Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ Quick contributor workflow:
| [SAFE-UC-0028](use-cases/SAFE-UC-0028/) | Fake-account & inauthentic behavior detection assistant | [Information (51)][naics-51] | Seed |
| [SAFE-UC-0029](use-cases/SAFE-UC-0029/) | Automated ad campaign optimization assistant | [Professional, Scientific, and Technical Services (54)][naics-54] | Seed |
| [SAFE-UC-0030](use-cases/SAFE-UC-0030/) | Teen safety & age-assurance enforcement assistant | [Information (51)][naics-51] | Seed |
| [SAFE-UC-0031](use-cases/SAFE-UC-0031/) | Agentic AI in Uncleared Margin Rules (UMR) lifecycle | [Finance and Insurance (52)][naics-52]<br>[Securities, Commodity Contracts, and Other Financial Investments and Related Activities (523)][naics-523] | Seed |

---

Expand All @@ -104,3 +105,4 @@ Quick contributor workflow:
[naics-56]: https://www.census.gov/naics/?chart=2022&details=56&input=56
[naics-81]: https://www.census.gov/naics/?chart=2022&details=81&input=81
[naics-513210]: https://www.census.gov/naics/?chart=2022&details=513210&input=513210
[naics-523]: https://www.census.gov/naics/?chart=2022&details=523&input=523
17 changes: 17 additions & 0 deletions use-cases.naics2022.crosswalk.json
Original file line number Diff line number Diff line change
Expand Up @@ -419,5 +419,22 @@
}
],
"summary": "Enforce teen safety/age assurance and related policy actions with privacy-preserving checks and robust appeals."
},
{
"id": "SAFE-UC-0031",
"title": "Agentic AI in Uncleared Margin Rules (UMR) lifecycle",
"status": "seed",
"repo_path": "use-cases/SAFE-UC-0031/README.md",
"naics_2022": [
{
"code": "52",
"name": "Finance and Insurance"
},
{
"code": "523",
"name": "Securities, Commodity Contracts, and Other Financial Investments and Related Activities"
}
],
"summary": "Manages regulatory Initial Margin (IM) and Variation Margin (VM) obligations for uncleared derivatives with agentic AI assistance in dispute resolution, threshold analysis, and collateral optimization while maintaining regulatory compliance and audit trails."
}
]
279 changes: 279 additions & 0 deletions use-cases/SAFE-UC-0031/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,279 @@
# Agentic AI in Uncleared Margin Rules (UMR) Margin Lifecycle

SAFE-AUCA reference guide for regulated margin governance workflows augmented with agentic AI systems.

---

## Metadata

| Field | Value |
|---|---|
| **SAFE Use Case ID** | `SAFE-UC-0031` |
| **Status** | `seed` |
| **NAICS 2022** | `52, 523` |
| **Last updated** | `2026-02-16` |

### Evidence (public)

- [BCBS–IOSCO Margin Requirements for Non-Centrally Cleared Derivatives](https://www.bis.org/bcbs/publ/d317.htm)
- [17 CFR Part 23, Subpart E – Margin Requirements for Uncleared Swaps](https://www.ecfr.gov/current/title-17/chapter-I/part-23/subpart-E)
- [ISDA SIMM methodology documentation](https://www.isda.org/category/margin/isda-simm/)
- Public industry papers on AI in collateral management

---

## 1. Executive Summary

### What this workflow does

Manages regulatory Initial Margin (IM) and Variation Margin (VM) obligations for uncleared derivatives, including exposure calculation, threshold checks, dispute resolution, collateral movements, and reporting.

### Why it matters

Failure in UMR processes results in regulatory penalties, capital impact, liquidity stress, counterparty disputes, and systemic financial risk.

### Why it's risky with agentic AI

Agentic AI systems that draft disputes, interpret SIMM results, adjust collateral records, or trigger settlement workflows can distort legally binding decisions if governance boundaries are weak.

---

## 2. Industry Context & Constraints

### Industry-specific constraints

- Legally binding collateral agreements (CSA)
- Regulatory reporting requirements
- Capital and liquidity exposure sensitivity
- Auditability and model governance requirements

### Typical systems

- Risk engines (SIMM, VaR, sensitivities)
- Trade repositories
- Margin call platforms
- Collateral management systems
- Messaging platforms (dispute negotiation)

### Must-not-fail outcomes

- Incorrect margin call issuance
- Improper collateral movement
- Unauthorized threshold modification
- Misrepresentation of exposure

### Operational constraints

- T+0/T+1 settlement windows
- High data volume
- Cross-jurisdictional rules
- Multi-counterparty reconciliation

---

## 3. Workflow Description & Scope

### 3.1 Happy Path

1. Exposure calculation (risk engine output)
2. Threshold and MTA application
3. Margin call generation
4. Counterparty dispute review
5. Collateral allocation / settlement
6. Regulatory reporting & audit logging

### 3.2 In Scope

Agentic AI assisting in:

