The governance gap
SR 11-7 and comparable model-risk frameworks remain foundational: model inventory, validation, independent review, and ongoing monitoring are non‑negotiable for regulated institutions. Those controls were largely designed when “the model” meant a score, a rating, or a classifier with a narrower operational surface. Generative and agentic systems change the game because they can chain reasoning to tools—API calls, workflows, messaging—without a human in the loop for every step.
That shifts exposure from statistical error alone to execution risk: the wrong action at the wrong time, routed through systems that move money, data, or customer outcomes.
Documentation is not enforcement
Strong documentation proves intent. It does not, by itself, prevent a policy‑violating transfer, an off‑script customer communication, or an automated limit change when the model or orchestration layer mis‑evaluates context. Second line and internal audit increasingly ask not only “was the model validated?” but “what mechanically stops harmful execution in production?”
Runtime authorisation answers that question with a deterministic gate: proposed actions are evaluated against policy before they reach core banking, payments, or outbound comms. Outcomes are PERMIT, DENY, or SILENCE—with evidence suitable for challenge and review.
Where TrigGuard sits
TrigGuard is not a replacement for SR 11‑7 programme work; it is the control plane on the hot path. Policy is expressed as code, versioned, and evaluated consistently across channels. Receipts support forensic reconstruction: what was attempted, what was allowed, and under which rule version.
Practical integration points include payment initiation, credit decision orchestration, fraud case workflows, and any generative step that could trigger an external effect.
What to do next
Map your highest‑materiality agent workflows, identify irreversible surfaces, and pair model‑risk milestones with execution controls you can test in non‑prod. When you are ready, we can align policy tiers to your risk taxonomy and evidence packs for supervisory dialogue.
For adjacent reading, see our pages on banking & insurance, execution governance, and the decision model.