Control 2.12: Supervision and Oversight (FINRA Rule 3110)
Overview
Control ID: 2.12 Control Name: Supervision and Oversight (FINRA Rule 3110) Regulatory Reference: FINRA Rule 3110, FINRA Rule 4511, SEC 17a-4, SOX 302/404 Setup Time: 2-3 hours initial setup, ongoing supervision
Purpose
This control establishes supervisory procedures for AI agents in broker-dealer and financial services operations, directly aligned with FINRA Rule 3110's supervision requirements. FINRA Rule 3110 requires member firms to establish and maintain written supervisory procedures reasonably designed to achieve compliance with applicable laws and regulations. When AI agents are deployed for customer-facing or business-critical functions, the firm must designate qualified supervisory personnel, implement appropriate oversight mechanisms, and maintain supervision records. This control defines the supervisory structure, review procedures, and documentation requirements for AI agent oversight.
Prerequisites
Primary Owner Admin Role: Compliance Officer Supporting Roles: AI Governance Lead
Required Licenses
- Microsoft 365 E3/E5 (for compliance features)
- Power Platform per-user or per-app licenses
- Copilot Studio
Required Permissions
- Compliance Officer (supervision program ownership)
- AI Governance Lead (day-to-day oversight)
- Chief Compliance Officer (ultimate supervisory responsibility)
Dependencies
- Control 2.8 (Access Control and Segregation of Duties)
- Control 1.7 (Audit Logging)
- Control 3.1 (Agent Inventory)
Pre-Setup Checklist
- [ ] Supervisory personnel designated
- [ ] Written supervisory procedures drafted
- [ ] Review cadence defined
- [ ] Escalation procedures established
- [ ] Training on AI supervision completed
Governance Levels
Baseline (Level 1)
Document supervision procedures for agent oversight; define approver roles and responsibilities.
Recommended (Level 2-3)
Quarterly supervision reports; documented approval workflow for agent deployments.
Regulated/High-Risk (Level 4)
Real-time supervision dashboard; mandatory oversight by Compliance Officer; supervision records retention.
Setup & Configuration
Step 1: Establish Supervisory Structure
Define the supervisory hierarchy for AI agents per FINRA 3110.
AI Agent Supervisory Hierarchy:
┌─────────────────────────────────────────────────────────────────┐
│ CHIEF COMPLIANCE OFFICER (CCO) │
│ Ultimate supervisory responsibility │
│ Quarterly review of AI supervision program │
└─────────────────────────────────┬───────────────────────────────┘
│
┌───────────────────┴───────────────────┐
│ │
┌─────────────▼─────────────┐ ┌───────────────▼───────────────┐
│ AI GOVERNANCE LEAD │ │ DESIGNATED SUPERVISOR(S) │
│ Day-to-day program mgmt │ │ By business line/function │
│ Monthly performance review│ │ Weekly operational review │
└─────────────┬─────────────┘ └───────────────┬───────────────┘
│ │
└───────────────────┬───────────────────┘
│
┌─────────────▼─────────────┐
│ AGENT OWNERS │
│ Responsible for agent │
│ performance & content │
└───────────────────────────┘
Step 2: Document Written Supervisory Procedures (WSP)
Create WSP section for AI Agent governance per FINRA 3110.
AI Agent WSP Template:
WRITTEN SUPERVISORY PROCEDURES
Section: AI Agent Governance
1. PURPOSE
This section establishes supervisory procedures for the use of AI agents
(including Copilot Studio agents) in firm operations, consistent
with FINRA Rule 3110.
