Type-Checked Compliance: Deterministic Guardrails for Agentic Financial Systems Using Lean 4 Theorem Proving
| Authors | Devakh Rashie & Veda Rashi |
| Year | 2026 |
| HF Upvotes | 7 |
| arXiv | 2604.01483 |
| Download | |
| HF Page | View on Hugging Face |
Abstract
The rapid evolution of autonomous, agentic artificial intelligence within financial services has introduced an existential architectural crisis: large language models (LLMs) are probabilistic, non-deterministic systems operating in domains that demand absolute, mathematically verifiable compliance guarantees. Existing guardrail solutions -- including NVIDIA NeMo Guardrails and Guardrails AI -- rely on probabilistic classifiers and syntactic validators that are fundamentally inadequate for enforcing complex multi-variable regulatory constraints mandated by the SEC, FINRA, and OCC. This paper presents the Lean-Agent Protocol, a formal-verification-based AI guardrail platform that leverages the Aristotle neural-symbolic model developed by Harmonic AI to auto-formalize institutional policies into Lean 4 code. Every proposed agentic action is treated as a mathematical conjecture: execution is permitted if and only if the Lean 4 kernel proves that the action satisfies pre-compiled regulatory axioms. This architecture provides cryptographic-level compliance certainty at microsecond latency, directly satisfying SEC Rule 15c3-5, OCC Bulletin 2011-12, FINRA Rule 3110, and CFPB explainability mandates. A three-phase implementation roadmap from shadow verification through enterprise-scale deployment is provided.
Engineering Breakdown
Plain English
This paper addresses a critical gap in AI safety for financial services: existing LLM guardrails use probabilistic classifiers that cannot guarantee compliance with regulatory constraints from the SEC, FINRA, and OCC. The authors propose the Lean-Agent Protocol, which combines formal verification with neural-symbolic AI (specifically Harmonic AI's Aristotle model) to automatically convert institutional policies into mathematically verifiable constraints. Instead of relying on probabilistic classifiers that might fail unpredictably, this approach uses formal logic to guarantee that an AI agent's decisions comply with regulatory requirements. The key insight is that financial compliance cannot be probabilistic — it requires absolute guarantees, similar to how safety-critical systems in aerospace use formal verification.
Core Technical Contribution
The core innovation is applying formal verification techniques from software engineering to the problem of constraining LLM behavior in regulated domains. Rather than post-hoc filtering of model outputs (as in NeMo Guardrails or Guardrails AI), the Lean-Agent Protocol uses the Aristotle neural-symbolic model to auto-formalize natural-language policies into logical constraints that are enforced during agent execution. This represents a fundamental architectural shift from probabilistic compliance checking to deterministic verification — the system proves that policy violations cannot occur, rather than detecting them after the fact. The approach bridges the gap between the non-deterministic nature of LLMs and the deterministic guarantees required by financial regulators.
How It Works
The system takes institutional policies (written in natural language) as input and uses the Aristotle neural-symbolic model to parse them into formal logical representations. These formalized constraints are compiled into verification rules that execute alongside the agent's reasoning loop, similar to how formal verification works in critical systems. When the agent considers an action or generates a response, the verification engine checks it against all constraints before execution — if a violation is detected, the action is blocked or the agent is forced to generate an alternative. The key difference from traditional guardrails is that this happens through logical proof rather than probabilistic scoring: the system demonstrates that a proposed action satisfies all constraints, or it demonstrates that it violates one. The neural-symbolic component (Aristotle) handles the semantic understanding of policies, while the formal verification component handles the logical guarantee.
Production Impact
For teams building financial AI agents, this approach eliminates the risk of unpredictable compliance failures at scale — regulatory penalties for non-compliance in financial services range from millions to billions of dollars, so probabilistic "mostly safe" guardrails are unacceptable. Integration would require refactoring policies from informal documents into a formal constraint language (likely similar to SMT solvers or theorem provers), which adds engineering complexity upfront but prevents runtime failures. The latency impact would be significant: formal verification of complex multi-variable constraints at every agent step could add 100-500ms per decision, requiring careful optimization and caching strategies. You would need domain experts to translate policies into formal logic, making this practical primarily for large institutions where compliance is mission-critical. The benefit is quantifiable: zero false negatives on compliance violations, compared to existing guardrails which may have 5-15% miss rates on edge cases.
Limitations and When Not to Use This
The paper assumes that institutional policies can be reliably formalized into logical constraints — in practice, regulatory language is often ambiguous and context-dependent, and formalizing it may require subjective interpretation that removes the guarantee. Formal verification scales with constraint complexity; a system with hundreds of interacting constraints across multiple regulatory domains could become computationally infeasible to verify in real-time. The approach requires that the Aristotle model accurately parses policy intent, but neural-symbolic systems can fail on out-of-distribution policy wording or novel regulatory frameworks that weren't in training data. The paper does not address how to handle constraints that are probabilistic by nature (e.g., "minimize the risk of systemic harm") — formal logic works best with crisp true/false rules. Additionally, it's unclear how the system handles multi-agent scenarios or constraint conflicts across different regulators.
Research Context
This work builds on a decade of research in neural-symbolic AI, particularly the subset attempting to combine deep learning with logical reasoning (c.f. neuro-symbolic approaches in NeurIPS and ICLR). It directly addresses limitations of prior guardrail work (NeMo Guardrails, Guardrails AI, Constitutional AI) which relied entirely on learned classifiers without formal guarantees. The broader context is the emerging intersection of AI safety and regulatory technology — as financial institutions deploy agentic AI, the demand for provable compliance has become urgent. This paper positions formal verification as the technical solution to the compliance problem, opening a research direction around making formal verification scalable and accessible for non-expert practitioners, likely through better neural-symbolic parsing and constraint compilation techniques.
:::tip Subscribe Get weekly breakdowns of papers like this in AI Letters - the newsletter for engineers building production AI systems. :::
