Illustrative sample · anonymized regional-bank engagement. This is a redacted illustrative sample of the deliverable produced by a NextFi AGR engagement. Client name, scores, quantitative findings, and deployment specifics have been replaced with redaction bars or generic placeholders. Structure, layout, depth of analysis, and tone are representative of the production deliverable.

Download a copy of this sample report to share or review offline.

↓ Download PDF
Findings Report
A NextFi Diagnostic Engagement · May 2026

Agentic AI Governance Review

Governance built for the agent, not the model.

Prepared for
[ Client Name Redacted ]
Tier 2 US Commercial Bank
Engagement Period
April 2026
Three-Week Fixed Scope
Lead Advisor
Barry Eisenberg
Managing Principal
Engagement Reference
AGR-2026-04-[redacted]
agentic.nextfiadvisors.com
Redacted Sample · Prospect Review Use Only Client name, deployment specifics, scores, and quantitative findings are illustrative. The structure, layout, depth of analysis, and tone are representative of the production deliverable.
CONFIDENTIAL · Redacted Sample © NextFi Advisors, Inc. · Page 1 of 11

What you’re looking at.

A redacted, illustrative sample of the deliverable produced by a NextFi AGR engagement.

This is a redacted, illustrative sample of the deliverable produced by NextFi Advisors’ Agentic AI Governance Review (AGR) — a fixed-scope, fixed-fee three-week engagement that scores an organization’s agentic AI deployment across four governance lenses and produces a regulator-ready Findings Report and 90-Day Remediation Roadmap.

Client name, scores, quantitative findings, and deployment specifics have been replaced with redaction bars or generic placeholders. The structure, layout, depth of analysis, and tone are representative of the production deliverable. The Findings Report in the production engagement runs 40–60 pages; this sample includes ten content pages.

Contents

  1. 01Executive Summary03
  2. 02Methodology — The Four-Lens Framework04
  3. 03Scorecard at a Glance05
  4. 04Detailed Findings — Control Plane06
  5. 05Detailed Findings — Regulatory & FS Risk07
  6. 06Control-Plane Map (Excerpt)08
  7. 07Regulatory Cross-Walk (Excerpt)09
  8. 0890-Day Remediation Roadmap10
  9. 09Next Steps11
Format
Fixed scope
Timeline
3 weeks
Fee
~$10,000
Output
Regulator-ready

Reactive posture, with material gaps in agentic-specific failure modes.

Policies exist on paper; the control plane does not yet enforce them.

42
out of 100
Reactive
The Client’s agentic AI deployment scored 42 / 100 on the NextFi Agentic AI Governance Review, placing it in the Reactive tier. Documented policies exist across most domains and the institution’s traditional model risk framework is mature. However, governance is largely encoded in policy language rather than in the control plane itself, and the deployment is materially exposed to agentic-specific failure modes that classical model risk frameworks are not designed to address.

Headline findings

01

Permission enforcement lives in policy, not infrastructure.

Agentic deployments rely on prompt-level instructions and written policy to constrain tool access. No per-agent allow-list is enforced at the tool or MCP layer.

02

Memory and context governance are not yet operational.

Persistent memory is enabled by default without retention policy, redaction, or audit logging — creating a privacy and discovery exposure.

03

Shadow AI is the largest unmanaged regulatory surface.

Estimated [redacted]% of internal AI usage is on unsanctioned tools. No CASB or DLP-based discovery is in place; the institution is materially exposed to data exfiltration and AI-Act-relevant uses outside the governance perimeter.

Four lenses. One control plane.

A 24-dimension assessment designed so classical risk practitioners and agentic-native engineers both see their domain represented.

The AGR scores the deployment across four governance lenses, each with six diagnostic dimensions. Together they produce a 24-dimension assessment scored 0–4 per dimension. Lens scores roll up to /25; the total to /100.

01
Proprietary lens

Control Plane Architecture

Governance encoded in infrastructure, not policy: permission engines, context pipelines, tool boundaries, memory, delegation, observability.

02
Defensibility

Regulatory & Standards Alignment

NIST AI RMF, EU AI Act, SR 11-7, EU DORA, SEC cybersecurity disclosure, third-party AI risk, acceptable-use enforcement.

03
Domain coverage

Financial-Services Risk Domains

Autonomous action, consumer protection and fair lending, BSA/AML and sanctions, AI-enabled fraud and deepfakes, data sovereignty, concentration risk.

04
Beyond classical AI risk

Agentic-Specific Failure Modes

Prompt injection, tool-use abuse, runaway loops, memory poisoning, multi-agent cascading failure, shadow AI and unsanctioned agents.

Scoring. Each dimension is scored on a 0–4 scale anchored to control maturity, where 0 indicates no awareness or control and 4 indicates the control is enforced at the infrastructure layer, monitored continuously, and audit-ready.

Lens Scorecard

Four governance lenses, normalized 0–25, weighted to a 0–100 total.

