Know Your Agent The Identity Layer Agentic Finance Cannot Skip
Four governance pillars. Six implementation layers. Five compounding moat mechanisms. The first institutional-grade analysis of the KYA architecture — and why institutions that solve agent identity in 2026 hold a structural compliance advantage that laggards cannot replicate at speed.
Founder, iProDecisions Research
·
Venture Studio Founder, AvArikA
·
Creator, CAIBots
25+ years spanning enterprise technology, BFSI and healthcare sectors, complex deal execution, and the commercialization of GenAI solutions. Founder of AvArikA Ventures, CAIBots, CryptoExponentials, and Path2Excel. This report builds directly on the compliance agent architecture introduced in Issue 03 — extending it to the unresolved structural gap that architecture cannot solve alone: the question of who, or what, the agent actually is.
This report is prepared by Kishor Akshinthala and represents independent analysis and synthesis of publicly available primary research, including IMF Notes 2026/004, NIST NCCoE Concept Paper (February 2026), MetaComp StableX KYA Framework (April 2026), FATF Travel Rule Supervision Best Practices (June 2025), Cloud Security Alliance 2026 CISO AI Risk Report, and Strata Identity / CSA Survey (February 2026). The author is the creator of CAIBots. All CAIBots architecture references are original design work; no client-specific data is disclosed. This is not investment, legal, or regulated professional advice.
For the leader with 90 seconds · 5 findings · Full analysis follows in 11 sections
Executive Summary
F.01
KYC was engineered for humans. It cannot verify agents. Every compliance control in financial services — KYC, MFA, sanctions screening, beneficial ownership — assumes a human actor. As of 2026, autonomous AI agents initiate payments, execute compliance decisions, and manage portfolios inside licensed institutions. The compliance stack has no mechanism to answer the foundational question: who — or what — authorized this transaction?
F.02
The governance gap is empirically severe and operationally immediate. 92% of enterprise security leaders lack full visibility into AI agent identities. 86% do not enforce access policies for AI identities. Only 23% of organizations have a formal agent identity strategy. 44% of agents are authenticated via static API keys — a credential category designed for software systems, not autonomous actors with contextual decision-making capability.
F.03
The regulatory infrastructure is active but incomplete — creating a first-mover window. NIST launched the AI Agent Standards Initiative in February 2026; the NCCoE Concept Paper on agent identity and authorization was published the same month. The IMF issued its formal analysis of agentic AI and payments in April 2026. MetaComp launched the world's first KYA framework in April 2026. None of these produce published, enforceable standards — yet. Institutions that build compliant KYA architecture now write the implementation playbook regulators will reference.
F.04
The KYA framework requires four non-negotiable pillars. Agent Identity and Registration — every agent must carry a verifiable, human-sponsor-linked credential. Authority and Permission Control — agents operate under scoped, time-bounded, cryptographically signed permissions. Behavior Monitoring and Risk Intelligence — continuous monitoring purpose-built for nondeterministic actors. Ecosystem and Interaction Governance — FATF Travel Rule principles extended to agent-to-agent transactions.
F.05
The KALIB Architecture operationalizes KYA across six implementation layers. Knowledge, Authentication, Lifecycle, Intent, Behavior, and Lineage — each addresses a structural failure mode that existing IAM controls cannot solve. Institutions that build all six layers before regulatory deadlines hold a structural advantage in examination readiness, agent incident response, and cross-border transaction governance that compounds over the lifecycle of every agent deployment.
92%
of enterprise security leaders lack full AI agent identity visibility
CISO AI Risk Report 2026 · n=235 large-enterprise leaders
40%
of commercial applications now embed autonomous agents
AWS 2026 · up from <5% one year prior
0
published, enforceable regulatory standards for AI agent identity in financial services, globally
As of Q3 2026 · NIST standards "forthcoming"
81%
of novel attack strategies against AI agents succeeded in red-team exercises
NIST CAISI empirical research · January 2025
01
The Structural Failure at the Heart of Agentic Compliance
The Assumption That No Longer Holds
KYC was built for a world where a human being sits at the end of every consequential transaction. That world ended in 2025.
~5 min
For decades, financial compliance rested on a single architectural assumption so embedded it was never stated explicitly: there is a human being on the other end of every consequential financial transaction. Know Your Customer processes, multifactor authentication, sanctions screening, beneficial ownership disclosure — the entire compliance apparatus was engineered around the human actor. Verify the person. Assess the person's risk. Monitor the person's behavior. File a report when the person's activity looks wrong.
That assumption is no longer valid. And the compliance stack has not caught up.
As of mid-2026, autonomous AI agents initiate payments, execute compliance decisions, conduct portfolio rebalancing, onboard counterparties, and file regulatory reports — in production, at scale, inside licensed financial institutions. AWS reports that 40% of commercial applications now embed autonomous agents, up from fewer than 5% a year ago. The International Monetary Fund's April 2026 working note on agentic AI and payments identifies the resulting structural gap with precision: traditional authorization mechanisms — including KYC processes and multifactor authentication — are designed around human users who explicitly approve transactions. When payments are initiated autonomously by software agents acting under delegated authority, verifying both the identity of the agent and the intent of the underlying user becomes significantly more complex.
"Today's compliance frameworks were designed for a world where humans initiate transactions. That assumption no longer holds. When an AI agent completes a transaction, its identity and permissions do not automatically expire."
— Summer Yu, Group Chief Compliance Officer, Alpha Ladder Group / MetaComp · Money20/20 Asia, April 2026
The compliance stack has a missing layer. Every institution that has deployed an autonomous agent inside a regulated financial service — and most have — is operating with a structural gap between their compliance architecture and the actual nature of the actors transacting on their systems.
The gap is not theoretical. It is producing measurable governance failures right now. 92% of enterprise security leaders lack full visibility into their AI agent identities. 71% of organizations report that AI systems have access to core financial platforms — ERP, CRM, trading systems — while only 16% govern that access effectively. 44% of agents are authenticated using static API keys: persistent, unmonitored access pathways designed for software systems, not autonomous actors capable of contextual decision-making about when and how to use those credentials.
