Approval Quorum Diversity Governance

2. Summary

Approval Quorum Diversity Governance requires that approval sets for high-impact agent actions include approvers with meaningfully different roles, perspectives, expertise, or organisational positions — not merely multiple approvers from the same function or reporting line. The purpose is to ensure that the approval quorum introduces genuine independent judgement rather than correlated rubber-stamping. Two approvers from the same team, trained in the same discipline, reporting to the same manager, and subject to the same incentives do not provide independent oversight — they provide the illusion of it. This dimension requires that the composition of an approval quorum be designed to maximise the probability that at least one approver will identify a problem that others might miss.

3. Example

Scenario A — Correlated Approvers Miss Systemic Risk: An AI agent processing a £750,000 vendor contract requires two-party approval under the organisation's tiered approval structure. Both approvers are from the procurement department, report to the same director, and have the same professional background in supply chain management. Neither has legal training. The contract contains a change-of-control clause that would require the organisation to pay a £2,100,000 termination fee if it is acquired. Both approvers focus on pricing and delivery terms — the areas they know — and approve the contract. Eighteen months later, the organisation enters merger discussions. The termination clause is discovered during due diligence. The acquirer reduces its offer by £2,100,000 to account for the liability.

What went wrong: The two-approver requirement was met numerically but not functionally. Both approvers had the same blind spot because they had the same training and perspective. A quorum that included a legal reviewer would have flagged the change-of-control clause. Consequence: £2,100,000 in merger value destruction, board finding of inadequate contract governance.

Scenario B — Hierarchical Correlation Prevents Genuine Challenge: An AI agent recommends a £180,000 marketing expenditure. The two required approvers are a marketing manager and the marketing director — the manager's direct supervisor. The manager approves. The director, who originally championed the campaign, also approves. Neither challenges the recommendation because both share the same incentive (campaign success) and the hierarchical relationship discourages the junior approver from dissenting. An independent financial review would have identified that the projected ROI was based on assumptions that had been invalidated by recent market data.

What went wrong: The approvers were hierarchically correlated — one reported to the other, and both shared the same departmental incentive. The quorum did not include a perspective with different incentives (e.g., finance, which optimises for ROI rather than campaign delivery). Consequence: £180,000 in expenditure with negative ROI, budget overrun, post-mortem finding of approval groupthink.

Scenario C — Single Failure Mode in Safety-Critical Approval: An AI agent managing industrial process parameters proposes a configuration change that increases throughput by 12%. The approval quorum requires two process engineers. Both engineers evaluate the proposal using the same simulation tool and the same safety model. The model has a known limitation: it does not account for thermal effects at the proposed operating point. Both engineers, using the same tool, reach the same conclusion — the change is safe. The configuration is applied. A thermal excursion occurs within 48 hours, causing equipment damage estimated at £890,000 and a 3-week production shutdown.

What went wrong: The approval quorum had a shared failure mode — both approvers used the same analytical tool with the same blind spot. Diverse quorum composition would have required an approver using a different analytical approach (e.g., thermodynamic analysis, empirical testing, or operational experience review). Consequence: £890,000 in equipment damage, £2,300,000 in lost production, safety investigation, regulatory inquiry.

4. Requirement Statement

Scope: This dimension applies to all AI agent actions that require multi-party approval, as determined by the tiered approval structure (AG-290). It applies to any approval quorum of two or more approvers. Single-approver actions (Tier 1 or Tier 2 under AG-290) are not within scope for quorum diversity, though organisations should consider whether single-approver tiers should require the approver to have specific expertise relevant to the action type. The scope extends to automated approval agents: if an organisation uses AI agents as approvers, the diversity requirement applies to the set of approving agents (they must not share the same model, training data, or analytical framework).

4.1. A conforming system MUST define diversity requirements for approval quorums, specifying the minimum number of distinct organisational functions, roles, or expertise domains that must be represented in any multi-party approval.

4.2. A conforming system MUST enforce quorum diversity at the infrastructure layer, rejecting approval sets that do not meet the defined diversity requirements even if the numeric quorum is met.

4.3. A conforming system MUST prevent approvers within the same direct reporting line from satisfying diversity requirements — a manager and their direct report count as one perspective, not two.

4.4. A conforming system MUST maintain and enforce an approver qualification matrix that maps action types and impact categories to required approver competencies.

4.5. A conforming system MUST detect and prevent approval by proxy, delegation of approval authority to unqualified parties, or bulk approval of queued items without individual assessment.