42
out of 100
Reactive Tier 2 of 4
Policies exist on paper; infrastructure does not. Governance is documented but not enforced at the control plane. The shadow-AI gap is likely significant.
Control Plane Architecture Proprietary lens · 30% of total
7 / 25
Regulatory & Standards Alignment Defensibility · 25% of total
14 / 25
Financial-Services Risk Domains Domain coverage · 25% of total
16 / 25
Agentic-Specific Failure Modes Beyond classical AI risk · 20% of total
5 / 25
06131925
Reading this page. Each lens is scored 0–25 from the diagnostic responses, then weighted by its share of the total (Control Plane 30%, Regulatory 25%, FS Risk 25%, Agentic Failure 20%). The institution’s weakest lenses are Agentic-Specific Failure Modes (5 / 25) and Control Plane Architecture (7 / 25) — driven by the absence of an enforced permission engine, missing memory-write governance, and no automated shadow-AI discovery. Detailed findings begin on page 6.

Permission, context, and memory live in policy, not infrastructure.

Detailed findings — Control Plane Architecture lens.

Finding 1.1 · Permission Engine High severity

Tool access governed by prompt instructions, not enforced at the call layer.

Current 1 / 4 Target 4 / 4 Effort ~6 weeks Owner CISO / AI Lead
Observation

Across the three deployments reviewed, the agent’s ability to call external tools is governed by the system prompt and a written acceptable-use policy. There is no enforcement layer between the agent and the tool: any tool the agent can reference, it can invoke. Credentials scoped to the deployment grant broad read/write access to the underlying systems.

Why it matters

Prompt-level instructions are not enforcement; they are suggestions. A prompt-injected document, a poisoned retrieval result, or a deliberately crafted user request can override the system prompt without leaving an enforcement-layer signal. The institution’s existing model-risk framework does not contemplate this surface because it inherits assumptions from traditional model deployments.

Recommendation

Adopt an MCP-layer permission engine that enforces per-agent, per-tool, per-data-classification access policy independent of the agent prompt. Anchor the design to NextFi’s published guidance in “MCP: The USB-C for AI Integrations” and the Agentic Architecture, Annotated brief. Implementation sequence is detailed in Roadmap item R-01.

Finding 1.3 · Memory Governance Critical

Persistent memory enabled without retention, redaction, or audit policy.

Current [redacted] / 4 Target 4 / 4 Effort [redacted] weeks Owner Data Governance
Observation

Full finding text available in the unredacted Findings Report. Production deliverable includes evidence references, control-plane layer mapping, and remediation owner.

Defensibility gaps cluster around the EU perimeter and shadow AI.

Detailed findings — Regulatory & Standards Alignment and FS-Risk Domains lenses.

Finding 2.2 · EU AI Act High severity

EU AI Act risk-tier classification not performed for any in-scope deployment.

Observation

Although the Client serves EU clients through [redacted], no formal classification of the agentic deployment under EU AI Act risk tiers has been performed. The deployment may include uses that fall under the high-risk category, triggering conformity assessment, post-market monitoring, and transparency obligations.

Recommendation

Conduct a formal EU AI Act classification within 30 days. Where high-risk uses are identified, [redacted] a documented conformity assessment plan within 60 days. Detail in Roadmap item R-04.

Finding 2.6 · Shadow AI Critical

Shadow AI exposure is the largest unmanaged regulatory surface.

Observation

Discovery scans conducted during the engagement indicate that approximately [redacted]% of internal AI usage occurs on tools that are not part of the institution’s sanctioned AI estate. Categories include [redacted]. There is no CASB or DLP-based discovery in place. Acceptable-use policy is not technically enforced.

Recommendation

Stand up a continuous AI-discovery capability (CASB or AI-specific tooling) within 45 days. Establish a sanctioned-by-default workflow with documented exception path. Detail in Roadmap item R-05.

Finding 3.4 · AI-Enabled Fraud High severity

AI-enabled fraud and deepfake defense is awareness-only.

Observation

Existing fraud-prevention controls are designed for [redacted] and have not been updated to address voice cloning, synthetic-identity injection, or agentic social engineering. Liability is shifting toward the institution that processes the fraudulent action.

Recommendation

Deploy liveness checks and behavioral biometrics on customer-facing voice and document channels within 90 days. Detail in Roadmap item R-07.

Control-Plane Map

Where governance is — and is not — encoded in the institution’s agent infrastructure.

Agent Orchestrator LLM + planner 3 agents in prod CONTROL PLANE Permission Engine RBAC + scoped tokens In place Context Pipeline PII filter, no provenance Partial — gap Tool Boundaries Allowlist + dry-run In place Memory Persistent, no audit Gap — high risk Delegation Sub-agent spawn ad hoc Partial — gap Observability App logs only Gap — no trace Human-in-the-Loop Approval Required for >$10K transfers, customer-facing comms · In place 3 of 7 controls fully encoded · 2 partial · 2 absent Memory + observability gaps materially raise tool-use abuse exposure Core Banking Read-only · prod CRM & Comms Read + draft only Payments API Write · HITL gated Knowledge Base Vector + docs 3rd-Party SaaS 4 vendors · 2 unreviewed GAP 1 — Memory Persistent memory writes not audited; poisoning vector unmitigated. GAP 2 — Observability No agent-level trace; cannot reconstruct tool-call chains.
Control encoded & tested
Partial — documented but not enforced
Absent — material gap
Annotations flag findings detailed on pages 6–7.