This is not a technology problem. It is an identity architecture problem — and it has a solvable structure. That structure is what this report analyzes.
iProDecisions Research · Series Context
Where KYA Sits in the Series Architecture
Issue 01 established the infrastructure gap in the Autonomous Agent Economy. Issue 02 mapped the human-agent governance challenge in the Agentic Workforce. Issue 03 architected the production Compliance Agent — eight layers, seven parallel sub-agents, five moat mechanisms. Issue 04 addresses the unresolved prerequisite all three prior reports assumed but none solved: if agents are executing financial transactions, who governs the agents themselves? KYA is the identity and accountability layer the entire series has been building toward. Issue 05 (stablecoin rails) and Issue 06 (AI-native banking) both depend on it being solved first.
The missing layer has a name that the industry is converging on independently: Know Your Agent. The term has now appeared in IMF working papers, NIST concept documents, a16z's 2026 crypto forecast, NatWest's payments research, and MetaComp's April 2026 framework launch — the first KYA governance framework authored by a licensed financial institution. The concept is crystallizing. The implementation architecture has not been defined at institutional depth. This report defines it.
· · ·
02
Why Standard IAM Controls Fail for Autonomous Agents
Why Agent Identity Breaks the IAM Playbook
Four structural properties of AI agents that no existing identity and access management framework was designed to handle.
~5 min
The institutional instinct is to classify AI agents as a new category of non-human identity — analogous to service accounts, API credentials, or RPA bots — and apply existing IAM controls accordingly. This instinct is wrong. It is wrong in four specific structural ways, each of which corresponds to a real governance failure mode that legacy controls cannot prevent.
Failure Mode 1: Agents are nondeterministic
Traditional software systems produce predictable, reproducible outputs for a given input. A service account that calls a payment API will call it the same way every time. An AI agent will not. LLM-powered agents are inherently nondeterministic: the same instruction in the same context can produce different actions. This means that behavioral monitoring approaches borrowed from static software governance — which assume deviations from expected behavior are meaningful signals — require fundamental redesign for agents. The baseline is not fixed. The compliance question is not whether the agent deviated from a defined pattern, but whether the agent's probabilistic output space remained within the bounds of authorized intent. No existing IAM framework has a control for this.
Failure Mode 2: Agents spawn, delegate, and chain
A human user has one identity. A single AI agent can spin up sub-agents, delegate capabilities to them, chain them into multi-agent workflows, and terminate them — all within a single transaction execution. The accountability chain that compliance requires (who authorized what, on whose behalf, with what scope, at what time) becomes a tree of delegations that current identity infrastructure cannot represent, let alone audit. When an orchestrating agent initiates a payment through a sub-agent that was itself instantiated by a workflow approved by a human three days ago — who is the accountable actor? The FATF Travel Rule requires that identity information travel with the transaction. It has no mechanism for agent delegation chains.
Failure Mode 3: Agents operate continuously without session boundaries
Human authentication is session-based. A person logs in, completes actions, logs out. Credentials expire. Sessions time out. AI agents operate continuously — 24 hours a day, across multiple platforms simultaneously, without natural session boundaries. The IAM controls built around human session patterns — token expiry, reauthentication prompts, login anomaly detection — do not map to entities that are always on. Static API keys assigned to always-on agents become permanent, unmonitored access pathways. The 2026 Strata Identity / Cloud Security Alliance survey found that 44% of agents use static API keys, 43% use username-and-password combinations, and 35% rely on shared service accounts — precisely the credential categories that security architecture exists to eliminate.
Failure Mode 4: Agent identity, capability, and scope are decoupled
In human compliance, identity and authorization are tightly linked. Knowing who a person is tells you a great deal about what they are permitted to do. For AI agents, identity, capability, and scope are decoupled in ways that have no human analogy. Two agents can present cryptographically identical credentials, be deployed by the same institution, and be entirely different counterparties — because their capability set (what models and tools they access), their delegated scope (what they were authorized to do in this specific context), and their behavioral constraints (what policy guardrails govern their outputs) are orthogonal dimensions. Identity alone tells compliance almost nothing useful about an agent. What KYA requires is the full credential stack: verified identity, declared capability, scoped permission, policy lineage, and immutable audit chain.
iProDecisions Research · Original Framework
The Four-Dimensional Agent Credential — Why Single-Axis Identity Fails
Dimension
Human IAM Equivalent
Why Agent Credential Differs
Governance Failure if Missing
Identity
Username / biometric / document
Agent identity must link to a human sponsor and a legal entity — not just a credential string
No accountability chain when agent acts wrongly
Capability
Role / permission group
Capability includes model, tools, APIs, data access — not just system roles
Lineage must capture full delegation chain including sub-agent spawning and tool invocations — not just entry/exit events
Examiner cannot reconstruct agent reasoning or authorization chain
"The traditional IAM playbook doesn't work for autonomous agents. Static credentials, over-permissioned tokens, and siloed policy enforcement cannot keep pace with entities that operate continuously, make runtime decisions, and span multiple platforms simultaneously."
— Strata Identity / Cloud Security Alliance · "The AI Agent Identity Crisis" · February 2026
The NIST NCCoE Concept Paper published February 5, 2026, is explicit on this point: current enterprise deployments typically rely on manually managed access lists, shared API keys, and service account credentials that were designed for software systems rather than autonomous agents capable of making contextual decisions. In environments lacking agent-specific identity infrastructure, agents effectively operate as anonymous actors — a condition structurally incompatible with regulated financial services.
· · ·
03
Empirical Evidence of Systemic Unpreparedness
The Governance Gap: What the Data Shows
A convergence of five independent 2026 surveys produces an unusually consistent picture of institutional unpreparedness that should concern every board-level compliance officer.
~4 min
The scale of the problem is not speculative. Five independent 2026 studies across security leadership, enterprise compliance, financial services AI adoption, agent identity management, and IMF policy research converge on a consistent finding: institutions are deploying agents at scale while governance infrastructure remains near-zero.
92%
of enterprise security leaders lack full AI agent identity visibility
CISO AI Risk Report 2026 · n=235
86%
do not enforce access policies for AI identities
Same cohort
71%
report AI has access to core financial platforms with only 16% governing that access effectively
Same cohort
23%
of organizations have a formal, enterprise-wide agent identity strategy
CSA / Strata Identity 2026 · n=large enterprise
28%
can reliably trace agent actions back to a human sponsor across all environments
Same survey
21%
maintain a real-time inventory of active agents
Same survey
The pattern these numbers describe is not a technology lag. It is a governance category error: institutions have classified AI agents within existing IAM frameworks — as service accounts, API credentials, or software components — rather than as a new category of autonomous actor requiring its own governance architecture. That classification choice is producing compounding exposure that will be difficult to remediate quickly when regulators formalize standards.
iProDecisions Research · Issue 04 · §03 · Primary Data
The Agent Identity Governance Gap — 2026 Survey Convergence
Red = exposure indicators · Teal = institutions with adequate governance · Sources: CISO AI Risk Report 2026 · CSA/Strata Identity 2026 · McKinsey State of AI Trust 2026
The Financial Services Exposure Is Specifically Acute
The general enterprise data understates the financial services problem. The IMF's April 2026 paper frames the sector-specific dimension: in financial services, agents are not merely automating internal workflows. They are initiating regulated transactions — payments, compliance filings, credit decisions — in environments where the accountability trail is legally required, the decision record is subject to examination, and the consequences of an unattributable autonomous action include regulatory sanction, not merely operational disruption.
