The programme policy your sponsor bank will actually sign.

Translate BaaS programme policy — account ceilings, KYC tiers, sponsor-bank approval gates, BIN-tier issuance ceilings, transaction-rail caps and handoff workflows — into a structured AP2 v1.0 mandate the agentic runtime enforces and the sponsor bank can audit. Same shape as #23 AP2 AML Mandate; different domain. Schema: @ainumbers.co/baas-mandate-v1.

Zero PII · Client-side Programme policy is a contract — model it once, enforce it everywhere Last Reviewed · 2026-05-13

OCC · FRB · FDIC — interagency third-party risk regime

The 2023 OCC/FRB/FDIC interagency guidance on third-party risk management (June 2023, final) reset bank-fintech partnership expectations. Programmes are expected to maintain auditable policy artifacts and demonstrate they are enforced — not merely documented. 2023–2024 consent orders against bank-fintech partnership programmes (Cross River, Blue Ridge Bank, Choice Financial Group, Lineage Bank, Sutton) cited weak programme-policy enforcement and inadequate sponsor-bank oversight as root causes.

Sources: OCC Bull. 2023-17 (interagency guidance) · Cross River consent order (2023) · Blue Ridge / MVB / Choice 2024 actions · 12 CFR §225.124 (Reg Y)

§1 · Programme & Customer Scope KYC tier · customer type

Who can hold an account

The programme's customer scope drives every downstream limit. The KYC tier sets minimum verification depth for the runtime to enforce on every onboarding action.

Programme label Internal identifier; not PII. Used as programme_id in the mandate.

Customer type Limits available rails and BIN tiers downstream.

Minimum KYC tier

§2 · Sponsor-Bank Approval Gates Auto · Manual · Hard stop

Where the bank's hand is required

Three concentric thresholds. Below auto-approve: runtime decides. Between auto and manual: queued for sponsor-bank reviewer. Above hard-stop: refused at the runtime; no path forward without policy amendment.

Auto-approve ceiling (USD per account, per day) Runtime can act unilaterally up to this amount.

Manual-review ceiling (USD per account, per day) Sponsor-bank reviewer approves before action.

Hard-stop ceiling (USD per account, per day) Refused without policy amendment. Cannot be relaxed by the runtime.

§3 · BIN-Tier Issuance Ceilings Card programme caps

Card issuance limits

Per-tier issuance ceilings cap how many cards of each BIN tier the programme can issue under this mandate. Set "off" to disable issuance entirely for that tier.

Tier	Description	Monthly issuance ceiling	Enabled

§4 · Transaction-Rail Caps ACH · Wire · Card · RTP

Per-rail per-transaction maxima

Per-rail thresholds the runtime enforces on every transaction. ACH has NACHA same-day caps; wires per Fed/CHIPS thresholds; RTP per The Clearing House $1M limit (raised Feb 2024).

§5 · Handoff & Reconciliation Sponsor-bank cadence

Sponsor-bank reconciliation

Reconciliation cadence How often the runtime hands settlement state to the sponsor bank.

Escalation cadence on policy breach When a breach is detected, how fast the runtime must alert.

§6 · Mandate Preview @ainumbers.co/baas-mandate-v1

AP2 output

The mandate the runtime loads, the policy your CCO will sign, the MCP tool definition the sponsor-bank auditor can call to verify enforcement.

AP2 v1.0 · valid · @ainumbers.co/baas-mandate-v1

Compose with

Pair with #23 — AP2 AML Mandate Builder to bind AML policy to the same programme. Use #17 — Wallet Float Yield Estimator to model the programme economics; this demo emits the policy that constrains where #17's allocation can live. Position in the 259-tool atlas: Tool Chain Composer, T164 node.