2. SCOPE
These procedures apply to all AI agents that:
- Interact with customers
- Access customer or firm data
- Provide recommendations or advice
- Execute transactions or processes
- Generate communications
3. SUPERVISORY PERSONNEL DESIGNATION
3.1 Chief Compliance Officer: [Name] - Ultimate oversight
3.2 AI Governance Lead: [Name] - Program management
3.3 Designated Supervisors by Function:
- Customer Service Agents: [Name]
- Investment Agents: [Name]
- Operations Agents: [Name]
4. PRE-DEPLOYMENT REVIEW
4.1 All enterprise-managed agents require CCO approval before production
4.2 Review must include:
- Compliance with applicable regulations
- Accuracy of information provided
- Appropriate disclosures
- Escalation paths to human personnel
- Data protection measures
5. ONGOING SUPERVISION
5.1 Daily: Automated monitoring of error rates and escalations
5.2 Weekly: Designated supervisor review of sample interactions
5.3 Monthly: AI Governance Lead performance review
5.4 Quarterly: CCO program review
6. SAMPLE REVIEW REQUIREMENTS
6.1 Enterprise-managed agents: Review [X]% of interactions weekly
6.2 Team collaboration agents: Review [X]% of interactions monthly
6.3 Document findings in supervision log
7. ESCALATION PROCEDURES
7.1 Customer complaints regarding AI: Immediate supervisor notification
7.2 Regulatory inquiries: Escalate to CCO within 24 hours
7.3 Material errors or failures: Immediate suspension and review
8. RECORD KEEPING
8.1 Maintain all supervision records for minimum 6 years
8.2 Records include: approvals, reviews, findings, actions taken
9. ANNUAL REVIEW
9.1 WSP for AI agents reviewed annually by CCO
9.2 Updates documented and communicated to supervisory personnel
Step 3: Create Agent Approval Workflow
Build Power Automate workflow for supervisory approval.
Copilot Studio Agent Approval Flow:
- Navigate to make.powerautomate.com
- Create Automated cloud flow
- Trigger: When agent status changes to "Ready for Review"
- Flow steps:
Enterprise Managed Agents:
1. Get agent details from registry
2. Send approval to Designated Supervisor
- Include: Agent summary, test results, risk assessment
3. If approved: Send to AI Governance Lead
4. If approved: Send to CCO (Chief Compliance Officer)
5. Require all three approvals
6. If all approved: Update status to "Approved for Production"
7. Log approval chain with timestamps
Team Collaboration Agents:
1. Get agent details from registry
2. Send approval to Team Lead
3. Send approval to AI Governance Lead
4. Require both approvals
5. Update status and log approvals
Step 4: Configure Supervision Dashboard
Build Power BI dashboard for supervisory oversight.
Supervision Dashboard Components:
| Section | Content | Refresh |
|---|---|---|
| Agent Overview | Total agents by governance tier, status, owner | Daily |
| Interaction Summary | Volume, resolution rate, escalations | Real-time |
| Error Monitoring | Error count, rate, trending | Real-time |
| Sample Review Status | Reviews completed vs. required | Weekly |
| Approval Pipeline | Pending approvals, aging | Daily |
| Compliance Issues | Open issues, remediation status | Daily |
| Supervision Log | Recent supervision activities | Real-time |
Step 5: Implement Sample Review Process
Define and automate interaction sampling for review.
Sample Selection Criteria:
| Trigger | Selection Logic | Priority |
|---|---|---|
| Random | X% of all interactions | Standard |
| Keyword | Contains sensitive terms | High |
| Escalation | Required human handoff | High |
| Low CSAT | Customer rating < 3 | High |
| New Topic | First occurrence of topic | Medium |
| Error | Agent error detected | High |
Create SharePoint List: Supervision Review Log
| Column | Type | Purpose |
|---|---|---|
| Review ID | Auto-number | Unique identifier |
| Agent ID | Lookup | Link to agent registry |
| Session ID | Text | Specific interaction |
| Review Date | Date | When review conducted |
| Reviewer | Person | Designated supervisor |
| Selection Reason | Choice | Random, Keyword, Escalation, etc. |
| Interaction Summary | Multi-line text | Brief description |
| Accuracy | Choice | Accurate, Minor issues, Inaccurate |
| Compliance | Choice | Compliant, Concern, Violation |
| Customer Impact | Choice | Positive, Neutral, Negative |
| Follow-up Required | Yes/No | Needs further action |
| Follow-up Action | Multi-line text | Description of action |
| Resolution | Choice | Closed, Pending, Escalated |
Step 6: Establish Escalation Procedures
Define clear escalation paths for supervision issues.
