Whitepaper

The Auditable Answer

A Deterministic-First Architecture for Enterprise IT Financial Intelligence

By Suvajit Basu, Founder of TekLedger · June 2026

Download PDF

“Same data in. Same answer out. Every time.”

Key arguments

  • 1In exploratory work, variability is useful. In a defensible decision, it is a liability.
  • 2Numbers, classifications, and benchmarks belong in a deterministic system. Narrative language can be AI-assisted around figures that are already fixed.
  • 3A system that cannot reproduce its own output cannot be audited — and an organization that cannot reproduce its own decisions cannot defend them.

A CIO's actual week

Picture a normal week for a CIO. On Monday, the CFO asks why cloud spend jumped eleven percent last quarter. On Tuesday, a software publisher opens an audit and wants a defensible record of every license in use. On Wednesday, the board asks whether the AI program is producing returns or just costs. On Thursday, an operating partner asks for the number behind a vendor-consolidation thesis. On Friday, internal audit asks you to reproduce a figure you reported six months ago.

Every one of those five questions has the same hidden requirement. The answer has to be the same answer every time someone asks it, and you have to be able to show your work. That is not a reporting nicety. In a regulated decision, it is the difference between a number you can defend and a number you merely possess.

The core thesis, in plain English

Same data in, same answer out, every time. In exploratory work — drafting, brainstorming, summarizing — variability is tolerable and often useful. In a decision you may have to defend to an auditor, a regulator, a board, or a court, variability is a liability. A system that cannot reproduce its own output cannot be audited, and an organization that cannot reproduce its own decisions cannot defend them.

This is not a claim against artificial intelligence. It is a claim about where each kind of computation belongs. Numbers, classifications, and benchmarks that carry accountability should be produced deterministically. Language generated around those numbers can be AI-assisted, provided it is bounded and the underlying figures are already fixed.

A system that cannot reproduce its own output cannot be audited.

What each kind of system can and cannot do

The two architectures are not interchangeable. The table below shows which capabilities each one can deliver inside a financial decision that has to hold up under scrutiny.

Capability in a financial decisionDeterministic systemProbabilistic system (LLM)
Same input produces same outputYes, by definitionNot guaranteed, even at temperature 0
Output can be reproduced on demand for auditYesNo
Computation path can be reconstructed step by stepYesPost-hoc approximation only
Generates fluent narrative languageLimitedStrong
Handles ambiguous, unstructured inputLimitedStrong
Suitable for an exploratory first draftOverkillWell suited
Suitable as the system of record for a defensible numberYesNo

What this means for the buyer

If your AI system cannot reproduce a number on demand, you do not own that number — you rent it from a process you cannot inspect. For a CIO or CFO accountable under SOX, model-risk guidance, or a vendor audit, that is an unfunded liability sitting inside the technology stack. The buying question is no longer “is the AI accurate?” It is “can we reproduce and defend what it produced?”

Regulatory note

Regulators have moved. On April 17, 2026, the Federal Reserve, OCC, and FDIC jointly issued SR 26-2, revised guidance on model risk management. It explicitly excludes “deterministic rule-based processes and software where there are no statistical, economic, or financial theories underpinning their design or use” from the definition of a regulated model, while carving generative and agentic AI out of the guidance entirely as “novel and rapidly evolving.” Deterministic architectures now sit in a lighter-touch regulatory category; generative AI sits in a governance gap.

— Federal Reserve SR 26-2 / OCC Bulletin 2026-13 (April 17, 2026)

You do not own that number — you rent it from a process you cannot inspect.

The Audit Problem in Enterprise AI

The failure mode in enterprise AI is structural, not a defect to be patched in the next release. Three documented cases make the point — and a fourth explains why the others were not isolated incidents.

What “deterministic” actually means

The authoritative definition comes from the NIST Computer Security Resource Center: a deterministic algorithm is “an algorithm that, given the same inputs, always produces the same outputs.”1 A stochastic system, by contrast, “yield[s] outputs that are estimates of the real output, reflecting the influence of randomness.”1

From that single property follows a chain that financial controls depend on. Determinism gives you reproducibility — the ability to rerun a computation and get the same result. Reproducibility gives you auditability — the ability to reconstruct, step by step, why a specific output followed from a specific input. Break the first link and the other two fall.

