Open finance is becoming agentic.Authority must come first.™
Financial services are moving from dashboards to decisions. From applications to agents. From passive data access to delegated financial action. Agentic Open Finance™ is the consent, authority, governance, and evidence layer for financial agents across banking, payments, lending, insurance, pensions, wealth, utilities, payroll, and trade finance — helping organisations design, govern, deploy, and commercialise agents that read, reason, recommend, and act only within approved consent, policy, jurisdiction, risk, and evidence boundaries.
ASKwho authorised it?ASKwhat exactly was authorised?ASKwhich agent acted?ASKwhat was the permitted scope?ASKwhich policy applied?ASKwhich jurisdiction applied?ASKwhat evidence exists?ASKwhat if the customer disputes it?ASKwhat if the agent was wrong?ASKwho wears the loss?ASKwho authorised it?ASKwhat exactly was authorised?ASKwhich agent acted?ASKwhat was the permitted scope?ASKwhich policy applied?ASKwhich jurisdiction applied?ASKwhat evidence exists?ASKwhat if the customer disputes it?ASKwhat if the agent was wrong?ASKwho wears the loss?
The problem
The next financial interface will not be an app. It will be an authorised agent.™
Open banking and open finance focused on access; the next phase is delegation. Agents will monitor cashflow, prepare lending evidence, spot better products, time payments, manage recurring mandates, detect risk, explain decisions — and act. But in finance, action is not just automation. Action requires authority. Financial agents are coming, and most organisations are not ready: the moment an agent enters the workflow, the core question changes from "can the system do this?" to "who authorised it — and what exactly?"
01the consent illusion
A token proves the user let you in — not that they meant this payment.
Consent is granted once, broadly, in advance. The action happens later, specifically, at machine speed. Between those two moments lives every incident report this industry will ever write.
02silent scope creep
The actor never sleeps, so the drift never shows.
An agent permitted to "manage payments" will, eventually, manage one you did not mean. Not malice — inference. A standing permission plus a reasoning engine is an unbounded mandate.
03the wrong question
Logs answer "what happened" — the dispute asks "was it allowed".
Observability reconstructs behaviour. The auditor, the ombudsman and the regulator ask about authority: in scope, live grant, named approver. Most stacks simply cannot answer.
Seven reasons most stacks are not readyConsent is fragmentedAuthority is vague — data access is not authority to recommend, initiate, approve, escalate or executePolicies are not executableEvidence is incompleteJurisdictions differCommercialisation is unclearGovernance arrives too late
Without a clear authority layer, agentic finance becomes a liability. Agentic Open Finance™ starts with authority.™
Anatomy
One governed action, five moments — in order, every time.
Authority before autonomy.™ Not a workflow diagram — an authority chain. It plays below; tap any step to jump.
01
Intentthe agent proposes the act
02
Mandate checkis this in scope — right now?
03
Verdictallow · deny · escalate
04
Named finalitya person with standing binds it
05
Sealed proofevidence exists before the question
The category
What is Agentic Open Finance™?
The use of authorised financial agents to perform governed tasks across open banking, payments, lending, insurance, wealth, pensions, payroll, utilities, trade finance and other financial data ecosystems. It is not just data access. Not just automation. Not just AI chat. Not just a dashboard. Consent and authority are different instruments — put them side by side once, and the gap stops being abstract.
consent token · what you have today
Proves the door was opened
Granted once, broadly, at onboarding — then trusted for months
Scope is a category ("payments", "account information"), not an act
Silent between renewals — nothing re-checks it at the moment of use
Revocation is coarse — all or nothing, often buried in settings
Audit answers "was access permitted?" — never "was this act meant?"
per-action authority · what agents require
Proves the act was allowed
Resolved per action, at execution time — never carried forward
Scope is concrete — this payee, this ceiling, this window
Checked live — a lapsed or narrowed mandate fails quietly, before money moves
Revocation is surgical — one agent, one action class, one counterparty
Evidence answers "was this exact act authorised, and by whom?" — months later
Ten questions it answersWho gave authority?What was the scope?Which agent acted?Which policy applied?What evidence was captured?Could the action be replayed?Could the customer understand it?Could the business defend it?Could the regulator inspect it?Could the partner trust it?
Doctrine
Seven operating principles of agentic open finance
Authority before autonomy.™ If the industry adopts nothing else, it should adopt these. Each closes a failure class consent tokens were never designed to close.