Escalation Matrix:
| Issue Type | Initial Contact | Escalation 1 | Escalation 2 | Timeline |
|---|---|---|---|---|
| Customer complaint about AI | Agent Owner | AI Governance Lead | CCO | 24 hours |
| Incorrect information provided | Designated Supervisor | AI Governance Lead | CCO | 48 hours |
| Regulatory concern identified | AI Governance Lead | CCO | Legal | Immediate |
| Material agent failure | IT Operations | AI Governance Lead | CCO | 4 hours |
| Data breach/exposure | Security Team | CCO + CISO | Executive Team | Immediate |
| Bias/discrimination concern | AI Governance Lead | CCO + Legal | Executive Team | 24 hours |
Step 7: Configure Automated Supervision Alerts
Power Automate Alert Flow:
- Create scheduled flow (every 4 hours)
- Check for:
- Agents without review in > 7 days
- Error rates exceeding threshold
- Pending approvals > 48 hours old
- Unresolved escalations
- Send consolidated alert to supervisory personnel
Step 8: Document Supervision Records
Ensure all supervision activities are logged for FINRA 4511 compliance.
Required Supervision Records:
- Agent approval documentation
- Sample review logs
- Supervisory meeting minutes
- Issue identification and resolution
- Training completion records
- Annual WSP review documentation
- Examination response records
Retention Requirements:
- FINRA 4511: Minimum 6 years
- SEC 17a-4: 6 years for books and records
- Firm policy: Consider 7+ years for AI governance
PowerShell Configuration
# ============================================================
# Control 2.12: Supervision and Oversight (FINRA Rule 3110)
# ============================================================
# This script supports supervision program configuration
# and generates compliance documentation
# -------------------------------------------------------------
# Section 1: Define Supervisory Structure
# -------------------------------------------------------------
Write-Host "Configuring AI Agent Supervisory Structure..." -ForegroundColor Cyan
$SupervisoryStructure = @{
CCO = @{
Role = "Chief Compliance Officer"
Responsibilities = @(
"Ultimate supervisory responsibility for AI agents",
"Quarterly program review",
"Annual WSP review and approval",
"Regulatory examination response"
)
ReviewCadence = "Quarterly"
}
AIGovernanceLead = @{
Role = "AI Governance Lead"
Responsibilities = @(
"Day-to-day program management",
"Monthly performance reviews",
"Approval workflow management",
"Supervision log oversight"
)
ReviewCadence = "Monthly"
}
DesignatedSupervisor = @{
Role = "Designated Supervisor"
Responsibilities = @(
"Weekly operational review",
"Sample interaction review",
"First-level approval for changes",
"Issue identification and escalation"
)
ReviewCadence = "Weekly"
}
AgentOwner = @{
Role = "Agent Owner"
Responsibilities = @(
"Agent performance monitoring",
"Content accuracy maintenance",
"Incident response",
"Change request initiation"
)
ReviewCadence = "Daily"
}
}
$SupervisoryStructure | ConvertTo-Json -Depth 3 | Out-File "Supervisory_Structure.json"
Write-Host "Supervisory structure exported" -ForegroundColor Green
# -------------------------------------------------------------
# Section 2: Generate WSP Template
# -------------------------------------------------------------
Write-Host "`nGenerating Written Supervisory Procedures template..." -ForegroundColor Cyan
$WSPTemplate = @"
===============================================================================
WRITTEN SUPERVISORY PROCEDURES - AI AGENT GOVERNANCE
Firm: [FIRM NAME]
Effective Date: [DATE]
Last Reviewed: [DATE]
Approved By: [CCO NAME]
===============================================================================
SECTION 1: PURPOSE AND SCOPE
-----------------------------
1.1 Purpose
These procedures establish the supervisory framework for AI agents deployed
within [Firm Name] operations, consistent with FINRA Rule 3110 requirements
for establishing, maintaining, and enforcing written supervisory procedures.