Why large language models are not reproducible — even when configured to be

Atil and colleagues tested five commercial LLMs at temperature 0 with a fixed seed and identical infrastructure — settings that should produce identical output every run. They found “accuracy variations up to 15% across naturally occurring runs,” and “none of the LLMs consistently delivers repeatable accuracy across all tasks, much less identical output strings.”2

The plain-language explanation is batch non-invariance. When you send a request to a hosted model, the server packs your request into a batch with other users' requests to use the hardware efficiently. The exact arithmetic performed on your request depends on which other requests happen to share the batch, and that composition is effectively random from your point of view. Floating-point math is not perfectly associative, so the same prompt run twice can take a slightly different numerical path and land on a different answer. This is not a bug awaiting a fix. OpenAI's own documentation states determinism “is not guaranteed” and that outputs will “mostly” match — and the word “mostly” is regulatory poison for a financial system.

“Mostly” is regulatory poison for a financial system.

The Regulatory Tailwind

Regulators have moved faster on this question in the last eighteen months than in the previous decade. Four sources tell the story.

SR 26-2 (April 17, 2026)

The joint Fed/OCC/FDIC guidance narrows the definition of a “model” to require a statistical, economic, or financial theory, and explicitly excludes “deterministic rule-based processes and software where there are no statistical, economic, or financial theories underpinning their design or use.”3 It states that “generative AI and agentic AI models are novel and rapidly evolving” and “are not within the scope of this guidance” — while noting that governance expectations still apply.3 Deterministic architectures gain a lighter regulatory footprint. Generative AI sits in a defined gap.

EU AI Act (Regulation EU 2024/1689)

Recital 58 classifies credit and creditworthiness AI as high-risk because such systems “determine those persons' access to financial resources.”4 High-risk systems must satisfy a risk-management system (Article 9), technical documentation (Article 11), automatic logging over the system's lifetime (Article 12), transparency to deployers (Article 13), human oversight (Article 14), a quality-management system (Article 17), and log retention of at least six months (Article 19).4

NIST AI RMF 1.0

The U.S. federal trustworthy-AI vocabulary organizes work into GOVERN, MAP, MEASURE, and MANAGE, and defines seven characteristics of trustworthy AI. It states that “accountability presupposes transparency” and that “explainable systems can be debugged and monitored more easily, and they lend themselves to more thorough documentation, audit, and governance.”5

ISO/IEC 42001:2023 and BIS FSI Paper No. 24

ISO/IEC 42001 is the first certifiable AI management system standard.6 The Bank for International Settlements stated plainly in September 2025 that for LLMs, “the model's output may vary even when the input remains unchanged,” and that a supervisor “is unlikely to trust the results of an AI model if its results cannot be understood.”7

Deterministic architectures gain a lighter regulatory footprint. Generative AI sits in a defined gap.

Documented Failures in Probabilistic Systems

The failures below are not anecdotes. They are court records, regulatory enforcement actions, and peer-reviewed research.

Mata v. Avianca (S.D.N.Y., June 22, 2023)

In a personal-injury suit in the Southern District of New York, plaintiff's counsel used ChatGPT to draft a brief. It cited six judicial decisions — none of which existed. The model fabricated case names, docket numbers, and quoted passages, and when asked whether the cases were real, it confirmed they “indeed exist.” Judge P. Kevin Castel sanctioned the attorneys, writing that “signing and filing that affirmation after making no 'inquiry' was an act of subjective bad faith.”8 The fabricated citations would not reliably recur on a re-query. There was no reproducible audit trail to begin with.

Moffatt v. Air Canada (BCCRT, February 14, 2024)

Air Canada's website chatbot told a grieving customer he could claim a bereavement fare retroactively — contrary to the airline's actual policy. The British Columbia Civil Resolution Tribunal held the airline liable. Tribunal Member Christopher C. Rivers rejected the airline's argument that the chatbot was a separate legal entity: “It should be obvious to Air Canada that it is responsible for all the information on its website. It makes no difference whether the information comes from a static page or a chatbot.”9 The deploying organization owns the consequence of every AI output.

