A foundational framework
For evaluating any system in the family office technology stack.
The Architecture · Spring 2026
Part 2 of 3. Also in the series: What Every Family Office AI Vendor Is Leaving Out and Eleven Questions for Every Family Office AI Vendor.
A family office runs on a stack of tools. Until recently, those tools sat in layers. Accounting fed reporting. Reporting fed the principal's view. Documents lived in a repository the people read from. Data moved up and down through known interfaces, and a human in the middle decided when, why, and on whose authority.
That architecture is changing. The Model Context Protocol — MCP — allows tools and AI agents to call each other directly, without a human in the middle. The stack is becoming a graph: any tool can invoke any other tool, any agent can invoke any other agent, and the action happens at machine speed. This is not a forecast. It is the architecture every vendor in the family office stack is moving toward this year.
In a layered stack, governance could sit above accounting and reporting. In a graph stack, governance can only do its job if it is the protocol every cross-tool call runs through. The principles below describe what that protocol contains, what it accepts, and what it produces. They apply to a human delegate, a single AI agent, and a network of agents calling each other through MCP — equally and identically.
See also What Every Family Office AI Vendor Is Leaving Out — these principles applied to the May 2026 family office AI market. Three buckets of vendor claims, sorted by which architectural propositions they meet and which they fail. →Group I
What the governance layer is built around, and where authority comes from.
Principle 01
The trusts, entities, governing instruments, beneficiary classes, and fiduciary roles are how the governance layer is organized within the stack. The governance layer is not a database that stores records about them.
Principle 02
Who can act, on what, and under what conditions is read from the governing document. A name in a field is not authority.
Principle 03
The trust agreement, the operating agreement, the partnership document, and their amendments are read by the governance layer. Their provisions are visible to every action that depends on them.
Principle 04
What a person or agent can see, edit, or approve flows from the authority the instrument creates. Permissions are not configured separately and cannot drift from the legal reality.
Group II
What the governance layer carries forward and what it identifies.
Principle 05
Required notices, mandatory distributions, termination conditions, and reporting deadlines are tracked forward. The governance layer surfaces them when they are due and shows when they have been satisfied.
Principle 06
People, agents, integrations, MCP connections, and AI tools are named and have defined authority. An action without a known, authorized actor is not accepted by the governance layer.
Principle 07
The reasoning behind exceptions, the history of prior decisions, and the family-specific patterns attach to the trust, the provision, or the beneficiary they pertain to. They surface when the situation recurs and remain when the person who knew them leaves.
Group III
The fiduciary record itself — what it is, when it is built, and how it withstands review.
Principle 08
Books are the numeric ledger — transactions, balances, statements. Records are the written account — decisions, authority, reasoning. When the books are questioned, the records answer. When the records are questioned, the books confirm execution. Neither is the system of record on its own.
Principle 09
At the moment the action happens, the governance layer captures who acted, what they acted on, what authority they used, and what reasoning supported it. The record is built then, not assembled later.
Principle 10
The governance layer produces a record built for and capable of withstanding independent review without manual preparation. Login histories and edit logs were the prior standard; they required staff to assemble audit binders when review came. The record now is structured for review the moment the action happens.
Principle 11
Books are the financial result. Records are the decisions, the authority behind them, and the reasoning that supported them. The law of trusts, partnerships, and operating agreements treats them as parts of one fiduciary record — not as separate systems run by separate vendors.
Principle 12
A decision recorded today, executed tomorrow, reflected in financial statements next quarter, and surfaced in tax reporting eighteen months later is one record, not four. The stack links each artifact to the decision that produced it, regardless of when in the calendar it appears.
A note on the books-and-records problem
Trust agreements, operating agreements, and partnership agreements have included "books and records" provisions for as long as those instruments have existed. The phrase is a term of art, not a marketing category.
What CRM and ERP marketing has done over the last twenty-five years is split them apart. The CRM holds the softer records — correspondence, notes. The ERP holds the harder records — transactions, statements. Document management holds the legal records — PDFs of agreements. Each vendor sells its slice as "the system of record."