Regulatory cross-walk — NIST AI RMF excerpt.

Each finding is mapped to specific subcategories of NIST AI RMF, EU AI Act articles, SR 11-7 sections, and DORA chapters.

Category Subcategory Description Status Finding
GOVERN1.1Legal and regulatory requirements understoodPartial2.1, 2.2
GOVERN1.4Risk management processes integrated with broader enterprise risk managementDocumented
GOVERN2.1Roles and responsibilities for AI risk are documented and communicatedPartial1.6
GOVERN4.1Policies for AI use are established and enforcedGap2.6, 1.1
MAP1.1Context of AI system use is documentedDocumented
MAP2.3Scientific integrity and TEVV considerations addressedPartial1.5
MAP5.1Likelihood and magnitude of impact identifiedPartial2.2
MEASURE2.7AI system security and resilience are evaluatedGap4.1, 4.2
MEASURE2.10Privacy of AI system is examined and documentedGap1.3
MANAGE1.3Risk responses are developed and prioritizedPartial1.1, 1.3
Excerpt only. The production deliverable includes the full cross-walk (47 rows across NIST AI RMF, EU AI Act, SR 11-7, and DORA), each row evidence-linked to specific findings.

90-Day Implementation Roadmap

Prioritized to close the two material gaps (Memory, Observability) before scaling agent count.

Workstream
W1
W2
W3
W4
W5
W6
W7
W8
W9
W10
W11
W12
Phase
Foundation
Build
Validate
Control Plane Memory audit · agent tracing
Memory write log (urgent)
Agent trace instrumentation
Tabletop replay test
M1
Regulatory SR 11-7 + EU AI Act mapping
Control crosswalk
Evidence binder draft
Internal audit review
FS Risk Integration BSA/AML · consumer protection
Taxonomy extension
Agent-action risk-tagging in monitoring
M2
Agentic Failure Prompt-injection · shadow-AI
Shadow-AI discovery sweep
Prompt-injection test suite
Tool-use anomaly rules
Red-team exercise
M3
Governance & Reporting Board cadence · disclosure
Charter + RACI
Monthly metrics pack v1
Board readout
M1 · End of week 4 Memory writes audited; trace instrumentation deployed across all 3 production agents.
M2 · End of week 8 Shadow-AI sweep complete; prompt-injection test suite passing on baseline policy.
M3 · End of week 12 Red-team exercise complete; first board readout delivered; SR 11-7 evidence binder reviewed.

From findings to a governed deployment.

Three concrete next steps that move the deployment from Reactive toward Managed within one quarter.

The Agentic AI Governance Review concludes with this Findings Report. The institution has three immediate options for moving from Reactive toward a defensible, governed posture.

01

Adopt the 90-Day Roadmap as-is.

The roadmap is sized for the institution’s existing AI, security, and risk teams. It does not require external implementation support and is designed to close the two highest-severity findings (Memory Governance, Shadow AI) within the first 30 days.

02

Engage NextFi for selected implementation support.

Per-workstream support is available for the Permission Engine implementation (R-01), Memory Governance design (R-02), the Shadow AI discovery program (R-05), and the EU AI Act conformity assessment (R-04). Each is scoped as a fixed-fee, time-boxed engagement.

03

Schedule a 90-day re-score.

NextFi recommends a re-score at the end of the 90-day window to validate uplift, refresh the regulatory cross-walk, and update the control-plane map for any infrastructure changes. Re-scores are delivered against the same 24-dimension framework so progress is directly comparable.

Engagement specifications

Format
Fixed scope, fixed fee
Timeline
Three weeks
Investment
~$10,000*

*Typical engagements range between $5k and $20k depending on complexity

Continue the Engagement
From findings to a governed deployment

A report like this,
for your stack.

The 24-question NextFi diagnostic returns a free scorecard in about ten minutes. From there, an Agentic AI Governance Review produces the full findings report — mapped to your control plane, regulatory exposure, and a 90-day remediation roadmap.

agentic.nextfiadvisors.com
NextFi Advisors, Inc. · agr@nextfiadvisors.com · Building the foundations for the next generation of financial infrastructure.
Confidential · Redacted illustrative sample. Scores, client details, and quantitative findings are representative, not actual.

Want a report like this for your stack?

The 24-question diagnostic gives you a free scorecard in about 10 minutes. From there, a NextFi engagement produces the full 10-page findings report — mapped to your control plane, regulatory exposure, and a 90-day remediation roadmap.

Take the free diagnostic →
Free · no email required to see your scorecard · ~10 minutes
↓ Download this sample report as PDF