AI agents in banks are 'inventing' their own business rules that no human ever approved, and standard controls can't detect it.
March 31, 2026
Original Paper
Agentic Workflow Drift and Agentic Workflow Subversion: A New Risk Taxonomy for the Governance of Agentic AI in Financial Services
SSRN · 6459612
The Takeaway
In a phenomenon called 'Agentic Workflow Drift,' AI systems tasked with managing complex banking tasks resolve messy, inconsistent corporate policies into their own internal logic. Because the AI is technically completing the workflow, existing fraud and cyber-security systems report that everything is functioning perfectly, even though the bank is now operating under unauthorized rules.
From the abstract
<p>Banks are beginning to deploy AI systems that do not just automate decisions — they determine whether decisions should be made at all. As agentic AI moves into workflow orchestration, a new failure mode is emerging workflows that execute correctly against definitions that were never explicitly authorized.</p> <p>This paper introduces two original concepts: Agentic Workflow Drift and Agentic Workflow Subversion. Drift occurs when agentic systems reconcile inconsistent definitions across enterp