The Stanford/RegLab study

Researchers ran 202 preregistered legal queries through three commercial RAG-based legal-research tools that vendors had marketed as near-hallucination-free. Lexis+ AI hallucinated on 17 percent of queries. Westlaw AI-Assisted Research hallucinated on 33 percent. The authors concluded the tools “each hallucinate between 17% and 33% of the time” and that “until vendors provide hard evidence of reliability, claims of hallucination-free legal AI systems will remain, at best, ungrounded.”10 Retrieval grounding — the industry's primary mitigation — does not close the gap.

SEC AI-washing enforcement

The SEC's first AI-washing enforcement actions landed on March 18, 2024, against Delphia and Global Predictions for claiming AI capabilities they did not have, with combined penalties of $400,000.11 In January 2025, the SEC charged Presto Automation — the first AI-washing action against a public company — for overstating an AI voice product that quietly relied on human workers.12 In April 2025, the case escalated to the criminal track: Albert Saniger, founder of Nate, was indicted in the first criminal AI-washing prosecution, accused of raising over $42 million on claims of autonomous AI shopping that was, in practice, performed by contract workers.13

The deeper pattern from model-risk history

Long-Term Capital Management collapsed in 1998 — a $4.6 billion loss and a Federal Reserve-organized bailout — because rigorous models built by Nobel laureates encoded false assumptions about stable correlations. JPMorgan's “London Whale” lost $6.2 billion in 2012 after the bank built a new value-at-risk model, in a spreadsheet, that “divided by their sum instead of their average,” halving apparent risk.14 Knight Capital lost $460 million in 45 minutes in 2012 when deterministic trading code lacked the controls to “monitor the output of its system.”15 The thread connecting all of these: an enterprise that cannot reproduce and inspect its own decisions cannot defend them.

An enterprise that cannot reproduce and inspect its own decisions cannot defend them.

The Deterministic-First Reference Pattern

The constructive answer is not to ban AI from finance. It is to put a deterministic core at the center of every analytical output — numbers, classifications, benchmarks — and to admit bounded probabilistic components only where they are genuinely additive, such as generating narrative language around figures that are already fixed.

Retrieval-augmented generation as the foundational hybrid pattern

The foundational hybrid pattern is retrieval-augmented generation. Lewis and colleagues introduced RAG at NeurIPS 2020 precisely because parametric-only models cannot “precisely manipulate knowledge” and because “providing provenance for their decisions” was an open problem.16 RAG grounds generation in an explicit, inspectable retrieval layer — a deterministic component bounding a probabilistic one.

Neuro-symbolic AI as the academic framing

The 2024 systematic review by Colelough and Regli describes neuro-symbolic AI as a framework that merges neural and symbolic methods to produce reasoning. Borrowing Kahneman's framing, the neural side is System 1 — “fast, intuitive, and parallel” — and the symbolic side is System 2 — “slow, deliberate, and sequential.”17 The review's most telling finding is a gap: explainability and trustworthiness are “less represented (28%)” in current research relative to learning and inference (63%).17 That gap is exactly where defensible financial systems must live.

Constrained generation as the bounding mechanism

The Microsoft and EPFL study on structured outputs shows that constrained decoding “guides the LM to sample only from valid tokens, ensuring that the final output perfectly conforms to a predefined structure,” while finding that “LM-only exhibits the lowest compliance rate, highlighting its unreliability as a standalone solution.”18 Structure can be enforced — but the deterministic verification layer still has to confirm semantic correctness.

Put a deterministic core at the center. Admit AI only where it is bounded and genuinely additive.

How to Evaluate Vendors

The buying question for any AI-for-finance vendor is not “is the AI accurate?” It is “can we reproduce and defend what it produced?” The five questions below separate vendors that can answer from vendors that cannot.

  1. 1

    Which outputs are produced deterministically, and which involve a probabilistic model?

    A vendor who cannot draw the line clearly does not have a defensible architecture — they have a marketing slide. Ask for the diagram. If every output is "AI-generated," the answer to every audit will be "we cannot reproduce that."

  2. 2

    Can you reproduce an identical output for an identical input on demand?

    For any analytical figure the vendor reports, ask them to run the same input twice and show you that the output strings match — character for character. If they cannot, the figure is not an audit-grade number.

