EU AI Act7 de julio de 20269 min read

MAS SAFR, the EU AI Act, and FINMA: Regulators Converge on Runtime Evidence

MAS's SAFR framework, the EU AI Act, and FINMA Guidance 08/2024 converge on one requirement: AI governance evidence produced at the moment of action.

Antonella Serine

Antonella Serine

Founder, KLA

Founder of KLA, building the independent runtime governance control plane for regulated AI agents under the EU AI Act.

SAFR

SAFR — Safeguards for Agentic Finance at Runtime (MAS BuildFin.ai, July 2026) — specifies a runtime checkpoint for agentic finance: every proposed action is identity-checked, evaluated against controls, and logged before it executes.

EU AI Act

The EU AI Act requires automatic event logging (Art. 12), deployer log retention (Art. 26), human oversight (Art. 14), and post-market monitoring (Art. 72) for high-risk AI systems.

FINMA Guidance 08/2024

FINMA Guidance 08/2024 expects inventories of AI applications, clear accountability, testing and monitoring, and documentation proportionate to risk.

The shared core

The shared core — verified identity, bounded authority, evaluation at the moment of action, tamper-evident records — can be built once and configured per regime.

Three instruments now shape how financial institutions govern AI systems that act: the SAFR framework published by MAS's BuildFin.ai initiative in July 2026, the EU AI Act's obligations for high-risk systems, and FINMA's Guidance 08/2024 on governance and risk management when using AI. They differ in legal force, in scope, and in vocabulary. They agree on direction: governance is moving from documentation reviewed before deployment to evidence produced at the moment of action. This piece maps what each regime asks for, isolates the core they share, and sets out what a cross-border institution should build once to answer all three.

Runtime evidence for agentic finance

Model risk management validates a system before deployment. Audit reviews what it did afterwards. The SAFR white paper names the space between these two disciplines as the first of three gaps in current governance infrastructure: neither one examines a specific agent decision before it executes. The second gap is the human-agent governance interface. Escalation today is ad hoc — a notification, an email alert, a dashboard flag — with no deadline, no standard decision format, and no audit record. The paper calls this "the appearance of human oversight without the substance of it." The third gap is fragmentation: per-deployment guardrails that are neither interoperable nor auditable in a consistent format.

The gaps matter because of what AI systems in finance now do. Agents initiate payments, submit trading orders, approve credit applications, file regulatory reports, and settle insurance claims, often at high frequency and with no per-action human review. Each of the three regimes below responds to that shift with requirements that operate while the system runs.

Singapore: the MAS SAFR framework specifies the checkpoint

Safeguards for Agentic Finance at Runtime (SAFR) is a white paper, version 1.0, published in July 2026 by MAS's BuildFin.ai initiative and written with Ant International, Circle, HSBC, J.P. Morgan Chase, Manulife, Mastercard, OCBC, and Visa. It describes a reference approach for a runtime governance layer that sits between an AI agent and the systems it acts on, evaluating proposed actions before execution. The paper is explicit about its status: "It does not constitute regulatory guidance or supervisory expectations." Each institution remains responsible for determining how its deployment aligns with the supervisory expectations that apply to it.

The design thesis: "no agentic action reaches execution without having been declared, authorised, and assessed." Four components deliver it. Agent Identity binds each proposed action to a registered agent, verified against a registry before any other evaluation proceeds. The Controls Repository holds the institution's configurable rulebook, drawn from organizational policies, regulatory requirements, product rules, and user-provided mandates. The Disposition Engine evaluates each action against those controls and returns one of four binding outcomes: Deny, Escalate, Auto-Execute, or Observe. The Audit Log records every governance decision in immutable, tamper-evident, append-only form — in the paper's words, "the authoritative record, independent of any party with an interest in how events are characterised after the fact."

SAFR arrives inside a broader Singapore stack. Project MindForge, a MAS-industry consortium, published an Executive Handbook of 17 considerations and an Operationalisation Handbook covering, among other things, least-privilege tool and data access for agents, kill switches and timeouts, and traceability through searchable logging. IMDA's Model AI Governance Framework for Agentic AI (2026) adds a four-part governance model: use-case bounding, access limitation, human oversight, and principal hierarchy accountability. A full walkthrough of the framework is in our SAFR framework explainer.

