AI Now Builds Our Financial Guardrails. Are We Ready to Trust It?

LONDON, UK – June 18, 2026 – The invisible architecture that governs our access to the modern economy is being rebuilt. The gatekeepers—the complex compliance systems that decide who can open a bank account, invest, or transfer money—have long been constructed by human hands, a painstaking process of translating dense legal documents into functional code. This week, that foundation shifted. London-based Sumsub, a leader in digital identity verification, announced that it has enabled AI agents like ChatGPT and Claude to do the building themselves.

In a move that feels both inevitable and startling, the company has given AI the keys to the configuration layer of its platform. A compliance team can now upload a multi-page Anti-Money Laundering (AML) policy, and an AI agent will read it, interpret its intricate rules, and automatically construct a live, functioning verification workflow in minutes. What previously required days of work from expensive solution architects and technical teams is now an automated task. This isn't just another AI copilot offering helpful suggestions; it's an AI builder, laying the bricks of our financial infrastructure. The development marks a critical juncture, forcing us to ask a profound question about the systems that hold our world together: When an AI builds the guardrails, who is accountable when they fail?

The End of Manual Compliance

The problem Sumsub aims to solve is a source of immense friction and cost in the global economy. As regulations tighten and financial crime evolves, the burden on institutions to maintain compliant onboarding and monitoring systems has become immense. Industry analysts estimate that compliance costs soared to over $200 billion annually, with regulatory fines for non-compliance reaching into the billions. The process of updating a verification system to reflect a new piece of legislation is slow, costly, and prone to human error.

Sumsub's new 'agentic experience,' powered by its Model Context Protocol (MCP), directly targets this pain point. It transforms the role of AI from a passive analyst into an active creator. According to the company, the AI can parse complex documents containing country-specific risk levels, weighted scoring tables, and conditional logic, and translate them directly into platform settings. This includes creating tiered verification levels, generating dynamic risk questionnaires for applicants, and coding the logic for entire onboarding flows.

"Setting up a compliance workflow has always required significant manual effort, and updating it when regulations change requires even more," said Andrew Novoselsky, Chief Product Officer at Sumsub. "Our Agentic experience changes that by connecting an AI agent directly to the configuration layer of the platform — a team can take their AML policy, hand it to an AI agent, and have their full environment built automatically. That is a fundamentally different category of capability from what has been available in this space."

This isn't just about efficiency; it's about agility. In a world where geopolitical sanctions can change overnight, the ability to update a global compliance framework in minutes, rather than weeks, represents a seismic shift in operational capacity. By automating the technical implementation, it allows compliance professionals to focus on strategy and oversight, rather than the minutiae of platform configuration.

The Architecture of Trust

Entrusting an AI with the keys to a system that prevents money laundering and terrorist financing naturally invites intense scrutiny. The risk of an AI misinterpreting a subtle legal clause or introducing a vulnerability is significant. Sumsub appears to have anticipated these concerns by building a framework centered on human oversight and control.

The integration is designed to be model-agnostic, meaning it can work with any leading AI agent. The company has published a set of open-source agent skills on GitHub, fostering a degree of transparency. More importantly, the system operates with a 'human-in-the-loop' mandate. Any configuration changes proposed by an AI agent are first executed in an isolated sandbox environment. These changes cannot go live until a designated human operator has reviewed and explicitly approved them. Access is governed by granular permissions, ensuring only authorized personnel can green-light the AI's work.

This layered approach is critical. It attempts to balance the immense power of AI-driven automation with the non-negotiable need for human accountability. The human operator remains the ultimate authority, but their role has fundamentally changed. They are no longer the builder but the inspector, tasked with verifying the structural integrity of a system constructed at machine speed. This raises new questions about the cognitive load and expertise required to effectively audit an AI's work, ensuring that human approval is a meaningful check, not a perfunctory click.

A New Era of Oversight

The implications of this technology extend far beyond the walls of any single company. It signals a new phase in the relationship between technology, regulation, and the state. As AI agents begin to autonomously configure the systems that enforce our laws, the very nature of regulatory oversight must evolve.

How does a financial regulator audit a compliance system that was configured by a non-deterministic language model? The 'black box' problem, often discussed in the context of AI decision-making, now applies to the creation of the system itself. While Sumsub's human approval step provides an audit trail, regulators may soon demand a new level of 'explainability' for how an AI interpreted a specific legal statute and translated it into code. Our regulatory frameworks, built for a world of human actors, are not yet equipped for this reality.

Sumsub is also tackling the accountability question head-on with another innovation: a system to link AI agent activity to a verified human identity. This concept of 'AI Agent Verification' aims to create a clear chain of responsibility, ensuring that every automated action is authorized by a real, accountable person. This is a crucial piece of the puzzle, an attempt to build the social and legal scaffolding required to support a world increasingly run by autonomous agents. Without such measures, the diffusion of responsibility in an AI-driven system could render accountability meaningless.

This development is a microcosm of a broader transformation. The structural integrity of our modern world is increasingly dependent on software, and now, that software is beginning to write itself. The promise is a world that is more efficient, responsive, and secure. Yet, it also frays the established lines of control and responsibility we have relied upon for decades. As this technology proliferates from financial compliance to other regulated sectors, our ability to govern, audit, and trust these automated systems will become one of the defining challenges of our time.