This document details the technical implementation of Guardrails and Security Controls within the TMX Agentic Finance ecosystem. As an institutional-grade financial solution, the system enforces a "Trust-But-Verify" architecture where AI agents are treated as untrusted entities until their actions are validated by deterministic code.
The security model is designed to align with ISO 27001 standards, ensuring that all financial operations, data handling, and external integrations are strictly governed by immutable policies, not probabilistic AI decisions.
The Guardrails Engine sits primarily within the Secure MCP Gateway and the Agent Core orchestration layer. It acts as a middleware interceptor that validates every input and output before it reaches sensitive systems (Core Banking, Blockchain) or the end-user.
Critical financial operations (e.g., transfers over a specific threshold, beneficiary creation) generate a "Proposal" state rather than immediate execution. The system pauses the workflow and requires explicit, out-of-band confirmation from the user (e.g., "I will send 100 USDC to Alice. Confirm?").
user_confirmed signal is received via the secure client channel.All Agent tool calls strictly adhere to rigid JSON Schema definitions defined at the MCP layer.
An automated middleware layer scans all incoming user messages and outgoing AI responses for Personally Identifiable Information (PII) such as SSNs, credit card numbers, or phone numbers .