The Agentic Bank

RCSA Facilitation Agent

⬡ Gridkeeper Drives the risk-and-control self-assessment cycle across the business.
◆ Autonomous Orchestrator

Pre-populates each unit's RCSA from prior assessments, incidents and control-test results, drafts the risk and control descriptions, and challenges assessments that the evidence does not support. Produces an evidence-backed draft; the risk-oversight agent owns the ratings.

Memory

Working The unit's draft risk/control inventory under assessment.
Episodic Prior RCSAs, incidents and audit findings for the unit.
Semantic The risk taxonomy, control library, and assessment methodology.
Procedural Drafting playbooks per business-unit type.
Store Vector store + control-library graph

Orchestration

orchestrator-worker MCPA2A

Harness · Managed Agents … session per business unit; structured note-taking persisted across the multi-week assessment cycle; compaction on long runs.

Tools

{ } GRC / RCSA platform API Loss-event + incident history Retrieval { } Control-test results API Risk-oversight agent review A2A

Evals & guardrails

  • Drafted risks/controls reviewed and rated by the risk-oversight agent … never auto-finalised by the facilitator.
  • Completeness check against the risk taxonomy before an assessment is marked ready.
  • Sampled agent-as-judge review of risk/control description quality.

Offline reflection

Consolidates which risks were repeatedly added or removed by reviewers, refining the pre-population so next cycle's draft starts closer to the truth.

Frontier edge

  • Eval-gated continual learning (SEAL-style): every reviewer edit to a drafted risk feeds an offline self-edit, so each cycle's pre-population starts closer to the truth without a retrain.
  • Reads incident reports, audit findings and control-test evidence natively (multimodal), grounding each drafted control in the document that justifies it.
  • Agent-mesh negotiation: coordinates with each business unit's own control-test agents over A2A to pull live evidence directly into the assessment.

In numbers

100%
Business units assessed continuously
100%
Assessments pre-populated

Handoffs

Hands to → Loss-Event Capture Agent
Across ⇢ All business divisions (assessment subjects)

More on the Operational Risk desk

Loss-Event Capture Agent
Detects, captures and categorises operational-loss events automatically.
KRI & Issue Tracking Agent
Maintains key risk indicators and chases open issues and actions to closure.
← Back to Risk Management