Governance built for the agent, not the model.
A redacted, illustrative sample of the deliverable produced by a NextFi AGR engagement.
This is a redacted, illustrative sample of the deliverable produced by NextFi Advisors’ Agentic AI Governance Review (AGR) — a fixed-scope, fixed-fee three-week engagement that scores an organization’s agentic AI deployment across four governance lenses and produces a regulator-ready Findings Report and 90-Day Remediation Roadmap.
Client name, scores, quantitative findings, and deployment specifics have been replaced with redaction bars or generic placeholders. The structure, layout, depth of analysis, and tone are representative of the production deliverable. The Findings Report in the production engagement runs 40–60 pages; this sample includes ten content pages.
Policies exist on paper; the control plane does not yet enforce them.
Agentic deployments rely on prompt-level instructions and written policy to constrain tool access. No per-agent allow-list is enforced at the tool or MCP layer.
Persistent memory is enabled by default without retention policy, redaction, or audit logging — creating a privacy and discovery exposure.
Estimated [redacted]% of internal AI usage is on unsanctioned tools. No CASB or DLP-based discovery is in place; the institution is materially exposed to data exfiltration and AI-Act-relevant uses outside the governance perimeter.
A 24-dimension assessment designed so classical risk practitioners and agentic-native engineers both see their domain represented.
The AGR scores the deployment across four governance lenses, each with six diagnostic dimensions. Together they produce a 24-dimension assessment scored 0–4 per dimension. Lens scores roll up to /25; the total to /100.
Governance encoded in infrastructure, not policy: permission engines, context pipelines, tool boundaries, memory, delegation, observability.
NIST AI RMF, EU AI Act, SR 11-7, EU DORA, SEC cybersecurity disclosure, third-party AI risk, acceptable-use enforcement.
Autonomous action, consumer protection and fair lending, BSA/AML and sanctions, AI-enabled fraud and deepfakes, data sovereignty, concentration risk.
Prompt injection, tool-use abuse, runaway loops, memory poisoning, multi-agent cascading failure, shadow AI and unsanctioned agents.
Four governance lenses, normalized 0–25, weighted to a 0–100 total.
Detailed findings — Control Plane Architecture lens.
Across the three deployments reviewed, the agent’s ability to call external tools is governed by the system prompt and a written acceptable-use policy. There is no enforcement layer between the agent and the tool: any tool the agent can reference, it can invoke. Credentials scoped to the deployment grant broad read/write access to the underlying systems.
Prompt-level instructions are not enforcement; they are suggestions. A prompt-injected document, a poisoned retrieval result, or a deliberately crafted user request can override the system prompt without leaving an enforcement-layer signal. The institution’s existing model-risk framework does not contemplate this surface because it inherits assumptions from traditional model deployments.
Adopt an MCP-layer permission engine that enforces per-agent, per-tool, per-data-classification access policy independent of the agent prompt. Anchor the design to NextFi’s published guidance in “MCP: The USB-C for AI Integrations” and the Agentic Architecture, Annotated brief. Implementation sequence is detailed in Roadmap item R-01.
Full finding text available in the unredacted Findings Report. Production deliverable includes evidence references, control-plane layer mapping, and remediation owner.
Detailed findings — Regulatory & Standards Alignment and FS-Risk Domains lenses.
Although the Client serves EU clients through [redacted], no formal classification of the agentic deployment under EU AI Act risk tiers has been performed. The deployment may include uses that fall under the high-risk category, triggering conformity assessment, post-market monitoring, and transparency obligations.
Conduct a formal EU AI Act classification within 30 days. Where high-risk uses are identified, [redacted] a documented conformity assessment plan within 60 days. Detail in Roadmap item R-04.
Discovery scans conducted during the engagement indicate that approximately [redacted]% of internal AI usage occurs on tools that are not part of the institution’s sanctioned AI estate. Categories include [redacted]. There is no CASB or DLP-based discovery in place. Acceptable-use policy is not technically enforced.
Stand up a continuous AI-discovery capability (CASB or AI-specific tooling) within 45 days. Establish a sanctioned-by-default workflow with documented exception path. Detail in Roadmap item R-05.
Existing fraud-prevention controls are designed for [redacted] and have not been updated to address voice cloning, synthetic-identity injection, or agentic social engineering. Liability is shifting toward the institution that processes the fraudulent action.
Deploy liveness checks and behavioral biometrics on customer-facing voice and document channels within 90 days. Detail in Roadmap item R-07.
Where governance is — and is not — encoded in the institution’s agent infrastructure.
Each finding is mapped to specific subcategories of NIST AI RMF, EU AI Act articles, SR 11-7 sections, and DORA chapters.
| Category | Subcategory | Description | Status | Finding |
|---|---|---|---|---|
| GOVERN | 1.1 | Legal and regulatory requirements understood | Partial | 2.1, 2.2 |
| GOVERN | 1.4 | Risk management processes integrated with broader enterprise risk management | Documented | — |
| GOVERN | 2.1 | Roles and responsibilities for AI risk are documented and communicated | Partial | 1.6 |
| GOVERN | 4.1 | Policies for AI use are established and enforced | Gap | 2.6, 1.1 |
| MAP | 1.1 | Context of AI system use is documented | Documented | — |
| MAP | 2.3 | Scientific integrity and TEVV considerations addressed | Partial | 1.5 |
| MAP | 5.1 | Likelihood and magnitude of impact identified | Partial | 2.2 |
| MEASURE | 2.7 | AI system security and resilience are evaluated | Gap | 4.1, 4.2 |
| MEASURE | 2.10 | Privacy of AI system is examined and documented | Gap | 1.3 |
| MANAGE | 1.3 | Risk responses are developed and prioritized | Partial | 1.1, 1.3 |
Prioritized to close the two material gaps (Memory, Observability) before scaling agent count.
Three concrete next steps that move the deployment from Reactive toward Managed within one quarter.
The Agentic AI Governance Review concludes with this Findings Report. The institution has three immediate options for moving from Reactive toward a defensible, governed posture.
The roadmap is sized for the institution’s existing AI, security, and risk teams. It does not require external implementation support and is designed to close the two highest-severity findings (Memory Governance, Shadow AI) within the first 30 days.
Per-workstream support is available for the Permission Engine implementation (R-01), Memory Governance design (R-02), the Shadow AI discovery program (R-05), and the EU AI Act conformity assessment (R-04). Each is scoped as a fixed-fee, time-boxed engagement.
NextFi recommends a re-score at the end of the 90-day window to validate uplift, refresh the regulatory cross-walk, and update the control-plane map for any infrastructure changes. Re-scores are delivered against the same 24-dimension framework so progress is directly comparable.
*Typical engagements range between $5k and $20k depending on complexity
The 24-question NextFi diagnostic returns a free scorecard in about ten minutes. From there, an Agentic AI Governance Review produces the full findings report — mapped to your control plane, regulatory exposure, and a 90-day remediation roadmap.
agentic.nextfiadvisors.com →The 24-question diagnostic gives you a free scorecard in about 10 minutes. From there, a NextFi engagement produces the full 10-page findings report — mapped to your control plane, regulatory exposure, and a 90-day remediation roadmap.
Take the free diagnostic →