Branch8

AI Agent Domain Access Control Framework: A Step-by-Step Deployment Guide

Matt Li
June 14, 2026
14 mins read
AI Agent Domain Access Control Framework: A Step-by-Step Deployment Guide - Hero Image

Key Takeaways

  • Deny-all default with explicit domain whitelisting is the only safe starting point for AI agents
  • Dual enforcement (OPA at application layer + Kubernetes NetworkPolicy at infra layer) prevents policy bypass
  • Short-lived machine identity tokens (120-300 seconds) limit blast radius of compromised agents
  • Policy-as-code with Git review workflows prevents compliance entropy over time
  • APAC cross-border deployments require jurisdiction-aware domain policies for data residency

Quick Answer: An AI agent domain access control framework uses deny-all-default domain whitelisting, machine identity tokens, and policy engines like OPA to enforce granular access rules on every request an AI agent makes — preventing unauthorized data access and satisfying APAC regulatory requirements.


If you're deploying AI agents into e-commerce checkout flows or fintech transaction pipelines across APAC without a proper AI agent domain access control framework, you're essentially handing an intern the master key to every system in your building — and hoping for the best. That's not a strategy; that's a liability waiting to materialize.

Related reading: Cursor 3 AI Code Generation Engineering: A Step-by-Step Guide for APAC Teams

Related reading: Aldi Instacart Exclusivity E-Commerce Logistics: Why It Signals the End of Multi-Channel Fulfillment

Related reading: Shopify AI Engineering Playbook Practices: A Step-by-Step Guide for APAC Scaleups

Related reading: Lemonade Local LLM Server GPU Deployment: Step-by-Step for APAC Teams

Related reading: Malaysia Work From Home Government Policy: What It Means for Offshore Teams in 2026

The Monetary Authority of Singapore's 2024 Technology Risk Management Guidelines now explicitly address autonomous software agents. Hong Kong's SFC has tightened expectations around algorithmic decision-making controls. Australia's APRA CPS 234 already demands granular access management for any information asset — and AI agents absolutely qualify. According to Gartner's 2024 forecast, by 2028 at least 15% of day-to-day work decisions will be made autonomously through agentic AI, up from virtually zero in 2023. That trajectory makes domain-level access control not optional but foundational.

This tutorial walks you through building a practical, enforceable domain access control framework for AI agents operating in regulated APAC environments. We're not talking theory — we're talking copy-pasteable configurations, real policy definitions, and a structure that passes compliance audits.

Prerequisites

Before starting, ensure you have the following in place:

Infrastructure Requirements

  • A reverse proxy or API gateway — we'll use Kong Gateway 3.7+ in this guide, but NGINX or AWS API Gateway work with modifications
  • An identity provider (IdP) supporting machine-to-machine tokens — Auth0, Azure AD, or Keycloak 24.x
  • Policy engine — Open Policy Agent (OPA) v0.67+ or Cerbos v0.38+
  • Container orchestration — Kubernetes 1.29+ (EKS, GKE, or AKS)
  • Logging and audit trail — Elasticsearch 8.x or Datadog with APM enabled

Knowledge Requirements

  • Familiarity with OAuth 2.0 client credentials flow
  • Basic understanding of Rego (OPA's policy language) or Cerbos YAML policy format
  • Working knowledge of Kubernetes RBAC
  • Understanding of your organization's data classification scheme

Team Requirements

  • Platform/DevOps engineer for gateway and OPA deployment
  • Security/compliance lead for policy definition sign-off
  • Product owner for each AI agent to define required domain scopes

Step 1: Map Every AI Agent to a Domain Scope Inventory

Before writing a single policy, you need to know exactly what each AI agent needs to access and why. This is where most teams cut corners — and where most breaches originate.

Create a domain scope inventory document. Each AI agent gets a profile that specifies precisely which internal and external domains, API endpoints, and data classifications it can touch.

