Governance Fundamentals
Core concepts and principles for AI agent governance in financial services.
Framework Overview
The FSI Agent Governance Framework provides complete guidance for deploying, governing, and managing Microsoft 365 agents (Copilot Studio, Agent Builder, and related AI services) in regulated financial services environments.
Version: 1.2.51 (February 2026) Target Audience: US Financial Services Organizations Regulatory Focus: FINRA, SEC, SOX, GLBA, OCC, Federal Reserve, FDIC, NCUA, CFTC
Warning
This framework is provided for informational purposes only and does not constitute legal, regulatory, or compliance advice. See Disclaimer for full details.
Scope and Assumptions
What This Framework Covers
This framework provides governance guidance for:
- Copilot Studio agents
- Agent Builder agents
- Power Platform environments hosting agents
- SharePoint as a knowledge source for agents
Agent Types In Scope
| Agent Type | In Scope? | Governance Location |
|---|---|---|
| Copilot Studio custom agents | Primary focus | Power Platform Admin Center |
| Agent Builder agents (M365) | Primary focus | M365 Admin Center + PPAC |
| Microsoft-built agents (Researcher, Analyst, Facilitator) | Partial | M365 Admin Center (limited controls) |
| Third-party/partner agents | Varies by integration | M365 Admin Center |
| Agent 365 control plane | Future (Frontier preview) | M365 Admin Center |
Microsoft Agent 365
Microsoft Agent 365 is a new centralized control plane for agent governance announced at Ignite 2025, currently in Frontier preview. It provides centralized agent registry, Entra Agent ID, lifecycle management, and observability dashboards. This framework will incorporate Agent 365 capabilities as they reach general availability.
Entra Agent ID (Public Preview)
Entra Agent ID provides first-class agent identities in Microsoft Entra, enabling Conditional Access, Identity Protection, and lifecycle management for AI agents. Currently in Public Preview since November 2025. See Agent Identity Architecture for implementation guidance and FSI readiness assessment.
Microsoft-Built Agent Applicability
Microsoft-built agents (Researcher, Analyst, Facilitator) have limited governance options. Control applicability:
| Control Category | Applicability | Notes |
|---|---|---|
| 1.2 Agent Registry | Partial | Visible in M365 Admin Center only |
| 1.5 DLP/Sensitivity Labels | Full | Tenant-wide policies apply |
| 1.7 Audit Logging | Full | Logged via OfficeActivity |
| 2.1 Managed Environments | N/A | Not in Power Platform |
| 2.3 Change Management | N/A | Managed by Microsoft |
| 3.1 Agent Inventory | Full | Visible in M365 Admin Center |
| 3.2 Usage Analytics | Full | Copilot usage reports |
| 4.1-4.7 SharePoint | Full | Grounding data governance applies |
Zone Classification: Based on data access - Zone 1 (personal M365), Zone 2 (team sites), Zone 3 (regulated content).
Limited Customization
Microsoft-built agents cannot be configured. Governance focuses on data access control, usage monitoring, and output supervision.
What This Framework Does NOT Cover
- Non-US regulations (EU AI Act, GDPR, DORA, MiFID II are out of scope)
- Non-Microsoft AI platforms (OpenAI direct, AWS Bedrock, Google Vertex AI, etc.)
- Custom ML model development, training, or validation
- Quantitative model risk management (requires dedicated MRM programs)
- State privacy laws (CCPA/CPRA require separate analysis)
- Third-party AI integrations outside Microsoft 365 ecosystem
Key Assumptions
| Assumption | Rationale |
|---|---|
| Microsoft 365 E3/E5 | Required for Copilot Studio, Purview, and advanced governance features |
| Microsoft Entra ID | Identity and access management foundation |
| Microsoft Purview | Compliance and data governance capabilities |
| Power Platform licensing | Required for environment management and DLP policies |
| Foundational IT controls | Network security, endpoint protection, backup/recovery assumed in place |
Four Governance Pillars
The framework organizes 71 controls across four pillars:
| Pillar | Controls | Focus | Examples |
|---|---|---|---|
| 1. Security | 28 | Protect data and systems | DLP, Audit, Encryption, MFA, eDiscovery, Network Isolation, Information Barriers |
| 2. Management | 24 | Govern lifecycle and risk | Change Control, Testing, Model Risk, Multi-Agent Orchestration, HITL Framework |
| 3. Reporting | 12 | Monitor and track | Inventory, Usage, PPAC, Sentinel, Hallucination Feedback |
| 4. SharePoint | 7 | SharePoint-specific controls | Access, Retention, External Sharing, Grounding Scope, Copilot Data Governance |
Note: Pillar 4 specializes Pillars 1-3 for SharePoint as an agent knowledge source. Controls address SharePoint-specific implementation of data protection, access governance, and content management.
