Ok
logo_outline-1

From Assistants to Agents: Why this shift changes everything for Risk and Compliance

Author: Priscilla Gaudoin
shutterstock_2226240731
CheckCircle

Author: Priscilla Gaudoin, Head of Risk & Compliance, published July 2026

CheckCircle

Topics: FCA Priorities, Governance, Compliance, Conduct, Risk Management

CheckCircle

Regions and Regulators: UK - FCA

 ICA_R_BAD_CPD_19769Time to read: 4 minutes

TL:DR
-  The move from AI assistants to autonomous agents changes the risk and compliance challenge fundamentally. Firms need continuous monitoring, end-to-end traceability, clear ownership, and escalation paths because traditional governance was not built for systems that act and adapt over time.

From helpful tools to autonomous actors

Most organisations still think about AI in terms of assistants. That is tools that help employees work faster, analyse data, or generate content.

That model is rapidly being replaced.

We are moving from assistants to agents. Systems that can plan, execute, and adapt autonomously. While that may sound like a natural evolution, from a risk and compliance perspective, it changes everything.

Assistants are passive. They require human prompts and human decisions. Agents are active. Set them a task, leave them to execute it whilst you make a coffee. They can initiate actions, sequence tasks and pursue goals.

That distinction introduces a new category of risk, one that existing frameworks were not designed to handle. In traditional, AI governance, control is anchored around outputs. Models are validated, decisions are reviewed, and humans remain accountable for final actions.

With agentic AI, control shifts to behaviour over time.

An AI agent doesn’t just produce a single output. IT interacts with systems, responds to new inputs, and continuously makes decisions. That creates complexity that is difficult to predict, and even harder to audit.

Where the control model breaks down

This is where regulatory blind spots are emerging. First, accountability becomes diffused. When an agent executes a chain of decisions, who owns the outcome? The developer? The business owner? The user who initiated the process?

Without clear answers, accountability frameworks start to breakdown.

Second, auditability is under pressure. It’s one thing to review a single decision. It’s another to reconstruct a sequence of autonomous actions across multiple systems, data sources, and timeframes.

Many firms simply don’t have the infrastructure to do this.

Third, risk is no longer static. Agentic systems can evolve based on inputs and context. That means a model that complaint at deployment may behave differently in production.

Traditional validation cycles can’t keep up with that.

For senior executives, the implication is clear. You cannot apply old governance models to new AI behaviours.

Firms need to shift to:

  • Continuous monitoring instead of periodic review
  • End-to-end traceability of actions, not just decisions
  • Clear ownership of agent behaviour
  • Defined escalation paths when agents operate outside expected parameters

This is not about slowing down innovation. It’s about ensuring that as systems become more autonomous, control becomes more intentional, not less.

Because the real risk isn’t that AI fails. It’s that it operates in ways your organisation cannot fully see, explain or govern.

And in a regulated industry, that’s a risk you can’t afford to carry.

What does this mean for you and your firm?

For asset managers and wealth managers, this shift affects more than technology architecture. It changes how firms oversee model-driven portfolio actions, client servicing, and compliance processes that may now run with limited human intervention. The challenge is making sure control functions can still see, explain, and govern decisions that increasingly happen across time rather than at a single approval point.

How Ruleguard helps firms:

Ruleguard can support this shift by helping firms create clearer ownership, stronger audit trails, and more effective oversight for AI agent behaviour. In practice, that means better visibility into how agents operate and a more robust control framework for regulated environments.

Ruleguard helps financial services firms strengthen operational risk management, supplier oversight and compliance monitoring through one AI-powered Continuous Assurance Platform. Identify and assess risks, monitor third-party suppliers, automate compliance testing, manage remediation, and evidence controls from a single, integrated solution. With real-time dashboards, automated workflows, audit-ready evidence and continuous oversight, Ruleguard helps firms reduce operational risk, meet FCA and regulatory expectations, strengthen resilience, and demonstrate effective governance with confidence. 

Book a tailored discovery call

Discover how Ruleguard helps financial services firms strengthen operational risk management, supplier oversight and compliance monitoring through continuous assurance. 

About the Author

In a career spanning 30 years, Priscilla has worked as a consultant, CCO and MLRO providing regulatory oversight and advice to firms across the financial services industry. She is responsible for our thought leadership programme, writing regular articles and white papers, and hosting webinars on a variety of regulatory matters.
 
She is a Fellow of the International Compliance Association, a certified GRC practitioner, and a member of the Institute of Risk Management. 
 
Contact Priscilla
Priscilla Gaudoin