The EU AI Act sets runtime record obligations for high-risk AI systems in law. Four articles matter here.

The Digital Omnibus proposal provisionally defers most high-risk obligations to 2 December 2027. The deferral changes the compliance date. The direction is unchanged, and institutions deploying agentic systems in 2026 will be operating those same systems when the obligations apply. Event records designed in from the start cost less than records retrofitted onto a running estate.

For the assessment obligations that precede deployment, see our FRIA template guide for the EU AI Act.

  • Article 12 — automatic event logging. High-risk AI systems must automatically record events.
  • Article 26 — deployer duties. The institution operating a high-risk system retains the logs it generates.
  • Article 14 — human oversight. High-risk systems must be designed for effective human oversight during use.
  • Article 72 — post-market monitoring. Providers must monitor high-risk systems after they are placed on the market.

Switzerland: FINMA Guidance 08/2024

FINMA's Guidance 08/2024 addresses governance and risk management when financial institutions use artificial intelligence. It states expectations at the level of principles. Four expectations recur:

Proportionality is the operative principle for agentic systems. Documentation that is proportionate for a model drafting summaries for human review differs from documentation that is proportionate for an agent initiating payments at high frequency. In our reading, proportionate documentation for autonomous agents acting on financial rails is a per-action record of what was proposed, what authority it was checked against, and why it was allowed to proceed.

  • inventories of AI applications,
  • clear accountability for their use,
  • testing and monitoring,
  • documentation proportionate to risk.

The shared core across three regimes

The three regimes share a common core: a system whose identity is known, whose authority is bounded, whose actions are evaluated while it operates, and whose record cannot be quietly rewritten.

The mapping is directional. SAFR is the most specific of the three: it defines a checkpoint that returns a binding outcome for every proposed action before execution, and it specifies the data structures the record must contain. The AI Act is binding law and frames its requirements at the level of the system: logging capability, oversight design, monitoring process. FINMA states principles and leaves implementation depth to the institution. An institution that implements the SAFR pattern produces, as a by-product, the per-action event records the other two regimes can read. An institution that implements only system-level logging still has the pre-execution checkpoint left to build.

The shared core across SAFR, the EU AI Act, and FINMA Guidance 08/2024
RequirementSAFR (MAS BuildFin.ai, 2026)EU AI ActFINMA Guidance 08/2024
InstrumentIndustry reference approach ("does not constitute regulatory guidance")Binding regulation; most high-risk obligations provisionally deferred to 2 Dec 2027Supervisory guidance
Verified identityAgent Identity verified against a registry before any other evaluationInventories of AI applications
Bounded authorityMandates: explicit, machine-readable delegated authority; an agent cannot extend its own scopeHuman oversight during use (Art. 14)Clear accountability
Evaluation at the moment of actionDisposition Engine returns Deny, Escalate, Auto-Execute, or Observe before executionHuman oversight during use (Art. 14); post-market monitoring (Art. 72)Testing and monitoring
Tamper-evident recordImmutable, append-only Audit Log of every governance decisionAutomatic event logging (Art. 12); logs retained by the deployer (Art. 26)Documentation proportionate to risk

Build once, configure per regime

An institution supervised in more than one of these jurisdictions should build the shared core once and express regime differences as configuration.

  • 1. One agent registry. Every agent is a registered, versioned entity with a named human owner. One artifact serves SAFR's Agent Identity component, FINMA's inventory expectation, and the deployer's need to know which systems its AI Act obligations attach to.
  • 2. One policy layer, per-regime control packs. Controls are versioned and machine-readable. A Singapore pack encodes disposition calibration on SAFR's factors: action reversibility, financial materiality, customer impact severity, regulatory sensitivity, and novelty. An EU pack encodes the oversight and record-retention duties for high-risk systems. A Swiss pack encodes accountability assignments and testing cadence. The runtime that evaluates them is the same.
  • 3. One evidence standard, set by the strictest reader. Append-only, tamper-evident, exportable, and verifiable by a party with no access to the producing system. A record built to that standard can be read by all three regimes; regime differences then live in the controls that produce it and in retention and reporting arrangements.
  • 4. Per-action authorization in multi-step work. SAFR is explicit that an Auto-Execute or Observe outcome at one step carries no authority into the next. Build that in once and every step becomes a decision point where a human can be brought in.