McKinsey's 2026 State of AI Trust survey, cited in MetaComp's KYA Framework documentation, finds that fewer than one in three organizations have adequate governance and controls in place to oversee AI agents — even as those agents are already operating in production financial workflows. The gap between deployment pace and governance maturity is not closing; it is widening, because agent adoption is accelerating faster than standards development in every jurisdiction simultaneously.
The Compounding Exposure Mechanism
Each new agent deployed without KYA governance adds to a liability pool that is not linear. Agent-to-agent interactions mean that an unidentified agent in one workflow can contaminate the accountability chain of every downstream workflow it touches. An institution with 200 unregistered agents does not have 200 discrete governance gaps — it has an interconnected network of unattributable decision nodes whose interactions cannot be audited or attributed after the fact. The exposure scales faster than the headcount.
· · ·
04
The Regulatory Standards Race and Its First-Mover Implications
Regulatory Posture: The Standards Race
Five regulatory bodies are converging on agent identity simultaneously. None have published enforceable standards. The window for institutions to write the playbook is closing.
~5 min
The regulatory posture on AI agent identity is unusually well-coordinated across jurisdictions for early-stage standards work — and unusually specific in identifying agent identity as the priority gap. Five distinct regulatory or standards bodies have published material specifically on agent identity since January 2026. None have published enforceable standards. All have indicated standards are forthcoming. The period between "forthcoming" and "enforceable" is the first-mover window.
January 2026Singapore IMDA
Model AI Governance Framework for Agentic AI — Singapore's Infocomm Media Development Authority publishes what it describes as the world's first cross-sector governance framework specifically for AI agents. Four governance dimensions: accountability, transparency, human oversight, and data governance. Designates finance as a national AI mission sector. MetaComp's KYA framework was developed in direct engagement with IMDA. This is the most operationally complete regulatory framework published to date.
February 5, 2026NIST NCCoE
Concept Paper: Accelerating the Adoption of Software and AI Agent Identity and Authorization — The National Cybersecurity Center of Excellence publishes a formal concept paper proposing a demonstration project on AI agent identity in enterprise settings. Identifies OAuth 2.0/2.1, OpenID Connect, SPIFFE/SPIRE, and SP 800-207 Zero Trust Architecture as candidate standards bases. Explicitly states that "current enterprise deployments typically rely on manually managed access lists" incompatible with autonomous agent governance. Public comments closed April 2, 2026.
February 17, 2026NIST CAISI
AI Agent Standards Initiative Launch — NIST's Center for AI Standards and Innovation formally launches the first U.S. government program dedicated to AI agent standards. Three pillars: industry-led standards facilitation, community-driven interoperability protocols (MCP and A2A protocol identified as baselines), and fundamental research on agent authentication and identity infrastructure. SP 800-53 control overlays for single-agent and multi-agent AI systems described as forthcoming. No publication date announced as of Q3 2026.
April 22, 2026IMF
How Agentic AI Will Reshape Payments (IMF Notes 2026/004) — The International Monetary Fund publishes its formal analysis of agentic AI in payment systems. Three-layer framework: intent, authorization, settlement. Identifies KYC and MFA as structurally incompatible with agent-initiated transactions. Explicitly calls for "Know Your Agent" models and continuous identity verification. The most authoritative primary source for the compliance dimension of the agent identity problem — published by an institution whose guidance directly shapes the regulatory posture of 190 member countries.
April 21, 2026MetaComp / Money20/20 Asia
StableX KYA Framework Launch — MetaComp, a licensed financial institution, launches what it describes as the world's first KYA framework for regulated financial services. Four pillars: Agent Identity and Registration, Authority and Permission Control, Behavior Monitoring and Risk Intelligence, Ecosystem and Interaction Governance. Extends FATF Travel Rule principles to agent-to-agent transactions. Developed in alignment with Singapore's IMDA framework and open for adoption by financial institutions and regulators globally. First-mover institutional benchmark.
Q3–Q4 2026Forthcoming
NIST SP 800-53 Control Overlays for AI Agent Systems — SP 800-53 overlays specifically designed for single-agent and multi-agent AI deployment scenarios are in active development as of Q3 2026. No publication date confirmed. When published, these will represent the first U.S. compliance controls that directly govern AI agent identity and authorization in enterprise settings. Institutions with existing KYA architecture will have a documented control-to-requirement mapping ready on day one of enforcement.
The First-Mover Window — Why 2026 Is the Decision Point
The pattern across all five regulatory bodies is identical: explicit recognition of the agent identity gap, no published enforceable standards, active development of forthcoming guidance. This pattern is characteristic of the 12–18 month window before a compliance category hardens into examination criteria. Institutions that build KYA architecture during this window do three things simultaneously: they solve a real operational governance problem; they build the documentation that will map directly to forthcoming regulatory controls; and they establish examination-ready evidence of proactive compliance posture that regulators explicitly weight in enforcement discretion. This window existed for AML automation in 2019. It existed for pKYC in 2022. It exists for KYA now.
The KYA Regulatory Convergence Timeline — Four Bodies, One Direction
Maturity level of published guidance per body per quarter · Hover for event detail · Expected milestones shown at projected maturity · iProDecisions Research synthesis
· · ·
05
The Institutional Framework for Agent Governance
The KYA Framework: Four Pillars
Synthesized from the MetaComp StableX KYA Framework, NIST NCCoE Concept Paper, Singapore IMDA Governance Framework, and IMF Notes 2026/004 — the four non-negotiable pillars of institutional agent governance.
~5 min
The KYA framework synthesizes across the four primary governance documents published in 2026 into a coherent institutional architecture. The four pillars are not sequential — they are interdependent. An institution that builds Pillar 1 without Pillar 4 has identified its agents but cannot govern their interactions. An institution that builds Pillar 3 without Pillar 2 monitors behavior without constraining permissions. All four must be operational simultaneously for the framework to provide examination-grade governance.
