AI agent governance for regulated industries

Put AI agents to work without failing the audit.

Banks and life-science companies are putting AI agents into regulated work — triaging cases, drafting reports, reconciling accounts. MakerChecker keeps every agent inside its role, makes sure a named person signs every decision that matters, and leaves proof an inspector can verify.

Book a demo See it block an agent — live

Agents can only do what they're allowed·A named person signs every decision that matters·Evidence your regulator can verify

Run

recon-2026-06-13 · daily cash reconciliation

3 steps

Reconciled ledger — 2 breaks found
09:14:02
role: reconciliation clerk · grant v3
Attempted to approve own resolution
09:14:03
role: reconciliation clerk · grant v3
Blocked — maker cannot be checker
Segregation of duties enforced structurally. Not flagged — refused.
Approved at gate — break above threshold
09:21:47
approver: J. Okafor · controller (human)
“Variance traced to an FX timing entry. Approving the proposed resolution.”

Chain verifiedEd25519 · verified offline

What you get

Three things you can put in front of an inspector.

Not a dashboard that tells you an agent misbehaved after the fact. The controls your auditors already expect from people — segregation of duties, sign-off, an audit trail — applied to AI agents, and enforced before the agent acts.

Agents stay inside their role

Each agent can only touch the tools and data you explicitly allow it — nothing more. And the agent that prepared a case can never be the one that signs it off. That is segregation of duties, enforced automatically, not just written in an SOP.

A named person signs what matters

Release a batch, pay an invoice, file a report, recall a product — the decisions that carry consequences wait for a human. A named person signs, the agent can’t skip the gate, the requester can’t approve their own work, and the reason is recorded word for word.

Evidence an inspector can verify

Every step the agent took, and every sign-off, lands in a tamper-evident record. You hand the inspector a signed file they can check themselves, on their own laptop, without any access to your systems. Alter one entry and the file no longer checks out.

“Isn't this just a workflow tool?”

A ticketing system records what people say they did. We control what the agent is actually able to do.

A ticket queue logs a claim after the work has happened, and nothing stopped the work. MakerChecker sits in front of the agent: the agent can only act through it, so it has no way to release a batch, move money, or file a report unless the rules allow it and a person has signed.

The agent moves fast on the safe work — reading, matching, drafting, quarantining a suspect pallet. It stops at the decisions you can't take back: release, pay, file, recall. That stop isn't a policy reminder. The agent simply cannot get past it without a human.

A ticketing system

Records what happened
After the fact
Can't stop an action
Edited, no trace

MakerChecker

Decides what's allowed
Before the action
Stops the unsafe ones
Signed, tamper-evident

The agent can only act through MakerChecker. There is no way around it.

Why now

Built for the audits that come after.

On 17 April 2026, SR 26-2 scoped agentic AI out of model-risk guidance. No supervisory template means no safe harbor — and the predicate rules underneath never moved. They're date-proof, written decades before agents existed, and your examiners and the discovery process won't wait for new ones.

SR 26-2 / OCC 2026-13Agentic AI scoped out of model-risk guidance. No rules, and no safe harbor.
21 CFR Part 11Electronic records and signatures — a 1997 rule, written for exactly this. Date-proof.
21 CFR §211.22An independent quality unit. The release decision cannot be delegated to software.
SOXControlled accruals and the controls behind every certified financial number.
NYDFS Part 504A named senior officer certifies the monitoring stack every April 15 — forever.

Read the full thesis →

Who it's for

Two industries, the same controls.

Pick your world. The way the controls work is the same; the rules they answer to are yours.

Financial services

Govern the agents in your financial-crime team.

AML alert triage, reconciliation, suspicious-activity filings — the SAR decision locked away from the agent that raised the alert, with NYDFS Part 504-ready evidence an examiner verifies offline. Designed against SR 26-2, Part 504, and OFAC.

For banks & the middle office →

Life sciences

Govern the agents in your safety and quality teams.

Complaint and adverse-event triage, cold-chain disposition, batch release — agents handle the volume; the reportability and release decision stays a named officer’s, with Part 11-grade evidence verified offline. Designed against Part 11, §211.22, QMSR, and draft Annex 22.

For pharma, devices & clinical →

See it work

The moment an agent must not act alone.

Every governed run is fast everywhere except the one-way doors. Two of those moments, rendered as the product handles them.

Banking · daily cash reconciliation

The agent tries to approve its own work — and the system refuses.

A reconciliation clerk agent finds two breaks and attempts to sign off its own resolution. Segregation of duties is enforced structurally: the action is impossible by construction. The break above threshold routes to a named human, whose reason is recorded verbatim.

See it block an agent — live →

Run

recon-2026-06-13 · daily cash reconciliation

3 steps

Reconciled ledger — 2 breaks found
09:14:02
role: reconciliation clerk · grant v3
Attempted to approve own resolution
09:14:03
role: reconciliation clerk · grant v3
Blocked — maker cannot be checker
Segregation of duties enforced structurally. Not flagged — refused.
Approved at gate — break above threshold
09:21:47
approver: J. Okafor · controller (human)
“Variance traced to an FX timing entry. Approving the proposed resolution.”

Chain verifiedEd25519 · verified offline

Medicines · cold-chain disposition

Release the pallet, or destroy six figures of product.

A cold-chain agent catches a temperature excursion live, quarantines the pallet, and assembles the disposition case — all on its own. Then it stops. The release-or-destroy call is a one-way door that belongs to a named qualified person.

More governed-agent use cases →

Gate

cold-chain · pallet VX-4471 · excursion 41 min

awaiting sign-off

Excursion caught live · pallet quarantinedsafe direction · agent acted alone
Stability data pulled · disposition case assembled

One-way door

Destroy — six figures of productRelease against stability data

The agent cannot decide this. A named QA person signs — recorded reason required.

“Excursion within validated stability range for this product. Releasing pallet VX-4471.”
— M. Adeyemi · qualified person (human) · 14:08:11

Decision sealed in chainrequester ≠ approver

Open source

Open source, because your auditors get to read it.

Run it on your own infrastructure, fully disconnected from the internet if you need to. Open source isn't a slogan here — it's how it gets through your procurement and security review.

Your validation team can read every line of how the controls work. The evidence file can be checked by anyone — including your regulator — without trusting us or touching our systems. Nothing about the proof depends on taking our word for it.

Star on GitHub Read the docs

Runs on: Your infrastructure
Deployment: Self-hosted
Network: Works offline
Phones home: Never
Evidence: Verify it yourself
Records: Cryptographically signed

Open source · works with the AI agents your teams already build — you don't replace them, you put them behind MakerChecker.

For regulated teams

Put your agents to work today. Be ready for the audit anyway.

See an agent get stopped from signing off its own work, and the signed evidence file an inspector can check for themselves. One command starts the demo.

Book a demo Read the docs

Designed against the rules your auditors already enforce.