All articles
May 4, 2026|5 min read

The Calibration Crisis: When Governance Swings Too Far

From SEC rollbacks to AI agent onboarding gaps, organizations face a new challenge: finding the right governance intensity for each risk domain.

C
Carlos Alvidrez
Share
The Calibration Crisis: When Governance Swings Too Far

Photo by Ries Bosch on Unsplash

The Pendulum Problem

After years of expanding compliance requirements, something unexpected is happening: regulators are pulling back. The SEC and CFTC's proposal to significantly reduce Form PF reporting requirements marks a shift that goes beyond simple deregulation. It signals a deeper recognition that governance intensity must match actual risk — not theoretical concerns.

This recalibration comes at a critical moment. While financial regulators ease reporting burdens for smaller investment advisers, other domains are discovering they've under-invested in governance infrastructure. The result? A fragmented landscape where some areas suffer from compliance overload while others operate with dangerous gaps.

The Over-Governed and the Under-Served

The contrast is stark. In traditional finance, we're seeing active rollbacks:

  • Form PF amendments explicitly aim to "eliminate and streamline" requirements for smaller advisers
  • The SEC is broadening co-investment relief, reducing friction in fund operations
  • Even tender offer timelines are shrinking from mandatory minimums

Meanwhile, emerging technologies operate in near-vacuum conditions. The AI agent onboarding crisis perfectly illustrates this imbalance. While human employees receive weeks of structured onboarding, AI agents — which can access the same systems and data — often deploy with minimal governance frameworks. By month two, a human employee operates autonomously with clear accountability structures. The AI agent? Still guessing at basic operational parameters.

This isn't just about technology lagging regulation. It's about fundamental miscalibration of where governance energy gets directed.

The Secondary Effects Problem

When governance intensity doesn't match risk reality, secondary effects multiply. Take the expanded Cuba sanctions regime. While the primary targets are clear, the "secondary risk" implications create compliance uncertainty that ripples through entirely unrelated business operations. Companies with no direct Cuba exposure must still invest in screening and monitoring systems — resources that could address more material risks.

Similarly, the FTC's action against Match and OkCupid over data sharing reveals how under-governed areas eventually explode into major enforcement actions. Millions of users' personal data — including geolocation and photos — allegedly shared without proper consent. The governance gap here wasn't about missing regulations; it was about misallocating compliance attention.

The Calibration Framework

Organizations need a new approach to governance calibration. The old model — apply maximum controls everywhere — no longer works. Instead, consider these calibration principles:

Risk Velocity Matching: Fast-moving risks (AI deployment, data flows) need real-time governance. Slow-moving risks (traditional investment structures) can handle periodic reporting.

Impact-Based Intensity: A small adviser's Form PF filing creates minimal systemic risk. An AI agent with production access creates immediate operational risk. Governance intensity should reflect this difference.

Enforcement Signal Monitoring: When regulators explicitly roll back requirements, it's a signal to reallocate resources. When new enforcement actions emerge (like the Match case), it signals under-governed territories.

The Integration Challenge

Perhaps the most telling insight comes from the enterprise architecture space. As one article notes, customer experience requires strategy, data, and technology to "work together." The same applies to governance calibration. You can't solve this with technology alone (self-healing tests that "don't solve the real problem") or policy alone (more disclosure requirements).

The credit rating agencies' ESG controversy demonstrates this perfectly. Twenty-three state AGs questioning whether ESG policies violate securities laws shows what happens when governance frameworks drift from their risk-based foundations. The agencies aren't wrong to consider ESG factors — but the calibration of how heavily to weight them remains contentious.

The Path Forward

The governance landscape is entering a recalibration phase. This isn't deregulation or re-regulation — it's about finding the right intensity for each domain. Organizations that recognize this shift can gain significant advantages:

  • Redirect resources from over-governed areas (where regulators are pulling back) to under-governed territories (where new risks emerge daily)
  • Build adaptive frameworks that can dial intensity up or down based on actual risk signals
  • Question legacy compliance investments that no longer match current risk profiles

The pendulum metaphor only goes so far. Real governance calibration isn't about swinging between extremes — it's about developing sensors precise enough to match controls to risks. As regulators themselves acknowledge through their rollbacks, maximum governance everywhere isn't just inefficient. It's ineffective.

The organizations that thrive in this new environment won't be those with the most controls or the fewest. They'll be those with the best calibration — applying exactly the right amount of governance pressure to each risk point. In a world where AI agents need more oversight while investment advisers need less, that calibration capability becomes the core competency.

Sources

All articles
Share