PRINCIPLE · 01
Authority before autonomy.™
An agent should never act simply because it can. No standing permission: a grant is scoped to the act — this payee, this ceiling, this window — and checked at execution, not at onboarding. Boring by design: boring is what auditable looks like.
PRINCIPLE · 02
Consent must be specific.™
Consent names a purpose, a scope, an agent and a window — never a blanket. A token that opens everything authorises nothing in particular, and the agent allowed to pay this morning must be allowed again this afternoon.
PRINCIPLE · 03
Policy must shape action.™
Rules that live in PDFs govern nothing. Policy is executable — it allows, denies, escalates or demands approval before the action, not in the post-mortem. A denied act never executes; an escalated act waits.
PRINCIPLE · 04
Evidence must exist at the moment of action.™
Every verdict is sealed when it happens: the mandate that applied, the grant that was live, the person who bound it. Not logs assembled after the incident — evidence that already exists before the question is asked. March's dispute is answered from January's seal.
PRINCIPLE · 05
Jurisdiction matters.™
The same agent, the same action, a different regime — a different answer. Jurisdiction is resolved before execution, natively, never retrofitted. An action lawful in one market stops quietly at the border of another.
PRINCIPLE · 06
Customers must remain in control.™
Notification, approval and revocation stay in the customer's hands — and finality has a name. Above the line — new payee, new ceiling, irreversible transfer — the act stays provisional until a person with the standing to bind says so. When the regulator asks "who authorised this?", the answer is a name, never a model version.
PRINCIPLE · 07
Commercial models must be governable.™
Every governed action is attributable, meterable and billable from day one — a commercial event with evidence attached, not an afterthought. If you cannot govern how an agent earns, you cannot govern the agent.
Positioning
The control layer for agentic open finance.™
We help you define what agents may see, recommend, initiate — and never do; when human approval is required; when a mandate is valid; when consent expires; when a policy blocks action; when a customer must be notified; when evidence must be preserved; when a workflow escalates; when an action is commercially billable; and when an agent is safe to deploy. Not a chatbot with compliance added later — an execution spine agents cannot bypass. The agent proposes; the rails decide; the record outlives both.
Distribution layerembeddable components and policy-aware connections — the surfaces partners ship
Agent layerregistered, versioned, mandate-bound agents — no anonymous actors
Turn financial rules into enforceable agent boundaries.™
Agents can be configured to allow, deny, escalate, request approval or more evidence, notify a customer, route to a specialist, create an incident, generate a report — or stop an action before harm
Embeddable components — the distribution layerConsentBank connectPayment intentMandateCashflow summarySubscription controlAffordability evidenceAgent approvalDispute evidenceRevocation
Agent catalogue
Financial Agents for the Open Finance Era™
Twelve governed agents — each one registered, scoped, policy-bound and evidence-native. Every agent runs inside a live mandate and can be refused, escalated or revoked per action. None of them can exceed what it was allowed to do.
Cashflow CFO Agent™
Reads accounts, forecasts cashflow and proposes payment timing — and cannot exceed its mandate.
SMEs · accountants
Subscription Guardian Agent™
Watches recurring charges, flags creep and duplicates, and prepares governed cancellations.
households · subscription businesses
Mandate Control Agent™
Monitors recurring mandates for limits, expiry and drift — escalating before an unwanted charge, not after.
payments teams · billing
Affordability Evidence Agent™
Assembles consent-scoped affordability evidence into a decision-ready pack.
lenders · brokers
Reconciliation Agent™
Matches invoices, payments and accounts — and files exceptions with a reviewer instead of guessing.
finance operations
Payroll Protection Agent™
Watches payroll runway and reserves, warning before payday is at risk.
payroll providers · SMEs
VAT Reserve Agent™
Sets aside tax reserves under governed sweep rules — so the quarter never arrives as a surprise.
SMEs · accountants
Lending Readiness Agent™
Prepares a business to borrow: evidence, ratios and gaps — before the application, not during it.
SME platforms · lenders
Insurance Renewal Agent™
Prepares renewals with context — cover, claims and affordability — under explicit consent.
insurers · brokers
Customer Outcome Agent™
Reviews outcomes against duty-of-care boundaries and flags the ones that need a human.
compliance · customer care
Dispute Replay Agent™
Reconstructs any disputed action from its sealed evidence — the mandate, the verdict, the approver.
support · legal · audit
Consent Compliance Agent™
Continuously checks live consents against actual use — expiring, revoked or overreached.
compliance · payment firms
Solutions
Ten sectors, one control model
The gap looks different from every seat at the table. The fix is the same discipline — consent, authority, policy, evidence — applied to each sector's own workflows.