Pillar 01 · Identity and Registration
Know What the Agent Is — Before It Acts
Every agent deployed in a regulated financial workflow must carry a verifiable credential that links it to: a human sponsor (a named individual accountable for the agent's actions), a legal entity (the institution under whose license the agent operates), a declared capability set (what models, tools, and APIs the agent can invoke), and a registration record in an enterprise agent registry. The credential is not a static API key. It is a cryptographically signed, short-lived credential following OAuth 2.0 extension patterns — analogous to the approach proposed in NIST's NCCoE concept paper and operationalized in Singapore's IMDA framework. An agent without a registered identity is an anonymous actor. Regulated financial services have no tolerance for anonymous actors.
Pillar 02 · Authority and Permission Control
Scope What the Agent Can Do — Per Task, Not Per Deployment
Agent permissions are not role-based in the traditional IAM sense. They are task-scoped, time-bounded, and cryptographically signed. An agent authorized to screen a counterparty for sanctions is not authorized to file a SAR, initiate a payment, or spawn a sub-agent — unless those capabilities are explicitly granted for the specific task context. The MetaComp KYA Framework describes this as "authority and permission control" — separating what an agent is capable of from what it is currently permitted to do. Permission grants are portable, verifiable, and independently validated across systems. Minimum viable permissions are not a security principle — they are a compliance architecture principle in agent governance.
Pillar 03 · Behavior Monitoring and Risk Intelligence
Verify What the Agent Does — Continuously, Not Periodically
Human compliance monitoring is periodic by design — annual KYC reviews, quarterly risk assessments, triggered investigations. Agent compliance monitoring must be continuous and purpose-built for nondeterministic actors. This means: behavioral baseline modeling that accounts for the probabilistic output space of the underlying model; anomaly detection calibrated to agent-specific risk signals (unusual tool invocations, out-of-scope API calls, unexpected sub-agent spawning, permission escalation attempts); and continuous output logging at a granularity sufficient for examiner reconstruction within 24 hours of a request. The CISO AI Risk Report 2026 finds that only 28% of organizations can reliably trace agent actions back to a human sponsor across all environments. That 28% is the only group with defensible compliance posture under forthcoming NIST controls.
Pillar 04 · Ecosystem and Interaction Governance
Govern What the Agent Touches — Including Other Agents
The most underdeveloped pillar — and the one with the most acute regulatory urgency. The FATF Travel Rule requires that identity and transaction information travel with any regulated transfer. It was designed for human-to-human and institution-to-institution transfers. As of 2026, FATF data shows that 73% of jurisdictions have passed Travel Rule legislation, but 59% have taken no supervisory or enforcement action. Agent-to-agent transactions exist in a compliance vacuum: the Travel Rule has no mechanism for delegation chains, sub-agent spawning, or multi-agent workflows. MetaComp's KYA Framework explicitly extends FATF Travel Rule principles to agent-to-agent interactions — requiring verified identity and transaction information to travel across agent boundaries. This is the architecture that forthcoming FATF guidance on agentic AI will almost certainly mandate.
"AI agents are already operating in financial services — initiating payments, making compliance decisions, managing portfolios. And yet there is no agreed standard for who those agents are, what they are permitted to do, or who is accountable when they act outside their mandate."
— Tin Pei Ling, Co-President, MetaComp · Money20/20 Asia, April 2026
· · ·
06
The Technical Stack Behind Institutional KYA Governance
The KYA Credential Stack
Five technical standards that together constitute a verifiable, portable, examination-grade agent identity credential — none of which were designed for agents, and all of which must be adapted.
~5 min
The KYA framework is governance architecture. The credential stack is the technical implementation. Both NIST and SpruceID's formal comments to NIST identify the same core technical components as the building blocks for agent identity. None were designed for autonomous agents. Each requires extension. Together they constitute a credential that is portable, cryptographically verifiable, independently auditable, and aligned with emerging standards — the four properties that examination-grade KYA requires.
Every agent receives a DID — a globally unique, cryptographically verifiable identifier that is not dependent on any centralized registry. The DID links to the agent's DID Document, which contains the agent's public key, capability declarations, human sponsor reference, and institutional affiliation. Unlike API keys, DIDs are not revocable by any single party without cryptographic evidence — making them tamper-evident and examination-grade. The five-layer architecture in "The Agent Economy" (arXiv 2602.14219) identifies W3C DIDs as the foundational identity layer for autonomous economic actors. This is the registration record that Pillar 1 of the KYA framework requires.
W3C DID Core v1.0DID DocumentHuman sponsor linkageInstitutional affiliation
Static API keys and long-lived tokens are incompatible with agent compliance governance — they persist beyond task completion and are not context-scoped. The NIST NCCoE concept paper identifies OAuth 2.0 extensions and SPIFFE/SPIRE (Secure Production Identity Framework For Everyone) as the candidate standards for agent authentication. OAuth 2.0 extensions allow issuance of short-lived, scope-bounded tokens tied to specific task contexts. SPIFFE provides workload identity attestation — verifying not just the credential, but the runtime environment in which the agent is executing. Together, they produce credentials that expire automatically, cannot be transferred between agents, and are cryptographically bound to the task context. This is the permission control mechanism that Pillar 2 requires.
SpruceID's formal comments to NIST propose capability-based authorization where policies are represented as verifiable digital credentials in the agent's identity wallet — forming a portable, inspectable manifest of what the agent is permitted to do. Each capability is a signed credential: "this agent is authorized to invoke sanctions screening API X, for task context Y, until time T, under authority of human sponsor Z." The credential is independently verifiable by any counterparty without querying the issuing system. For cross-institution agent-to-agent transactions — the scenario that FATF Travel Rule extensions must address — this portability is the mechanism by which identity and permission information travels with the transaction. This is the technical implementation of Travel Rule extension to agent interactions required by Pillar 4.
Model Context Protocol (MCP) + Agent-to-Agent (A2A) Protocol — Standardized Agent Communication
NIST's AI Agent Standards Initiative explicitly identifies MCP and the emerging A2A protocol as interoperability baselines for agent identity, targeting an AI Agent Interoperability Profile by Q4 2026. MCP (Anthropic's open protocol for connecting AI agents to external tools and services) provides a standardized interface for agent capability declaration and tool invocation that is auditable at the protocol level. A2A extends this to agent-to-agent communication, providing a standardized message format for identity and permission transmission between agents. For multi-agent compliance workflows — the production architecture described in Issue 03 — this is the communications layer that makes delegation chains auditable. Institutions building on MCP and A2A now will have protocol-native audit trails aligned with NIST's forthcoming interoperability standards.