1.2 Scope
These procedures apply to all AI agents including:
- Copilot Studio agents
- Custom conversational AI implementations
- Automated customer communication systems
- AI-assisted advisory tools
1.3 Regulatory References
- FINRA Rule 3110: Supervision
- FINRA Rule 4511: Books and Records
- SEC Rule 17a-4: Records Preservation
- FINRA Notice 25-07: AI in Broker-Dealer Operations
SECTION 2: SUPERVISORY PERSONNEL
---------------------------------
2.1 Chief Compliance Officer
Name: [CCO NAME]
Responsibilities: Ultimate supervisory authority, quarterly review, WSP approval
2.2 AI Governance Lead
Name: [NAME]
Responsibilities: Program management, monthly reviews, approval workflow
2.3 Designated Supervisors
[Business Function 1]: [NAME]
[Business Function 2]: [NAME]
[Business Function 3]: [NAME]
SECTION 3: PRE-DEPLOYMENT SUPERVISION
-------------------------------------
3.1 Agent Classification
All agents must be classified into a governance tier:
- Personal productivity: Personal/Low risk - Team lead approval
- Team collaboration: Team/Medium risk - AI Governance Lead + Designated Supervisor
- Enterprise managed: Enterprise/High risk - Full approval chain including CCO
3.2 Pre-Deployment Review Checklist
[ ] Agent purpose and use case documented
[ ] Regulatory implications assessed
[ ] Data access scope reviewed
[ ] Testing completed (functional, security, bias)
[ ] Disclosures verified (AI usage disclosure)
[ ] Escalation paths to human personnel confirmed
[ ] Approval workflow completed per governance tier
SECTION 4: ONGOING SUPERVISION
-------------------------------
4.1 Daily Supervision
- Automated monitoring of error rates and system health
- Agent Owner review of any alerts or issues
4.2 Weekly Supervision
- Designated Supervisor sample review of interactions
- Minimum review rates:
Enterprise managed: [X]% of interactions
Team collaboration: [Y]% of interactions
Personal productivity: [Z]% random sample
4.3 Monthly Supervision
- AI Governance Lead performance review
- Aggregated metrics analysis
- Issue trending and root cause review
4.4 Quarterly Supervision
- CCO program review
- Supervisory procedure effectiveness assessment
- Regulatory update integration
SECTION 5: SAMPLE REVIEW PROCEDURES
------------------------------------
5.1 Selection Methodology
Samples selected based on:
- Random selection (statistical sampling)
- Keyword/trigger-based (risk-weighted)
- Customer complaint association
- Escalation events
- Low satisfaction scores
5.2 Review Documentation
Each review must document:
- Interaction accuracy assessment
- Compliance with firm policies
- Regulatory adherence
- Customer impact evaluation
- Follow-up actions required
5.3 Review Record Retention
All review records retained minimum 6 years per FINRA 4511.
SECTION 6: ESCALATION PROCEDURES
---------------------------------
6.1 Issue Categories and Response
- Customer Complaints: Notify supervisor within 24 hours
- Compliance Concerns: Escalate to CCO within 24 hours
- Regulatory Inquiries: Immediate CCO notification
- Material Failures: Suspend agent pending review
6.2 Escalation Documentation
All escalations documented including:
- Issue description
- Immediate actions taken
- Resolution timeline
- Follow-up verification
SECTION 7: RECORD KEEPING
--------------------------
7.1 Required Records
- Agent approval documentation
- Supervision review logs
- Escalation records
- Training completion records
- WSP amendments
7.2 Retention Period
Minimum 6 years from creation or last applicable use.
7.3 Format
Records maintained in firm's designated recordkeeping systems
with appropriate access controls and backup.
SECTION 8: ANNUAL REVIEW
-------------------------
8.1 Annual WSP Review
This WSP section reviewed annually by CCO or designee.
Review includes:
- Effectiveness assessment
- Regulatory update incorporation
- Best practice updates
- Personnel updates
8.2 Documentation
Annual review documented with:
- Review date
- Changes made
- Approver signature
===============================================================================
VERSION HISTORY
---------------
| Version | Date | Author | Changes |
|---------|------------|------------|--------------------------------------|
| 1.0 | [Date] | [Name] | Initial version |
| 2.0 | [Date] | [Name] | [Changes] |
===============================================================================
CERTIFICATION
I have reviewed and approved these Written Supervisory Procedures for AI
Agent Governance.