4.6. A conforming system SHOULD require at least one approver from outside the function that initiated or benefits from the action (cross-functional independence).

4.7. A conforming system SHOULD implement failure-mode diversity for safety-critical approvals, requiring that approvers use different analytical methods, tools, or information sources.

4.8. A conforming system SHOULD track approval correlation metrics — measuring how often the same approver pairs agree and flagging pairs with 100% agreement rates over sustained periods as a potential rubber-stamping indicator.

4.9. A conforming system MAY implement rotation requirements to prevent approver fatigue and ensure that approval perspectives are periodically refreshed.

5. Rationale

Multi-party approval is one of the most widely used governance controls. It is also one of the most widely ineffective, because organisations focus on the number of approvers rather than the composition of the approval set. The underlying assumption of multi-party approval is independence: each additional approver independently evaluates the action and brings a different perspective that increases the probability of detecting problems. When approvers are correlated — same department, same training, same incentives, same reporting line — the independence assumption fails. Correlated approvers are likely to have the same blind spots, the same biases, and the same incentives to approve.

Research in decision science consistently shows that group decision quality improves with cognitive diversity — the presence of different mental models, analytical approaches, and domain expertise. A quorum of three finance professionals evaluating a contract will focus on financial terms. Add a legal professional and a compliance officer, and the evaluation covers financial, legal, and regulatory dimensions. The diversity of the quorum directly determines the breadth of the risk assessment.

For AI agent governance, this principle has additional significance. Agents can generate plausible-looking proposals that pass domain-specific review but fail on dimensions the reviewer is not trained to assess. A procurement agent's vendor recommendation may look financially optimal to a procurement approver but contain data protection risks visible only to a privacy specialist. Multi-dimensional agent outputs require multi-dimensional approval scrutiny.

6. Implementation Guidance

Quorum diversity implementation requires defining what constitutes meaningful diversity, mapping diversity requirements to action types, and enforcing those requirements structurally.

Recommended patterns:

• Approver taxonomy with diversity tags. Maintain a registry of qualified approvers where each approver is tagged with: organisational function, reporting line, expertise domains, professional qualifications, and analytical tools/methods they employ. The enforcement layer evaluates proposed approval sets against diversity requirements by checking that the tags meet minimum spread criteria. Example: a Tier 3 approval requiring three approvers must include at least two distinct organisational functions and at least two distinct expertise domains.
• Cross-functional independence rule. For any action above Tier 2, require at least one approver from a function that has no direct benefit from the action's approval. If the procurement department initiates a purchase, at least one approver must be from outside procurement (e.g., finance, legal, compliance, or operations). This introduces a perspective with different incentives.
• Competency-based routing. Map action types to required competencies. A contract approval requires legal competency. A data processing approval requires privacy competency. A safety-critical configuration change requires engineering and safety competency. The approval routing system ensures that the quorum includes at least one approver with each required competency.
• Correlation monitoring dashboard. Track approval pair statistics: agreement rates, average review times, and rejection rates. Flag pairs with agreement rates above 95% over 50+ approvals for investigation — this may indicate rubber-stamping, correlated perspectives, or hierarchical pressure. Present the data to governance oversight for review.

Anti-patterns to avoid:

• Numeric quorum without diversity. Requiring "three approvers" without specifying diversity criteria allows three people from the same desk to approve. The numeric requirement is necessary but not sufficient.
• Self-selecting approval sets. Allowing the requestor or the agent to choose its own approvers creates the risk that approvers are selected for their likelihood of approval rather than their ability to provide independent scrutiny.
• Seniority as a proxy for diversity. Requiring a "senior" approver does not ensure a different perspective. A senior procurement manager still has procurement training and procurement incentives. Seniority adds authority, not necessarily diversity.
• Approval by committee without individual accountability. A committee that votes as a bloc provides one perspective, not many. Each approver must provide an individual assessment before the quorum determination.
• Excluding operational expertise. Quorums composed entirely of compliance and risk functions may miss operational practicality issues. Diversity should include operational perspectives alongside oversight perspectives.

Industry Considerations

Financial Services. Quorum diversity maps to the "three lines of defence" model: business line (first line), risk management (second line), and internal audit (third line). Multi-party approval for high-impact AI agent actions should include representation from at least the first and second lines. MiFID II requires that investment decisions are subject to appropriate challenge — quorum diversity implements this requirement.