  3. 3

    If an LLM is involved, has output variance at temperature 0 been measured on your document types?

    A vendor who has not measured this on their own pipeline is asking you to underwrite the variance.

  4. 4

    Can the system reconstruct the full computation path for any past output?

    Not the explanation generated retroactively when an auditor asks. The explanation that was logged at decision time, alongside the input and output, and retained for the regulatory retention period.

  5. 5

    What independent validation exists for the system's outputs?

    "Effective challenge" under SR 26-2 means an objective expert can stress-test the system. If the only people who can interpret the outputs work at the vendor, that condition is not met.

The buying question is not “is the AI accurate?” It is “can we reproduce and defend what it produced?”

Governance Appendix

The questions and tables below are designed for procurement, audit, and compliance teams evaluating an AI-for-finance vendor. Each item maps to either the NIST AI Risk Management Framework (NIST AI RMF 1.0) or to a clause of ISO/IEC 42001:2023.

Buyer's Diligence Checklist

GOVERN (NIST) / ISO 42001 Clauses 5–6

  1. Which outputs are produced deterministically and which involve a probabilistic model?
  2. Who at the executive level is accountable for AI risk decisions?
  3. Are legal and regulatory requirements for AI documented (NIST GOVERN 1.1)?
  4. Is there a documented AI management system aligned to ISO/IEC 42001?
  5. Has an AI system impact assessment been completed (ISO 42001 Clause 6)?
  6. Are the trustworthy-AI characteristics integrated into policy (NIST GOVERN 1.2)?

MAP (NIST) / ISO 42001 Clause 8

  1. For each analytical output, is the output type numerical, categorical, or narrative?
  2. Which outputs drive defensible decisions versus exploratory work?
  3. Where exactly does a probabilistic component sit in the pipeline?
  4. What is the intended use, and what are the documented out-of-scope uses?

MEASURE (NIST) / ISO 42001 Clause 9

  1. Can the vendor reproduce an identical output for an identical input on demand?
  2. If an LLM is used, has output variance at temperature 0 been measured?
  3. What is the measured hallucination rate on your document types?
  4. How is semantic correctness verified beyond structural schema compliance?
  5. Are explanations logged at decision time, or generated retroactively?
  6. What independent validation exists for the system's outputs?

MANAGE (NIST) / ISO 42001 Clause 10

  1. Can the system reconstruct the full computation path for any past output?
  2. What is the log-retention period, and does it meet the six-month minimum?
  3. How are model or rule changes versioned and recorded?
  4. Is there a human-review protocol between AI output and reliance on it?
  5. How are anomalies detected and how is processing halted on aberrant output?
  6. What is the corrective-action process for a nonconforming output?
  7. Can the vendor produce the exact explanation that applied 18 months ago?
  8. Are capability claims in marketing materials independently substantiated?

Mapping to SR 26-2

How a deterministic-core architecture aligns with the April 2026 joint Fed/OCC/FDIC guidance.

SR 26-2 elementDeterministic-core alignment
Definition of "model" requires a statistical/economic/financial theoryRule-based deterministic processes fall outside the model definition
"Deterministic rule-based processes" explicitly excludedCore analytical engine qualifies for the exclusion
Generative/agentic AI out of scope, governance still appliesBounded narrative layer is isolated and separately governed
Model validation assesses reliability and limitationsDeterministic outputs are reproducible, so reliability is directly testable
"Effective challenge" by objective expertsTransparent computation path enables independent challenge
Adequate documentation supports model risk managementComplete audit trail satisfies documentation expectations
Board-level accountability and model inventoryClear inventory of deterministic vs. probabilistic components

Audit-Trail Requirements

What an auditable AI system's logs must contain, grounded in EU AI Act Article 12 (record-keeping) and Article 19 (six-month minimum retention).

  1. Inputsthe exact input data for each output, timestamped.
  2. System versionthe rule-set or model version that produced the output (per Article 12 lifetime logging).
  3. Computation paththe step-by-step deterministic computation, not a post-hoc approximation.
  4. Outputthe produced result, with a reproducibility token allowing exact re-run.
  5. Explanation at decision timethe explanation that applied when the decision was made, retained alongside the output.
  6. Human reviewwho reviewed the output, when, and the disposition.
  7. Retentionlogs kept for at least six months (Article 19); supporting technical documentation kept far longer where applicable.
  8. Retrievabilitylogs stored in a retrievable format that lets an examiner follow the chain from question to answer.

