Last year, we published our thesis: compliance must become an evolving API—infrastructure, not a back-office checklist. The market has since accelerated past that prediction. There is a quiet revolution happening inside the enterprise: companies are no longer just buying software; they are building new employees.

This shift is highly visible on the front lines:

  • Massive Scale: Klarna’s OpenAI-powered assistant handles 2.3 million conversations a month—representing two-thirds of all their customer service chats.
  • Human Equivalence: The AI performs the equivalent workload of 700 full-time human agents.
  • Speed to Resolution: AI resolves errands in under 2 minutes, compared to 11 minutes for human staff, driving a 25% drop in repeat inquiries.

But customer service is only the beginning. We have moved far beyond early “Tool Calling.” In April 2026, Anthropic launched Claude Managed Agents specifically to orchestrate autonomous, multi-stage workflows across the enterprise. According to Anthropic’s latest 2026 Agentic Trends Report, 81% of organizations are planning to deploy agents for complex, cross-functional processes this year.

The barrier to building an autonomous workflow agent has entirely collapsed. Today, an internal engineering team at a financial institution can spin up a functional, autonomous agent in a matter of weeks.

The math is unavoidable: The agent-to-human ratio inside financial institutions is about to invert.

You Cannot Afford to Fly Blind

This explosion of internal agents creates an existential vulnerability for financial institutions. When a single human employee oversees thousands of autonomous agents executing millions of operational workflows, traditional compliance mathematically breaks.

  • The Stakes: If an AI customer service bot hallucinates a return policy, you lose a customer. If an autonomous back-office agent hallucinates a dispute decision or misapplies a BSA/AML hold, you get a consent order from the federal government.
  • The Breakdown of QA: You can no longer rely on human QA teams to manually sample 10% of alerts.
  • The Result: If you deploy these internal agents without rigorous architectural controls, you will quickly build an unmanageable pile of regulatory issues.

The Solution: The Governance Layer for Financial Institutions

This is why we are introducing the Midlyr API (BaseLyr). We predicted that compliance would need to be infrastructure, and now that internal engineering teams are building armies of agents, that infrastructure is an absolute requirement.

The real bottleneck for financial institutions today isn’t building AI; it is giving the compliance function—the second line of defense—the tooling to monitor it. Compliance does not approve business decisions; it independently oversees, challenges, and surfaces risk. But when the first line is shipping autonomous agents at engineering velocity, the second line has no way to see inside those workflows, let alone test them against the rulebook. Internal developers, meanwhile, struggle to give their Chief Compliance Officers the continuous evidence required to gain comfort with deployment. The agents are incredibly intelligent, but they lack the specific regulatory constraints required to make fully compliant decisions.

The Midlyr API is the compliance primitive for the agentic enterprise. It solves this bottleneck by providing three core structural layers:

  • Regulation APIs — the corpus, ready for agents. A continuously maintained, machine-readable corpus of federal, state, and agency rules, exposed through clean endpoints. Your engineering team gets instant agent-grade access to the regulatory universe without standing up and maintaining the brittle ingestion, parsing, and versioning pipeline that work demands.
  • Real-Time Regulatory Analysis API — the guardrail in the loop. A low-latency analysis endpoint that sits inline with agent execution and returns a structured compliance signal—pass, fail, or escalate—with the exact regulatory citations behind the decision. The first line keeps moving at engineering velocity while every action is evaluated against the rulebook in real time.
  • Compliance Monitoring Portal — visibility and control for the second line. A purpose-built workspace for compliance teams to observe agent activity across the enterprise, investigate flagged events, and define or tighten policy controls that propagate back into the guardrail layer. The 2nd line of defense gets the oversight surface it needs to challenge, monitor, and govern autonomous workflows at scale.

By calling the Midlyr API, financial institutions can safely unleash their internal AI teams. Developers can pass structured data to our API and receive a structured, expert-verified compliance decision in return—complete with exact regulatory citations.

The foundational models are here. The agents are being built. Now, it is time to govern them.

Sources: