Vision

Vision

The Delegation Muscle

When Visa published its agentic commerce rules this spring, the most striking thing about them was how familiar they looked. Consent, scope limits, identity verification, dispute recourse. Payments has spent decades codifying what happens when someone acts on your behalf and the outcome is challenged. Agents just became the newest entity moving through that machinery. Meanwhile, McKinsey finds no business function with more than 10% of organizations actually scaling agents. The determining factor turns out to be whether an institution already has the muscles for delegation, accountability, and recovery.
The Delegation Muscle
When Visa published its agentic commerce rules this spring, the most striking thing about them was how familiar they looked. Consent, scope limits, identity verification, dispute recourse. Payments has spent decades codifying what happens when someone acts on your behalf and the outcome is challenged. Agents just became the newest entity moving through that machinery. Meanwhile, McKinsey finds no business function with more than 10% of organizations actually scaling agents. The determining factor turns out to be whether an institution already has the muscles for delegation, accountability, and recovery.

Transfer and Gap

The Agent Governance Capabilities You Already Have
The EU AI Act's requirements for high-risk AI systems — logging, documentation, human oversight, accuracy monitoring — read like a compliance checklist that regulated industries have been maintaining for years. EU legislators noticed: financial institutions already meeting existing governance rules are deemed to satisfy AI monitoring obligations outright. The organizational muscles for agent governance may already exist. Whether companies recognize the transfer before building everything from scratch is less certain.

The One Thing You Can't Repurpose
Much of what agent governance requires can be repurposed from existing compliance, QA, and security functions. But one requirement has no precedent: continuously managing what agents should do with access they already have, as conditions shift task to task. In a recent safety evaluation, an agent achieved 100% task correctness while scoring 58% on safety. It did exactly what was asked. It also crossed every boundary it understood but couldn't hold.

Thirty Years of Regulatory Resentment Turned Out to Be Agent Infrastructure
CONTINUE READINGProvocation Sidebar

The organizations moving fastest on agent deployment in regulated finance tend to share a trait that has nothing to do with their AI teams. They already had separation of duties threaded through every transaction. Initiator separated from approver separated from recorder, each action logged, each credential scoped, each exception routed to review.
None of this infrastructure was built for agents. SOX Section 404 exists because companies reported their internal controls as effective when they weren't. Credential vaulting exists because people share passwords. Approval chains exist because someone, somewhere, will authorize a payment they shouldn't. The whole apparatus grew out of a reasonable institutional suspicion about human behavior.
And the structural requirements map almost perfectly onto agent oversight. Scoped identity. Bounded authority. Activity traces. Approval binding. Exception escalation. Retention windows. All of it already there, repurposed.
There's something uncomfortable in that. The institutions best equipped for the agentic future are the ones that spent decades assuming their people would cut corners. The machinery of distrust and the machinery of agent governance look nearly identical. I keep turning that over without arriving anywhere clean.
Further Reading




Past Articles

An agent completes an enterprise workflow. The dashboard turns green. Three months later, someone asks who authorized th...

When Visa connected its payment network to ChatGPT last month, the transaction was the headline. The more revealing deta...

Enterprises report broad AI adoption, but autonomous agent deployment stays stubbornly narrow. The usual explanations po...

Marketing, content generation, internal ops. Low regulatory exposure, minimal chargeback liability, and nobody goes to j...
