Dual Control Verification
Four eyes on what matters — no single person (or single model) gets to be wrong alone.
Dual control verification — the four-eyes principle, maker-checker in banking parlance — is the control that requires two independent parties to complete a consequential action: one performs, the other verifies, and neither alone can push the payment, release the document, approve the exception, or change the standing data. In document operations it has guarded the high-stakes moments for decades: large-value payment instructions keyed from documents, signature release authorities, redaction approvals before disclosure, vendor master changes driven by banking-detail letters (the classic fraud vector dual control exists to stop).
Document AI reshapes the pattern without retiring it. The efficient modern arrangement makes the machine one of the four eyes: AI extracts and validates, an independent human verifies — or inversely, a human keys and the AI checks, catching transposition and misreading with mechanical consistency. True independence is the design requirement: the checker must not see the maker's answer before forming their own (blind double-entry beats confirmation-biased review), and an AI checker must be genuinely independent of the maker system — a different model or validation path, not the same extraction displayed twice. For the highest tiers, dual control remains fully human with AI as a third layer: two officers plus the model's flags, each leaving their mark in the audit trail.
The governance questions are explicit in regulated deployments: which actions require dual control (a matrix by action type and value band), whether an AI may occupy one of the control positions for which tiers (regulators increasingly accept it for lower bands with measured performance, and require human pairs above), and how the trail evidences both controls — who or what made, who or what checked, at what time, seeing what. The perennial operational risk is erosion: checkers rubber-stamping under throughput pressure, which sampling audits and disagreement-rate monitoring exist to detect — a dual control that never disagrees is one eye wearing two badges.
The model does the reading; a person checks its work — but only where the model isn't sure.
A person confirms the value — the human check, used deliberately where it earns its cost.
Six months later, someone asks 'why was this approved?' — audit-ready means the workflow can answer.
Proof Perimeter runs document AI inside your own perimeter — with a provenance record on every field.
Book a demo