Prepare for the age of delegated financial action.™
You are the account. You wear the loss. When a third-party agent misfires against an account you hold, the customer calls you — the token was valid, the connection worked as documented, and the money is still gone. Your defence is not "consent was granted". It is "the action was checked against a live mandate, and here is the sealed record."
Representative work: agent access policies, per-action authority checks, dispute-ready evidence, agent-safe payment products. The bank that can prove per-action authority will set the terms of agentic access. The bank that can't will switch it off — and lose the channel.
Launch financial agents customers and partners can trust.™
Nobody lets a brilliant agent near serious money on brilliance alone. The unlock is bounded autonomy you can demonstrate: show that your agent cannot exceed its mandate even when its reasoning says it should. "It asks before it binds" is a feature you can sell. "Trust the model" is not.
Representative work: governed agent features, consent-scoped data products, partner assurance evidence, faster risk sign-off on new agent launches.
Turn bank data into proactive financial guidance.™
Client permissions become explicit, scoped and renewable — and the practice becomes the governed operator of its clients' financial agents rather than a spreadsheet janitor.
Affordability stops being a PDF bundle and becomes a consented, verifiable evidence pack — assembled by a governed agent, defensible months later.
Representative work: affordability evidence packs, consent-scoped verification, decision evidence for underwriting, dispute replay on contested outcomes.
Open finance can make insurance more responsive, fair, and contextual.™
Renewals, claims and cover checks gain live financial context — under explicit consent, with vulnerable-customer safeguards enforced by policy rather than training slides.
Representative work: renewal preparation with context, contextual cover checks, claims evidence, fair-value and vulnerability safeguards.
Discovery, consolidation prompts and drawdown guardrails run under suitability boundaries — with escalation to a named adviser designed in, not improvised.
Representative work: discovery under consent, suitability boundaries on recommendations, adviser escalation, evidence of the advice context.
Smart data needs smart authority.™
Switching support, payment plans and collections gain affordability context — governed, notified and evidenced, so help arrives before arrears and dignity survives the process.
Mandates with limits, expiry and transparent evidence turn billing disputes from churn events into replayable records — and failed-payment recovery into a governed retry, not a surprise.
Rent, affordability, deposits, and financial evidence are becoming agentic.™
Tenant affordability, rent mandates and deposit evidence run under scoped consent — the letting decision and the arrears conversation both get a defensible record.
Use case library — Personal financeSubscription controlSafe recurring paymentsSpending guardrailsProvider switchingSME financeCashflow forecastingPayroll protectionTax reservesSupplier payment plansLendingAffordability evidenceLending readinessDecision evidenceDispute replayPaymentsPayment initiation under mandateRecurring mandatesFailed-payment recoveryIncident playbooksInsuranceRenewal preparationContextual coverClaims evidenceFair-value checksWealth and pensionsDiscovery under consentSuitability boundariesAdviser escalationDrawdown guardrailsPropertyTenant affordabilityRent mandatesDeposit evidenceArrears workflowsTrade financeCounterparty evidenceInvoice verificationPayment schedulingFinancing readinessPublic sectorBenefits affordability contextGrant evidenceGoverned disbursementsAudit-ready records
Failure files
Four incidents that are already in the post
None of these require a malicious agent. Each one only requires a standing permission, a reasoning engine, and time. Each has a structural fix — none of the fixes is "better prompts".
FILE 01 · scope creep
The runaway optimiser
An agent told to "reduce monthly costs" cancels a subscription the user was mid-dispute on, then switches an insurance product with a worse exclusion clause. Every individual call was inside the consent. The outcome was never meant.
Structural fixProduct-switching and cancellation are separate action classes with their own grants — "reduce costs" is a goal, not an authority.
FILE 02 · counterparty drift
The new payee at 2 a.m.
A payment agent resolves an invoice to a counterparty the account has never paid, from an email thread it was asked to "handle". The transfer clears. The invoice was fraudulent. The consent token was valid the entire time.
Structural fixFirst-time payees are above the finality line by default — provisional until a named person binds the act.
