Why FluxAI
Bank model risk management has a specific vocabulary for agentic AI. Three properties separate tools that pass a procurement checkbox from tools that survive regulator-level scrutiny. We map to all three.
The three properties
Anchor: Szpruch, Sudjianto, Bhatti, Ang (2026), §2.2 Step 6.
A run that halted normally, a run that was escalated to human review, and a run that abstained from producing a result are three different things. Each one has different remediation, different monitoring, and different consequence admissibility for a regulator. Collapsing them into a binary allow / deny erases the distinction the paper requires and bank CMROs are paid to validate.
Human in Control: HALT / ESCALATE / ABSTAIN as a first-class terminal state on every governed action.
Anchor: Szpruch et al. (2026), §3 capability framework and risk tiering.
Agentic systems differ by the capability they exercise (long-context extraction, retrieval with attribution, deterministic numeric, policy-constrained drafting). They differ by the authority each capability holds and by the consequence each composition exposes. A single global trust score for the agent cannot capture this. Capability catalogues, use-case specifications, and a risk-tiering rubric across the paper's five dimensions can.
Model Risk Oversight: capability catalogue, use-case specs, risk tiering, 7-step programme pack with 1LoD / 2LoD / SecOps responsibility matrix.
Anchor: GDPR Art. 33, NIS2 incident reporting, DORA major-incident articles, OWASP Agentic Top 10.
Mapping to a framework name (GDPR, NIS2, DORA) is what procurement asks for. Mapping to a specific article with the deadline, the recipient authority, the field template, and a provenance trail is what a supervisor asks for. The gap between the two is where most governance products sit. Ours does not.
Proof of Human Oversight: each decision binds to an article-level template with a verifiable evidence trail.
Tools that map to framework checkboxes do not satisfy regulator-level scrutiny. We map to the article.
These three properties are not differentiators we invented. They are the properties Szpruch, Sudjianto, Bhatti and Ang argue regulated finance MRM should demand, validated against the operational practice of CMROs at multiple banks. We built to match the paper.
Sources