Three Governance Zones
Agents are classified into zones based on risk level:
| Zone | Risk Level | Data Access | Approval | Audit Retention |
|---|---|---|---|---|
| Zone 1: Personal | Low | M365 Graph only | Self-service | 30 days |
| Zone 2: Team | Medium | Internal data | Manager approval | 1 year |
| Zone 3: Enterprise | High | Regulated data | Governance Committee | 10 years |
See Zones and Tiers for detailed zone definitions and selection criteria.
Governance Triangle
Effective agent governance operates through three interconnected layers:
Policy Layer (Technical Controls)
Automated guardrails that enforce governance without manual intervention:
| Component | Purpose | Implementation |
|---|---|---|
| Environment Groups | Consistent policy across environments | PPAC environment groups |
| Group Rules | Connector, sharing, channel controls | Environment group rules |
| DLP Policies | Data boundary enforcement | Data policies |
| Environment Routing | Automatic maker placement | Default environment routing |
Process Layer (Operational Workflows)
How governance decisions are made and executed:
- Agent Lifecycle Management — Creation, testing, deployment, monitoring, retirement
- Approval Workflows — Zone-appropriate authorization paths
- Change Control — Controlled promotion between environments
- Incident Response — Detection, investigation, remediation procedures
- Compliance Reviews — Scheduled verification of control effectiveness
People Layer (Organizational Structure)
Accountability and human oversight:
| Role | Governance Function | Zone Focus |
|---|---|---|
| AI Governance Lead | Framework ownership, policy decisions | All zones |
| Power Platform Admin | Technical implementation, environment management | Zones 2-3 |
| Compliance Officer | Regulatory alignment, audit coordination | Zones 2-3 |
| Business Owner | Agent sponsorship, use case validation | Per agent |
| Security / CISO | Threat monitoring, incident response | Zone 3 |
How the Layers Interact
- Policy enables Process — Technical controls automate workflow enforcement
- Process guides People — Defined procedures clarify responsibilities
- People inform Policy — Human judgment shapes control configuration
FSI Note
In regulated environments, all three layers must be documented and auditable. Examiners expect evidence of policy configuration, process execution, and role assignment.
Governance Maturity Levels
Each control supports three implementation levels:
| Level | Name | Description | Typical Use |
|---|---|---|---|
| Level 1 | Baseline | Minimum required implementation | Initial deployment, Zone 1 |
| Level 2-3 | Recommended | Best practice implementation | Zone 2, most production agents |
| Level 4 | Regulated/High-Risk | Comprehensive controls | Zone 3, customer-facing agents |
Maturity Assessment
For compliance tracking, use the 5-point maturity scale: Level 0 (Not implemented), Level 1 (Baseline), Level 2-3 (Recommended), Level 4 (Regulated). See FAQ for percentages.
Control Implementation Approach
- Assess — Current state vs. required level
- Implement — Follow playbook guidance
- Verify — Use verification procedures
- Document — Record evidence for audit
- Review — Schedule recurring reviews
Integration with Existing Governance
This framework is designed to complement, not replace existing enterprise governance programs:
- Integrate controls with your existing IT risk management framework
- Align with enterprise information security policies
- Coordinate with records retention and eDiscovery requirements
- Map to your organization's internal audit program
Note
Organizations should validate all controls against their specific regulatory obligations and existing policy frameworks.
Framework Documentation Structure
Three-Layer Architecture
| Layer | Audience | Update Frequency | Content |
|---|---|---|---|
| Framework (this layer) | Executives, compliance, governance | 1-2x per year | Principles, zones, regulatory context |
| Control Catalog | Compliance officers, architects | Quarterly | Control objectives, requirements |
| Playbooks | Platform teams, operations | Continuous | Portal steps, scripts, screenshots |
Navigation Guide
For Governance Questions:
- Framework Overview — This layer
- Zones and Tiers — Classification requirements
- Operating Model — Roles and responsibilities
For Control Requirements:
- Control Catalog — All 71 controls
- Regulatory Framework — Regulation-to-control mappings
For Implementation:
- Playbooks — Step-by-step procedures
- Adoption Roadmap — Phased implementation
Quick Reference
Getting Started
- Read Executive Summary (10 minutes)
- Review Zones and Tiers to classify agents (15 minutes)
- Check Regulatory Framework for applicable regulations (10 minutes)
For Implementation
- Use the Adoption Roadmap for phased approach
- Reference Control Catalog for requirements
- Follow Playbooks for step-by-step procedures
- Schedule reviews per Governance Cadence
For Governance
- Use the Operating Model for roles and responsibilities
- Establish governance committee per Zones and Tiers
- Schedule recurring compliance reviews
- Track incidents per playbook procedures
FSI Agent Governance Framework v1.2.51 - February 2026