Healthcare. Clinical decision approval quorums should include clinical expertise relevant to the specific case, plus at least one perspective from a different clinical discipline. A prescription recommendation for a cardiac patient should be reviewed by a cardiologist and at least one other clinician who can challenge the recommendation from a different clinical perspective (e.g., a pharmacist for drug interactions, or a general practitioner for holistic patient context).

Safety-Critical / CPS. Quorum diversity must include failure-mode diversity. Approvers must not all rely on the same analytical tool, simulation model, or safety framework. IEC 61508 and similar standards require independent verification — independence extends to the analytical methods used, not just the identity of the verifiers.

Maturity Model

Basic Implementation — Diversity requirements are defined for each approval tier. The approval system enforces that the numeric quorum includes approvers from at least two distinct organisational functions. Reporting line exclusions prevent a manager and their direct report from constituting a diverse pair. Approver qualifications are documented. This meets minimum mandatory requirements but diversity enforcement is limited to function-level tags.

Intermediate Implementation — Multi-dimensional diversity enforcement across function, expertise domain, and reporting line. Competency-based routing ensures that quorums include required expertise for the action type. Cross-functional independence requires at least one approver from outside the initiating function. Correlation monitoring flags approval pairs with suspiciously high agreement rates. The approver qualification matrix is maintained and reviewed at least annually.

Advanced Implementation — All intermediate capabilities plus: failure-mode diversity for safety-critical approvals, requiring different analytical methods across the quorum. Rotation policies prevent approver fatigue. Statistical analysis of approval outcomes correlates quorum composition with decision quality, enabling evidence-based refinement of diversity requirements. Adversarial testing confirms that correlated quorums, hierarchical pressure, bulk approval, and approval-by-proxy attacks all fail.

7. Evidence Requirements

Required artefacts:

• Approver taxonomy. The registry of qualified approvers with function, reporting line, expertise domain, and qualification tags. Maintained as a living document with change history.
• Quorum diversity enforcement log. Timestamped records of every multi-party approval, including the approvers, their diversity tags, the diversity requirement for the action, and whether the diversity requirement was met. Minimum 12 months retention.
• Diversity violation log. Records of approval sets that were rejected for failing diversity requirements, including the specific diversity criterion that was not met.
• Correlation monitoring report. Periodic analysis (at least quarterly) of approval pair agreement rates, review times, and rejection rates, with investigation notes for flagged pairs.

Retention requirements:

• Approver taxonomy, enforcement logs, and correlation reports: minimum 7 years for regulated financial services; minimum 5 years for other regulated sectors; minimum 3 years otherwise.

Access requirements:

• Producible to regulators or auditors within 48 hours of request.

8. Test Specification

Test 8.1: Diversity Enforcement At Infrastructure Layer

• Stimulus: Submit an approval set that meets the numeric quorum but not the diversity requirement (e.g., three approvers from the same function for an action requiring cross-functional diversity).
• Expected behaviour: The approval set is rejected with a structured message identifying the missing diversity criterion.
• Pass criteria: No approval set that fails diversity requirements is accepted, regardless of numeric quorum.
• Fail criteria: An approval set lacking required diversity is accepted.

Test 8.2: Reporting Line Exclusion

• Stimulus: Submit an approval set where two approvers are in the same direct reporting line (manager and direct report).
• Expected behaviour: The two approvers count as one perspective. The system rejects the set if the remaining approvers do not meet the diversity threshold.
• Pass criteria: Hierarchically correlated approvers do not satisfy the diversity requirement.
• Fail criteria: A manager-report pair is treated as two independent perspectives.

Test 8.3: Competency-Based Routing

• Stimulus: Submit a contract approval where the quorum includes three approvers but none has legal competency, and legal competency is required for contract actions.
• Expected behaviour: The approval set is rejected for missing required competency.
• Pass criteria: No action requiring specific expertise proceeds without a qualified approver in the quorum.
• Fail criteria: An approval set missing required competency is accepted.

Test 8.4: Bulk Approval Detection

• Stimulus: Submit 20 approval requests to a single approver within 60 seconds, each requiring substantive review of different action parameters.
• Expected behaviour: The system flags the approval pattern as potential bulk approval. Approvals issued faster than a defined minimum review time (e.g., 30 seconds per action) are flagged or rejected.
• Pass criteria: Bulk approval patterns are detected and flagged.
• Fail criteria: Rapid sequential approvals proceed without detection.

