Table of Contents
Executive Summary
This article explores the nature of autonomy and the sources of its risks before outlining a five-step process to integrating agentic risk appetite and adoption strategy into your roadmap. It includes the support materials for the webinar we provide on this topic.
Drawing on established risk management disciplines and centuries of delegating autonomy to non-humans, the process will ensure you prioritise your use cases, confirm your adoption strategy, identify your prerequisites, assess readiness, and construct an achievable implementation roadmap.
Autonomous AI agents fundamentally reshape risk management by shifting human control from execution to the design and oversight phases of a workflow.
From the board to the operational workflow, firms that adopt a risk-based agentic AI adoption strategy will find it easier to scale the benefits of autonomous AI, with fewer surprises and stronger regulatory defensibility.
Introduction
It is a privilege to support vital professional communities like the Institute of Risk Management and the Investment Association.
As an approved training provider, this web page supports our webinar on agentic risk appetite and adoption strategy, which answers the question, “How can you adopt autonomous AI agents safely without slowing innovation?”
What follows is a summary of the topic as well as the up-to-date materials and full video from the latest session, which includes all the concepts and links to deep-dive content.
Autonomy and Agentic AI Risk
AI agents are not “just another AI model” – 5 properties distinguish them from other forms of AI: they can plan, invoke tools, take actions, interact with their environment, and adapt their behaviour for the future. They represent a shift from outputs produced for our review to outcomes created in our name.
“An understanding of autonomy is vital to leveraging the benefits available from agentic AI.”
Autonomy is a ‘freedom coin’ that has two sides: freedom to do something your own way, as well as freedom from other prohibitions. When we delegate autonomy, therefore, ambiguity about freedoms becomes a risk factor, which means risk managers must manage ‘both sides of the coin’:
- What could an agent do wrong?
- What additional undesirable things could happen? We looked at recent examples of this going wrong in several companies.
Autonomy is a scale you calibrate to your needs, not a binary switch. A practical model of autonomy has five levels, ranging from Assistant (lowest risk, with the user making all decisions) to Captain (highest risk, fully autonomous). Because not every use case can tolerate full autonomy, how much autonomy you will permit should be an early risk appetite decision.
Delegating autonomy to non-humans challenges the risk management process – when an agent executes a task, human oversight of AI agents becomes concentrated into the ‘before’ and ‘after’, that is, the design and monitoring phases. Therefore, risk management needs to evolve by engaging in the agentic design phase (where your impact can be preventive) and by monitoring and responding at machine speed. This is important because a low-risk task is not the same as a low-risk agent and the difference can have regulatory implications.
What Delegating Autonomy to Non-Humans Teaches Us About Agentic AI
We have been delegating autonomy to non-humans for centuries – we already delegate all five levels of autonomy to different types of working dogs and, over time, have learned important lessons that will apply to your agentic risk appetite and adoption strategy:
- We grant autonomy slowly, conditionally, and only when supported by proven risk controls.
- We trust neither the agent’s ethics, nor the good nature of others to treat it well: we trust the training and controls.
- Training is non-negotiable for both handler and agent.
- Accountability for behaviour sits with the handler.
- Higher-risk tasks require greater training and control.
Ethical protection for agentic workflows can only depend on verifiable external controls. This is because AI agents cannot be shamed, blamed, or sanctioned, making them immune to the traditional ethical censures that work on humans. As a result, when we delegate action to a non-human, we should shift from “trust until proven harmful” to “don’t trust until governance is proven.”
Success is not only about achieving your goal, but also about minimising risk.
Specific lessons from the ‘underside of the coin’ apply directly to a firm’s agentic risk appetite and adoption strategy: keep the agent handler safe, protect your agent from attack, and limit its ability to get distracted by out-of-scope tasks.
Ultimately, the fundamental lesson is that, when delegating to non-humans, there are four key sources of risk. For high-risk agents, we advise our clients to include them as part of their Pre-Deployment Agentic Risk Assessments:
- The Workflow and Tasks – is it clear, structured, navigable, or unordered and confusing?
- The Agent Itself – its components, actions, design, and capabilities.
- Organisational Capability – your own readiness for agentic operations.
- External Threats – the extent of the agent’s interactions with the outside world: compliance and cyber security.
Agentic Risk Appetite and Adoption Strategy in 5 Steps
Autonomous AI introduces a new class of risk. To integrate it into your existing risk management processes, we advise our clients to define their agentic risk appetite apply it consistently to each agentic use case, and institute agentic key risk indicators (KRIs).
Firms that achieve these tasks will have more successful agentic transformations, while those that do not could struggle with new and unfamiliar risks, security incidents, and costly remediations.
In practice, we use a 5-step process for kick-starting an agentic transformation that will also ensure you address your agentic risk appetite and adoption strategy:
Step 1: Prioritise Use Cases
The most common deployment categories include customer service, HR, coding, accounting, sales and marketing, research, and personal assistants.
Deciding where in your organisation you will deploy agents and for which use cases is a direct expression of your risk appetite because agentic technology introduces materially different risks depending on what you use it for. Check out the slides for a detailed breakdown.
To operationalise your risk appetite, we advise you to classify an agent’s risk level based on the types of systems and data it can access, whether it can orchestrate other agents, and its potential to have an external effect.
For example, if you have a low appetite for agentic risk, you might allow agents to access personal productivity tools like calendars and task lists, but not to business systems, company data, or external sources.
Step 2: Confirm Your Adoption Strategy
In this step, you decide how the organisation will adopt its agentic use cases. In practice, you have three agentic AI adoption strategy options:
- Permissive access with technical monitoring.
- Full pre-approval and governance.