1# agent-scope-inventory.yaml
2agents:
3 - agent_id: "checkout-pricing-agent-01"
4 description: "Dynamic pricing agent for e-commerce checkout"
5 owner_team: "commerce-platform"
6 environment: "production"
7 allowed_domains:
8 - domain: "pricing-engine.internal.branch8.com"
9 methods: ["GET", "POST"]
10 paths: ["/v2/calculate", "/v2/promotions"]
11 data_classification: "business-confidential"
12 - domain: "inventory-api.internal.branch8.com"
13 methods: ["GET"]
14 paths: ["/v1/stock-levels"]
15 data_classification: "internal"
16 - domain: "api.stripe.com"
17 methods: ["POST"]
18 paths: ["/v1/payment_intents"]
19 data_classification: "pci-restricted"
20 denied_domains:
21 - "*.admin.internal.branch8.com"
22 - "*.hr.internal.branch8.com"
23 - "*" # deny-all default
24 max_requests_per_minute: 200
25 session_ttl_seconds: 300
26
27 - agent_id: "kyc-verification-agent-02"
28 description: "Know Your Customer document verification for fintech onboarding"
29 owner_team: "compliance-ops"
30 environment: "production"
31 allowed_domains:
32 - domain: "kyc-service.internal.branch8.com"
33 methods: ["GET", "POST"]
34 paths: ["/v1/verify", "/v1/documents"]
35 data_classification: "pii-restricted"
36 - domain: "api.jumio.com"
37 methods: ["POST"]
38 paths: ["/v1/verification"]
39 data_classification: "pii-restricted"
40 denied_domains:
41 - "*"
42 max_requests_per_minute: 50
43 session_ttl_seconds: 120

The critical principle here: deny-all by default, whitelist explicitly. This mirrors the zero trust for AI agents approach that Anthropic and the Cloud Security Alliance's Agentic Trust Framework both advocate, but applied at the domain and path level rather than just the network perimeter.

When we deployed this pattern for a Hong Kong-based fintech client processing cross-border payments between HK, Singapore, and the Philippines, our Branch8 team discovered that their existing AI agents had been configured with wildcard outbound access — meaning a compromised pricing agent could theoretically reach their HR system's API. Mapping the inventory took three days with a two-person team but eliminated over 40 unnecessary domain entitlements. That's the kind of scoreboard metric that matters.

Ready to Transform Your Ecommerce Operations?

Branch8 specializes in ecommerce platform implementation and AI-powered automation solutions. Contact us today to discuss your ecommerce automation strategy.

Step 2: Issue Machine Identities for Each Agent

Every AI agent needs its own verifiable identity — not a shared service account, not an API key taped to a config file. According to the 2024 CyberArk Identity Security Threat Landscape report, machine identities now outnumber human identities 45:1 in the average enterprise. Each one is an attack surface.

Configure your IdP to issue short-lived JWT tokens scoped to each agent's domain permissions.

Keycloak Configuration

1# Create a dedicated realm for AI agents
2kcadm.sh create realms -s realm=ai-agents -s enabled=true
3
4# Create client for the pricing agent
5kcadm.sh create clients -r ai-agents \
6 -s clientId=checkout-pricing-agent-01 \
7 -s enabled=true \
8 -s serviceAccountsEnabled=true \
9 -s clientAuthenticatorType=client-secret \
10 -s 'defaultClientScopes=["domain:pricing-engine","domain:inventory-api","domain:stripe-payments"]' \
11 -s 'attributes={"access.token.lifespan":"300"}'
12
13# Create client for the KYC agent
14kcadm.sh create clients -r ai-agents \
15 -s clientId=kyc-verification-agent-02 \
16 -s enabled=true \
17 -s serviceAccountsEnabled=true \
18 -s clientAuthenticatorType=client-secret \
19 -s 'defaultClientScopes=["domain:kyc-service","domain:jumio-verify"]' \
20 -s 'attributes={"access.token.lifespan":"120"}'

Token Request (Agent Runtime)

1# Agent requests a scoped token at runtime
2curl -X POST https://auth.branch8.com/realms/ai-agents/protocol/openid-connect/token \
3 -H "Content-Type: application/x-www-form-urlencoded" \
4 -d "grant_type=client_credentials" \
5 -d "client_id=checkout-pricing-agent-01" \
6 -d "client_secret=${AGENT_SECRET}" \
7 -d "scope=domain:pricing-engine domain:inventory-api domain:stripe-payments"

The returned JWT will contain scoped claims that downstream policy enforcement can verify. Notice the session TTL of 300 seconds for the pricing agent and 120 seconds for the KYC agent — shorter sessions for higher-sensitivity data. This aligns with NIST 800-53 AC-12 controls for session termination, which the NIST AI Risk Management Framework cross-references for AI system deployments.

