A power of attorney can authorise a person to act. It does not create the accounts, limits, evidence or revocation needed to act safely. Institutions often treat the legal document as the whole control. The delegate then borrows the principal’s login because the platform has no role for them. A bank recognises the mandate but uses a broad operational profile. A technology administrator grants access without understanding the legal scope. The law and the system describe different authority. The gap is where abuse and paralysis appear.
Translate authority into decision objects
A mandate may contain broad legal language. Operations require specific actions. Identify the objects the delegate may affect:
- Accounts, entities, properties, records or relationships.
- Permitted actions: view, instruct, approve, transfer, disclose, appoint or terminate.
- Limits: value, jurisdiction, counterparty, purpose and duration.
- Conditions: incapacity, absence, second approval or professional opinion.
- Prohibitions: gifts, self-dealing, new beneficiaries, public statements or destruction.
These objects can then be represented in bank mandates, application roles and operating procedures.
Value object — The Mandate-to-Access Matrix
For every material delegated power, record:
- Legal source and current version.
- Authority holder and identity proof.
- Decision scope and prohibited actions.
- Systems and counterparties required to exercise it.
- Technical role, transaction limit and approval workflow.
- Evidence generated by use.
- Revocation trigger, owner and confirmation.
The matrix reveals legal authority with no execution route and technical access with no current legal basis.
Never solve delegation by sharing identity
Using the principal’s account collapses attribution. The system records the principal, the provider cannot distinguish delegate from attacker and revocation may require disabling the principal too. Use named delegated access wherever available. If a platform cannot represent the mandate, consider whether it is suitable for consequential work or add a controlled intermediary process.
Design partial failure
A delegate may remain legally authorised while their device is compromised. A mandate may be revoked while the technical role persists. A platform may be unavailable while the legal obligation to act continues. Define which source governs each conflict and how counterparties are notified. Revocation must reach both the legal record and the access layer.
Preserve evidence of interpretation
Mandates are not always self-executing. Someone decides that a condition has occurred, a limit applies or an action fits the purpose. Record the interpretation for consequential use: the operative provision, supporting evidence, approving person and action taken. This protects the principal, delegate and institution.
Exercise the real route
A legal review confirms validity. An operational exercise confirms usability. Ask the delegate to perform a harmless representative action through the actual systems and counterparties. Identify demands for unavailable documents, personal attendance, obsolete contacts or shared credentials.
Authority must be executable and containable
A mandate that cannot be exercised fails continuity. Access that exceeds the mandate fails control. Build the translation layer so the institution can let the right person act, see exactly what they did and end that authority without collateral damage.
