Is agentic AI the greatest test of the SMCR regime so far?
Tags
The publication of the Mills Review of AI and the future of financial services brings the question of accountability and the UK’s Senior Managers and Certification Regime (SMCR) in an autonomous AI world into sharp focus.
The SMCR is built on a clear principle: named individuals are accountable for defined areas of business activity and must be able to demonstrate that they have taken reasonable steps to discharge that accountability. The Review makes clear the foundation of the regulation will remain in an agentic AI-enabled world, while recognising that it must evolve.
SMCR has never required senior managers to perform every activity personally. The regime already accommodates delegation, outsourcing, specialist functions, and complex technology. What matters is clear accountability, effective oversight, and evidence that accountable individuals understand and manage the risks within their remit.
Model Risk Management has long demonstrated how firms can govern complex models while keeping accountability with the relevant business owner. Oversight of agentic AI is therefore not an entirely new premise. The challenge now is one of scale. In particular, cyber threats from Frontier AI mean that firms are increasingly looking to agentic AI as part of their defence, heightening the complexity and importance of effective oversight.
The new challenge: When AI becomes part of the operating model
Most AI use cases can begin within existing technology, risk, model risk, data, third-party and operational resilience frameworks. However, agentic AI creates a sharper accountability challenge because it moves AI from decision support to operational execution.
The central issue is not whether humans remain accountable. It is clear they do. The issue is whether human accountability remains credible when outcomes are increasingly shaped by agentic systems that are autonomous, distributed, adaptive, and difficult to observe directly.
A traditional human model is usually defined, bounded, validated, and monitored against known performance measures. Agentic AI is different because executives accountable for financial conduct, an operational outcome, or an individual customer may not own the AI platform or the training data, configuration, and monitoring environment surrounding it.
Firms therefore need to ask: who is accountable for the impact of agentic AI on the outcome, and what evidence shows that the agent was understood, constrained, monitored, challenged, and corrected in practice?
The doomsday scenario for financial services is not, therefore, machines taking over, but is more subtle – it is accountability losing contact with execution. AI agents execute thousands of decisions at a rate no human can track. Humans remain formally accountable but cannot see enough of what is happening. Governance forums receive overly positive reporting that smooths over exceptions instead of surfacing them. Bias or harmful patterns emerge before they are visible to management. And when harm occurs, the firm can point to an accountable SMF holder on paper, but cannot show what they knew, what they challenged, or why their oversight was reasonable.
If firms cannot show how AI-enabled work is delivered, SMCR will remain legally intact. But from an operational standpoint, it will be challenging to adhere to if firms cannot evidence how agentic AI-enabled work is delivered.
From black box AI to explainable and challengeable AI
Financial services firms must therefore move beyond black-box assurance. What matters is not perfect explainability in every case. The goal is proportionate explainability sufficient for accountable challenge.
For SMCR purposes, the practical test is: can the accountable executive understand the purpose, constraints, key drivers, limitations, and risk indicators of the agentic AI system well enough to challenge its use and act when it behaves outside appetite?
An SMF holder should understand what an agent is designed to do, the key factors shaping its outputs, the controls governing its behaviour, and whether outcomes remain consistent with regulatory obligations and risk appetite.
For higher-risk agentic AI, firms should be able to demonstrate explainability across four areas:
- Functional explainability: what the agent is designed to do, what decisions it influences, what it is prohibited from doing, and where human judgement remains mandatory.
- Logic explainability: the key drivers of outputs, including material data features, prompts, rules, thresholds, or model factors.
- Control explainability: the guardrails around the agent, including approval thresholds, override rights, escalation triggers, monitoring rules, and kill-switch arrangements.
- Outcome explainability: whether the agentic AI is producing outcomes consistent with its intended purpose, risk appetite and regulatory obligations, including testing for bias, unfairness, error, customer harm, and operational failure.
Regulators are moving in a similar direction. The EU AI Act introduces transparency requirements for higher-risk systems, while the UK continues to rely on sector regulators applying principles including transparency, fairness, accountability, and contestability. The expectation is that regulators interpret these principles within their own sectors rather than applying one universal rulebook.
What do agentic AI-grade reasonable steps look like?
Agentic AI does not necessarily require a new legal test under SMCR, but it does raise the practical evidential standard for demonstrating reasonable steps. This means accountable executives should be able to evidence which business outcomes are materially affected by agentic AI, how the agent is constrained, what materially shapes its outputs, how harmful outcomes are detected, what management information they receive, how they have challenged decisions, and what interventions are available when risks emerge.
This is not simply a matter of better governance. It requires a practical evidence framework that allows SMF holders to understand, challenge, rely on, and defend AI-enabled decisions.
The most effective way to operationalise these principles is through an accountability model built on three connected layers:
1. Business accountability remains with the relevant SMF holder
The business SMF remains accountable for the customer, conduct, financial crime, prudential, or operational outcome affected by agentic AI. AI should not become a reason to transfer accountability to technology, data science, or a central innovation team.
2. Enterprise agentic AI stewardship provides the control framework
Firms need a clearly defined enterprise owner for AI standards, assurance, and control. This could sit with a Chief AI Officer, Chief Risk Officer, Chief Data Officer, Chief Technology Officer, or another accountable executive. The title is less important than the mandate.
This function should own the enterprise framework for AI policy, risk tiering, inventories, explainability, testing, monitoring, third-party controls, assurance, and audit requirements; and senior manager and board reporting.
3. AI-native assurance makes oversight possible at machine speed
A human SMF holder cannot personally inspect every agentic AI decision, trace every data input, or validate every model behaviour. That is not a failure of accountability. It is a design challenge for the control environment.
Firms may therefore need AI-enabled assurance tools to monitor agentic-enabled activity. These tools should help identify anomalous behaviour, detect bias, compare outputs against policy and risk appetite, flag uncertainty, generate explainability summaries, maintain audit trails, and escalate exceptions to accountable humans.
Can AI govern AI?
Agentic AI should not govern itself in the sense of being its own accountable owner. But AI can support its own governance if it is designed as a monitored, constrained, and independently assured control environment – and this distinction is important.
A well-governed AI agent should operate within clearly defined boundaries, maintain auditable records of its actions and the factors influencing material outputs, and identify uncertainty, bias, policy breaches, and other anomalous behaviour. The agent should also generate evidence that supports oversight and assurance activities. Crucially, it must remain subject to human escalation, intervention, and independent challenge, including testing, red-teaming, and override.
Moving forwards with clarity
SMCR does not need to be rebuilt for agentic AI. Its core principle remains right: named individuals should be accountable for defined outcomes. But the evidence base behind SMCR does need to evolve.
Existing governance, model risk, and technology controls provide a strong foundation. They do not fully close the gap where agentic AI systems are adaptive, distributed, and embedded in live operations. The next generation of AI governance will therefore need to combine outcome-based accountability, enterprise AI stewardship, explainability, data lineage, behavioural monitoring, bias testing, real-time escalation, and independent challenge.
The firms that get this right will be those that make human accountability executable at machine speed.
Explore more