Where KLA fits

KLA Control Plane implements the SAFR pattern, shipping today. The Agent Registry holds versioned agents with named human owners; the Policy Builder publishes through a governed release — linted fail-closed, with two-person approval on the Decision Desk. The KLA Policy Engine resolves every proposed action to allow, warn, require_approval, or block with machine-readable reason codes, fails closed if the decision service is unreachable, and the Audit Trail exports Sealed Evidence Bundles a third party can verify offline. The full component map, including the capabilities still in development, is on the SAFR implementation page. How the same runtime evidence maps to EU AI Act obligations is covered on our EU AI Act compliance software page.

Where to start: the SAFR Readiness Checklist scores your current estate across eight sections — agent inventory, mandates, controls, dispositions, envelope and lineage, escalation operations, audit and evidence, deployment pattern. Institutions answering to the EU or FINMA can use the same gap map; the sections track the shared core above. A thirty-minute session covers one governed run end to end — policy, decision, escalation, sealed evidence: book a 30-minute SAFR gap review.

Preguntas frecuentes

Does SAFR apply to institutions outside Singapore?

SAFR is published by MAS's BuildFin.ai initiative, and the paper states it "does not constitute regulatory guidance or supervisory expectations." The paper describes it as an industry reference for institutions to implement within their own infrastructure, using their own rule configurations and governance arrangements. Each institution remains responsible for determining how its deployment aligns with the supervisory expectations that apply to it.

Did the Digital Omnibus remove the EU AI Act's logging and oversight obligations?

The Digital Omnibus proposal defers most high-risk obligations to 2 December 2027. The deferral is provisional and changes the compliance date; the direction of the logging, oversight, and monitoring obligations is unchanged.

What do SAFR, the EU AI Act, and FINMA Guidance 08/2024 have in common?

Four requirements recur across all three: the identity of the acting system is known and registered; its authority is defined and bounded; its operation is evaluated and overseen while it runs; and its actions produce records that hold up after the fact. SAFR specifies these as runtime components, the AI Act frames them as obligations on high-risk systems, and FINMA states them as governance principles.

Can one audit trail serve all three regimes?

A record designed to the strictest standard — append-only, tamper-evident, exportable, and independently verifiable offline — can be read by all three. Regime differences then live in the controls that produce the record and in retention and reporting arrangements. Each institution remains responsible for confirming that its records meet the specific expectations of its own supervisors.

Conclusiones clave

SAFR gives the most precise description yet of what runtime governance for agentic finance looks like. The EU AI Act makes runtime records a legal obligation for high-risk systems. FINMA asks for inventories, accountability, testing and monitoring, and documentation proportionate to risk. The three instruments differ in force and precision and converge on shape: verified identity, bounded authority, evaluation at the moment of action, a tamper-evident record. An institution that builds that core once answers all three with the same evidence. Score your estate with the SAFR Readiness Checklist, read the component map for implementing the SAFR framework, or book a 30-minute SAFR gap review. Source: Safeguards for Agentic Finance at Runtime, white paper v1.0, MAS BuildFin.ai, July 2026. Quoted passages © Monetary Authority of Singapore. SAFR is an industry reference and does not constitute regulatory guidance or supervisory expectations. KLA is independent of and not affiliated with, endorsed by, or certified by MAS or BuildFin.ai.

Véalo en acción

¿Listo para automatizar su evidencia de cumplimiento normativo?

Reserve una demostración de 20 minutos para ver cómo KLA le ayuda a demostrar la supervisión humana y exportar documentación de Annex IV lista para auditoría.

MAS SAFR, the EU AI Act, and FINMA: Regulators Converge on Runtime Evidence | KLA Blog