Model Context ProtocolA2A ProtocolNIST Interoperability Profile Q4 2026Protocol-level audit
The five credential layers above produce verifiable identity and permissions. The audit layer produces the lineage record — the evidence chain that an examiner requires to reconstruct every decision, every delegation, every tool invocation, and every agent interaction in a compliance workflow. This is not a log of inputs and outputs. It is a timestamped, cryptographically chained record of: which agent was authorized by which credential; what capability it invoked; what the authorization lineage was back to the human sponsor; which sub-agents it spawned and under what scope; and what the output was at each node. The benchmark from Issue 03 applies here: examination-ready reconstruction within 24 hours of a regulator request. That benchmark cannot be met without an immutable delegation chain log built at the protocol level — not reconstructed after the fact from application logs.
Immutable chain logDelegation tree reconstructionHuman-sponsor traceability24hr examiner reconstructionCryptographic chaining
· · ·
07
The iProDecisions Production KYA Architecture
The KALIB Implementation Architecture
Six implementation layers that operationalize the KYA framework from governance principle to production compliance infrastructure. Each layer addresses a specific failure mode identified in Section 02.
~6 min
The KYA framework describes what must be governed. The KALIB Architecture describes how to build the governance infrastructure. KALIB — Knowledge, Authentication, Lifecycle, Intent, Behavior, Lineage — is the iProDecisions production architecture for KYA implementation. Each layer is independently implementable; each layer is necessary; no layer substitutes for another.
iProDecisions Research · Issue 04 · §07 · Original Framework
The KALIB Architecture — KYA Implementation Data Flow
K
Knowledge Layer — Agent Registry and Identity Issuance
Enterprise Agent Registry — The Source of Truth for Agent Identity
The enterprise agent registry is the foundational data structure of the KALIB architecture. Every agent deployed in any regulated workflow must have a registry entry before it is permitted to operate. Registry entry contains: agent DID, human sponsor identity (named individual with legal accountability), institutional affiliation and license reference, declared capability set (models, tools, APIs), deployment context (which workflows, which systems), and intended operational scope. The registry is not a spreadsheet or a CMDB entry — it is a cryptographically signed record that links the agent's DID to the institutional credentials that make its operation legally attributable. No registry entry, no deployment. This is the organizational policy that Pillar 1 of the KYA framework operationalizes.
W3C DID issuanceHuman sponsor linkageCapability declarationInstitutional attestationPre-deployment gate
Zero Standing Privileges — Every Task Is a New Authorization Event
The authentication layer eliminates standing permissions for agents. No agent retains any access between task executions. For every task, the agent requests a task-scoped credential from the authorization server — specifying the task context, the capabilities required, the expected duration, and the delegation chain if spawned by an orchestrating agent. The authorization server validates the request against the registry entry, issues a short-lived credential via OAuth 2.0 extension, and logs the authorization event. SPIFFE/SPIRE provides workload attestation — verifying that the credential is being requested from the expected runtime environment, not a compromised system. Standing permissions are the primary attack surface for adversarial agent exploitation. NIST's January 2025 empirical research found an 81% success rate for novel attack strategies against AI agents — a figure that drops substantially when standing permissions are eliminated.
Lifecycle Layer — State Machine Governance for Agent Existence
Agents Have Lifetimes — Governance Must Cover the Full Lifecycle
The lifecycle layer implements a formal state machine for every registered agent: Registered (created in registry, credentials issued, not yet deployed) → Deployed (active, operating under task-scoped credentials) → Suspended (temporarily halted, credentials revoked, registry status updated) → Decommissioned (permanently retired, credentials revoked, registry sealed). The lifecycle layer answers the accountability gap identified by MetaComp's co-president: "When a human leaves an organization, their access is revoked. When an AI agent completes a transaction, its identity and permissions do not automatically expire." The lifecycle layer enforces automatic expiry at every state transition — agents do not persist beyond their authorized operational context.
4-state machineAutomatic credential expiryRegistry reconciliationDecommission audit seal
I
Intent Layer — Task Authorization and Sub-Agent Spawn Control
Hardcoded HITL Gates — Intent Validation Before Consequential Actions
The intent layer implements task-level authorization validation and mandatory human-in-the-loop gates for consequential actions. Before any action that crosses a defined risk threshold — initiating a payment above a defined amount, filing a regulatory report, spawning a sub-agent with elevated permissions, invoking a tool outside the declared capability set — the intent layer validates the action against the agent's current authorization scope and routes to a human gate if required. Hardcoded gates cannot be bypassed, automated around, or configured away — the same design principle established in Issue 03's compliance agent architecture for BSA Officer review gates. The intent layer is where SR 11-7's requirement for human oversight of consequential model outputs is architecturally enforced in agent governance.
Behavior Layer — Continuous Monitoring for Nondeterministic Actors
Probabilistic Baseline Modeling — Not Deviation Detection
The behavior layer is the most technically novel component of the KALIB architecture — because it must solve a problem that no prior compliance monitoring system has faced. Human compliance monitoring detects deviations from expected behavior. Agent compliance monitoring cannot use deviation detection as its primary signal, because agents are nondeterministic — the same instruction can produce different actions without any malfunction or unauthorized activity. The behavior layer instead models the expected output probability distribution for each agent in each operational context, and flags actions that fall outside that distribution at a defined confidence threshold. Additionally: continuous tool invocation monitoring (is the agent calling only the APIs declared in its capability set?); permission escalation detection (is the agent requesting capabilities beyond its current task scope?); and cross-agent interaction logging (when this agent communicates with other agents, what identity and scope information is transmitted?)
Lineage Layer — Immutable Delegation Chain for Examination-Grade Accountability
Cryptographic Audit Chain — The Evidence Layer That Makes KYA Examination-Ready
The lineage layer produces the evidence record. Every authorization event, every tool invocation, every sub-agent spawning, every delegation, every HITL gate decision, every cross-agent identity transmission — timestamped and cryptographically chained. The chain is immutable: entries cannot be modified or deleted after creation. The chain is reconstructible: given any agent action at any point in time, the full delegation tree from that action back to the human sponsor and the original authorization can be reconstructed within 24 hours. The chain is portable: for cross-institution agent-to-agent transactions, the relevant lineage segment travels with the transaction in compliance with FATF Travel Rule extension principles. This is what makes the difference between an agent deployment that produces an incident report and one that produces a defensible regulatory response within a business day.
