Markets Open
Global Markets
S&P 500 7,550.36 ▼ -0.3% DOW 52,667.65 ▲ +0.0% NASDAQ 26,031 ▼ -0.9% RUSSELL 2K 2,978.86 ▲ +0.1% VIX 16.3 ▲ +4.0% GOLD 3,994.5 ▼ -1.2% CRUDE OIL 78.79 ▼ -1.0% EUR/USD 1.14 ▲ +0.1% BTC 64,426 ▼ -0.9% ETH 1,876.49 ▼ -2.0%
Fintech

AISSURED founder sets out governance model for training AI agents

Priya Lakshmi says firms should govern AI-agent training through controls on data, prompts, sources, policies and supervised testing.

Rafael Ortiz

By Rafael Ortiz · Fintech Correspondent

· 3 min read

Priya Lakshmi, founder of London-based AISSURED, has set out a five-part governance approach for training AI systems that act like workplace agents, arguing that regulated businesses should treat training as a control process rather than a capability upgrade. The model focuses on fine-tuning, prompt design, retrieval boundaries, policy enforcement and scenario testing, with accountability tied to regimes including the EU AI Act, UK GDPR, Consumer Duty, SM&CR and the Equality Act.

Writing in a Finextra community opinion post, Lakshmi said experience hiring engineers showed that technical capability was often less difficult to build than judgment. She applied that analogy to AI systems, saying an agent that has completed onboarding still needs structured training before it is allowed to exercise more autonomy.

The first control area is fine-tuning, the process of adapting a model using task-specific or organisation-specific data. Lakshmi said firms that fine-tune models on their own records can improve domain performance, but may also transfer historical bias embedded in that data. She linked that risk to data-quality requirements under the EU AI Act for high-risk systems, fair-lending expectations, the Equality Act and model-risk disciplines around data provenance.

She identified prompt architecture as the equivalent of role clarity for an employee. In this context, system and developer instructions set the agent’s objective, boundaries, tone and escalation triggers. Lakshmi said firms should define that prompt wrapper before deployment so the agent does not operate beyond its assigned function. She connected this to Consumer Duty expectations about customer-facing conduct and to SM&CR accountability for the version of instructions an agent is running.

Grounding and refusal

Lakshmi also argued that AI agents need defined limits on the information they can use. For systems using retrieval-augmented generation, or RAG, that means restricting answers to approved and current material, requiring citations and designing refusal as an accepted outcome when the system is outside scope. She said AISSURED used that approach in its governance intelligence assistant, constraining it to grounded records and requiring it to decline questions beyond its remit.

She said the same principle applies to a board governance tool under development with a board governance team. According to Lakshmi, an AI system drafting board materials or tracking actions should be grounded in that board’s calendar, decisions and scope, rather than importing generic governance guidance or creating unsupported facts.

Policy reinforcement forms the fourth element. Lakshmi said firms should convert applicable policies from prose into machine-readable rules that can be checked against decisions in real time. She said confidence thresholds should trigger escalation rather than guesses, and cases with no active policy should be referred for review rather than treated as approved. In AISSURED’s platform, she said governed decisions return pass, refer or block outcomes against applicable policies.

Testing before autonomy

The final element is supervised practice through scenario testing. Lakshmi said firms should build use-case-specific libraries of ambiguous and regulated edge cases, test the agent against them, then increase authority in stages: read-only use, low-risk actions under human review and independence within defined limits. She said the named manager established during onboarding should approve each step.

Lakshmi said these controls should continue after launch because models, data and operating contexts can change. She linked ongoing review to SM&CR accountability and to EU AI Act deployer obligations covering human oversight, monitoring and retained logs.

As AI adoption grows, Lakshmi said governance cannot depend only on workshops and paperwork. She called for a standard AI governance metadata schema covering the model, instructions, sources, policies, tests, decisions and approvals attached to each system, which she said would support automated governance across the AI lifecycle.

This story draws on original reporting from Finextra Research.

More from Fintech

All Fintech →