🛟 AI can now move capital without permission

👋 Welcome, thank you for joining us here :)

From New York to Sydney, AI Check In delivers sharp, globally relevant intelligence on AI governance, financial risk and capital automation. It’s already briefing strategy, risk, and compliance leaders at the world’s most influential banks, including JPMorgan, Citi, and Bank of America.

What to expect this edition:

• 🛟 Need to Know: When money moves itself

• 🥷 Deep Dive: Designing guardrails for programmable money

• ⚔️ Vendor Spotlight: Singapore’s Monetary Authority (MAS) and DBS Bank

• 🔭 Trends to Watch: From logic to policy

Rewrite the rules. Outmaneuver competitors. Stay two steps ahead of regulators.

Let the games begin.

Cheat Sheet: Programmable Money

It’s not quite fiat. It’s not blockchain either.

This is programmable money—digitized bank deposits that behave like cash under code. It remains fiat-redeemable, is not issued by central banks, and does not expand the monetary base. What’s new is not the currency itself, but the rules and agents that govern its movement.

When AI systems are given the authority to initiate, redirect, or condition that movement, programmable money becomes something more: agentic capital. It moves based on logic, not human instruction. Treasury bots, smart settlement triggers, ESG enforcers. Once embedded, they cross a threshold most banks have not yet mapped. This is money that acts without asking.

And it’s already live inside major banks.

🛟 Need to Know: When Money Moves Itself

Programmable money is already reshaping capital flows inside major banks. JPMorgan’s JPM Coin, Citi Token Services, HSBC’s Orion, and MAS’s Project Guardian are live, enabling real-time transfers using tokenized deposits and embedded logic. AI agents within treasury and liquidity functions are increasingly initiating these flows without human intervention.

This is delegated authority at velocity. Boards must ask: who writes the logic that moves money? Who approves capital shifting without a human in the loop?

The OCC requires tokenized systems to prove auditability and control over settlement finality. The SEC’s proposed custody rule may soon pull programmable assets under expanded investment adviser oversight. The FDIC and OCC continue to signal the need for ledger integrity and governance over agent-triggered deposits. Meanwhile, the Federal Reserve’s Novel Activities supervision program now includes AI-linked tokenization flows. The Basel Committee has flagged operational risk in autonomous flows. The ECB and the Federal Reserve have both emphasized traceability and override mechanisms when AI influences value transfer.

While FedNow offers speed and finality, it lacks the embedded logic and conditional execution of programmable money. U.S. banks must evaluate when each rail fits the task or risks becoming dependent on outdated infrastructure.

The systems are operational. The scrutiny has begun. The advantage, if claimed early, is governance leverage.

🥊 Your Move:

• Request a current inventory of all AI models and smart contracts authorized to move capital.

• Ensure your risk framework covers audit logs, reversibility, and override mechanisms for programmable flows.

• Put AI-triggered transfers on the 2025 board risk agenda before regulators insist.

🥷 Deep Dive: Designing Guardrails for Programmable Money

From Flows to Triggers

Programmable money enables execution of conditional financial transfers using tokenized deposits and embedded logic. These systems operate in real-time and are increasingly integrated with internal AI agents that monitor treasury and liquidity conditions to initiate or redirect capital flows without direct human involvement.

JPMorgan’s Onyx platform, now partially commercialized through its client-facing unit Kinexys, processes over $1 billion in intra-day tokenized transactions using JPM Coin. The bank reports an 80% reduction in average settlement time for institutional payments using this programmable infrastructure. Internal agents track liquidity needs and execute transfers based on logic corridors that are pre-approved by compliance. In some corridors, up to 60% of institutional payments are executed end-to-end without manual intervention, under tightly scoped logic sets.

These flows occur within closed-loop environments and are recorded through real-time audit logging. JPMorgan also reported a 94% improvement in short-term cash forecasting accuracy when pairing programmable payment rails with AI-driven liquidity agents.

Citi Token Services similarly enables programmable transfers, with agents operating under strict execution boundaries defined during implementation.

Role-Based Execution Control

To reduce risk, banks like JPMorgan and Citi categorize agents by role. This includes observers to collect data, recommenders to propose action, and executors to initiate transfers.

Execution rights are strictly limited to agents operating under approved logic sets. Deviation from expected behavior triggers real-time alerts and escalations. Supervisory dashboards track all agent actions, with human-in-the-loop checkpoints at key thresholds.

Dollar limits are a standard control. Transactions above certain values, or those crossing jurisdictional boundaries, are either delayed or escalated for human review. In some institutions, biometric or multi-factor identity verification is required before releasing funds that have been queued by agents.

Threat Modeling and Internal Testing

Recognizing that programmable logic can be exploited, several banks have begun red-teaming their agentic systems. These exercises simulate adversarial behavior, such as logic manipulation or input spoofing, to determine if agents can be coerced into executing transfers that violate internal risk logic.

One large U.S. institution has developed a scenario-based testing framework that includes corrupted data inputs, anomalous transaction volumes, and inter-agent communication failures. These tests are reviewed quarterly and feed directly into agent retraining or system hardening.

Registry Management and Attribution

Live registries are now emerging as a governance best practice. Banks are compiling detailed records of all AI agents authorized to touch capital. This includes their assigned role, logic scope, execution authority, last audit date, and associated risk classification. These registries are overseen by AI governance or model risk teams and are used during incident reviews or audits.

In multi-agent ecosystems, traceability becomes essential. Some institutions now require that each action in a chain (e.g., observation, recommendation, execution) be attributed not only to a human approver but also to a unique agent identifier. These identifiers function like KYC for AI, ensuring that every logic-triggered transfer has an accountable digital fingerprint.