Why KALIB Is Not a Security Architecture — It Is a Compliance Architecture
Security and compliance governance overlap but are not identical. A security architecture asks: how do we prevent unauthorized access? A compliance architecture asks: how do we demonstrate, after the fact, that every action taken was authorized, within scope, and attributable to an accountable human? KALIB is designed for the second question. Every layer is optimized for examiner reconstruction, not just threat prevention. The distinction matters because most institutions that invest in agent security — endpoint protection, network monitoring, threat detection — believe they are also investing in compliance governance. They are not. Security telemetry cannot reconstruct a delegation chain. Security logs cannot demonstrate FATF Travel Rule compliance for an agent-to-agent transaction. Compliance governance requires purpose-built lineage infrastructure that security architecture does not provide.
iProDecisions Research · Issue 04 · §07 · Readiness Benchmark
KALIB Layer Maturity — Industry Average vs. Target Architecture
Industry average derived from CSA/Strata Identity 2026 and CISO AI Risk Report 2026 survey data · Target represents examination-ready KYA implementation across all six layers
· · ·
08
Forward Scenarios and Institutional Decision Points
Three Scenarios to 2028
How the agent identity governance landscape evolves across three plausible regulatory and market trajectories — and what each means for institutions deciding how to allocate resources today.
~4 min
Scenario
Regulatory Trajectory
Market Dynamics
Implication for Institutions Building KYA Now
Scenario A — Standards AccelerateProbability: 45%
NIST publishes SP 800-53 AI agent control overlays by Q1 2027. FATF issues guidance extending Travel Rule to agent-to-agent transactions by mid-2027. FinCEN issues interpretive guidance on agent identity requirements under BSA by Q3 2027. Enforcement begins Q4 2027.
Institutions with mature KYA infrastructure become the reference architecture. Vendor ecosystem converges on KALIB-compatible tooling. Institutions without KYA face 12–18 month remediation sprint under examination pressure. Agent identity becomes a standard audit finding category.
Maximum first-mover value. Institutions with KALIB deployed before Q1 2027 have examination-ready documentation that maps directly to forthcoming controls. The cost of building KYA today is a fraction of the cost of emergency remediation under examination pressure.
Scenario B — Standards PlateauProbability: 40%
NIST standards development slows due to interagency coordination complexity. Published guidance remains at the "concept paper" stage through 2027. Enforcement pressure comes from incidents — a high-profile agent-initiated fraud event triggers enforcement action — rather than proactive standards publication.
Incident-driven adoption. Institutions that have built KYA governance use it as a commercial differentiation signal for institutional clients with sophisticated compliance requirements. First enforcement actions against institutions without KYA documentation create rapid market demand for KYA vendors.
KYA investment remains valuable — institutions with KYA governance demonstrate proactive compliance posture in regulatory interactions and avoid being the first enforcement example. The governance gap is a liability regardless of whether standards have formally published.
Scenario C — Standards FragmentProbability: 15%
Jurisdictional divergence between U.S. (NIST framework), EU (AI Act agent provisions), Singapore (IMDA framework), and UK (FCA principles-based approach) produces four incompatible regulatory regimes for agent identity governance. Cross-border agent transactions face jurisdiction-specific compliance requirements with no harmonized standard.
Multi-jurisdictional compliance complexity becomes a significant barrier to agent deployment in cross-border financial services. Institutions with modular KYA architecture that can adapt to jurisdiction-specific requirements have structural advantage. Compliance becomes a competitive barrier to entry in cross-border markets.
Modular KALIB architecture — where each layer can be configured per jurisdiction without rebuilding the core governance infrastructure — becomes the most valuable institutional investment. The FATF Travel Rule extension work in Lineage Layer is particularly valuable as the cross-jurisdictional coordination mechanism.
Across all three scenarios, the decision calculus for institutional investment in KYA is asymmetric: the cost of building KYA governance during the first-mover window (before regulatory standards publish) is substantially lower than the cost of remediation under examination pressure, and the value is positive across all three trajectories. The only scenario in which KYA investment has negative expected value is one where regulators universally abandon agent governance — a scenario for which there is no current evidence in any major jurisdiction.
· · ·
09
Five Structural Advantages That Compound Over Time
Five Compounding Moat Mechanisms
KYA is not just a compliance checkbox. The institutions that build it correctly in 2026 acquire five structural advantages that laggards cannot replicate at speed — regardless of budget.
~5 min
1
Examination Speed Asymmetry
When a regulator requests the authorization chain for an agent-initiated transaction, an institution with KALIB Lineage Layer produces it within 24 hours. An institution without it spends weeks reconstructing from application logs, security telemetry, and human recollection — and produces a record that is partial, inconsistent, and not cryptographically verifiable. Every examination where agent governance is tested widens the credibility gap between institutions that built KYA and those that did not. That credibility gap translates directly into examination frequency, enforcement discretion, and regulatory relationship quality — all of which are difficult to quantify and impossible to replicate quickly.
2
Agent Incident Response Capability
When an agent acts outside its authorized scope — whether through adversarial manipulation, model drift, or permission escalation — an institution with KALIB can identify the agent, isolate it, revoke its credentials, reconstruct what it did, and produce the regulatory notification within the required timeframe. An institution without KYA governance has no mechanism to do any of these things at speed. NIST's empirical research found an 81% success rate for novel attacks against AI agents. Agent incidents are not hypothetical — they are a statistical certainty at scale. The question is whether an institution has the governance infrastructure to contain them or not.
3
Cross-Border Transaction Access
As agent-to-agent transactions become standard in cross-border payments and trade finance, the FATF Travel Rule extension to agent interactions will become a baseline requirement for market participation. Institutions with KALIB Lineage Layer — which implements Travel Rule extension natively through the cryptographic delegation chain — can onboard as counterparties in agent-governed cross-border workflows. Institutions without it cannot. FATF data from June 2025 shows that 73% of jurisdictions have passed Travel Rule legislation, but 59% have taken no enforcement action. The enforcement window is opening. Cross-border agent transaction participation will require Travel Rule compliance for agent-to-agent hops before most institutions have built the capability.
