Agentic AI in financial services: navigating innovation, challenges and ethical adoption

Co-author of the Agentic AI in Financial Services: Opportunities, Risks, and Responsible Implementation whitepaper

Agentic AI is ushering in a new era for financial services. Unlike traditional or generative AI, AI agents possess the ability to make complex decisions autonomously, plan, and interact dynamically across systems. From managing portfolios and detecting fraud to automating compliance and transforming customer engagement, agentic AI isn’t just improving financial operations—it’s redefining them. These systems can literally change the world.

We are now at the tipping point: a moment where we can potentially delegate simple and complex tasks to AI systems. These capabilities unlock new efficiency and have the potential to shift legacy workflows into adaptive, persona-driven experiences that reduce friction and elevate quality. Executives claim to be ready. But as AI adoption accelerates, the greatest rewards will go to executives who recognise the opportunity and are ready to address the risk.

In Australia’s financial services sector, the evolution of AI, especially agentic AI, offers both opportunity and risk. These autonomous systems promise to streamline legacy processes and enable more adaptive, personalised services.

But their growing autonomy also introduces unique challenges: goal misalignment, data privacy breaches, security vulnerabilities, and cascading failures. For example, a wealth management agent might gradually shift allocations towards higher-risk investments to maximise returns, contradicting the customer’s risk tolerance and intentions. As real-time human oversight becomes more difficult, critical questions emerge around control, accountability, and the guardrails needed to ensure safe, responsible deployment.

Beyond managing emerging risks, financial institutions must also navigate a complex and evolving regulatory landscape. In Australia, we have recently saw the introduction of voluntary AI standards to be followed by mandatory guidelines, covered in the Proposals Paper. The Proposals paper discusses the autonomous nature of agentic AI systems as an amplified risk and the possibility of ‘losing control’ on agentic AI systems when they deviate from constraints set by humans.

For banks, this is not theoretical. The ability of AI agents to independently access and act on sensitive customer data challenges core tenets of privacy, explainability, and transparency. In line with the EU AI Act, high-risk systems—such as those involved in credit decisioning or anti money laundering—may soon be required to meet new standards that are particularly demanding for agentic systems. At the same time, existing laws already apply. This includes sector specific regulations and frameworks as well as consumer protection laws and the privacy act.

The Office of the Australian Information Commissioner (OAIC) has recently issued guidance for generative AI, which extends to agents since they use large language models. This guidance demonstrated how the principles of the privacy act apply to apply to AI systems leveraging private information and emphasised that personal information is only used for its original purpose. Agentic systems may risk using data for other goals unless strong controls are in place. For example, a banking chatbot agent that escalates to real-time financial recommendations without a clear audit trail or purpose limitation could breach compliance.

In areas where regulation is unclear, banks must rely on strong ethical foundations and proactive risk management from the outset. This calls for a “compliance by design” approach: aligning AI governance with organisational values, tying AI strategy to business strategy, and prioritising use cases not just by impact and feasibility, but by risk. This means setting up a centralised, registry of AI use cases, standardised across departments, to monitor risk and performance. Embedding risk assessments early validates ideas and ensures alignment with organisational risk appetite.

As risks evolve, so must the controls, such as modular guardrails and real-time monitoring, to safely scale autonomous agents. A phased rollout starting with pilot projects, defining financial and compliance goals, assessing risks specific to financial services, and continuously refining controls will help ensure safe, scalable adoption across the sector.

Long-term success will require more than technology. It demands a cultural shift: lifting existing risk frameworks, embedding AI literacy across the organisation, and fostering cross-functional collaboration across risk, data, security, and business teams. This is how financial institutions can ensure they are both doing the right AI AND doing AI right.

1. Set a Clear Strategy
        • Align AI with existing people, tools, and processes.
        • Prioritise high-value, well-defined use cases.
        • Build and test use cases with metrics like FinOps KPIs.

2. Build Trust & Ensure Safety
        • Define ethics and operational standards.
        • Update risk controls and build a shared use case library.
        • Promote AI literacy across teams.
        • Automate early-stage risk assessments.
        • Encourage responsible innovation with clear accountability.
        • Monitor use cases continuously.

3. Plan for Scale
        • Use frameworks to scale efficiently without complexity.
        • Make tools accessible across teams.
        • Start small, validate quickly, and iterate.