Pillar 3: Reporting Controls
Provide visibility, accountability, and metrics for agent governance.
Overview
Pillar 3 establishes the reporting and monitoring capabilities required to maintain oversight of AI agents across the organization. These 14 controls ensure that governance teams, compliance officers, and regulators have visibility into agent inventory, usage patterns, security posture, incident response, analytics, observability telemetry, and hallucination feedback—essential for demonstrating effective supervision to examiners.
Primary Regulatory Alignment: FINRA 3110 (supervision), FINRA 4511 (recordkeeping), SEC 17a-3/4 (records)
Control Categories:
| Category | Controls | Focus |
|---|---|---|
| Inventory & Tracking | 3.1, 3.5-3.6 | Agent registry, cost tracking, orphan detection |
| Activity Monitoring | 3.2, 3.8 | Usage analytics, Copilot Hub |
| Compliance Reporting | 3.3-3.4 | Regulatory reporting, incident response |
| Security Operations | 3.7, 3.9 | PPAC security posture, Sentinel integration |
| Quality Feedback | 3.10 | Hallucination feedback loop |
| Governance Analytics & Enforcement | 3.11-3.14 | Centralized inventory enforcement, exception management, admin center analytics, observability telemetry |
Controls
- 3.1 Agent Inventory and Metadata Management
- 3.2 Usage Analytics and Activity Monitoring
- 3.3 Compliance and Regulatory Reporting
- 3.4 Incident Reporting and Root Cause Analysis
- 3.5 Cost Allocation and Budget Tracking
- 3.6 Orphaned Agent Detection and Remediation
- 3.7 PPAC Security Posture Assessment
- 3.8 Copilot Hub
- 3.9 Microsoft Sentinel Integration
- 3.10 Hallucination Feedback Loop
- 3.11 Centralized Agent Inventory Enforcement
- 3.12 Agent Governance Exception and Override Management
- 3.13 Agent 365 Admin Center Analytics and Reporting
- 3.14 Agent 365 Observability SDK and Custom Agent Telemetry
FSI Agent Governance Framework v1.4.0 - April 2026