The Procurement Clause

SR 26-2 placed agentic AI outside its scope and told institutions to govern it with their existing risk management practices. Those practices were written for a model you buy once and validate in place. An agent run is a service you rent, and the record of what it did lives wherever the vendor decides it lives.

The control just moved to the contract.

The control moved to the purchase.

When the guidance carves a system out of formal scope and points you back at your own practices, the burden does not lighten. It relocates. The examiner still arrives. The reconstruction still has to be possible. The only thing that changed is where you have leverage to require it.

You have that leverage exactly once. Before signature. After the agent is deployed and producing decisions, the record format is whatever the vendor shipped, the retention is whatever the vendor defaults to, and the export path is whatever the vendor decided to build. Retrofitting any of those is a change request you no longer have the leverage to win.

The procurement moment is the control point. Most firms treat it as a price negotiation and a security questionnaire. For an adaptive agent, it is the one place the audit record gets specified or quietly conceded.

What existing practice does not buy you.

A standard model-vendor contract covers uptime, support tiers, data handling, and a security addendum. None of those clauses produce the artifact an examiner reads. A security questionnaire confirms the vendor encrypts logs. It does not confirm the logs contain the decision graph the agent walked.

The gap is specific. The contract obligates the vendor to keep the service running and to keep your data safe. It says nothing about what the service has to record while it runs, what shape that record takes, who can read it, or whether you can take it with you when the relationship ends.

The record is not a feature you can add later. It is a term you negotiate now.

Five clauses the agent contract has to carry.

Production at runtime. The vendor produces a per-decision record at the moment of the decision, not a log reconstructed on request. The record captures the tool calls, the intermediate state, and the branch taken at each step. Reconstruction after the fact is the failure mode the contract exists to prevent.

Format ownership. The record conforms to a schema the buyer specifies and can read without the vendor's tooling. A proprietary log you can only query through the vendor's console is a record you do not own.

Export and portability on exit. The full record set leaves with the buyer in a documented format on termination, with a defined transfer window. The companion question from the last piece was where the record goes when the agent vendor is replaced. This is the clause that answers it.

Retention independent of tenure. The retention term is set by the buyer's regulatory obligation, not the vendor's storage default. Retention is measured in years. Vendor tenure is measured in quarters. The contract has to hold the longer number.

Signature and verification held by the buyer. The record is signed onto a tamper-evident chain, and the buyer holds the means to verify it independently. A record only the vendor can attest to is a record the vendor controls.

What the integrator owns.

For most regulated firms the agent does not arrive direct from a platform vendor. It arrives through a system integrator who assembles the platform, the tools, and the workflow into something that makes a decision. The integrator is where these clauses either get carried through or get dropped.

An integrator who treats the record as the buyer's problem ships a deployment that produces decisions and no evidence. An integrator who carries the five clauses into the build ships a deployment that is examinable on day one. The second integrator wins the renewal. The procurement language is what tells the two apart before the build starts.

The audit that never happens.

The payoff of getting the contract right is an audit that never becomes a project. The record exists, in the buyer's format, signed, retained for the full term, and portable. The examiner asks, and the answer is already on disk.

The firms that skip the clauses do not avoid the cost. They move it. The cost reappears as the eighteen-month reconstruction the examiner forces later, on logs that were never designed to carry the decision graph, from a vendor who may no longer be under contract. The spend is the same order of magnitude either way. The contract decides whether you pay it once, up front, as a term, or many times over, later, as remediation.

What we are building.

Wayfinder Systems Group builds the runtime layer that produces the record the contract should be requiring. It signs every decision and every learning event onto a tamper-evident chain at the moment it happens, in a format the buyer owns and can carry across a vendor change. The five clauses describe what a buyer should demand. The substrate is what makes a vendor able to deliver it. Patents held in The Wayfinder Trust. We call her Velma.