Agentic Boundary: bank-grade governance for AI agents

When AI agents touch real money, probabilistic reasoning meets deterministic compliance. The Agentic Boundary is the rigid governance layer between them.

The problem

A large language model is a probabilistic system. A core banking ledger is a deterministic one. The moment you let an agent move money, you are asking a system that reasons in likelihoods to operate a system that demands certainty. The gap between the two is where the risk lives.

Static API keys are no longer an acceptable way to bridge that gap. A key grants standing, unscoped, unexpiring access; an autonomous agent holding one can do anything the key can do, for as long as the key lives, with no record of why. That is the opposite of what a regulator expects to see.

And when something goes wrong, the black-box audit problem bites: a compliance officer cannot reconstruct why the agent did what it did. Without a legible decision path, the institution cannot answer the regulator, cannot bound its liability, and cannot trust the system enough to scale it.

The four dimensions

The boundary is not a system prompt or an instruction. It is a rigid architectural constraint enforced across four dimensions.

Authority

What can the agent do?

Read-only versus write permissions, with elevation requiring secondary execution protocols.

Scope

What systems can the agent reach?

MCP-standardised isolation to specific databases or CRM segments, not unchecked lateral network access.

Duration

How long does autonomy last?

OAuth-based delegated access with short-lived, scoped tokens. Tasks that exceed their allocated duration halt and request human reauthorisation.

Impact

What are the financial and legal limits?

Deterministic transaction limits enforced in the integration fabric. Provisional credit up to ₦20,000 can be autonomous; above that, human escalation is mandatory.

The three-layer architecture

The boundary sits between the model and the core banking, payment, CRM, or transactional system. A request passes through three layers in sequence before it reaches anything real.

1
Semantic Filtering
Analyses intent and screens for prompt injection and jailbreak attempts before a request reaches any system.
2
OAuth Verification
Evaluates short-lived scoped tokens and enforces zero-trust principles on every call.
3
Deterministic Policy Guardrails
Checks transaction limits, role permissions, time-of-day rules, and jurisdiction constraints with deterministic, auditable logic.

Regulatory alignment

CBN agentic finance restrictions (Nigeria): the boundary enforces the human-in-the-loop mandate on every fund movement, deterministically, not by convention.
SARB explainability requirements (South Africa): full decision-path logging resolves the black-box audit problem for the South African Reserve Bank.
NDPA audit requirements: every decision is logged with PII redacted at source, ready for NDPC inspection.
POPIA data residency (South Africa): data-residency enforcement keeps personal data inside the jurisdiction that governs it.

Why it builds switching costs

Once the boundary is integrated, the audit trail and the policy library become a security blanket no rational compliance officer wants to replace. The accumulated decision log is institutional memory; the policy set is hard-won configuration. Both compound in value the longer they run.

As an institution's A2A sub-agents start to depend on the boundary's guarantees, the interoperability lock-in deepens. The boundary stops being a feature and becomes the substrate the institution's agentic operations are built on.

Pricing

Included in the Tracent Enterprise Gateway as standard for every Enterprise customer. A standalone licence for institutions that want governance without the full gateway is on the Phase 2 roadmap, priced ₦15M to ₦40M annually depending on scope.

Schedule a security architecture review

Walk through the boundary with your compliance and security leads. We will map it to your regulatory obligations.

Talk to sales