Step 3: Define Domain Access Policies in OPA

Now we translate the scope inventory into enforceable policies. Open Policy Agent gives us a declarative way to express complex domain access rules that can be evaluated in under 1ms per request.

1# policies/agent_domain_access.rego
2package agent.domain.access
3
4import rego.v1
5
6default allow := false
7
8# Extract agent identity and requested domain from input
9agent_id := input.identity.client_id
10requested_domain := input.request.host
11requested_path := input.request.path
12requested_method := input.request.method
13token_scopes := input.identity.scopes
14
15# Load agent scope definitions from external data
16agent_config := data.agent_scopes[agent_id]
17
18# Main allow rule: agent must have valid identity,
19# matching domain scope, and the specific path/method must be permitted
20allow if {
21 agent_config != null
22 some domain_entry in agent_config.allowed_domains
23 domain_entry.domain == requested_domain
24 requested_method in domain_entry.methods
25 path_matches(requested_path, domain_entry.paths)
26 scope_name := concat(":", ["domain", split(requested_domain, ".")[0]])
27 scope_name in token_scopes
28}
29
30# Rate limiting check
31within_rate_limit if {
32 current_rpm := data.metrics.requests_per_minute[agent_id]
33 current_rpm < agent_config.max_requests_per_minute
34}
35
36# Path matching helper
37path_matches(requested, allowed_paths) if {
38 some allowed_path in allowed_paths
39 glob.match(allowed_path, ["/"], requested)
40}
41
42# Combined enforcement decision
43decision := {
44 "allow": allow,
45 "rate_limit_ok": within_rate_limit,
46 "enforce": allow == true; within_rate_limit == true,
47 "agent_id": agent_id,
48 "domain": requested_domain,
49 "reason": reason,
50}
51
52reason := "access granted" if {
53 allow
54 within_rate_limit
55}
56
57reason := "domain not in allowlist" if {
58 not allow
59}
60
61reason := "rate limit exceeded" if {
62 allow
63 not within_rate_limit
64}

Load the agent scope inventory as external data:

1# Push agent scope data to OPA
2curl -X PUT http://localhost:8181/v1/data/agent_scopes \
3 -H "Content-Type: application/json" \
4 -d @agent-scope-inventory.json
5
6# Test the policy with a sample input
7curl -X POST http://localhost:8181/v1/data/agent/domain/access/decision \
8 -H "Content-Type: application/json" \
9 -d '{
10 "input": {
11 "identity": {
12 "client_id": "checkout-pricing-agent-01",
13 "scopes": ["domain:pricing-engine", "domain:inventory-api", "domain:stripe-payments"]
14 },
15 "request": {
16 "host": "pricing-engine.internal.branch8.com",
17 "path": "/v2/calculate",
18 "method": "POST"
19 }
20 }
21 }'

Expected output:

1{
2 "result": {
3 "allow": true,
4 "rate_limit_ok": true,
5 "enforce": true,
6 "agent_id": "checkout-pricing-agent-01",
7 "domain": "pricing-engine.internal.branch8.com",
8 "reason": "access granted"
9 }
10}

Ready to Transform Your Ecommerce Operations?

Branch8 specializes in ecommerce platform implementation and AI-powered automation solutions. Contact us today to discuss your ecommerce automation strategy.

Step 4: Enforce at the Gateway Layer

Policies without enforcement are just documentation. Integrate OPA with Kong Gateway so that every outbound request from an AI agent gets checked before it leaves your network.

1# kong-opa-plugin.yaml
2plugins:
3 - name: opa
4 config:
5 opa_host: "opa-sidecar.ai-agents.svc.cluster.local"
6 opa_port: 8181
7 policy_uri: "/v1/data/agent/domain/access/decision"
8 include_body: false
9 include_parsed_json_body: false
10 include_uri_captures: true
11 timeout: 50 # milliseconds — fail closed if OPA unreachable
12 keepalive: 60000
13 forward_request_headers:
14 - "Authorization"
15 - "X-Agent-ID"
16 custom_header_name: "X-OPA-Decision"

Deploy via decK:

1# Validate configuration
2deck validate -s kong-opa-plugin.yaml
3
4# Apply to Kong
5deck sync -s kong-opa-plugin.yaml --kong-addr http://kong-admin:8001
6
7# Verify plugin is active
8curl -s http://kong-admin:8001/plugins | jq '.data[] | select(.name=="opa")'

Set the timeout to 50ms with a fail-closed posture. If OPA is unreachable, the request is denied — not allowed. In fintech environments governed by MAS TRM or HKMA's SA-2 guidelines, fail-open is simply not acceptable.

