Know Your Agent: the next layer of compliance
If you ask most compliance teams who their customer is, they should be able to tell you instantly. Ask them who the agent transacting on behalf of their customer is — what model powers it, how it fails, what it’s authorized to do — and you will likely be met with silence.
Whether or not compliance teams are aware or prepared, autonomous actors are participating in the global economy today. Agents are buying concert tickets, executing stock trades, booking flights, and moving money on behalf of a human that may be thousands of miles away from the IP address placing the order.
The compliance frameworks built on top of today’s payment rails were written for a world where a human authorized every transaction, but the world is changing.
How will LLMs behave under pressure? What failures will surface as agentic commerce scales? Where does liability sit when the entity transacting isn't human? The honest answer is we don’t know, at least not fully. What we do have is a framework that’s worked for decades, and a starting point for how to extend it.
At Rain, our founding principle for scaling agentic commerce is simple: Know Your Agent is an extension of Know Your Customer. This isn’t theoretical; Rain is powering agentic commerce partners and use cases today, and our due diligence process is now based on this standard when onboarding partners that support agentic purchases for users.
What does the Know Your Agent process look like? Before we onboard an agentic program, we evaluate the LLM that’s powering it. We look at how that model tends to behave and where it fails. An Anthropic-powered agent does not act identically to an OpenAI-powered one, and the differences matter.
We also require the partner to explain the agentic use case and walk us through how the agents will actually operate — the number of cards needed, the typical spending pattern of the agent, and where we should expect activity to occur are all essential details. From there, we build an agent profile. This is a behavioral baseline of what we expect to see, so that when an agent deviates from it, unusual activity and fraud stand out.
Of course, the agent profile only matters if it stays anchored to a human. Agents are not onboarded as new, independent entities; they are extensions of the customer. Just like human actors, though, agents are not perfect. They have vulnerabilities, and they do act in ways that are somewhat independent.
Compliance and risk teams across the industry are going to have to reconcile with this, and it’s top of mind for us at Rain. "The agent did it" can't become a catch-all loophole for cardholders, and at the same time, the framework has to leave room for legitimate errors that aren't fraud.
One of the most challenging realities is that agentic commerce is, in many ways, fundamentally at odds with long-standing fraud controls. Rapid transaction patterns and purchases from many different IP addresses simultaneously are classic indicators of illicit activity. Both are also inherent to how agents operate.
We are adapting our transaction monitoring to be able to distinguish between sanctioned agent behavior and genuine fraud, and we layer in program-level controls to keep that distinction enforceable. This includes things like caps on active agent cards, on cards created per day, and on total agent spend per user. When something does slip though — and it will — the potential for loss is much higher, so our detection and reaction time needs to be immediate.
AI is changing how money moves, and compliance teams have to be willing to sit with the hard questions this reality presents. At Rain, we’re compelled by the technical innovation, and we’re leaning in to build the compliance infrastructure that has to come with it. We believe in our foundation, and we’re putting it to work.
