IMDA’s Model AI Governance Framework for Agentic AI v1.5, published 20 May 2026, names a problem most enterprise governance programs have not yet absorbed: when agents chain, accountability diffuses. Here is what that means in practice — and why the proportionality logic underpinning MAS and IMDA’s joint trajectory needs to extend into multi-agent workflows immediately.

Single-agent governance is largely a solved problem. The architecture is the same one most regulated financial institutions already operate. A risk-tiered review process. Model documentation aligned to the proportionality clause. Human-in-the-loop checkpoints at high-stakes decisions. Audit trails for individual model outputs. The system works because every AI action is traceable to a single model, and behind that model, a single accountable owner.

The current frontier is not single-agent AI. It is Agentic AI — systems where one agent invokes the tools of another, where orchestrators coordinate sub-agents, where third-party agents are introduced through emerging protocols like Model Context Protocol. IMDA’s v1.5 framework names this evolution directly: “Compared to generative AI, AI agents can take actions, adapt to new information, and interact with other agents and systems to complete tasks on behalf of humans.”

The governance question that follows is not technical. It is structural:

when an action takes place at the end of a chain involving multiple agents, multiple platforms, and multiple human actors at different points in the value chain, who is accountable?

IMDA’s framework calls this the accountability diffusion problem. Most Centres of Excellence have not yet noticed they have it.

TRIZ Frame — Inventive Principle #3: Local Quality

TRIZ Inventive Principle #3 — Local Quality, instructs the designer to make each part of an object operate under conditions optimal for its specific function, rather than under uniform conditions. Applied to agentic AI governance, the implication is direct: accountability is not uniform across an agent chain.

In a chained workflow, five distinct accountabilities operate at five different links:

The platform provider

the LLM vendor, the orchestration framework, the agent-as-a-service vendor — is accountable for model behaviour, alignment evaluation, and documentation of known failure modes. This is the layer where MAS FEAT principles and IMDA Trusted AI guidance land most directly.

The system integrator

the team building the chained workflow itself — is accountable for what tools each agent can invoke, how context is managed between agents, what permissions cascade through the chain, and what change-management process governs upgrades to any link in the chain.

The prompt designer

is accountable for how each agent’s instructions translate to actions, including reactions to adversarial or malformed inputs. This is increasingly a security discipline, not a content discipline.

The workflow owner

the business function deploying the agent system — is accountable for whether the chain’s outputs are appropriate for the business decision they influence. This is the layer the IMDA framework most clearly addresses in section 2.2.

The end-user

is accountable for how they invoke and validate the agent’s work. Here automation bias becomes the dominant risk. The IMDA framework names this explicitly: “human-in-the-loop has to be adapted to address automation bias, which has become a bigger concern with increasingly capable agents.”

Each role carries a different local quality requirement. Each accountability gap creates a different failure mode. Uniform agentic governance that treats the chain as a single accountable system is structurally incoherent.

This is what IMDA’s framework, particularly section 2.2.1 of v1.5, asks organisations to map explicitly. Most CoE governance documents do not currently support this mapping.

Three Implications for Regulated Financial Services

First: The MAS proportionality logic must extend into the agent chain — proportionality applies to each step, not to the workflow as a whole. A multi-agent workflow that includes both a low-risk summarisation step and a high-risk decision step cannot inherit a single tier classification. The chain has a *risk profile*, not a tier. The MAS November 2025 *Consultation Paper on AI Risk Management for Financial Institutions* anchors proportionality firmly to single-model deployments. Applied naively to agentic AI, the proportionality clause produces incoherent classifications: either over-restricting the low-risk summarisation step (because the whole chain inherits the high-risk decisioning tier) or under-scrutinising the high-risk decisioning step (because the chain entry-point looks like a copilot use case). The fix is structural: tier the chain step-by-step, not the workflow as a whole. The institutional discipline required to do this is harder than it sounds. Most existing AI inventories cannot even *represent* a multi-agent chain in a single record.