None of them holds books and records as the law conceives them, because none of them holds the full chain from decision to execution to financial result to tax reporting. Recovering that chain as one governed record is the work of the governance layer.
Group IV
How the stack stays governed when tools call each other, and when people come and go.
Principle 13
When one tool invokes another, or one agent invokes another through MCP, the call passes through the governance layer in the moment, and its lineage stays linked to the authority that made it lawful. Agents do not call each other directly without that mediation. If they can, the stack is not governed.
Principle 14
A trustee resignation, a CFO departure, or a generational handoff does not require reconstruction. The stack carries the office's institutional knowledge through the transition. The successor inherits the architecture.
Group V
How agents act, who is accountable, and how the chain stays auditable.
Principle 15
An agent acting on family wealth is bound by the same authority and instrument rules that bind a human. The agent cannot invoke a tool, query a data source, or chain a call through MCP without that call being mediated. The user interface is not the boundary. The governance layer is.
Principle 16
Every action the agent takes is taken under the authority of the human who confirmed it. The record reads "the trustee authorized this wire, with the agent preparing the recommendation, and the trustee confirming" — not "the agent authorized the wire." Fiduciary delegation runs human to human.
Principle 17
Foundation models differ substantially in privacy posture. Some retain inputs for model improvement by default. Some use customer data to train future model versions. Some provide enterprise terms that exclude the customer's data from training and limit retention to operational requirements. The architectural question is not whether the family is using AI; it is which AI, on what terms, with what data residency, with what retention period, and with what training-data discipline. The fiduciary's duty of care extends to the privacy posture of the AI being used on the family's behalf.
Principle 18
The reasoning travels with the result along the chain, so each human accepting responsibility along the way accepts on a basis they can see. When something is questioned later, the audit identifies which step the reasoning broke down at, and which human was responsible at that step.
A note for the fiduciary professional
An AI agent in a family office workflow can look governed in the user interface while doing ungoverned work behind it. The professional sees a clean approval screen. The agent, behind the screen, may be calling tools and data sources the governance layer never sees.
This is not a hypothetical. MCP makes it more common, not less, because MCP lets agents call each other and call external tools directly. A vendor can show the professional a "governed workflow" while the actual work happens through calls the workflow does not expose.
The test is not what the screen shows. The test is whether every call the agent makes — every tool invocation, every data query, every chained call — passes through the governance layer. If any path bypasses it, the agent is not governed. The interface is just a wrapper.
Well-intentioned IT staff may not understand this distinction. The fiduciary professional needs to.
See also What Every Family Office AI Vendor Is Leaving Out — Anthropic's own positioning that foundation model agents require human-in-the-loop supervision, and what that means architecturally for the fiduciary using AI on family office work. →Group VI
Where AI and human work meet — and what the principal actually sees.
Principle 19
The expertise of the senior professional moves into the structure through the work itself. The professional confirms or corrects what the governance layer proposes. Over time, what was in the professional's head is in the office.
Principle 20
AI is far better than a human at holding the volume and complexity of a family office and surfacing the exception that requires judgment. The governance layer flags what does not fit prior patterns. The professional reasons through it. The new pattern is captured.
Principle 21
The principal's view is the governance layer's actual state, not a summary written over it.
Group VII
How every other tool relates to the governance layer — and what disqualifies a vendor.
Principle 22
Accounting, reporting, document management, tax tools, and specialty platforms do not carry their own version of trusts, entities, instruments, or authority. They read those from the governance layer.
Principle 23
When a tool in the stack keeps its own entity records, beneficiary lists, instrument data, or authority assignments — separate from the governance layer — it has become a competing system of record. Reconciling parallel sources is not integration. The vendor either reads from the governance layer or fragments it.
Principle 24
The family can move, audit, and govern its structure, records, and data across generations, independent of any vendor.