FactSet and Google Cloud put finance agent audit trails at the center of KYA
The FactSet and Google Cloud partnership is not a Know Your Agent rule. It is still a strong market signal: when financial AI agents move from sourced research into portfolio operations, deal advisory, and corporate-finance workflows, the control question becomes whether every agent action is attributable, permissioned, observable, and defensible.
Daily signal: FactSet announced a strategic partnership with Google Cloud to build AI-powered financial intelligence, including FactSet data inside Gemini Enterprise through MCP and agent-sharing functionality, plus jointly developed agents for portfolio operations, deal advisory, and corporate finance. KYA implication: "fully sourced, auditable, and defensible" outputs need a practical evidence file for the agent, the operator, the data boundary, the tool call, the human intervention point, and the record-retention obligation.
Why this matters for KYA
Financial AI agents are crossing an important boundary. A research assistant that summarizes a filing creates one kind of record. A finance agent that calls MCP servers, uses proprietary data, shares context with another enterprise agent, drafts an investment workflow, updates a portfolio-operations task, or routes a deal-advisory step creates a different compliance problem. The institution must prove not only that the answer was sourced, but also which agent produced it, what data it used, what tools it called, which permissions constrained it, and whether a human approved any high-impact action.
Google Cloud's Gemini Enterprise materials make the KYA control stack more concrete. Agent Registry catalogs agents and custom MCP servers. Agent Identity gives agents granular permissions. Agent Gateway is described as a policy enforcement point for tool calls, authentication, and security policies. Observability provides metrics and traces. July 2026 release notes also added managed organization policy constraints for data connectors and regional support for Japan, the UK, India, and Singapore. For regulated finance, those pieces map directly to operator identity, mandate, tool access, audit trail, security, and jurisdiction fit.
Screenshot-ready KYA compliance comparison table
| KYA dimension | Weak finance-agent posture | Production-grade KYA posture | Evidence reviewers should expect |
|---|---|---|---|
| Operator identity | The user sees a branded finance assistant, but records do not separate the financial-data provider, cloud platform, model, MCP server, agent runtime, deployment owner, and accountable regulated firm. | Every finance agent has a stable identity tied to the legal operator, client environment, runtime, model version, MCP server inventory, data provider, and accountable business owner. | Agent ID, Agent Registry record, SPIFFE or fallback identity, regulated entity, data provider, cloud region, model/runtime version, owner, deployment date, change log, deactivation record. |
| Agent mandate | The agent is described broadly as research, productivity, or workflow automation, even when it can move into portfolio operations, corporate-finance tasks, or deal-advisory workflows. | The mandate separates research, retrieval, synthesis, recommendation, workflow drafting, workflow execution, portfolio operation, external communication, and escalation. | Mandate version, allowed use cases, prohibited actions, portfolio or deal scope, human-review threshold, approval role, customer or desk authorization, expiration, revocation record. |
| Wallet and custody | Capital movement and custody are treated as outside the AI layer, so the agent record does not show whether outputs can influence trades, payments, settlement, treasury, or account instructions. | The KYA file states whether the agent can only inform a human decision or can initiate, draft, approve, route, or execute money movement through downstream systems. | Trading or payment authority class, account scope, settlement-system link, treasury workflow link, custody boundary, order or payment pre-approval, value limit, exception and dispute path. |
| Tool and venue access | MCP servers, enterprise search, proprietary datasets, third-party connectors, and workflow tools are added as productivity integrations without a risk-tier map. | Tools are classified by read, retrieve, enrich, recommend, draft, execute, export, and share, with allow and deny rules enforced through a gateway or equivalent control point. | MCP server inventory, data-source allowlist, egress FQDN policy, tool-call permissions, connector scope, external-sharing rule, blocked action log, policy decision, venue or dataset eligibility. |
| Audit trail | The output includes citations, but the firm cannot reconstruct the full run, data snapshot, prompt context, model version, MCP call path, policy decision, and human intervention. | The audit trail links the user, agent, task, data source, retrieved records, tool calls, model output, citation set, approval event, final workflow action, and retention rule. | Run ID, prompt/context hash, data snapshot, source citations, MCP call log, policy decision, trace span, output version, approver ID, workflow action ID, retention and legal-hold status. |
| Security and abuse | Trust is inferred from the vendor relationship, popularity of MCP tools, or enterprise authentication, with limited inspection for prompt injection, tool poisoning, data exfiltration, or overbroad egress. | The agent uses least privilege, connector restrictions, egress controls, threat scanning, prompt and tool inspection, anomaly monitoring, incident response, and rapid revocation. | Authentication result, permission review, connector policy, egress policy, threat finding, prompt/tool alert, anomaly event, blocked call, revocation record, incident ticket, remediation evidence. |
| Jurisdiction fit | The same agent path is used across markets without mapping securities supervision, recordkeeping, data residency, outsourcing, AI governance, privacy, and client-data restrictions. | The agent checks jurisdiction, client segment, regulated activity, data location, model-processing region, record-retention period, outsourcing chain, and supervisory obligation before use. | Jurisdiction matrix, data residency setting, ML processing region, regulated-activity assessment, outsourcing record, FINRA or local-rule mapping, privacy review, retention schedule, complaint route. |
The compliance lesson
The phrase "auditable AI" is not enough for regulated finance. A cited answer can still be weak evidence if the organization cannot show the exact agent identity, data boundary, MCP call, permission rule, and human intervention step behind it. In securities, wealth, private markets, and corporate finance, the audit file must connect source quality with operational authority.
The FactSet and Google Cloud signal is important because it joins three layers that KYA teams usually review separately: trusted financial data, enterprise agent governance, and workflow automation. Once those layers converge, a finance agent becomes a controlled actor inside the institution. KYA is the file that proves what that actor was allowed to do.
Practical KYA checklist
- Create an agent inventory entry for every finance agent and every custom MCP server connected to the agent environment.
- Classify whether each agent is research-only, recommendation-capable, workflow-drafting, workflow-executing, or value-moving.
- Bind every agent run to a source set, data boundary, connector policy, tool-call log, model/runtime version, and approval event.
- Use allowlists and deny rules for data connectors, MCP servers, egress destinations, client records, and external-sharing paths.
- Require human approval for portfolio actions, client-impacting communications, deal-advisory outputs, account changes, payments, trades, and unresolved policy exceptions.
- State the caveat clearly: this is a partnership and enterprise-governance signal, not formal adoption of Know Your Agent by FactSet, Google Cloud, FINRA, or any exchange.
Bottom line
Finance agents will not be judged only by whether their answers have citations. They will be judged by whether a reviewer can reconstruct who controlled the agent, what mandate applied, which data and tools were available, how policy was enforced, when a human intervened, where records were retained, and whether the workflow fit the jurisdiction. That is the KYA audit file.
Sources reviewed: FactSet, "FactSet Announces Strategic Partnership with Google Cloud to Bring Advanced AI to Financial Intelligence" (July 2026); Google Cloud Gemini Enterprise Agent Platform documentation; Google Cloud Gemini Enterprise release notes (June 24-July 7, 2026); TechInformed, "FactSet-Google Cloud deal tests audit trails for finance AI agents" (July 8, 2026). These are product, platform, and market-structure signals, not formal regulatory adoption of Know Your Agent.