4
Institutional Client Trust Signal
Sophisticated institutional clients — pension funds, sovereign wealth funds, family offices, large corporates — increasingly conduct compliance due diligence on their financial services providers that includes AI governance. The ability to produce a KYA framework documentation, an agent registry, and an examination-ready KALIB audit trail is a differentiation signal that sophisticated institutional clients weight in provider selection. This mechanism is identical to the dynamic described in Issue 03 for compliance agent architecture — early institutional adoption creates a documented governance advantage that laggards cannot match on cost reduction alone.
5
Data Compounding — The Agent Intelligence Asset
The KALIB architecture produces a byproduct that has independent strategic value: a continuously growing, structurally organized dataset of agent behavior, authorization patterns, delegation chains, and compliance outcomes for every agent interaction across the institution. This dataset — which does not exist without KYA governance infrastructure — trains better anomaly detection models, improves authorization scope calibration, surfaces systemic agent risk patterns before they become incidents, and supports the regulatory capital evidence base described in Issue 03's Layer 4 compliance intelligence analysis. The agent behavior intelligence asset begins compounding from day one of KALIB deployment and cannot be recreated retroactively. Institutions that start building it in 2026 have two to three years of proprietary training data before laggards begin collecting any.
· · ·
—
For the C-Suite Reader · The Questions Your Board Will Ask
The CEO & Board Questions
The six questions that every board audit committee will ask about AI agent governance within 18 months — and the answers that require KYA architecture to give.
~3 min
Q.1
"If an AI agent initiates a transaction that turns out to be fraudulent, who is legally accountable?" — The answer without KYA: nobody, because no named human sponsor is designated and no authorization chain exists. The answer with KYA Pillar 1 and KALIB Knowledge Layer: the named human sponsor of record, whose designation was recorded in the enterprise agent registry before the agent was deployed, and whose accountability is documented in the immutable delegation chain.
Q.2
"Can we produce, within 24 hours, the complete authorization chain for any agent action taken in the last 90 days?" — Without KALIB Lineage Layer: no. With it: yes — the cryptographic delegation chain log produces a complete, tamper-evident reconstruction of every authorization event, tool invocation, and human gate decision back to the originating human sponsor. This is the benchmark FFIEC examiners will apply.
Q.3
"How many AI agents are currently operating across the institution, and what is each one authorized to do?" — This is the agent inventory question. The 2026 data shows 79% of organizations cannot answer it. Without a pre-deployment registry gate (KALIB Knowledge Layer), shadow agent deployments by business units without compliance approval are structurally undetectable. The enterprise agent registry answers this question in real time.
Q.4
"What happens when our AI agent and a counterparty's AI agent interact — who verifies the identity of their agent?" — This is the FATF Travel Rule extension question. Without KYA Pillar 4, no mechanism exists for cross-institution agent identity verification. KALIB Lineage Layer with W3C Verifiable Credentials provides a portable, independently verifiable identity credential that travels with the agent-to-agent transaction at every hop — satisfying the directional requirements of forthcoming FATF guidance before it is formally published.
Q.5
"If a regulator asks us today whether we have a KYA framework, what do we say?" — Without investment in this area: we describe a gap. With KALIB deployed: we produce the enterprise agent registry, the human sponsor designations, the HITL gate architecture documentation, and the lineage log sample — demonstrating proactive compliance posture before a standard has been formally published. Regulatory discretion is explicitly weighted toward institutions that demonstrate proactive posture.
Q.6
"What is our exposure if an AI agent executes a transaction that violates sanctions policy?" — Under 31 U.S.C. §5318(g)(2)'s tipping-off provisions and OFAC's strict liability framework, the institution is liable regardless of whether a human approved the specific transaction. KYA governance does not eliminate sanctions risk — but it does produce the documentation of institutional controls that determines whether a sanctions violation results in a warning or a civil monetary penalty. The difference between a $50,000 penalty and a $50M one is frequently the quality of the compliance documentation.
KYA Governance vs. Legacy IAM Controls — The Definitive Comparison
Governance Dimension
Legacy IAM / Service Accounts
KYA / KALIB Architecture
Examination Implication
Identity Verification
API key or username/password — no link to human sponsor or legal entity
W3C DID linked to named human sponsor, legal entity, and capability manifest — cryptographically signed
Without human sponsor linkage, accountability chain fails on first examiner question
Permission Scope
Role-based, persistent — agent retains all permissions until manually revoked
Task-scoped, time-bounded, cryptographically signed — auto-expires on task completion, zero standing privileges
Standing permissions are the primary attack surface; 81% adversarial success rate (NIST 2025) drops sharply with task-scoped credentials
Credential Type
44% static API keys, 43% username/password, 35% shared service accounts (CSA 2026)
No mechanism for delegation chain tracking across orchestrator/sub-agent relationships
Full delegation tree recorded and auditable — sub-agent spawning scope-controlled and logged at protocol level
Agent-to-agent delegation chains are the primary accountability gap in current enterprise deployments
Cross-Institution Compliance
No Travel Rule mechanism for agent-to-agent transactions across institutions
FATF Travel Rule extension via W3C Verifiable Credentials — identity and lineage travel with every cross-institution transaction hop
73% of jurisdictions enacted Travel Rule; agent-to-agent transaction governance is the forthcoming enforcement priority
Regulatory Alignment
Aligned to SR 11-7 (model risk) but not to agent-specific governance; no NIST NCCoE alignment
Aligned to NIST NCCoE concept paper, Singapore IMDA framework, IMF Notes 2026/004, MetaComp StableX KYA Framework
Institutions building to NIST NCCoE concept paper today will have documented alignment to forthcoming SP 800-53 overlays on publication date
Implementation Timeline
Already deployed — but produces governance gaps that compound with every new agent
K Layer: 60 days · A Layer: 90 days · L/I/B/L₂ Layers: 6–12 months for full KALIB maturity
First-mover window closes when NIST publishes enforceable controls — estimated Q1 2027 under Scenario A
· · ·
10
Engaging the Strongest Objections
Steelman Counterarguments
Three serious objections to the KYA thesis — and why each fails under examination.
~2 min
Counterargument 01 of 03
"Existing IAM platforms will simply extend to cover AI agents — there's no need for a separate KYA architecture."