Second: Vendor governance must absorb agent provenance, not just model provenance. A traditional AI vendor governance review asks: which model is being used, what is its training-data lineage, what audit reports are available, what is the change-management process. An agentic workflow vendor governance review must additionally ask: which agents are in the chain, which tools can each agent invoke, what is the least-privilege baseline for each agent, who provides each agent (vendor, platform, in-house), and what is the change-management process when any agent in the chain is updated independently. The IMDA v1.5 framework adds explicit guidance on the distinction between platform providers and system providers in the agentic value chain — and that distinction is the load-bearing one for vendor governance. Procurement functions that have not yet absorbed this distinction are signing contracts they cannot accurately assess. The first sign of this gap: a vendor risk assessment that names a foundation-model provider but does not name the orchestration layer, the agent registry, or the tool-permissioning infrastructure as separate vendor entities.

Third: Human-in-the-loop must be redesigned around automation bias, not around oversight theatre. The IMDA framework names this directly. Most existing HITL designs in regulated AI assume the human reviewer will catch errors when prompted to review an output. Empirically, this fails — particularly when reviewers face high volume, time pressure, or repeated near-identical outputs. The framework recommends monitoring *override rates and response times* as the indicator that HITL is functioning. A CoE that cannot produce these metrics for its current HITL checkpoints does not have functioning oversight — regardless of what the documentation says. The discipline is operational, not architectural: instrument the override rate, alert when it drops below a threshold, treat low override rate as the failure signal rather than the success signal. Most internal dashboards for AI governance currently report the inverse.

What’s Worth Doing Tomorrow

For any CoE leader reading this with an agentic AI initiative either in production or in the pipeline, three actions are worth taking before the next governance review:

Map the agent chain. For each workflow involving more than one agent, draw the chain on a single page. Mark which platform provides each agent, which tools each agent can invoke, what data each agent can access, and who the business owner is at each link. If the chain cannot fit on a single page, that is the first finding — the chain is more complex than the governance documentation acknowledges.

Identify the diffusion points. For each link in the chain, ask: if this step caused material harm, who is the specific named human accountable? The answer should not be “the project sponsor.” That is decorative governance. The answer should be a specific role with a specific decision authority who can demonstrate, in writing, what they signed off on. Where the answer is unclear or shared across multiple roles, that is a diffusion point — and it requires explicit re-allocation, not implicit assumption.

Test the human-in-the-loop. For any HITL checkpoint in your agentic workflows, pull the override rate and response time data for the last 90 days. If you cannot pull it, the HITL is decorative. If you can pull it and the override rate is zero, the HITL is decorative. If the response time is consistently below the time required to actually review the artefact, the HITL is decorative. The fix is not adding more reviewers. It is redesigning the checkpoint so the reviewer’s role is one they can actually perform.

A Living Document Asks for Living Work

The IMDA v1.5 framework names itself as a living document. The expectation is that it will evolve as the technology evolves. The work the framework asks of organisations is also living. The CoE that builds an agent governance architecture aligned to v1.5 *now* is the CoE that does not need to redesign it when v1.6 lands. The CoE that waits for v2.0 is the CoE that will discover the gap during a regulatory examination, not before it.

The accountability diffusion problem is not solved by writing a longer governance document. It is solved by mapping the chain, naming the responsible humans at each link, and instrumenting the oversight that has to remain functional as the chain extends.

Which step in your most consequential agentic workflow currently has no named accountable owner?

This essay accompanies the Agent Chain Accountability Prompt Kit— four prompts to run the accountability-diffusion audit against your own chained agentic AI workflows.

Download it alongside this essay on Regulated Intelligence.

Regulated Intelligence · TRIZ × AI · Regulated Markets

*Source: IMDA Model AI Governance Framework for Agentic AI v1.5, published 20 May 2026, available at imda.gov.sg