Governance that goes beyond compliance

A triage-style 90-minute assessment of the prerequisites for agentic AI, giving you a complete and systematic view of your firm’s readiness, its strengths, and weaknesses – strategic, technical and operational, and organisational. A written report follows within 48 hours, ready to share with your line manager, Head of AI, or CRO. This independent, cross-platform, and risk-led diagnostic will let you set evidence-based and achievable goals for your agentic transformation.

A structured project to upgrade your traditional AI governance to cover autonomous agents that will 1) pre-empt foreseeable issues, 2) reduce incidents, remediation, and build cycles, and 3) enable clear stakeholder communication. The initiative is also three-fold: ensuring an evidence-based and achievable design based on an assessment of your current state; enabling your informed choice of the most suitable approach to agentic governance for your firm; and developing an implementation roadmap of all deliverables (programme initiation, enabling activities, capability development, pre- and post-go live tasks).

A structured 7-step workflow-level risk assessment that ensures you embed your necessary risk controls into your agentic workflow. Delivered using Gerido©, this service will identify the agentic risks in a planned workflow, design risk treatment plans, and map the necessary agentic KRIs. Culminating in a CRO-ready risk report, you will avoid post-deployment remediation costs, speed up your build cycle, and gain a defensible answer to a regulator’s question, “How did you select the controls for your agentic workflow?”

A structured engagement that identifies, evaluates, and sequences the agentic AI use cases that will deliver the greatest value for your organisation. We arrive with a curated library of use cases relevant to your business and work with your stakeholders to identify those with the highest potential. We then submit each shortlisted use case to our Pre-Deployment Agentic Risk Assessment. This produces the controls, effort estimates, and risk profiles you need to prioritise your investment decisions: business impact, feasibility, and expected ROI. The result is a execution-ready plan that tells you exactly which workflows to build, in what order, what each will cost, and what needs to be in place before you start.

A structured review of agentic workflows that are already live. Using our proprietary, systematic, and verifiable agentic risk flags, we will determine whether your workflow is sufficiently controlled, e.g. ownership, behaviour boundaries, and stop authority. Delivered using Gerido©, it produces audit-ready findings and a prioritised risk treatment plan – giving risk managers a fast, defensible basis for action.

A facilitated session of up to 8 hours for ExCo members that converts agentic AI from a technical topic into a clear policy direction ‘from the top’. In the session, you will gain the knowledge needed to lead an agentic organisation, set an evidence-based and achievable strategy on how you will govern agentic AI, align on a practical implementation roadmap, and commit to the immediate next steps.

A design and implementation service for organisations that want support with deploying a specific agentic workflow. Our dedicated experts will ensure you navigate the process from design, risk assessment, and platform selection, to build, testing and deployment. Working either alongside your technology team or independently, we will deliver an agentic workflow and organisational capability that is structured, governed, and audit-ready from day one.

A focused 2-day diagnostic that scores your firm’s operational data against the six characteristics of good training data – Structured, Current, Authoritative, Rich, Verifiable, and Symmetrical (SCARVeS©) – producing a readiness scoresheet, top 3–5 risks identified, and indicative regulatory exposure under Consumer Duty, EU AI Act Article 10, and PRA SS1/23. The Diagnostic is structured to answer one question: “do we have the data we need for our planned agent?” If material risks are identified, the Deep Dive will then scope how to mitigate them defensibly. 50% of the Diagnostic fee is credited toward the Deep Dive if booked within 90 days.

A specialist two-day programme for risk managers, compliance officers, and internal auditors. You will learn how AI agents behave and the new class of risks they introduce. You will become familiar with the different levels of autonomy, their risk profiles, and how to control them. You will practice developing and challenging agentic risk treatment plans, navigating the regulatory landscape, and preparing for an agentic audit.

A structured programme to return a paused or flagged agentic workflow to safe, controlled operation. Where a workflow has been halted or identified as inadequately controlled – whether following incident management, an audit finding, a regulatory challenge, or a proactive controls review – we diagnose the root cause, redesign and implement the controls that failed or were absent, retrain the agent where required, and produce the documented evidence that the remediated workflow is fit to relaunch or continue safely.

Independent and expert agentic AI governance advice, on a retained basis – without the cost of a full-time hire, and with the continuity that one-off engagements cannot match. Participation in your Agentic AI Steering Committee (or equivalent) with a monthly briefing on developments relating to agentic AI, their impact on your firm, and proposed responses. A minimum of 4 hours of advisory support for the management of agentic risks and issues, governance questions, deployment decisions, or board and regulator preparation.

A structured per-use-case audit of the operational data your AI agents will rely on at runtime – covering accuracy, completeness, recency, relevance, and accessibility – producing a defensibility map showing where your data is, where the agent(s) need it to be, and which gaps create exposure under Consumer Duty, EU AI Act Chapter III, and PRA SS1/23. Because errors in operational agentic data will not stop at a single misclassification – they propagate – this independent diagnostic ensures your data compounds accuracy, not inaccuracy, as autonomous workflows scale. Typically follows the Agentic AI Data Readiness Diagnostic, with 50% of the Diagnostic fee (£2,000) credited toward the Deep Dive when booked within 90 days.

A non-agentic incident management procedure will not protect you in an agentic environment. Agentic incidents can be autonomous, gradual, cross-system, and invisible to conventional alerting – leaving your detection, containment, and evidence capabilities configured for human-initiated failures when they need to respond to autonomous ones. This three-stage service will upgrade your current incident management procedure to ensure it is fit-for-purpose for agentic AI. It does this by 1) identifying gaps in your current procedure, 2) defining your upgrade requirements customised to the level of risk your agents will take, and 3) providing a prioritised project plan to close the gaps.