Skip to content

Pillar 3: Reporting Controls

Provide visibility, accountability, and metrics for agent governance.

Overview

Pillar 3 establishes the reporting and monitoring capabilities required to maintain oversight of AI agents across the organization. These 9 controls ensure that governance teams, compliance officers, and regulators have visibility into agent inventory, usage patterns, security posture, and incident response—essential for demonstrating effective supervision to examiners.

Primary Regulatory Alignment: FINRA Rule 3110 (supervision), FINRA 4511 (recordkeeping), SEC 17a-3/4 (records)

Control Categories:

Category Controls Focus
Inventory & Tracking 3.1, 3.5-3.6 Agent registry, cost tracking, orphan detection
Activity Monitoring 3.2, 3.8 Usage analytics, Copilot Hub
Compliance Reporting 3.3-3.4 Regulatory reporting, incident response
Security Operations 3.7, 3.9 PPAC security posture, Sentinel integration

Controls