Pillar 3: Reporting Controls
Provide visibility, accountability, and metrics for agent governance.
Overview
Pillar 3 establishes the reporting and monitoring capabilities required to maintain oversight of AI agents across the organization. These 12 controls ensure that governance teams, compliance officers, and regulators have visibility into agent inventory, usage patterns, security posture, incident response, and hallucination feedback—essential for demonstrating effective supervision to examiners.
Primary Regulatory Alignment: FINRA 3110 (supervision), FINRA 4511 (recordkeeping), SEC 17a-3/4 (records)
Control Categories:
| Category | Controls | Focus |
|---|---|---|
| Inventory & Tracking | 3.1, 3.5-3.6 | Agent registry, cost tracking, orphan detection |
| Activity Monitoring | 3.2, 3.8 | Usage analytics, Copilot Hub |
| Compliance Reporting | 3.3-3.4 | Regulatory reporting, incident response |
| Security Operations | 3.7, 3.9 | PPAC security posture, Sentinel integration |
| Quality Feedback | 3.10 | Hallucination feedback loop |
| Inventory & Enforcement | 3.11-3.12 | Centralized inventory enforcement, exception management |
Controls
- 3.1 Agent Inventory and Metadata Management
- 3.2 Usage Analytics and Activity Monitoring
- 3.3 Compliance and Regulatory Reporting
- 3.4 Incident Reporting and Root Cause Analysis
- 3.5 Cost Allocation and Budget Tracking
- 3.6 Orphaned Agent Detection and Remediation
- 3.7 PPAC Security Posture Assessment
- 3.8 Copilot Hub
- 3.9 Microsoft Sentinel Integration
- 3.10 Hallucination Feedback Loop
- 3.11 Centralized Agent Inventory Enforcement
- 3.12 Agent Governance Exception and Override Management
FSI Agent Governance Framework v1.3 - February 2026