By Alex Bentley, CEO, Clew
Agentic AI is entering businesses faster than the frameworks to govern it. In most organisations I speak to, nobody yet owns the question of what these systems are allowed to do. I think that is a problem, and I think the risk and assurance function is the right answer to it.
I have spent much of the last year in rooms with heads of risk, chief audit executives and chief strategy officers. The subject of the conversation changes, but one question keeps surfacing in different forms: we are starting to deploy AI agents inside the business, and we do not quite know who is meant to be governing them.
It is a question worth taking seriously, because the answer is about to matter a great deal. The World Economic Forum’s recent white paper, Four Futures for Jobs in the New Economy, describes one plausible future in which humans no longer complete tasks directly. They direct portfolios of specialised AI agents, becoming what the paper calls “agent orchestrators.” The language is striking, but it is not really hypothetical. Agentic systems, AI that plans, decides and acts with limited human input, are already being piloted inside finance teams, customer operations, legal review and software development.
What is genuinely hypothetical is the governance framework that sits around them. In most organisations, it does not yet exist. And when something new enters a business and nobody owns it, the question of who ends up owning it becomes one of the most consequential decisions that business will make.
The unowned problem
Ask where AI governance sits inside your organisation today and I suspect you will get a range of answers, none of them quite right. IT owns the infrastructure the models run on, but not the decisions those models make. Compliance owns the regulatory response, but regulation is still catching up with the technology. Data teams own the training data, but not the downstream consequences of acting on it. Legal reviews contracts with vendors. Internal audit checks after the fact.
None of those functions, on their own, is designed to answer the questions that agentic AI actually raises. What is an agent permitted to do without human sign-off? How are its decisions logged, and for how long? When must a human step in, and how does the agent know to escalate? If the agent makes an error, how is it caught, and who is accountable when it is not? What happens when two agents from different vendors interact in the same workflow and produce an outcome neither was individually designed to produce?
These are not IT questions. They are not purely compliance questions. They are risk questions, specifically, they are questions about control design, accountability and assurance in systems that act on the business’s behalf. That is the exact remit of the risk and assurance function. And yet in most organisations I speak to, the risk team has not yet been asked.
“When something new enters a business and nobody owns it, the question of who ends up owning it becomes one of the most consequential decisions that business will make.”
Vacuums get filled, usually badly
Governance vacuums rarely stay vacuums for long. Something fills them. In the case of agentic AI, I can already see three patterns emerging, and none of them is a good outcome.
The first is that vendors fill the gap. The AI provider supplies the agent and, by default, the controls that come with it, which tend to reflect the vendor’s risk appetite rather than the customer’s. The second is that individual business units fill it, each designing their own framework for the agents they deploy, with no consistency across the organisation and no ability to see systemic risk. The third is that the gap simply remains unfilled until something goes wrong, at which point governance is designed retrospectively, under pressure, and almost always badly.
None of these serves the business well, and all of them are avoidable. The function best placed to avoid them is the one that already thinks in terms of control frameworks, accountability chains and the difference between a risk that is accepted and a risk that is simply ignored. That is the risk function, and it is why I keep making the same case to the leaders I meet: the window to claim this remit is open now, and it will not stay that way.
What a real playbook looks like
Designing a governance framework for agentic AI is not a theoretical exercise. It requires answers to a set of practical questions, most of which the risk function already has experience answering in other contexts.
Start with the scope of agent authority. Every agent deployed in the business should have a documented understanding of what it can do autonomously, what it can recommend but not execute, and what it must escalate. This is essentially a delegation of authority framework, and risk teams have been writing those for decades for human employees. The principle is the same; the subject is different.
Next is decision logging and traceability. When an agent acts, there needs to be a record of what it did, what information it used, and what reasoning led to the action. Without that record, neither assurance nor learning is possible. Risk functions understand audit trails better than almost anyone else in a business.
Then there is the human-in-the-loop design. Not every decision needs human review, and insisting otherwise defeats the point of agentic systems. But the threshold between “agent proceeds” and “human reviews” needs to be deliberate, documented and tested, not assumed. That threshold is a risk appetite question, not a technology question.
The fourth is error detection and correction. When an agent is wrong, how is that discovered? What is the feedback loop back into the system? Who is accountable for the consequences, and how is that accountability reconciled with the fact that the acting entity was not human? These are not edge cases, they will be the defining questions of agentic AI adoption over the next five years.
The fifth is interaction risk. Most organisations will not deploy a single agent from a single vendor. They will deploy many, from several providers, acting in the same workflows. The risks that emerge from agents interacting with each other are real, and they are not addressed by governing each agent in isolation. This is the part of the problem I see discussed least often, and I suspect it is the part that will cause the most difficulty.
“The threshold between ‘agent proceeds’ and ‘human reviews’ is a risk appetite question, not a technology question.”
The reframe I keep coming back to
It would be easy to read all of this as another reason for the risk function to say no, or to slow the business down. That reading would be wrong, and it misses the opportunity entirely.
Businesses that want to deploy agentic AI at scale need governance that enables deployment, not governance that blocks it. A clear framework for what agents can do, how they are monitored and how errors are handled is what makes confident deployment possible. Without it, either deployment stalls under the weight of unresolved concerns, or it proceeds without safeguards and creates the incidents that make confident deployment impossible later.
The risk function that steps into this space early is not the brake on the agentic economy. It is what lets the business move into the agentic economy with its eyes open. That is a materially different conversation to have with a board, and it is one I believe only a small number of risk leaders are currently having.
Where to start
The practitioners who define the playbook first will shape how their organisations operate for the next decade. That is not hyperbole. Framework choices made now, about scope, logging, escalation, accountability, will calcify into the way agentic AI is used across the business. Changing them later is significantly harder than designing them well at the start.
The first steps are not technical. They are organisational. Map where agentic AI is already entering the business, including pilots and experiments that have not yet been formally declared. Identify who currently makes decisions about those deployments, and where the gaps in ownership sit. Propose, clearly and in writing, what role the risk function should take in filling those gaps. Engage the functions whose remits overlap, so that the framework you design is one they can operate inside rather than one they resist.
None of this requires waiting for regulation, for a standard, or for permission. The organisations that move first will define what good looks like, both internally and, eventually, for the wider market. The ones that wait will spend the rest of the decade retrofitting.
“The risk function that steps into this space early is not the brake on the agentic economy. It is what lets the business move into it with its eyes open.”
At Clew, we build software that helps risk and assurance teams turn complex data into the insights that inform better business decisions. If the questions in this article are ones you are starting to ask inside your organisation, I would welcome the conversation, you can reach me directly.
Source: World Economic Forum, Four Futures for Jobs in the New Economy: AI and Talent in 2030, White Paper, January 2026.