Runtime Governance Layer
A runtime governance layer sits between an AI agent and the systems it acts on, evaluating each proposed action before execution.
Definition
A runtime governance layer is the control layer positioned between an AI agent and the systems it acts on. The MAS SAFR (Safeguards for Agentic Finance at Runtime) white paper defines the position exactly: the layer "sits between the agent and the systems it acts on, evaluating proposed actions before execution, while working alongside existing payment rails, settlement protocols, compliance engines, and core banking systems." Its guarantee is SAFR's thesis: "no agentic action reaches execution without having been declared, authorised, and assessed."
The layer answers three gaps SAFR identifies in current governance infrastructure. Pre-execution assurance: model risk management validates before deployment, audit is retrospective, and the individual runtime decision goes unexamined by either. The human-agent governance interface: escalation today is often a notification or dashboard flag with no deadline, no standard decision format, and no audit record, which the paper calls "the appearance of human oversight without the substance of it." Fragmentation: per-deployment guardrails whose records cannot be audited consistently.
The layer occupies a specific slot in the stack. AI guardrails (content filtering, prompt-injection defenses, output filtering) are typically probabilistic and govern what a model produces; they do not determine whether a proposed financial action is authorized or executable. The runtime governance layer operates after content filtering and before execution. Settlement-layer enforcement, including card network rules, SWIFT standards, and ACH rules, operates after the layer has determined whether the agent may act at all. Compliance platforms keep their own assessments; the layer generates the structured governance record they can draw on.
In SAFR the layer comprises four runtime components interacting through the governance envelope: Agent Identity, the Controls Repository, the disposition engine, and the Audit Log. SAFR describes two deployment patterns. Native integration instruments the agent to emit an envelope before each proposed action, recommended for new deployments. Gateway integration intercepts outbound API calls at the infrastructure layer with no changes to agent code, which the paper positions as the practical starting point for institutions with many existing agents, with native instrumentation following for new builds.
In KLA's SAFR implementation, the KLA Control Plane fills this role.
Related Terms
Disposition Engine
A disposition engine evaluates every proposed agent action against an institution's controls and returns one binding outcome before the action executes.
Governance Envelope
A governance envelope packages a proposed agent action with the full context needed to assess it before execution.
Tamper-Evident Lineage
Tamper-evident lineage is an append-only record of an agent's actions and the governance decisions applied to them, whose integrity can be verified independently.
