What question did this study set out to answer?

This research aims to define and categorize the emerging risks associated with agentic AI in financial services.

June 7, 2026Open Access

Agentic Workflow Drift and Agentic Workflow Subversion: A New Risk Taxonomy for the Governance of Agentic AI in Financial Services

Key Points

This research aims to define and categorize the emerging risks associated with agentic AI in financial services.
Introduced concepts of Agentic Workflow Drift and Agentic Workflow Subversion.
Discussed how these concepts manifest in workflows like client onboarding and sanctions screening.
Proposed the Semantic Control Plane and Agentic 3 C's Framework for governance.
Identified a new risk surface before existing governance frameworks are applied.
Established that existing audit methodologies fail to address this distinct risk.
Provided a foundational governance architecture to handle the risks associated with agentic AI.

Abstract

A new failure mode is emerging in AI-driven banking workflows: systems executing correctly against definitions no one explicitly authorized. This paper introduces two original concepts in the governance of agentic artificial intelligence systems deployed within financial services: Agentic Workflow Drift and Agentic Workflow Subversion. Agentic Workflow Drift is defined as the unintentional mechanism by which agentic systems synthesize semantically inconsistent signals across enterprise platforms into a working operating logic that no human explicitly authorized. Agentic Workflow Subversion is defined as the enterprise risk surface that emerges when drift propagates unchecked across functions, workflows, and control boundaries. It also describes the intentional exploitation of that same reasoning layer by sophisticated adversarial actors. Together, these concepts constitute what is, to the author’s knowledge, the first risk taxonomy developed specifically for the reasoning layer of agentic AI systems. The paper argues that Agentic Workflow Subversion represents a distinct reasoning-layer risk surface, one that originates before existing governance frameworks are engaged, that no existing audit methodology is typically designed to test or validate directly or systematically, and that no current line of defense was designed to govern directly or comprehensively. The paper illustrates how this risk can emerge in workflows such as client onboarding and sanctions screening, where agentic systems reconcile inconsistent definitions across KYC, credit, and entitlement platforms into a synthesized operating logic that no human explicitly authorized. It further introduces the Semantic Control Plane as a foundational governance architecture well positioned to address this risk, and the Agentic 3 C’s Framework, comprising Context, Control, and Coordination, as the operating principles that the Semantic Control Plane must enforce at runtime to enable trusted enterprise agentic AI at scale. The paper draws on the author's practitioner expertise in banking controls, model risk governance, and enterprise architecture, and is submitted as original practitioner-led research into an emerging and underexamined governance gap.

Read Full Paperexternally

Mark Helpful

Bookmark

Relay

View Full Paper