Control 1.22: Information Barriers for AI Agents
Control ID: 1.22 Pillar: Security Regulatory Reference: SEC Rules 10b-5, 14e-5, Regulation M; FINRA Rules 2241, 3110, 5270, 5280; OCC 2011-12 Last UI Verified: January 2026 Governance Levels: Baseline / Recommended / Regulated Last Verified: 2026-02-03
Objective
Implement information barriers (Chinese walls) to prevent AI agents from crossing compliance boundaries between business units, ensuring agents cannot access data across research-trading, investment banking-sales, or public-private side barriers.
Why This Matters for FSI
- FINRA 3110: Enforces supervision and separation between research and trading functions
- SEC Regulation SHO: Helps prevent trading on research information through segment barriers
- FINRA 5280: Blocks research-trading communication to prevent trading ahead
- OCC 2011-12: Supports AI data segregation requirements for model risk management
Control Description
This control establishes information barriers through:
- User Segments - Define segments based on Microsoft Entra ID attributes (Department = Research, Trading, IB, Sales)
- Barrier Policies - Configure policies that block communication between segments
- Agent Context Inheritance - Agents inherit barrier policies of the invoking user
- SharePoint Barrier Alignment - Knowledge sources respect barrier boundaries
- Wall-Crossing Workflow - Controlled exceptions with compliance approval and documentation
- Barrier Monitoring - Detect and alert on potential barrier violations
Channel Agent vs. Copilot Studio Agent IB Support
Information Barriers support varies by agent type in Teams:
| Agent Type | IB Supported | Deployment Method | Barrier Enforcement |
|---|---|---|---|
| M365 Copilot | ✅ Yes | Built-in | User context inherits barriers |
| Copilot Studio agents in Teams | ✅ Yes | Teams app package | User context inherits barriers |
| Channel Agent | ❌ No | Teams channel post | No barrier inheritance |
Channel Agent Limitation: Channel Agents posted to Teams channels do NOT inherit barrier policies from the channel or invoking users. This is a Microsoft platform limitation specific to the Channel Agent deployment model.
Copilot Studio agents ARE supported: Copilot Studio agents deployed to Teams via app packages DO respect Information Barriers when invoked by users in barrier-protected segments.
Compensating Controls for Channel Agents:
- Zone 3 prohibition: Do not deploy Channel Agents in Teams channels where barrier-protected segments interact
- Knowledge source isolation: Manually verify Channel Agent knowledge sources contain no cross-barrier content
- Compensating controls: Use connector policies (Control 1.4) to restrict Channel Agent data access
- User training: Ensure users understand Channel Agents operate outside IB enforcement scope
Testing Note: Before deploying any agent to Teams channels used by barrier-protected segments, test barrier enforcement by having a user from one segment invoke the agent and verify they cannot access content from the blocked segment.
Key Configuration Points
- Create organization segments in Purview (IB-Research, IB-Trading, IB-InvestmentBanking, IB-Sales, IB-Compliance)
- Configure Information Barrier policies blocking cross-segment access
- Ensure all users are assigned to appropriate segments (users without segments bypass barriers)
- Note: Information Barriers support up to 5,000 segments per tenant and users can be assigned to up to 10 segments simultaneously (multi-segment support)
- Select the appropriate IB mode for your organization: Single Segment (legacy, one segment per user), Multi-Segment (up to 10 segments per user), or People Search (IB scoping for people directory search only)
- Validate SharePoint site permissions align with barrier policies
- Establish wall-crossing approval workflow (Compliance + Legal + Business Unit head)
- Configure KQL monitoring for cross-barrier access attempts
- Retain wall-crossing documentation for 6+ years
Zone-Specific Requirements
| Zone | Requirement | Rationale |
|---|---|---|
| Zone 1 (Personal) | Barriers inherited from user automatically | User context provides enforcement |
| Zone 2 (Team) | SharePoint sites validated for barrier compliance; weekly audit | Team agents must stay within barrier walls |
| Zone 3 (Enterprise) | Mandatory enforcement; knowledge source validation; real-time monitoring; formal wall-crossing | Maximum protection for regulated functions |
Roles & Responsibilities
| Role | Responsibility |
|---|---|
| Purview Compliance Admin | Configure Information Barriers, define segments |
| Compliance Officer | Approve wall-crossing requests, policy decisions |
| Entra Security Admin | Monitor barrier enforcement, investigate violations |
| AI Governance Lead | Validate agent knowledge sources for barrier compliance |
Related Controls
| Control | Relationship |
|---|---|
| 1.3 - SharePoint Governance | SharePoint permissions must align with barriers |
| 1.7 - Audit Logging | Barrier events must be logged |
| 1.18 - RBAC | Access control aligned with barriers |
| 2.8 - Segregation of Duties | Organizational separation supports barriers |
Implementation Playbooks
Step-by-Step Implementation
This control has detailed playbooks for implementation, automation, testing, and troubleshooting:
- Portal Walkthrough — Step-by-step portal configuration
- PowerShell Setup — Automation scripts
- Verification & Testing — Test cases and evidence collection
- Troubleshooting — Common issues and resolutions
Verification Criteria
Confirm control effectiveness by verifying:
- Segments defined for all relevant business units in Purview
- Barrier policies show Active status between designated segments
- User in Research segment cannot access Trading content via agent
- Wall-crossing request routes to Compliance for approval
- Barrier audit logs capture all barrier-related decisions
Additional Resources
- Microsoft Learn: Information Barriers
- Microsoft Learn: Information Barriers in Teams
- Microsoft Learn: Information Barriers in SharePoint
- FINRA Rule 5280: Trading Ahead of Research
Updated: January 2026 | Version: v1.2 | UI Verification Status: Current