Logic Limits and Override Mechanisms

Leading banks are building layered fail-safes around agentic execution. These include:

• Predefined thresholds beyond which agents must pause for review.

• Time-delay locks on high-risk logic executions.

• Segregation of duties between agents and traditional control systems.

• Emergency override channels embedded in the smart contract layer.

Many programmable systems remain siloed, facing friction when connecting to legacy rails like SWIFT or Fedwire, underscoring the need for dual-path strategies.

These controls are not mandated by current U.S. regulations, but they align with emerging supervisory guidance. The OCC, FDIC, and Federal Reserve have all raised concerns around agent-triggered deposits, traceability, and systemic risk. The SEC’s custody rule proposal also introduces new governance expectations for tokenized instruments under investment adviser management.

Strategic Implications

The architecture is growing more complex, not less. Agentic programmable money is already being tested in areas beyond treasury, such as ESG-triggered disbursements, cross-border trade finance, and smart contract–linked insurance payouts. These are high-value use cases with high governance risk.

Institutions operating in New York must also factor in state-level controls such as BitLicense, which may impose additional oversight on tokenized flows.

Integration costs remain a friction point. Treasury systems may require significant retrofitting to accommodate logic-based execution, making governance and ROI clarity critical for any rollout.

There is no formal regulatory framework yet in the U.S. for agent-triggered capital flows. That window will close. For now, governance is a strategic weapon: the institution that best defines, limits, and monitors agentic authority will hold the high ground.

🥊 Your Move:

• Define and document agent roles (observer, recommender, executor) and their associated transaction authority.

• Implement audit logs, dollar thresholds, and delayed-execution protocols to manage autonomous transfers, and run quarterly red-teaming exercises to simulate agent failure, manipulation, or policy breach.

• Create an internal registry of AI agents with capital access, including their logic boundaries, last audit, and override conditions.

⚔️ Vendor Spotlight: MAS and DBS

Singapore’s Monetary Authority (MAS) and DBS Bank are pushing programmable money from concept to infrastructure. MAS’s Project Guardian is one of the most advanced public-private initiatives to test tokenized assets and autonomous settlement within regulated guardrails.

Under Project Guardian, DBS has run live pilots where smart contracts automatically trigger payments linked to digital bond settlement. Unlike most U.S. deployments, these pilots embed compliance logic—such as whitelisted counterparties and ESG thresholds—directly into the token.

JPMorgan, under its Kinexys brand, played a leading role in Project Guardian alongside Apollo. The collaboration piloted tokenized portfolio construction and rebalancing, using public and permissioned blockchains with verifiable credentials for DeFi infrastructure. The Apollo pilot alone demonstrated up to 0.24% return improvement by eliminating idle capital. These programs show how programmable tokens can enforce investment policy in real time—across jurisdictions, chains, and risk appetites.

DBS emphasizes institutional-grade governance: pre-approved logic sets, internal agent registries, and time-locked contract execution. Their framework isolates each token’s logic and enforces multi-party authentication for token movement.

MAS requires transaction logs to be both auditable and reversible. Singapore’s emphasis on programmable compliance contrasts with the U.S. guidance-based approach, where reversibility and auditability are encouraged but not yet mandated by regulation.

This is not a sandbox. This is production-grade experimentation.

🥊 Your Move:

• Study MAS’s Project Guardian disclosures for governance mechanisms applied at protocol level.

• Compare U.S. compliance frameworks to DBS’s programmable token controls.

• Pressure-test your institution’s readiness for logic-based compliance across cross-border flows.

🔭 Trends to Watch: Where the Edge is Moving

While most programmable money pilots still focus on treasury operations and settlement efficiency, early signs point toward a new horizon—where embedded logic enforces environmental, social, and governance (ESG) rules directly within capital flows.

In Japan, MUFG has tested tokenized carbon credit settlement using a yen-backed stablecoin via its Progmat platform, in collaboration with KlimaDAO. Singapore’s MAS is piloting logic that blocks transfers to non-compliant counterparties.

Meanwhile, Swiss regulators are evaluating programmable settlement layers that enforce AML and sustainability rules at the protocol level.

JPMorgan’s launch of Kinexys signals a similar shift in the U.S., extending programmable money from internal operations to client-facing infrastructure. Its initial pilot reached production in under six months, setting a benchmark for deployment speed and compliance alignment.

This is more than smart contracts. It is programmable compliance, where logic enforces values before regulators do.

While many of these tokenized instruments run on blockchain infrastructure, not all do. What defines them is the embedded logic, not decentralization. Supply remains controlled by the issuer, often under traditional securities rules.

🥊 Your Move:

• Track MAS’s Project Guardian governance disclosures for early policy signals.

• Evaluate feasibility of embedding ESG and AML conditions into tokenized or programmable coin products.

• Assign ownership of programmable compliance to a cross-functional team spanning legal, treasury, and tech.

🔮 Next Week

We explore how AI is reshaping anti-money laundering (AML) from cost center to strategic asset.

Most banks still rely on humans to catch criminals. Leading ones are training machines. Regulators are signalling softer enforcement but demanding sharper results.

Smart institutions are using AI to outpace both criminals and compliance laggards, reducing risk while gaining ground on peers still anchored to manual reviews and minimum standards.

Yours,

Disclaimer

This newsletter is for informational and educational purposes only and should not be considered financial, legal, or investment advice. Some content may include satire or strategic perspectives, which are not intended as actionable guidance. Readers should always consult a qualified professional before making decisions based on the material presented.