The Assumption We’ve Always Made
Almost every governance system ever built assumes a human is in the loop at the decisive moment. A person approves the trade, signs the release, merges the change, reviews the output before it reaches the world. The rule is enforced because a human pauses to apply it. Speed is human speed. Volume is human volume. The reviewer is the enforcement mechanism.
That assumption is so deep it is rarely stated. Financial regulation encodes it. Change-management processes encode it. Code review encodes it. Each one presumes there is time for a human to look, understand, and decide before anything irreversible happens. The presumption held for decades because it matched how work actually got done.
Autonomous agents remove the pause. And once the pause is gone, a governance model built entirely around it stops working.
What Changes With Agents
Agentic systems differ from earlier automation in a specific way: they chain actions toward a goal without stopping for approval between steps. That changes four things a reviewer-based model quietly relied on.
- Speed. Agents act at machine speed. Decisions land faster than a human can read them, let alone intervene.
- Scale. One operator can dispatch many agents at once. The volume of consequential actions exceeds any review capacity.
- Autonomy. The agent decides the next step itself. There is no natural checkpoint where a human is asked to sign off.
- Delegation and asynchrony. Work runs unattended and in parallel. The human is no longer present at the moment of action; they arrive afterward, to outcomes already produced.
Put together, these mean the reviewer is no longer standing at the gate. They are downstream of it, looking at what already happened. Review after the fact catches problems. It does not prevent them. When actions are fast, numerous, and irreversible, catching is not the same as governing.
What the Bank of England Said
Breeden’s speech, titled “Agents of change,” made this concrete for finance. Existing rules, she argued, were written on the assumption that a human ultimately holds decision authority. Agentic AI overturns that. In her remarks, she argued that existing frameworks were never built to contemplate autonomous agents, and that leaning on a human in the loop for every agent action will not stay realistic once agents act at machine speed.
Her most striking point is about correlation. If many firms run similar models that respond the same way to the same triggers, they can act in concert and amplify volatility under stress. Individually reasonable decisions become a systemic event because they are synchronized and executed faster than anyone can step in. The regulator’s toolkit she floated in response — market-wide circuit breakers and “kill switches” to halt trading, enhanced recovery arrangements so one institution can take over another’s core functions, stronger accountability and operational resilience — is a toolkit for a world where you cannot rely on a person to intervene in time.
The framing matters. The concern is not that the AI becomes too smart. It is objective drift: agents optimizing for a goal that quietly diverges from the one you intended, reinforcing each other, and acting before intervention is possible. That is not a science-fiction problem. It is a governance-timing problem. The mechanism you use to keep systems in line has to be in place before they act, because there is no reliable moment afterward to apply it.
A different problem, the same architectural principle. Financial regulators are not commenting on software architecture, and the Bank of England is not validating any engineering tool. But the structural lesson is domain-independent: when autonomous systems act at speed, governance has to be expressed as a constraint in front of the action, not a review behind it.
The Same Pattern Is Appearing Everywhere
What makes the Sintra speech worth reading outside finance is that it is not an isolated observation. Independent institutions, looking at agentic AI from very different angles, keep landing on the same structural conclusion: oversight has to move upstream of autonomous action. The vocabulary differs; the shape does not.
- Anthropic, describing agents that increasingly modify code with limited human review, points to governance that constrains what agents may do rather than inspecting everything afterward — the theme of recursive self-improvement and engineering governance.
- Palantir frames agentic operations around governance built into the workflow, not bolted on after — see agentic governance as engineering governance.
- NVIDIA’s agent tooling treats guardrails as a runtime layer agents run inside, not a checklist a reviewer applies later, as covered in the NeMo Agent Toolkit analysis.
- Microsoft positions a governance layer for its agent platform as a first-class part of the stack, sitting between intent and execution.
- And the recurring lesson across model releases is that models are temporary while architectural intent is not — the rules have to outlive whichever model is running this quarter.
A central bank worried about market meltdowns and an infrastructure vendor shipping agent guardrails are not coordinating. They are responding to the same underlying change. When the actor is autonomous and fast, control cannot live in a human review step. It has to be encoded ahead of time, in a form the system meets as it runs.
Governance Moves Closer to Execution
The practical consequence is a change in where governance sits in the lifecycle. The old model puts it at the end, as a gate a human staffs. The new model puts it at the front, as a constraint the system must satisfy before it acts. The two are not cosmetic variations; they place the enforcement in different places relative to the irreversible step.
| Old model: review after the fact | New model: constrain before execution |
|---|---|
| Generate | Intent — the decisions and standards, stated explicitly |
| Review (a human reads the output) | Constraints — that intent made machine-checkable |
| Deploy | Generation — the agent proposes an action |
| Evidence — the action is checked against the constraints | |
| Enforcement depends on a human being present | Execution proceeds only if the constraints hold |
The point is not that review disappears. It is that review can no longer be the primary control when the volume and speed of autonomous action exceed what any reviewer can absorb. The primary control moves to the front, where intent becomes an executable constraint that gates the action itself. Breeden’s kill switches and circuit breakers are the finance-shaped version of exactly this move: pre-agreed constraints that fire without waiting for a committee.
Engineering Is a Different Question
Here the domains split, and the distinction is worth being precise about. Financial regulators care about systemic risk: whether correlated agent behavior can destabilize markets. AI-governance and model-risk platforms care about policy, model behavior, and audit: whether an AI system is compliant, explainable, and logged. Both are real. Neither is the engineering question.
The engineering question is narrower and specific to how software gets built. When an AI coding agent generates a change, the thing you need to know is not only “is it safe?” It is: does this follow our architecture? Does it respect the decisions recorded in our ADRs? Does it honor our engineering standards and project constraints? Or does it quietly drift from the system we committed to — a second HTTP client here, a crossed service boundary there, a convention ignored because it was convenient?
This is the same timing problem in a software costume. AI coding agents already generate more change than humans can meaningfully review. The answer is not to review harder. It is to make architectural intent, standards, and constraints executable so they are enforced before the code is generated, not discovered three sprints later when the architecture has already drifted.
Where Mneme Fits
Mneme is the engineering-governance layer for that move. It turns architectural decisions, engineering standards, and project constraints into deterministic, executable checks that AI coding agents must satisfy before code lands. The intent is recorded as structured data, retrieved for the change in hand, and checked the same way every time regardless of which model produced the code — model-independent by design, because the rules must outlast the model. It is not a policy dashboard and it is not a market circuit breaker. It is the specific piece that makes architectural intent something an autonomous agent meets at generation time rather than something a reviewer hopes to catch afterward. That is what governance infrastructure for AI-generated code has to do.
Conclusion
Breeden was talking about markets, not merge requests. But the sentence that carries across is simple: as autonomy rises, governance shifts from reviewing outcomes to constraining execution. A central bank reaches that conclusion by way of systemic risk. Software engineering reaches it by way of architectural drift. The direction of travel is identical. When systems act faster than humans can review, the only governance that works is governance that has already been made executable — in front of the action, not behind it. See what that looks like in your own codebase.