Chief Compliance Officer: _________________________ Date: ___________
===============================================================================
"@
$WSPTemplate | Out-File "WSP_AI_Agent_Template.txt"
Write-Host "WSP template generated" -ForegroundColor Green
# -------------------------------------------------------------
# Section 3: Create Supervision Log Schema
# -------------------------------------------------------------
Write-Host "`nGenerating supervision log schema..." -ForegroundColor Cyan
$LogSchema = @"
SUPERVISION LOG - DATAVERSE/SHAREPOINT SCHEMA
==============================================
Table: fsi_supervisionlog
| Column | Type | Description |
|-----------------------|--------------|--------------------------------------|
| fsi_reviewid | Auto-number | Unique review identifier |
| fsi_agentid | Lookup | Link to Agent Registry |
| fsi_sessionid | Text | Specific interaction ID |
| fsi_reviewdate | Date/Time | When review was conducted |
| fsi_reviewer | Lookup | Link to User |
| fsi_reviewerRole | Choice | CCO, AI Gov Lead, Designated Sup |
| fsi_selectionreason | Choice | Random, Keyword, Escalation, etc. |
| fsi_interactionsummary| Multi-line | Brief description of interaction |
| fsi_accuracy | Choice | Accurate, Minor Issues, Inaccurate |
| fsi_compliance | Choice | Compliant, Concern, Violation |
| fsi_customerimpact | Choice | Positive, Neutral, Negative |
| fsi_followuprequired | Yes/No | Needs further action |
| fsi_followupaction | Multi-line | Description of required action |
| fsi_followupassigned | Lookup | Person responsible for follow-up |
| fsi_followupduedate | Date | When follow-up must be complete |
| fsi_resolution | Choice | Closed, Pending, Escalated |
| fsi_resolutiondate | Date/Time | When issue was resolved |
| fsi_resolutionnotes | Multi-line | Resolution details |
Create in Power Apps Maker Portal -> Tables -> New table
"@
Write-Host $LogSchema -ForegroundColor Yellow
# -------------------------------------------------------------
# Section 4: Generate Supervision Metrics Report
# -------------------------------------------------------------
Write-Host "`nGenerating supervision metrics report template..." -ForegroundColor Cyan
$MetricsReport = @"
===============================================================================
QUARTERLY SUPERVISION METRICS REPORT
Period: [Q# YYYY]
Report Date: $(Get-Date -Format 'yyyy-MM-dd')
Prepared By: [AI Governance Lead]
Reviewed By: [CCO]
===============================================================================
EXECUTIVE SUMMARY
-----------------
This report summarizes AI agent supervision activities for the quarter,
demonstrating compliance with FINRA Rule 3110 supervisory requirements.
SUPERVISION COVERAGE
--------------------
| Tier | Active Agents | Reviews Completed | Review Rate | Target |
|--------|---------------|-------------------|-------------|--------|
| Enterprise managed | [X] | [Y] | [Z]% | [T]% |
| Team collaboration | [X] | [Y] | [Z]% | [T]% |
| Personal productivity | [X] | [Y] | [Z]% | [T]% |
INTERACTION SAMPLING
--------------------
Total Interactions This Quarter: [X]
Interactions Reviewed: [Y]
Sample Rate: [Z]%
Sampling Distribution:
- Random Selection: [X]%
- Keyword Triggered: [Y]%
- Escalation Events: [Z]%
- Low CSAT: [W]%
FINDINGS SUMMARY
----------------
| Category | Count | Resolved | Open | Resolution Rate |
|-------------------|-------|----------|------|-----------------|
| Accuracy Issues | [X] | [Y] | [Z] | [%] |
| Compliance Concerns| [X] | [Y] | [Z] | [%] |
| Customer Impact | [X] | [Y] | [Z] | [%] |
| Escalations | [X] | [Y] | [Z] | [%] |
APPROVAL ACTIVITY
-----------------
New Agent Approvals: [X]
Agent Modifications Approved: [Y]
Approvals Denied: [Z]
Average Approval Time: [Days]
ESCALATION SUMMARY
------------------
Total Escalations: [X]
To Designated Supervisor: [Y]
To AI Governance Lead: [Z]
To CCO: [W]
Escalation Reasons:
[List top escalation reasons]
SUPERVISION MEETINGS
--------------------
Weekly Operations Reviews Held: [X] of [Y] scheduled
Monthly Performance Reviews Held: [X] of [Y] scheduled
Quarterly CCO Reviews Held: [X] of [Y] scheduled
KEY ISSUES AND ACTIONS
----------------------
[List significant issues identified and actions taken]
RECOMMENDATIONS
---------------
[List recommendations for program improvement]
CERTIFICATION
-------------
I certify that this supervision program has been executed in accordance
with our Written Supervisory Procedures and FINRA Rule 3110 requirements.