Test 8.5: Cross-Functional Independence

• Stimulus: Submit an approval set where all approvers are from the function that initiated the action (e.g., procurement approving its own purchase).
• Expected behaviour: The approval set is rejected for lacking cross-functional independence.
• Pass criteria: Actions requiring cross-functional independence cannot be approved solely by the initiating function.
• Fail criteria: The initiating function can approve its own action without external review.

Test 8.6: Proxy Approval Prevention

• Stimulus: An approver delegates their approval to an unqualified colleague. The colleague attempts to approve on the original approver's behalf.
• Expected behaviour: The proxy approval is rejected. The colleague's identity is verified against the approver qualification matrix and found unqualified.
• Pass criteria: No unqualified proxy approval succeeds.
• Fail criteria: An unqualified proxy is accepted as a valid approver.

Conformance Scoring

• Score 0: No quorum diversity exists — multi-party approval is numeric only, with no diversity requirements.
• Score 1: Diversity requirements are documented but not structurally enforced — compliance depends on manual approver selection.
• Score 2: Diversity requirements are structurally enforced at the infrastructure layer — non-diverse quorums are rejected before approval is recorded.
• Score 3: Verified by independent adversarial testing — correlated quorum, hierarchical pressure, proxy approval, and bulk approval attacks all fail under independent testing.

9. Regulatory Mapping

Regulation	Provision	Relationship Type
EU AI Act	Article 14 (Human Oversight)	Direct requirement
SOX	Section 404 (Internal Controls Over Financial Reporting)	Supports compliance
FCA SYSC	6.1.1R (Systems and Controls)	Direct requirement
MiFID II	Article 16 (Organisational Requirements)	Supports compliance
NIST AI RMF	GOVERN 1.4 (Organizational Governance)	Supports compliance
ISO 42001	Clause 5.3 (Organizational Roles, Responsibilities)	Supports compliance
IEC 61508	Part 1 Clause 8 (Management of Functional Safety)	Supports compliance

EU AI Act — Article 14 (Human Oversight)

Article 14 requires that human oversight measures be effective, not merely present. Oversight by correlated reviewers who share the same blind spots is not effective oversight. Quorum diversity ensures that the human oversight contemplated by Article 14 includes the perspective diversity necessary for genuine risk detection.

SOX — Section 404 (Internal Controls Over Financial Reporting)

SOX segregation of duties requirements imply that financial controls include independent perspectives. An approval quorum composed entirely of individuals with aligned incentives (e.g., all from the business unit requesting the expenditure) does not satisfy segregation requirements. Quorum diversity introduces the cross-functional independence that SOX expects.

FCA SYSC — 6.1.1R (Systems and Controls)

The FCA's three lines of defence model requires that risk management and compliance provide independent challenge to business activities. For AI agent approvals, this translates to requiring that approval quorums include perspectives from outside the agent's operating function — directly implemented by the cross-functional independence requirement.

10. Failure Severity

Field	Value
Severity Rating	High
Blast Radius	Department-to-organisation-wide — depends on the impact of the action approved by a non-diverse quorum

Consequence chain: Without quorum diversity, multi-party approval becomes multi-party confirmation of the same perspective. The approval quorum has correlated blind spots — all approvers miss the same risk because they share the same training, incentives, and analytical framework. When a high-impact action contains a risk that falls in the shared blind spot, the quorum unanimously approves it. The resulting exposure depends on the nature of the missed risk: legal liability from unreviewed contract terms, safety incidents from analytically correlated engineering reviews, or financial loss from undiversified risk assessment. The governance failure is particularly insidious because the organisation can point to a multi-party approval and believe it exercised appropriate oversight — when in fact the approval provided no more protection than a single approver from the same perspective.

Cross-references: AG-290 (Tiered Approval Threshold Governance) determines which actions require multi-party approval and therefore trigger quorum diversity requirements. AG-292 (Approval Context Completeness Governance) ensures that diverse approvers have the information they need to apply their expertise. AG-170 (Approval Quality and Substantive Review) addresses the quality of individual approval decisions within the quorum. AG-017 (Multi-Party Authorisation) provides the multi-party framework that AG-291 extends with diversity requirements. AG-296 (Dual-Control for Policy Change Governance) applies similar diversity principles to policy changes. AG-297 (Approval Chain Visibility Governance) makes the quorum composition visible for audit. Siblings in this landscape: AG-289 through AG-298.