Ask most teams to sketch their generative AI architecture and they draw a straight line: User → Chatbot → LLM. That topology is correct for a consumer product, where the cost of a wrong answer is a bad recipe or an awkward paragraph. In a regulated bank, the same line rarely survives the first serious architecture, security, or compliance review — because the missing component in that diagram is precisely the one an examiner will ask about.
This article describes the component that belongs between the user and the model, why it is an architectural layer rather than a feature, and how to operate it in production.
The enterprise challenge
In a bank, every interaction with a customer-facing or employee-facing assistant is a potential regulatory event: a recommendation, a disclosure, a data access, or an input to a decision that touches money, eligibility, or risk. The direct User → Chatbot → LLM path treats each of those interactions the way a consumer chatbot treats a trivia question — as text to be answered fluently — which is a mismatch between the risk profile of the workflow and the architecture supporting it.
The consequence is not usually a dramatic failure. It is a plausible, well-phrased answer that becomes a decision no one can later defend. The model was not trained on the bank's policies, cannot see the customer's regulatory context, and has no obligation to stop when it is uncertain. In production, "the model generated a good answer" and "the institution can prove the decision followed policy" are two different claims, and only the second is deployable at scale. Closing that gap is an architecture problem, not a prompt-tuning problem.
A practical banking scenario
Consider a relationship manager working through an assistant embedded in the bank's internal tools. They ask: "This client's onboarding documents are 90% complete and they're a returning customer from three years ago — can we proceed and complete KYC after account activation?"
Reasoning from the language of the question alone, a capable general-purpose model may lean toward a helpful "yes — as a returning customer, you can likely proceed and finish verification shortly after." It sounds like reasonable customer service. It is also wrong: the bank's KYC policy requires completed verification before activation, with no exception for returning customers, and the model has no independent way to know that.
In a governed architecture, this is where the Decision Assurance Layer intervenes. It recognizes that the request touches a KYC policy boundary, blocks the shortcut before the model's fluent-but-incorrect answer reaches the relationship manager, states the applicable policy, and attaches the evidence — which policy clause, which regulatory basis — for why the answer is "no." The relationship manager receives a clear, defensible answer instead of a guess, and the interaction is recorded for audit before anyone acts on it. Nothing about this required a "better" model; it required a layer that knows the bank's policy and enforces it regardless of what the model produces. The same pattern recurs across beneficiary addition, card blocking, dispute handling, AML alert triage, and credit-recommendation support: the model proposes, and the layer decides whether that proposal may become an action.
Enterprise architecture
The architectural principle behind this pattern has a name.
Decision Assurance is the discipline of ensuring AI-influenced decisions are policy-aligned, evidence-backed, auditable, and replayable before they affect enterprise operations.
The Decision Assurance Layer is the architectural realization of that discipline — the component that sits between users, the model, and core systems and applies the discipline to every interaction. Some teams informally call this a "control layer"; we use Decision Assurance Layer because the point is not to control the model but to assure the decision.
Business User / Customer
│
▼
Decision Assurance Layer
├─ Policy Guardrails
├─ Regulatory Intelligence
├─ Evidence Engine
├─ Decision Governance
├─ Human Escalation
└─ Audit Ledger
│
▼
Enterprise LLM
│
▼
Core Banking Systems
Each capability maps to a question a regulator, auditor, or internal risk committee will eventually ask:
- Policy Guardrails — enforce the bank's actual rules on every request and response, not the model's general training.
- Regulatory Intelligence — resolve which regulatory and internal obligations apply to the specific interaction and its context.
- Evidence Engine — assemble the policy clauses, data, and regulatory basis behind each allow, modify, escalate, or block decision.
- Decision Governance — determine whether a model proposal may proceed, must be changed, requires a human, or must be stopped.
- Human Escalation — route uncertain or high-impact cases to an accountable person instead of guessing.
- Audit Ledger — retain a durable, replayable record so a decision can be reconstructed months later.
Removing any one of these does not make the system simpler; it moves the unanswered question to an incident review, where the answer is far more expensive. The layer is model-agnostic by design: it governs whichever enterprise LLM the bank selects, and the model can be upgraded or replaced without renegotiating the institution's governance posture.
Operational considerations
An architecture diagram earns enterprise credibility only when it can be owned, integrated, and operated. The considerations below are where that credibility is won.
- Ownership and accountability. The layer is a shared asset: risk and compliance own the policies and evidence standards it enforces, while the CTO's organization owns the platform, its integrations, and its reliability. Naming these owners before a pilot avoids the common failure where governance is "everyone's job" and therefore no one's.
- Integration with existing banking systems. The layer must sit inline between the assistant channels and the systems of record — core banking, KYC/AML, CRM, and case management — reading policy and customer context from authoritative sources rather than duplicating them. It intercepts proposals before they become transactions.
- Human approval thresholds. Define, per workflow, what proceeds automatically, what requires human review, and what is blocked outright. Thresholds should be expressed as policy the layer enforces, not as tribal knowledge, and should tighten for higher-impact actions such as fund movement or eligibility decisions.
- Audit and evidence capture at decision time. Evidence must be captured at the moment of the decision, not reconstructed afterward. Each governed interaction records the request, the model's proposal, the applicable policy, the data consulted, the outcome, and any human involvement — a package an examiner can review without engineering support.
- Rollout strategy (pilot → production). Start with a bounded, high-value workflow in shadow or advisory mode, measure how often the layer would have intervened and whether those interventions were correct, then move to enforcing mode, and only then expand to adjacent workflows on the same layer rather than rebuilding governance per use case.
- Monitoring and operational metrics. Operate the layer against a small set of durable signals: exception rate (share of interactions the layer blocks or escalates, and its trend), escalation SLA (time to route and resolve human-in-the-loop cases), and audit completeness (share of governed decisions with a full, replayable evidence trail). These, not model benchmark scores, are what tell risk committees the system is behaving.
Key takeaways
- The consumer
User → Chatbot → LLMtopology is the wrong reference architecture for regulated banking; the decisive design question is what sits between the user and the model. - Decision Assurance — policy-aligned, evidence-backed, auditable, and replayable decisions — is a discipline, and the Decision Assurance Layer is its architectural realization.
- The value comes from the layer knowing and enforcing the bank's policy, not from a better model; the layer is model-agnostic and the LLM stays replaceable.
- Enterprise credibility is earned in operations: clear ownership, inline integration, explicit approval thresholds, evidence captured at decision time, and phased rollout with meaningful metrics.
- Enterprise AI is not about generating answers; it is about governing decisions — and that is what a Decision Assurance Layer exists to do.
Further reading
- Why AI Governance Is Becoming Essential for Banks
- AI Guardrails for Customer-Facing Banking Assistants (Coming soon)
Organizations implement this architecture in different ways. hAIniel is Scientia's enterprise AI governance platform that implements these capabilities, including policy guardrails, decision assurance, evidence-backed reasoning, and auditability.