Why This Fails
Major IAM vendors (Okta, Microsoft Entra, CyberArk) are actively marketing "AI agent identity" extensions to their platforms. These extensions address the authentication dimension (better credential management for non-human identities) but do not address the compliance dimensions that KYA requires: delegation chain governance, probabilistic behavior monitoring, FATF Travel Rule extension, or examination-grade lineage reconstruction. An IAM extension that tells you what credentials an agent used is not equivalent to a KYA architecture that tells you what the agent was authorized to do, whether it stayed within that authorization, who is accountable if it did not, and how to demonstrate that to a regulator within 24 hours. The product surface overlaps; the governance architecture does not.
Counterargument 02 of 03
"Regulators won't actually enforce agent identity requirements — the technology is moving too fast for regulation to keep up."
Why This Fails
This was the argument made about blockchain in 2017, about crypto AML in 2019, and about AI model risk in 2022. In each case, regulatory enforcement followed within 18–24 months of the industry reaching the "too fast to regulate" consensus. The IMF's direct engagement with agent governance in its April 2026 note — combined with NIST's formal standards initiative, Singapore's published framework, and MetaComp's licensed-institution implementation — represents a level of regulatory attention that historically precedes enforcement action, not replaces it. More practically: the Strata Identity survey found that only 23% of organizations have a formal agent identity strategy. When the first major agent-related compliance failure at a licensed institution becomes public — and the probability of that outcome increases with every unregistered agent deployed — regulatory response will be rapid and retrospective. Institutions without KYA governance will be measured against whatever framework exists at that point.
Counterargument 03 of 03
"KYA adds compliance overhead that slows AI agent deployment — the governance cost outweighs the compliance benefit."
Why This Fails
This framing inverts the cost structure. KYA governance is not an incremental cost on top of agent deployment — it is the infrastructure that makes agent deployment sustainable at scale in regulated environments. An institution that deploys agents without KYA governance is not avoiding compliance costs; it is deferring them while accruing liability. When the deferred liability materializes — through an examination finding, a regulatory incident, or a counterparty due diligence failure — the remediation cost is substantially higher than the governance infrastructure cost would have been. The analogy from Issue 03 holds: institutions that viewed KYC as pure overhead in 2019 spent 2021–2023 remediating consent order findings at costs that dwarfed what a proactive compliance architecture would have cost. Agent governance will follow the same pattern.
· · ·
11
The Eight Actions That Cannot Wait for Standards to Publish
Action Agenda & Decision Framework
Sequenced institutional actions for the 18-month window before regulatory standards formally publish — and the decision framework for resource allocation across maturity levels.
~4 min
1
Conduct an Agent Inventory Audit — Now
The prerequisite for every subsequent action. Identify every AI agent currently operating in any regulated workflow across the institution. Include shadow deployments — agents deployed by business units without formal IT/compliance approval. The 2026 CISO AI Risk Report found that 21% of organizations maintain a real-time agent inventory. The 79% that do not cannot govern what they cannot count.
CISO · Chief Compliance
2
Establish a Zero-Tolerance Policy on Static API Keys for Agent Authentication
Immediately deprecate static API keys and shared service accounts as authentication mechanisms for any agent with access to financial systems, compliance workflows, or regulated data. Migrate to OAuth 2.0 task-scoped tokens and SPIFFE workload attestation. This action is completable within 90 days and eliminates the primary attack surface for adversarial agent exploitation.
CISO · Architecture
3
Build the Enterprise Agent Registry — Before the Next Agent Deployment
Establish the registry architecture (KALIB Knowledge Layer) as a prerequisite gate for all future agent deployments. Every agent must have a registry entry — with human sponsor designation, capability declaration, and operational scope — before receiving deployment credentials. This is a process change more than a technology investment, and it is completable within 60 days for most institutions.
Architecture · Compliance
4
Designate Human Sponsors for Every Active Agent
For every agent identified in the inventory audit, assign a named human sponsor — an individual who is legally accountable for the agent's actions and who has reviewed and approved its capability set and operational scope. Document the designation. The human sponsor designation is the accountability mechanism that regulators will seek in any examination of agent-governed compliance workflows.
Chief Compliance · BSA Officer
5
Implement Hardcoded HITL Gates for Consequential Agent Actions
Define the threshold below which agents can act autonomously and above which human review is mandatory. Implement these gates as hardcoded controls in the agent orchestration layer — not as configurable policy settings that can be adjusted without compliance review. Apply the same design principle established in Issue 03: hardcoded gates cannot be disabled by a future configuration change or cost-reduction initiative.
Architecture · BSA Officer
6
Build KALIB Lineage Logging into Every New Agent Workflow
For every new agent deployment, require cryptographic lineage logging as a non-negotiable architectural component — not an add-on. Retrofitting lineage infrastructure onto existing agent deployments is substantially more expensive than building it in from the start. The 24-hour examiner reconstruction benchmark is the operational target; architect the logging infrastructure to meet it before the first deployment, not after the first examination.
Architecture · Engineering
7
Engage NIST's AI Agent Standards Listening Sessions
NIST has announced sector-specific listening sessions on AI agent adoption barriers in finance. These sessions directly shape the forthcoming SP 800-53 control overlays. Institutions that participate in the standard-setting process have advance visibility into control requirements and can shape implementation guidance toward architectures they have already built.
Chief Compliance · Policy
8
Evaluate the MetaComp StableX KYA Framework for Institutional Adoption
The StableX KYA Framework is currently the only operationally deployed KYA governance framework authored by a licensed financial institution. Evaluating it for adoption — as a reference architecture if not a full implementation — aligns the institution with the framework most likely to become the industry benchmark that regulators reference when developing sector-specific guidance.
Chief Compliance · Architecture
Designing or Auditing Your KYA Architecture?
iProDecisions advisory sessions cover KALIB architecture design, agent registry implementation, HITL gate specification, and examination-ready documentation strategy. Sessions are available for Compliance Officers, CISOs, and enterprise AI architecture teams.
International Monetary Fund · Davidovic, S. & Tourpe, H. · "How Agentic AI Will Reshape Payments" · IMF Notes 2026/004 · April 22, 2026
02
NIST National Cybersecurity Center of Excellence · "Accelerating the Adoption of Software and AI Agent Identity and Authorization" · Concept Paper · February 5, 2026
03
NIST Center for AI Standards and Innovation · AI Agent Standards Initiative Launch · February 17, 2026
04
MetaComp Pte. Ltd. · "StableX Know Your Agent (KYA) Framework" · Money20/20 Asia Bangkok · April 21, 2026
05
Singapore Infocomm Media Development Authority (IMDA) · "Model AI Governance Framework for Agentic AI" · January 2026