FILE 03 · stale mandate
The authority that outlived its owner
The employee who configured the treasury agent leaves the company. The agent keeps sweeping balances for months under a delegation nobody currently holds. Every sweep is logged beautifully. None of them had a living mandate behind it.
Structural fixGrants are checked live against current authority — an authority that lapsed an hour ago fails at the next action, not at the next audit.
FILE 04 · evidence gap
The dispute nobody can settle
A customer disputes a transfer their agent made in January. It is now June. The provider has request logs, the bank has settlement records, and neither can prove what the user's mandate actually permitted at that moment. The regulator reads both files and believes neither.
Structural fixThe verdict, the live mandate and the approver are sealed at the moment of the act — the dispute replays the seal, not the recollection.
The artefact
What a mandate actually looks like
Not a legal PDF and not a scope string — a small, checkable object that exists per agent, per action class, and dies on schedule.
mandate · payments.transferLIVE
agenthousehold-finance-agentoperated by the account holder
payees6 approvednew payee → escalate
ceiling£500 / act · £2,000 / monthhard, not advisory
windowexpires in 27 daysrenewal is a human act
finalitynamed approver above ceilingaccountability stays personal
evidencesealed per actionreplayable in dispute
Everything on this card is checkable by a machine and readable by a human. That double property is the whole trick: the agent can be refused in microseconds, and the ombudsman can understand the refusal in seconds.
Notice what is absent — no model name, no prompt, no vibe. Authority attaches to the act, not to the intelligence proposing it. Swap the model, keep the mandate; upgrade the agent, keep the ceiling.
And notice the expiry. A mandate that cannot die was never a mandate — it was a transfer of ownership nobody priced.
Why now
The missing layer is not intelligence. The missing layer is governed authority.
From open banking to open finance to agentic finance.™ Access came first; then programmable payments, customer control, automation, accountability, AI adoption — and now agentic systems inside real workflows. Delegation without authority is dangerous. Automation without evidence is fragile. Personalisation without consent is risky. Financial action without governance is unacceptable.
what this is not
Not another finance app. Not another AI chatbot. Not another compliance document.
We do not start with prompts — we start with permission
Not automation — authority
Not dashboards — outcomes
Not generic AI — financial boundaries
Not after-the-fact audit — evidence at the moment of action
Not one vertical — a reusable open finance control model
what the market is ready for
The demand is already written down
Customer-controlled agents and safer recurring mandates
Evidence packs and AI-assisted affordability
Proactive SME cashflow and agentic compliance monitoring
Governed automation and cross-sector smart data
Training and certification for the people who will govern it
Partner-led implementation at sector scale
Products & programmes
Start with a sprint. Scale with the platform.
Six commercial products — each one a fixed-scope engagement with named deliverables, all of them feeding the same registries, policies and evidence spine.
Engagements run from a readiness assessment through pilots, platform adoption, certification programmes and partner delivery — education and assessment come first, so governance never waits for procurement. Detailed pricing is shared with registered prospects.
Academy
Train the people who will govern the next generation of financial agents.™
Six certificates — one per seat at the table. Every certificate is casework on the same control model this page describes: consent, authority, policy, evidence.
Certified Agentic Open Finance Practitioner™For product, operations and delivery people building governed agent journeys.
Certified Financial Agent Governance Lead™For risk, compliance and governance owners accountable for agent behaviour.
Certified Open Finance Product Architect™For architects and product leaders designing consent-and-authority-first products.
Certified Agentic Payments Specialist™For payments teams designing mandates, limits and dispute-ready journeys.
Certified Consent & Authority Designer™For the designers of consent journeys, permission screens and mandate experiences.
Certified SME Cashflow Agent Specialist™For accountants, bookkeepers and SME platforms deploying cashflow agents.
The control model travels: providers plug in beneath it, professional firms deliver on top of it, and every partner ships the same templates their clients' regulators will eventually ask for.
Open finance providersBring the regulated connectivity; the rails add per-action authority on top.
Payment providersOffer mandates customers can actually scope, monitor and revoke.
Accounting firmsOperate governed cashflow and reserve agents for client portfolios.
Compliance firmsDeliver agent risk registers and evidence reviews as a repeatable service.
Law firmsAdvise on delegation, liability and disputes with sealed evidence to point at.
ConsultantsRun readiness sprints and pilots with a fixed, board-ready template set.
Software platformsEmbed consent, mandate and evidence components in their own surfaces.
Asked by banks, builders and regulators — answered without hedging.