Step 5: Deploy Agent-Specific Network Policies in Kubernetes

Belt and suspenders. Even with gateway enforcement, Kubernetes NetworkPolicies provide a second enforcement layer at the infrastructure level.

1# k8s/network-policy-pricing-agent.yaml
2apiVersion: networking.k8s.io/v1
3kind: NetworkPolicy
4metadata:
5 name: checkout-pricing-agent-01-egress
6 namespace: ai-agents
7 labels:
8 app: checkout-pricing-agent
9 policy-version: "v2.1"
10spec:
11 podSelector:
12 matchLabels:
13 agent-id: checkout-pricing-agent-01
14 policyTypes:
15 - Egress
16 egress:
17 # Allow DNS resolution
18 - to:
19 - namespaceSelector:
20 matchLabels:
21 kubernetes.io/metadata.name: kube-system
22 ports:
23 - protocol: UDP
24 port: 53
25 # Allow pricing engine
26 - to:
27 - podSelector:
28 matchLabels:
29 app: pricing-engine
30 ports:
31 - protocol: TCP
32 port: 8443
33 # Allow inventory API
34 - to:
35 - podSelector:
36 matchLabels:
37 app: inventory-api
38 ports:
39 - protocol: TCP
40 port: 8443
41 # Allow Stripe (external)
42 - to:
43 - ipBlock:
44 cidr: 3.18.12.63/32 # Stripe API IP range
45 - ipBlock:
46 cidr: 3.130.192.163/32
47 ports:
48 - protocol: TCP
49 port: 443

Apply and verify:

1kubectl apply -f k8s/network-policy-pricing-agent.yaml
2
3# Verify the policy is active
4kubectl describe networkpolicy checkout-pricing-agent-01-egress -n ai-agents
5
6# Test from inside the agent pod — this should SUCCEED
7kubectl exec -n ai-agents deploy/checkout-pricing-agent -- \
8 curl -s -o /dev/null -w "%{http_code}" https://pricing-engine.internal.branch8.com/v2/calculate
9# Expected: 200
10
11# Test unauthorized domain — this should FAIL
12kubectl exec -n ai-agents deploy/checkout-pricing-agent -- \
13 curl -s -o /dev/null -w "%{http_code}" --max-time 5 https://hr-system.internal.branch8.com/api/employees
14# Expected: timeout/connection refused

This dual enforcement — application-layer via OPA + infrastructure-layer via NetworkPolicy — is what separates a production-grade AI agent domain access control framework from a compliance checkbox exercise.

Ready to Transform Your Ecommerce Operations?

Branch8 specializes in ecommerce platform implementation and AI-powered automation solutions. Contact us today to discuss your ecommerce automation strategy.

Step 6: Build the Audit Trail and Alerting Pipeline

Regulators across APAC don't just want you to have controls — they want proof those controls are working. The MAS Notice on Cyber Hygiene (MAS 655) requires organizations to maintain audit logs that can be produced within a reasonable timeframe.

1# fluentbit-config.yaml for agent access logs
2apiVersion: v1
3kind: ConfigMap
4metadata:
5 name: fluent-bit-agent-audit
6 namespace: ai-agents
7data:
8 fluent-bit.conf: |
9 [SERVICE]
10 Flush 1
11 Log_Level info
12 Parsers_File parsers.conf
13
14 [INPUT]
15 Name tail
16 Path /var/log/kong/agent-access.log
17 Tag agent.access
18 Parser json
19
20 [FILTER]
21 Name grep
22 Match agent.access
23 Regex opa_decision.enforce false
24
25 [OUTPUT]
26 Name es
27 Match agent.access
28 Host elasticsearch.logging.svc.cluster.local
29 Port 9200
30 Index agent-domain-access-audit
31 Type _doc
32 Logstash_Format On
33 Logstash_Prefix agent-access
34
35 [OUTPUT]
36 Name slack
37 Match agent.access
38 Webhook ${SLACK_SECURITY_WEBHOOK}

Configure an Elasticsearch watcher for anomaly detection:

1{
2 "trigger": {
3 "schedule": { "interval": "5m" }
4 },
5 "input": {
6 "search": {
7 "request": {
8 "indices": ["agent-access-*"],
9 "body": {
10 "query": {
11 "bool": {
12 "must": [
13 { "range": { "@timestamp": { "gte": "now-5m" } } },
14 { "term": { "opa_decision.enforce": false } }
15 ]
16 }
17 },
18 "aggs": {
19 "by_agent": {
20 "terms": { "field": "agent_id.keyword", "min_doc_count": 5 }
21 }
22 }
23 }
24 }
25 }
26 },
27 "condition": {
28 "compare": { "ctx.payload.aggregations.by_agent.buckets.0.doc_count": { "gte": 5 } }
29 },
30 "actions": {
31 "notify_security": {
32 "webhook": {
33 "method": "POST",
34 "url": "${PAGERDUTY_INTEGRATION_URL}",
35 "body": "AI agent {{ctx.payload.aggregations.by_agent.buckets.0.key}} generated {{ctx.payload.aggregations.by_agent.buckets.0.doc_count}} denied access attempts in the last 5 minutes."
36 }
37 }
38 }
39}

Five or more denied requests from a single agent within five minutes triggers a PagerDuty alert. That threshold is calibrated from our experience — during the Branch8 fintech deployment mentioned earlier, we initially set it at 10 and missed a misconfigured agent that had been hammering an unauthorized endpoint at 8 requests per cycle for two hours before anyone noticed. Dropping to 5 caught issues within a single cycle.

Step 7: Implement Policy Versioning and Change Management

Policies drift. Agents get new capabilities. New APIs come online. Without version control and a change management process, your AI agent security framework degrades over time — what I call "compliance entropy."

Store all policies in Git with mandatory review:

1# Repository structure
2ai-agent-policies/
3├── agents/
4│ ├── checkout-pricing-agent-01.yaml
5│ ├── kyc-verification-agent-02.yaml
6│ └── ...
7├── opa-policies/
8│ ├── agent_domain_access.rego
9│ ├── agent_domain_access_test.rego
10│ └── data/
11├── k8s-network-policies/
12│ ├── pricing-agent-egress.yaml
13│ └── kyc-agent-egress.yaml
14├── kong-plugins/
15│ └── opa-integration.yaml
16└── CODEOWNERS
1# CODEOWNERS — enforce review requirements
2* @branch8/platform-security
3agents/*.yaml @branch8/platform-security @branch8/compliance
4opa-policies/*.rego @branch8/platform-security

Automate policy testing in CI:

1# .github/workflows/policy-test.yaml (excerpt)
2- name: Run OPA policy tests
3 run: |
4 opa test ./opa-policies/ -v --bundle
5 echo "Policy tests passed"
6
7- name: Validate K8s NetworkPolicies
8 run: |
9 for f in k8s-network-policies/*.yaml; do
10 kubeval --strict "$f"
11 done
12 echo "NetworkPolicy validation passed"
13
14- name: Diff check — alert on scope expansion
15 run: |
16 git diff HEAD~1 -- agents/ | grep '+ *- domain:' && \
17 echo "::warning::New domain added to agent allowlist — requires security review" || true

According to IBM's 2024 Cost of a Data Breach report, organizations with mature DevSecOps practices detected breaches 68 days faster than those without, saving an average of USD $2.66 million per incident. Policy-as-code for your AI agent domain access control framework is DevSecOps applied to agentic AI identity management.

Ready to Transform Your Ecommerce Operations?

Branch8 specializes in ecommerce platform implementation and AI-powered automation solutions. Contact us today to discuss your ecommerce automation strategy.

Handling Cross-Border Complexity in APAC

Deploying agents across multiple APAC jurisdictions introduces data residency requirements that affect your domain access policies directly. An agent processing Singapore customer data cannot typically reach endpoints hosted in a jurisdiction without adequate data protection agreements.

Add jurisdiction-aware metadata to your scope inventory:

1# Jurisdiction extension for agent scope inventory
2agents:
3 - agent_id: "kyc-verification-agent-02"
4 jurisdictions:
5 - region: "sg"
6 data_residency: "sg-central-1"
7 allowed_external_domains:
8 - "api.jumio.com" # Jumio processes in-region for SG
9 - region: "hk"
10 data_residency: "ap-east-1"
11 allowed_external_domains:
12 - "api.jumio.com"
13 - region: "au"
14 data_residency: "ap-southeast-2"
15 allowed_external_domains:
16 - "api-au.jumio.com" # AU-specific endpoint for Privacy Act compliance

This maps directly to OPA data that can be evaluated at request time based on the agent's deployment region — ensuring a KYC agent running in Australia's AWS region physically cannot call the global Jumio endpoint and must use the AU-specific one.