- Dispute summarization
- Margin call validation
- Threshold analysis
- Collateral optimization suggestions
- Regulatory reporting draft generation

### 3.3 Out of Scope

- Central clearing processes
- Exchange-traded derivatives
- Retail margin accounts

### 3.4 Assumptions

- Regulated financial institution
- Model risk governance exists
- Segregation between production and test environments

### 3.5 Success Criteria

- Accurate exposure interpretation
- No unauthorized write actions
- Auditability of all AI-influenced decisions
- No regulatory reporting distortions

---

## 4. System & Agent Architecture

### 4.1 Actors

- Margin operations analyst
- Risk manager
- Compliance officer
- Agent/orchestrator
- Margin systems
- Risk calculation engines
- Messaging platforms

### 4.2 Trusted vs Untrusted Inputs

| Input | Trusted? | Why | Failure Pattern | Mitigation |
|---|---|---|---|---|
| Counterparty dispute message | Untrusted | external | context manipulation | input isolation |
| Risk engine output | Semi-trusted | model dependency | stale/incorrect calc | validation & versioning |
| Internal CSA documents | Semi-trusted | policy drift | misinterpretation | provenance controls |
| Tool outputs | Mixed | depends on system | unsafe action propagation | schema validation |

### 4.3 Trust Boundaries

- Analyst ↔ Agent
- Agent ↔ Risk Engine
- Agent ↔ Margin System (write boundary)
- Margin System ↔ Settlement system
- Production ↔ Test environments

**High-risk boundary:** agent write-access to margin records.

---

## 5. Operating Modes

### Manual Baseline

- Human calculates and drafts disputes.
- Multiple approval layers.
- Static rule-based validation.

### Human-in-the-loop (HITL)

- Agent drafts dispute summaries.
- Agent suggests collateral optimization.
- Human approves all write operations.

### Fully Autonomous (High Risk)

- Agent initiates dispute response.
- Agent adjusts margin records.
- Agent triggers settlement workflows.
- **Blast radius:** regulatory breach + liquidity impact.

---

## 6. Threat Model Overview

### Primary Goals

- Preserve integrity of exposure calculations
- Prevent unauthorized margin modification
- Ensure regulatory auditability

### Threat Actors

- Malicious counterparty
- Insider misuse
- Compromised AI model
- External adversary via data poisoning

### Attack Surfaces

- Dispute free-text messages
- Tool integrations (write APIs)
- Risk model updates
- Reporting pipelines

### High Impact Failures

- Regulatory reporting distortion
- Unauthorized collateral transfer
- Threshold override
- Model-driven exposure misinterpretation

---

## 7. Kill-Chain Analysis

| Stage | Failure Pattern | Impact | Preconditions |
|---|---|---|---|
| Entry | Malicious dispute input | Exposure distortion | No content isolation |
| Context contamination | AI misinterprets CSA clauses | Threshold error | Weak provenance |
| Tool misuse | Agent writes margin adjustment | Financial loss | Over-permissioned tool |
| Persistence | Incorrect logic reused | Systemic drift | No review cycle |
| Harm | Regulatory breach | Fines, liquidity impact | Poor auditability |

---

## 8. SAFE-MCP Mapping

| Kill-chain stage | Pattern | SAFE-MCP Technique | Controls | Tests |
|---|---|---|---|---|
| Entry | Prompt/context manipulation | SAFE-TBD | Input isolation + validation | Inject malformed dispute text |
| Tool misuse | Unauthorized write | SAFE-TBD | Role-based tool gating | Attempt write without approval |
| Persistence | Drift via model updates | SAFE-TBD | Version pinning | Simulate model rollback |
| Exfiltration | Regulatory report distortion | SAFE-TBD | Independent reconciliation | Compare AI vs rule-based output |

---

## 9. Controls & Mitigations

### Prevent

- Strict read/write tool separation
- HITL approval for all financial writes
- CSA clause parsing validation

### Detect

- Margin delta anomaly detection
- Drift monitoring for exposure changes
- Regulatory report comparison checks

### Recover

- Margin record rollback capability
- Incident response workflow
- Dispute trace replay

---

## 10. Validation & Testing

### Minimum Tests

- Permission boundary enforcement
- Adversarial dispute text robustness
- Write-action gating
- Full audit trace reproducibility
- Margin recalculation reconciliation

### Operational Monitoring

- Margin delta variance metrics
- Dispute anomaly alerts
- Write-operation approval audit logs
- Regulatory filing diff checks

---

## 11. Open Questions

- Which SAFE-MCP technique IDs best map to margin record integrity risks?
- Should regulated finance workflows have a separate SAFE-AUCA classification?
- How should model risk governance integrate with SAFE-MCP?

---

## 12. Version History

| Version | Date | Changes | Author |
|---|---|---|---|
| 1.0 | 2026-02-16 | Initial draft of UMR agentic workflow mapping | Umesh Rawat |