- Risk-based agentic AI adoption strategy.
For regulated firms that want to run medium- and high-risk agents, we recommend the risk-based strategy. It assigns low-risk agents to a register-and-attest process, medium-risk agents to a proportionate review and oversight, and high-risk agents to a full pre-deployment agentic risk assessment process and ongoing governance. By applying greater controls to the use cases that create greater risk, this strategy is productive, enforceable, and defensible at scale.
The other options have advantages too, and we analyse them in detail in the materials and in this stand-alone blog post.
Step 3: Identify Your Prerequisites
By now, you have defined your risk appetite: what you are prepared to delegate to an autonomous agent and the adoption strategy that will best suit your situation. These choices let you change gears in Step 3 and start scoping your rollout, focusing on the prerequisites you need to bring your particular strategy to life.
At Agentic Risks, we believe there are 5 strategic prerequisites (e.g. use case prioritisation), 5 technical and operational ones (e.g. data readiness), and 7 at the organisational level (e.g. governance design). You can see them in the diagram below.
Your choices in Steps 1 and 2 will determine not just which prerequisites you will need but also sequencing. For example, if you take a risk-based approach, you can develop your agentic capability in phases as you launch agents by risk level, building and deepening your capabilities as you introduce agents at new risk levels.
Step 4: Assess Your Agentic AI Readiness
To ensure your adoption strategy succeeds, make sure your roadmap is achievable from your firm’s current state of readiness.
Therefore, the purpose of this step is feasibility: by understanding your status quo, you can ensure your implementation roadmap includes all the tasks needed to ensure you close any gaps between where you are now and where you need to be.
If you want a fast and objective input, our Agentic AI Readiness Assessment will establish whether each prerequisite is in place, its maturity level, and the extent of work needed. This will ensure your transformation is evidence-based, achievable, and customised to your situation.
Step 5: Construct An Achievable Implementation Roadmap
You now have all the information you need to build your plan – your use cases will drive the scope of change needed, your adoption strategy will determine the sequencing, and the specific work needed to implement the prerequisites.
The webinar materials include a generic roadmap that assumes Strategy 3 – the Risk-Based Agentic AI Adoption Strategy – and while this step is as much about project planning as it is about agentic AI, it also raises some valuable points:
- The risk tiers provide a valuable structure for building your agentic capability incrementally; for example, you can build your additional cybersecurity defences iteratively – first for low-risk and then for medium-risk agents, before fully strengthening them and exposing high-risk agents to the outside world.
- Step 5 completes your conversion of a topic that, at the outset, may have been unfamiliar and (for some) a source of trepidation, into a clear roadmap that you could integrate into your corporate programme of change.
Working with Agentic Risks
Every firm’s agentic journey will differ because risk appetite, organisational readiness, regulatory obligations, and target use cases vary materially across organisations. The goal is not to slow innovation, but to ensure autonomy is introduced deliberately, proportionately, and with controls that can scale as adoption grows.
If you are at the beginning of the process, our Agentic AI Readiness Assessment service helps establish whether the strategic, technical, operational, and operational prerequisites are in place, their maturity level, and where gaps exist. It will provide you with an evidence-based starting point for constructing an achievable roadmap aligned with your agentic risk appetite and adoption strategy.
If you would like broader support, our Agentic AI Governance Design service will help you upgrade your traditional AI governance into an agentic AI governance framework for autonomous agents – pre-empting issues, 2) reducing incidents, remediation, and build cycles, and 3) enabling clear stakeholder communication.
And if you are preparing to launch medium- or high-risk agents, our Pre-Deployment Agentic Risk Assessment provides a structured review of the workflow, agent design, organisational capability, and external threat landscape before deployment. It will surface any risks early, strengthen controls before production, and improve the defensibility of the deployment decision.
Whether your organisation is still defining its first use cases or preparing to operationalise high-risk autonomous agents, the successful programmes are those that introduce autonomy incrementally, align governance to risk, and build capability in phases rather than all at once.
Frequently Asked Questions
Agentic risk appetite defines the level of autonomy, access, and decision-making authority a firm is prepared to delegate to an AI agent. It helps organisations determine which use cases, systems, and actions autonomous agents may perform, and under what controls.
A risk-based agentic AI adoption strategy applies different governance requirements to agents based on their potential risk. Low-risk agents may follow lightweight registration and monitoring processes, while medium- and high-risk agents require proportionate oversight, formal governance, and pre-deployment risk assessments.
Autonomous AI agents shift human control from the execution phase of a workflow into the design, approval, monitoring, and oversight phases. Because agents can plan, take actions, invoke tools, and interact with external systems, firms need governance controls designed specifically for autonomous behaviour and machine-speed operations.
A Pre-Deployment Agentic Risk Assessment is a structured review performed before an autonomous AI agent enters production. It evaluates the workflow, agent design, organisational readiness, and external threat landscape to identify foreseeable risks, strengthen controls, and improve the defensibility of the deployment decision.
Firms should introduce AI agent autonomy incrementally, beginning with lower-risk use cases and proportionate controls before expanding into higher-risk deployments. Successful programmes align governance to risk appetite, strengthen organisational capability over time, and continuously monitor agent behaviour and outcomes.
The four primary sources of agentic AI risk are the workflow itself, the agent’s design and capabilities, organisational readiness, and external threats such as cybersecurity and regulatory exposure. Understanding all four helps firms assess risks more comprehensively before deployment.
AI agents cannot be held morally or legally accountable for their actions, so accountability remains with the organisation and the humans overseeing the workflow. Human oversight helps ensure autonomous agents operate within approved boundaries, comply with governance requirements, and can be monitored, stopped, or corrected when necessary.
