Vertical · 5 min read

Human-agent trust for financial services

Q: What is the first integration to ship?

The signed audit trail. It costs least, satisfies the most regulators, and produces the evidence everything else builds on. Every vertical we have integrated started here.

Q: How does this affect end-customer experience?

Invisibly, by design. The customer sees the same UI; the difference is in the audit log behind it. The latency added is single-digit milliseconds. The trust gain is structural.

Q: What's the buying motion — security, compliance, or the line?

Compliance writes the check; security signs off; the line of business sets the timeline. The strongest deals start with a regulator deadline; the next-strongest start with a deal-blocking security questionnaire.

When your agent moves a million dollars at 3 a.m., who signed the trade? Financial services has the highest stakes in the agentic age and the deepest regulatory thicket. Here is what HATI looks like for banks, broker-dealers, and fintechs.

The compliance stack you already have

Every regulated financial institution already operates under a dense compliance stack: FINRA Rule 3110 for supervision, FFIEC IT Handbook for risk, SOX for financial controls, OCC Bulletins for third-party risk, GDPR/DPDPA for data, and now the EU AI Act for AI-specific oversight. The agentic age does not replace these. It introduces an orthogonal axis the existing stack does not cover: which human authorized which agent action, with what authority, when, and with what scope.

That orthogonal axis is HATI. The good news for finance: the architectural pattern fits cleanly into existing supervisory frameworks. The bad news: nearly no incumbent core-banking or trading platform has implemented it natively yet.

The five high-stakes flows

Five flows in finance are most exposed to the human-agent gap. We see all five at design partners.

Trading and execution. Algo trading is not new. AI agents that generate trade ideas, route orders, and adjust strategy in response to news are. FINRA Rule 3110 requires supervision; supervision in the agentic case must be cryptographic, not human-eyeballs-on-a-monitor.

Treasury operations. Sweep accounts, FX hedges, working-capital movements run by treasury agents. A misrouted batch is a 9-figure event. Agent-driven treasury without delegation chains is uninsurable.

Wealth management. Robo-advisors are 2010s. Robo-advisors with agent-mediated client onboarding, KYC, suitability, rebalancing, and tax-loss harvesting are. The SEC will eventually ask: which licensed human supervised this advice?

Loan origination. An agent stack ingests, underwrites, prices, and disburses small-business loans. Fair Lending obligations require traceable, explainable decisions. Agent flows that don't bind to a human supervisor fail the audit.

Customer support and disputes. A support agent issues a refund or escalates a chargeback. The CFPB cares about the human who authorized the policy and the agent that applied it. Both must be identifiable.

The HATI architecture for financial services

A reference deployment looks like this:

Layer 1 (Identity) — every supervisor, trader, advisor, and underwriter has a verified Manav identity, federated with the institution's existing IDP (typically Okta or Entra) for SSO continuity.
Layer 2 (Delegation) — every agent in the trading, treasury, advisory, lending, and support stacks runs under a delegation token signed by the responsible human supervisor. Tokens are scoped to instrument types, dollar caps, time windows, and counterparty classes.
Layer 3 (Attestation) — every executed order, approved disbursement, advice rationale, and dispute resolution carries an attestation chain back to the delegating human and the supervising compliance officer.
Layer 4 (Trust score) — internal supervisors carry trust scores derived from their own clean track record, used to set delegation limits programmatically.
Layer 5 (Settlement) — out of scope for most banks; in scope for fintechs that intermediate cross-organizational agent flows.

What the audit log changes

Today, the audit log of an agent-driven trade reads: "trader_bot_3 executed buy 5000 NVDA at 14:22:01." After HATI: "Agent trader_bot_3, delegated by Maria Chen (DID: did:manav:0x9a3f...), under scope equities:large-cap:<5M-notional, signed at 14:22:01 with delegation #7d2e (TTL 4h, cap $5M), supervised by Compliance Officer ID #M-1042 (verified human, certificate 0x7c1...)."

That second log answers every question a regulator can ask. The first answers none.

The two-natural-person rule and finance

Article 14's two-natural-person rule (for certain critical systems) maps cleanly onto traditional trading desk supervision but enforces it cryptographically. Where today a senior trader's verbal approval is captured in a recorded line, tomorrow the supervisor's Manav signature is captured in the trade's attestation. The pattern is what finance already does. The proof is what changes.

Insurability

Cyber insurers today are quietly excluding losses from "autonomous agent operation" — language that is becoming more common. The argument is straightforward: if you can't prove which human authorized what, the insurer can't underwrite the risk. HATI's audit log restores insurability. Several major carriers now offer materially better terms when the AI stack carries cryptographic delegation chains.

What to do this quarter

Inventory. Map every AI agent in production by line of business. Many institutions are off by 3–5×.
Pilot delegation in one flow. Pick treasury or claims; smallest blast radius, clearest cap structure.
Wire to MCP. If your agent stack uses MCP (78% of enterprise teams now do), Manav's MCP-identity layer drops in cleanly.
Engage your auditor. Walk them through the new audit-log format before they see it under enforcement.

Common objections

The two pushbacks we hear from this vertical: integration risk — addressed by phased rollout starting with the audit trail (lowest risk, highest evidence-to-effort ratio), and internal politics — addressed by anchoring the project to a regulator deadline or a security-questionnaire deal-blocker, where the political question answers itself.

Frequently asked questions

What is the first integration to ship? The signed audit trail. It costs least, satisfies the most regulators, and produces the evidence everything else builds on. Every vertical we have integrated started here.

How does this affect end-customer experience? Invisibly, by design. The customer sees the same UI; the difference is in the audit log behind it. The latency added is single-digit milliseconds. The trust gain is structural.

What's the buying motion — security, compliance, or the line? Compliance writes the check; security signs off; the line of business sets the timeline. The strongest deals start with a regulator deadline; the next-strongest start with a deal-blocking security questionnaire.

Where to start

The first integration we recommend in this vertical: ai act article 14 playbook, then delegation tokens explained. Both are deployable inside a quarter; both produce regulator-grade evidence; both unblock procurement conversations the rest of the stack depends on.

The hardest part of regulated finance going agentic isn't the model. It's the signature.

Finance has spent 90 years building the strongest supervision regime in any industry. The agentic age does not break it. It simply demands that the supervision be cryptographic. HATI is how you do that without rewriting your compliance program.