

SR 26-2's obligations group into roughly four areas: model development and use, validation and monitoring, governance and controls, and vendor products. For a statistical model they land in one place. For an AI agent that takes actions, the same obligations split across two surfaces that have to stay separate.

The two layers

Agent layer
what the agent is and does
  • Versioned model, prompt, tools, and memory
  • Pre-deployment evaluation and red-teaming
  • Drift and behavior monitoring
  • Documentation of model behavior and limits
  • Owned by the ML / AI platform team
Control layer Swiftward
what the agent is allowed to do
  • Action grants: which tools, which data, which value thresholds
  • Versioned policies with controlled rollout and instant rollback
  • Per-decision replay with the exact policy version and inputs
  • Materiality-based human escalation
  • Owned by risk and policy, with rollback authority

Why they have to be separate

Different cadence, different owners, different tooling. Mix them and you cannot change a policy without redeploying the agent, you cannot replay a disputed decision against the exact policy version that produced it, and you cannot give risk an accountability surface independent of the platform team. Keeping them separate is what makes each obligation answerable.

Where Swiftward sits

Most banks already have the agent layer through a cloud model platform or an in-house stack. The control layer usually exists only in pieces: rules buried in application code, action limits hardcoded, audit logs that reference no policy version. Swiftward is that control layer, built as one product: action grants, versioned policy with rollback, per-decision replay, and materiality-based escalation, on infrastructure you run. Risk & Compliance.

Book a demo