What to Do Next

You now have a working, multi-layered AI agent domain access control framework. Here's where to take it from this foundation:

Immediate Next Steps (Week 1-2)

  • Run opa test with at least 20 test cases covering both allowed and denied scenarios for each agent
  • Conduct a tabletop exercise where your security team simulates a compromised agent and traces the blast radius
  • Document your framework for your next regulatory review — whether that's MAS, SFC, or APRA

Medium-Term (Month 1-3)

  • Integrate runtime anomaly detection using request pattern analysis — agents that suddenly change their access patterns likely indicate prompt injection or model compromise
  • Evaluate Cerbos as a policy engine alternative if your team finds Rego's learning curve steep
  • Extend the framework to cover tool-use permissions — not just domain access but which functions (database writes, file system access, email sends) each agent can invoke

Where This Space Is Heading

The convergence of agentic AI identity management with traditional IAM is accelerating. We're already seeing early NIST 800-53 AI controls overlays in draft form, and the Cloud Security Alliance's Agentic Trust Framework will likely become the baseline standard within 18 months. The organizations that build domain-level access controls now — not after their first agent-related incident — will have a structural advantage, especially in APAC markets where regulatory enforcement is tightening faster than most global companies expect.

The competitive advantage isn't just avoiding breaches. It's deployment velocity. Teams with a well-defined framework ship new agents 3-4x faster because the guardrails are already in place — no ad hoc security review bottleneck for every new agent. Think of it like having a well-coached team: the playbook is clear, so execution is fast.

If your team is deploying AI agents across APAC regulated environments and needs help standing up this framework with the compliance specifics for your target markets, reach out to Branch8's engineering team — we've done this across HK, Singapore, and Australia and can accelerate your timeline significantly.

Ready to Transform Your Ecommerce Operations?

Branch8 specializes in ecommerce platform implementation and AI-powered automation solutions. Contact us today to discuss your ecommerce automation strategy.

Sources

  • Gartner, "Predicts 2024: AI Agents Are Here" — https://www.gartner.com/en/articles/intelligent-agent-ai
  • Cloud Security Alliance, "Agentic Trust Framework" — https://cloudsecurityalliance.org/research/topics/agentic-trust-framework
  • IBM, "Cost of a Data Breach Report 2024" — https://www.ibm.com/reports/data-breach
  • CyberArk, "2024 Identity Security Threat Landscape Report" — https://www.cyberark.com/resources/threat-landscape-report
  • MAS Technology Risk Management Guidelines — https://www.mas.gov.sg/regulation/guidelines/technology-risk-management-guidelines
  • NIST AI Risk Management Framework — https://www.nist.gov/artificial-intelligence/ai-risk-management-framework
  • Open Policy Agent Documentation — https://www.openpolicyagent.org/docs/latest/

FAQ

Zero trust for AI agents means no agent is inherently trusted regardless of its network location. Every request an AI agent makes must be authenticated with a machine identity, authorized against a granular domain and path-level policy, and logged for audit. The Cloud Security Alliance's Agentic Trust Framework formalizes this approach with continuous verification rather than perimeter-based trust.

About the Author

Matt Li

Co-Founder & CEO, Branch8 & Second Talent

Matt Li is Co-Founder and CEO of Branch8, a Y Combinator-backed (S15) Adobe Solution Partner and e-commerce consultancy headquartered in Hong Kong, and Co-Founder of Second Talent, a global tech hiring platform ranked #1 in Global Hiring on G2. With 12 years of experience in e-commerce strategy, platform implementation, and digital operations, he has led delivery of Adobe Commerce Cloud projects for enterprise clients including Chow Sang Sang, HomePlus (HKBN), Maxim's, Hong Kong International Airport, Hotai/Toyota, and Evisu. Prior to founding Branch8, Matt served as Vice President of Mid-Market Enterprises at HSBC. He serves as Vice Chairman of the Hong Kong E-Commerce Business Association (HKEBA). A self-taught software engineer, Matt graduated from the University of Toronto with a Bachelor of Commerce in Finance and Economics.