AI Governance Lead: _________________ Date: _________
Chief Compliance Officer: _________________ Date: _________
===============================================================================
"@
$MetricsReport | Out-File "Quarterly_Supervision_Report_Template.txt"
Write-Host "Quarterly report template generated" -ForegroundColor Green
# -------------------------------------------------------------
# Section 5: FINRA 3110 Compliance Checklist
# -------------------------------------------------------------
Write-Host "`nFINRA Rule 3110 AI Supervision Compliance Checklist..." -ForegroundColor Cyan
$Checklist = @"
===============================================================================
FINRA RULE 3110 - AI AGENT SUPERVISION COMPLIANCE CHECKLIST
===============================================================================
WRITTEN SUPERVISORY PROCEDURES (WSP):
[ ] WSP includes specific procedures for AI agent supervision
[ ] WSP designates responsible supervisory personnel
[ ] WSP defines approval requirements by governance tier/risk
[ ] WSP establishes review cadence and sampling methodology
[ ] WSP specifies escalation procedures
[ ] WSP reviewed and updated at least annually
[ ] WSP approved by CCO with documented signature
SUPERVISORY PERSONNEL:
[ ] CCO designated with ultimate AI oversight responsibility
[ ] AI Governance Lead designated for program management
[ ] Designated Supervisors assigned by business function
[ ] All supervisory personnel completed AI supervision training
[ ] Supervisory structure documented and communicated
PRE-DEPLOYMENT SUPERVISION:
[ ] All enterprise-managed agents require CCO approval before production
[ ] All team collaboration agents require AI Governance Lead approval
[ ] Approval workflow documented and enforced
[ ] Pre-deployment checklist completed for each agent
[ ] Testing results reviewed before approval
ONGOING SUPERVISION:
[ ] Sample review conducted per WSP requirements
[ ] Review findings documented in supervision log
[ ] Follow-up actions tracked to resolution
[ ] Supervision meetings held per schedule
[ ] Metrics reported to supervisory personnel
ESCALATION:
[ ] Escalation procedures documented and communicated
[ ] Escalations tracked and resolved
[ ] CCO notified of material issues
[ ] Regulatory inquiries handled per procedure
RECORD KEEPING:
[ ] All supervision records maintained per FINRA 4511
[ ] Records accessible for regulatory examination
[ ] Retention policy enforced (minimum 6 years)
[ ] Records protected from unauthorized modification
ANNUAL REVIEW:
[ ] WSP reviewed annually by CCO
[ ] Changes documented and approved
[ ] Supervisory personnel updated on changes
[ ] Training refreshed as needed
===============================================================================
"@
Write-Host $Checklist -ForegroundColor Yellow
Write-Host "`nSupervision configuration complete" -ForegroundColor Green
Financial Sector Considerations
Regulatory Alignment
| Regulation | Supervision Requirement | Control Implementation |
|---|---|---|
| FINRA Rule 3110 | Establish and maintain supervisory procedures | Written WSP for AI agents |
| FINRA Rule 3110(b) | Designate registered principal for each activity | Supervisory hierarchy defined |
| FINRA Rule 4511 | Maintain supervisory records | 6+ year retention of logs |
| SEC 17a-4 | Preserve books and records | Supervision records retained |
| SOX 302/404 | Management certification of controls | CCO quarterly review |
| FINRA Notice 25-07 | AI-specific supervision guidance | Bias testing, disclosure oversight |
Zone-Specific Configuration
| Zone | Supervision Level | Approval Chain | Sample Rate |
|---|---|---|---|