Q1 What is Agentic Open Finance™? +
The use of authorised financial agents to perform governed tasks across open banking, payments, lending, insurance, wealth, pensions, payroll, utilities and trade finance — with consent, authority, policy and evidence resolved per action. It is not just data access, not just automation, not just AI chat, and not just a dashboard: it is the control layer that makes delegated financial action defensible.
Q2 Is this only for banks? +
No. Banks matter because they hold the account — but the same control model serves fintechs, payment firms, lenders, insurers, wealth platforms, accountants, payroll providers, utilities, property platforms, subscription businesses and the public sector. Anyone whose software can move, commit or evidence money needs an answer to "who authorised this?"
Q3 Is this a consumer app? +
No. It is the layer organisations use to design, govern, deploy and commercialise financial agents. Customers feel it indirectly — as clearer consent, safer mandates, honest notifications and outcomes that can be explained back to them.
Q4 What makes financial agents different from normal automation? +
Automation repeats a defined task; an agent reasons and chooses. In finance a choice is an action with consequences — money moves, products switch, credit extends. That is why an agent needs authority, policy and evidence per action, where a scheduled job only ever needed a checklist.
Q5 Can agents move money? +
Only when the consent, mandate, policy, approval and evidence requirements are all satisfied — and above the finality line, only after a named person binds the act. A governed agent that cannot prove its authority does not act. That is the point.
Q6 Isn't this just strong customer authentication again? +
No. SCA proves a human is present and is who they claim at a login or payment moment. Agentic finance is defined by the human being absent — the entire question is what the software may do while nobody is watching. Authentication answers "who?"; a mandate answers "what, how much, until when, and who carries it?"
Q7 Won't per-action checks make agents uselessly slow? +
A mandate check is a lookup against a small object, not a committee meeting — microseconds, not minutes. The slow path is reserved for the acts you'd want slow anyway: new payees, raised ceilings, irreversible transfers. Below the line, governed agents run exactly as fast as ungoverned ones. The difference only appears when something should stop.
Q8 Doesn't the model's own judgement make this redundant? +
A model's judgement is a capability, not a boundary. It improves on average and fails on the tail — and finance is priced on the tail. The mandate exists precisely for the day the reasoning is confidently wrong. "The model would never do that" is not a sentence anyone should have to say to a regulator.
Q9 Who should hold the mandate — the bank, the wallet, or the agent builder? +
The mandate belongs to the principal — the customer or firm whose money moves — and must be checkable by whoever executes. In practice that means the executing institution enforces it, the interface renders it, and the builder honours it. Anyone in the chain who can't check it shouldn't be executing.
Q10 Do existing consent regimes have to be replaced? +
No — consent still opens the door, and nothing here removes it. Authority is a second layer under the same door: consent admits the agent to the account; the mandate decides, act by act, what may bind. Regimes evolve by addition here, not demolition.
Q11 What's the first practical step? +
Inventory. List every agent that can touch money, what each is currently able to do, and under whose standing permission. Most teams discover the honest answer to the third column is "nobody is sure" — that inventory is the business case, and everything on this page follows from it.
Q12 What's the fastest way to start? +
The Agentic Open Finance™ Readiness Sprint. It packages that inventory with an opportunity map, a risk map, a consent and authority model and a board-ready briefing — so the first pilot starts from a governed baseline instead of a blank page.
consent tokenProof the principal admitted the agent to the account. Opens the door; says nothing about specific acts.
mandateA small, live, expiring object stating what an agent may make happen — payees, ceilings, windows.
verdictThe pre-action decision: allow, deny, or escalate. Recorded, and rendered before execution.
named finalityAbove a threshold, a specific person with standing binds the act. Accountability never transfers to software.
sealed proofEvidence fixed at the moment of the act — mandate, verdict, approver — replayable in any later dispute.
Get started
Ready to build financial agents with authority?
Agentic Open Finance™ helps you move first — without losing trust. Financial agents are inevitable. Ungoverned financial agents are optional.™ The winners will know who authorised the agent, what it was allowed to do, which policy applied, what evidence exists, how to explain the outcome — and how to scale safely.
the board briefing — what's inside
Download the Agentic Open Finance™ Board Briefing
What agentic open finance means — in board language, not vendor language
Why authority matters more than intelligence
The first use cases, and the risk and evidence questions each one raises
Which teams to involve, and where the first pilot starts