Where Agentic AI Runs Into Bank Governance

I have spent enough time building with AI agents on my own projects to be genuinely impressed by them. I have also spent enough time around banking to know that the harder I imagine putting one to work inside a bank, the faster I hit a wall, and the wall is not technical. It is governance. The moment software stops suggesting and starts acting, the frameworks a bank relies on to stay safe begin to strain.

A Framework Built for a Different Thing

Banks have a mature discipline for vetting a model before it goes live. You validate it, you characterize how it behaves, you understand its inputs and outputs, and you monitor it for drift. That works because the thing being governed is relatively predictable. Feed it the same inputs and you get the same output, and you can study that output before it does anything.

An agent is not that. It plans its own path toward a goal, makes choices you did not fully specify, and then takes actions in the world. I am not the right person to walk anyone through the specific supervisory guidance, and I will not pretend to be. But I do not need to be to see the structural mismatch. The existing frameworks were built, and built well, for deterministic and statistical models. An adaptive system that decides and acts is a different animal, and bending the old framework around it only stretches so far.

Action Risk Is Not Generation Risk

The distinction worth drawing is this. Governing a model that generates text is mostly about reviewing what it produces. A wrong answer gets caught by the person reading it before it matters. Governing a system that takes actions is a different problem, because by the time you would review the output, the action has already happened.

So the question shifts. It is no longer only whether the output is accurate. It is what this system is allowed to do, how we keep it inside those bounds, and how we prove that it stayed there. That is a controls problem more than a model validation problem, and most of the existing machinery was built for the latter.

The Trouble With Human in the Loop

The reflexive answer to all of this is to keep a human in the loop, and I believe in that answer. But I have learned to poke at what it actually means. If an agent takes twenty steps in a few seconds, what does oversight look like. Have a person approve every step and you have thrown away the speed that made the agent worth using. Have them spot-check and you have quietly accepted that some actions happen with no review at all.

The real version of human in the loop is more deliberate than the slogan. It means narrow scopes, hard limits on what the agent can touch, actions that can be reversed, complete logs of what it did and why, and a sandbox where a mistake is bounded instead of catastrophic. Designing that is real work, and it is the work that has to come before the capability gets anywhere near production.

Where I'd Draw the Line

If it were up to me today, agents in a bank would live entirely on the safe side of a clear line. Internal, low-stakes, reversible tasks, with a person owning every consequential decision. Nowhere near moving money or deciding something about a client's account on their own. Not because the technology cannot do it, but because the cost of being wrong in those places is borne by people who did not sign up for the experiment.

The frameworks will adapt. Supervisors are working through what governing adaptive systems should look like, and that is careful, deliberate work that deserves the time it takes. The right order is the same as it has always been. Get the governance right, then deploy. Not the reverse.

The Work Ahead

I am not anti-agent. I think they will eventually do real work inside banks, and I want to be ready when they do. But right now the technology is ready to do more than the governance is ready to allow, and inside a bank that gap is a feature, not a flaw. Closing it responsibly, building the controls and the proof before handing software the keys, is the actual work of the next few years. I would rather be early to that work than early to the headline.