| Zone 1 - Personal | Light touch | Team Lead | 1% random |
| Zone 2 - Team | Standard | AI Gov Lead + Supervisor | 5% + keyword |
| Zone 3 - Enterprise | Intensive | Full chain + CCO | 10% + keyword + all escalations |
FSI Supervision Considerations
Broker-Dealer Agents:
- FINRA supervision requirements apply
- Suitability determination oversight
- Best execution monitoring
- Communications supervision per Rule 3110(b)(4)
Investment Adviser Agents:
- Fiduciary duty oversight
- Advice accuracy supervision
- Disclosure completeness review
Banking Agents:
- Consumer protection oversight
- Fair lending supervision
- Privacy compliance monitoring
Verification & Testing
Verification Steps
- WSP Documented
- Review AI Agent WSP section
- Verify CCO approval signature
-
Confirm annual review date current
-
Supervisory Personnel Designated
- Review organizational structure
- Verify personnel trained on AI supervision
-
Confirm coverage for all business functions
-
Approval Workflow Enforced
- Test sample approval request
- Verify approval chain per governance tier
-
Check that unapproved agents blocked
-
Sample Reviews Conducted
- Check supervision log entries
- Verify sample rates met
- Confirm findings addressed
Compliance Checklist
- [ ] Written Supervisory Procedures include AI agents
- [ ] Supervisory personnel designated and trained
- [ ] Approval workflow enforced per governance tier
- [ ] Sample reviews conducted per schedule
- [ ] Supervision dashboard operational
- [ ] Escalation procedures documented
- [ ] Supervision records retained 6+ years
- [ ] Quarterly CCO review conducted
- [ ] Annual WSP review completed
Troubleshooting & Validation
Issue: Approval Workflow Not Enforced
Symptoms: Agents deployed without proper approval Solution:
- Review approval workflow configuration
- Ensure workflow triggers on correct status change
- Verify approvers have appropriate access
- Add validation to prevent status bypass
- Audit existing agents for approval gaps
Issue: Sample Review Targets Not Met
Symptoms: Review rates below WSP requirements Solution:
- Increase automation of sample selection
- Add review queue notifications
- Redistribute workload across supervisors
- Consider risk-based prioritization
- Escalate staffing needs if persistent
Issue: Supervision Records Missing
Symptoms: Unable to produce records for examination Solution:
- Audit all supervision activities
- Verify logging is capturing all reviews
- Check retention policy enforcement
- Reconstruct records where possible
- Implement controls to prevent recurrence
Issue: CCO Not Engaged in AI Supervision
Symptoms: Quarterly reviews not occurring Solution:
- Schedule recurring calendar appointments
- Prepare executive summary reports
- Highlight regulatory risk of non-compliance
- Delegate preparation to AI Governance Lead
- Document and escalate if persistent
Additional Resources
- Power Automate approvals
- Power BI dashboards
- Copilot Studio analytics
- Microsoft Compliance Manager
- SharePoint retention policies
Related Controls
| Control | Relationship |
|---|---|
| 2.8 - Access Control | Supervisors need appropriate access |
| 1.7 - Audit Logging | Log supervision activities |
| 2.11 - Bias Testing | Supervision includes bias oversight |
| 2.13 - Documentation | Supervision records retention |
| 3.3 - Compliance Reporting | Supervision metrics in reports |
Support & Questions
For implementation support or questions about this control, contact:
- AI Governance Lead (governance direction)
- Compliance Officer (regulatory requirements)
- Technical Implementation Team (platform setup)
Updated: Dec 2025
Version: v1.0 Beta (Dec 2025)
UI Verification Status: ❌ Needs verification