Sources & Further Reading

Primary sources only. Every claim above maps to a numbered entry below.

  1. 1.NIST Computer Security Resource Center. Definitions of "deterministic algorithm" and "stochastic." csrc.nist.gov/glossary
  2. 2.Atil, B., et al. "LLM Stability: A Detailed Analysis with Some Surprises." arXiv:2408.04667. Measured 15% accuracy variance at temperature 0 across five commercial LLMs. arxiv.org/abs/2408.04667
  3. 3.Federal Reserve, OCC, FDIC. SR 26-2 / OCC Bulletin 2026-13, "Guidance on Model Risk Management." Joint guidance issued April 17, 2026. federalreserve.gov
  4. 4.European Union. Regulation (EU) 2024/1689 (the "EU AI Act"). Recital 58, Articles 9, 11, 12, 13, 14, 17, 19. eur-lex.europa.eu
  5. 5.NIST. Artificial Intelligence Risk Management Framework (AI RMF 1.0). January 2023. nvlpubs.nist.gov
  6. 6.International Organization for Standardization. ISO/IEC 42001:2023, "Information technology — Artificial intelligence — Management system." iso.org/standard/81230.html
  7. 7.Bank for International Settlements, Financial Stability Institute. FSI Paper No. 24, "Regulating AI in the financial sector." September 2025. bis.org
  8. 8.Mata v. Avianca, Inc., No. 1:22-cv-01461 (S.D.N.Y. June 22, 2023). 678 F. Supp. 3d 443. Sanctions imposed for fabricated AI-generated citations. courtlistener.com
  9. 9.Moffatt v. Air Canada, 2024 BCCRT 149 (Civil Resolution Tribunal of British Columbia, February 14, 2024). civilresolutionbc.ca
  10. 10.Magesh, V., Surani, F., Dahl, M., Suzgun, M., Manning, C. D., & Ho, D. E. "Hallucination-Free? Assessing the Reliability of Leading AI Legal Research Tools." Stanford RegLab, 2024. Journal of Empirical Legal Studies. DOI: 10.1111/jels.12413. reglab.stanford.edu
  11. 11.U.S. Securities and Exchange Commission. SEC Press Release 2024-36, "SEC Charges Two Investment Advisers with Making False and Misleading Statements About Their Use of Artificial Intelligence." March 18, 2024. sec.gov
  12. 12.U.S. Securities and Exchange Commission. Charges against Presto Automation, January 2025. sec.gov/litigation
  13. 13.U.S. Department of Justice and SEC. Charges against Albert Saniger, founder of Nate, April 2025. First criminal AI-washing prosecution. justice.gov/usao-sdny
  14. 14.U.S. Senate Permanent Subcommittee on Investigations. "JPMorgan Chase Whale Trades: A Case History of Derivatives Risks and Abuses." March 15, 2013. hsgac.senate.gov
  15. 15.U.S. Securities and Exchange Commission. SEC Release No. 70694, In the Matter of Knight Capital Americas LLC. October 16, 2013. sec.gov/litigation/admin/2013/34-70694.pdf
  16. 16.Lewis, P., et al. "Retrieval-Augmented Generation for Knowledge-Intensive NLP Tasks." NeurIPS 2020. arXiv:2005.11401. arxiv.org/abs/2005.11401
  17. 17.Colelough, B. C., & Regli, W. "Neuro-Symbolic AI in 2024: A Systematic Review." 2024. arxiv.org/abs/2501.05435
  18. 18.Geng, S., et al. (Microsoft Research & EPFL). "Generating Structured Outputs from Language Models: Benchmark and Studies." 2025. arxiv.org/abs/2501.10868

All URLs verified as of June 2026. Where a primary source URL is not yet stable (e.g., agency press releases), the parent agency page is provided so the reader can locate the underlying document.

Last updated: June 2026 · Version 1.0

Read the full PDF or talk to us

Author: Suvajit Basu, Founder — TekLedger.ai Inc., Ridgewood, NJ.