Kynara / Solutions / Financial Services
๐Ÿฆ Financial Services

Deploy AI agents in regulated environments without the compliance risk

Kynara gives financial services firms per-action policy enforcement, human approval workflows, and a tamper-evident audit log that satisfies SOC 2, ISO 27001, PCI-DSS, GDPR, and GLBA requirements โ€” before your AI agents touch customer data or execute transactions.

Book a demo โ†’ Try the policy sandbox
SOC 2 Type II control mapping ISO 27001 Annex A GDPR DPA template PCI-DSS controls NIST AI RMF Tamper-evident audit log
The challenge

The regulatory problem with AI agents in financial services

Financial firms face a hard constraint: regulators expect audit trails, access controls, and human oversight for any process touching customer accounts, transactions, or sensitive data โ€” regardless of whether the actor is a human or an AI.

๐Ÿšจ What goes wrong without Kynara
{[ "An AI agent issues a refund outside business hours with no human review", "An agent acting on behalf of a junior analyst accesses data above their clearance level", "A compromised agent executes bulk account updates โ€” no alert fires for 48 hours", "Examiners request a complete audit trail of all AI actions โ€” none exists", "An agent with overly broad permissions sweeps customer PII during a routine workflow", ].map ? null : ''}
  • โœ• AI agent issues a refund outside business hours with no human review
  • โœ• Agent acting on behalf of a junior analyst accesses data above their clearance
  • โœ• Compromised agent runs bulk account updates โ€” no alert fires for 48 hours
  • โœ• Examiners request a complete audit trail of all AI actions โ€” none exists
  • โœ• Overly permissioned agent sweeps customer PII during a routine workflow
โœ… What Kynara enforces
  • โœ“ Refunds over $1,000 require human approval โ€” always, regardless of time
  • โœ“ Agent permissions are capped to the dispatching user's clearance level
  • โœ“ Anomalous deny-rate spike triggers auto-revocation and webhook alert
  • โœ“ Every decision is SHA-256 hash-chained โ€” tamper-evident, exportable, auditable
  • โœ“ PII-classified resources require explicit policy grant with MFA condition
Use cases

Built for the most common FinServ AI agent scenarios

These patterns cover 80% of what financial services teams need when deploying AI agents in regulated workflows.

๐Ÿ’ณ
Payment & refund agents
Enforce a threshold policy: allow small refunds automatically, require human approval above $1,000, and deny any request outside business hours or from a geo-blocked country.
{
  "effect": "require_approval",
  "actions": ["payments.refund.issue"],
  "condition": {
    "op": "gte",
    "args": ["ctx.resource.attrs.amount_cents", 100000]
  }
}
๐Ÿ“‹
Customer data & CRM agents
Allow read access during business hours, require approval for writes, and block all access outside US/EU. Salary and PII fields require an explicit hr_admin role condition.
{
  "effect": "deny",
  "actions": ["crm.*"],
  "condition": {
    "op": "not_in",
    "args": ["ctx.context.ip_country",
             ["US","GB","DE","FR","IE"]]
  }
}
๐Ÿ”
Compliance & audit agents
Give auditor-role agents read-only access to the audit log and policy store. Prevent them from modifying any records. Every access is itself logged in the tamper-evident chain.
๐Ÿšจ
Fraud investigation agents
Allow agents to read transaction history freely but require human approval before freezing an account or flagging a customer. JIT grants cover escalated investigation windows with ticket links.
๐Ÿ“Š
Wealth management & advisory
Gate portfolio write operations behind MFA verification and business-hours conditions. Block any action where the agent's context doesn't include the supervising advisor's user ID.
๐Ÿ”
Identity & KYC agents
Enforce that identity verification agents can read documents but cannot write to core banking systems. Require approval before any record update โ€” with a mandatory reason string logged to the audit chain.
Compliance

How Kynara maps to regulatory requirements

Financial regulators increasingly require demonstrable controls over automated decision-making systems. Here's how Kynara's features map to the frameworks your compliance team already uses.

RequirementFrameworkKynara featureStatus
Audit trail for all automated actionsSOC 2 CC6, ISO 27001 A.12.4SHA-256 hash-chained audit log, append-only trigger, CSV exportโœ“ Built-in
Access control based on least privilegeSOC 2 CC6.3, NIST AI RMFRBAC + ABAC with non-escalation guaranteeโœ“ Built-in
Human oversight of high-risk decisionsEU AI Act Art. 14, NIST AI RMFrequire_approval as first-class policy outcomeโœ“ Built-in
Break-glass access with justificationSOC 2 CC6.7, PCI-DSS 7.2JIT grants with justification + ticket URL, full audit trailโœ“ Built-in
Anomaly detection and incident responseSOC 2 CC7, ISO 27001 A.16Z-score deny-rate alerting, geo-jump detection, auto-revocationโœ“ Built-in
Identity management and SSOSOC 2 CC6.1, ISO 27001 A.9Okta, Azure AD, SAML 2.0, OIDC, SCIM provisioningโœ“ Built-in
Data residency and sovereigntyGDPR Art. 44โ€“46Data residency middleware, regional endpoint enforcement, HTTP 451โœ“ Built-in
GLBA Safeguards Rule โ€” access controls for customer financial dataGLBA 16 CFR Part 314RBAC + ABAC with non-escalation guarantee; full audit log per access eventBuilt-in
PCI-DSS โ€” access control to cardholder data environmentsPCI-DSS Req 7 & 8RBAC roles, JIT grants with justification, audit trail of every CDE accessBuilt-in
Custom retention and eDiscovery exportFINRA 17a-4, SEC 17 CFR 240Custom retention + S3 nightly export (Enterprise)Enterprise
Key differentiator

The non-escalation guarantee โ€” unique to Kynara

In financial services, the principle of least privilege is non-negotiable. Kynara enforces it mathematically at every decision point.

When an AI agent acts on behalf of a user โ€” say, a wealth management assistant acting for a client-facing advisor โ€” the agent's effective permissions are the intersection of the agent's own role grants and the user's role grants.

This means: even if you accidentally over-scope an agent, it cannot do anything the dispatching human wasn't already allowed to do. This property is hardwired into the Kynara engine โ€” it cannot be bypassed by policy configuration.

Pass on_behalf_of_user_id in the decision request and the intersection is applied automatically.

POST /api/v1/decisions/check
{
  "subject_type": "agent",
  "subject_id":   "<wealth-agent-uuid>",
  "on_behalf_of_user_id": "<advisor-uuid>",
  "action": "portfolio.write",
  "resource": {
    "type":  "portfolio",
    "id":    "port_cust_8812",
    "attrs": { "amount_cents": 500000 }
  },
  "context": {
    "time":       "10:30",
    "ip_country": "US",
    "mfa_verified": true
  }
}

// Agent has portfolio.write AND advisor has portfolio.write
// โ†’ effective scope: portfolio.write โœ“
// Agent has admin.override but advisor does not
// โ†’ effective scope: denied before policy eval
"
Kynara gave our security team the visibility they needed before we'd go live with agents in production. The audit chain alone solved our SOC 2 gap โ€” our auditors could verify every AI action without any custom tooling on our side.
Head of Platform Security
Series B FinTech ยท 400-person company
๐Ÿฆ Financial Services

Ready to deploy AI agents in your regulated environment?

Free plan includes 3 seats, 10,000 decisions/month, full policy engine, audit log, and approval workflows. Enterprise plans include custom retention, dedicated deployment, and a dedicated compliance review.

Book a demo โ†’ Try the policy sandbox Read the docs