Generative AI and LLM Agents: Gradual shifts in Banking

Introduction

Generative AI (GenAI) has introduced a powerful new engine for intelligence and content creation. The next practical frontier for banking is to harness this engine to build AI Agents: iterative LLM powered-software systems designed to execute complex, multi-step business processes from start to finish, within provided policy guardrails.

Unlike simple chatbots or co-pilots that assist with a single task, these agents can manage entire workflows, such as evaluating a trade settlement, drafting a suspicious activity report, or analyzing a corporate borrower's financial covenants. The goal is not uncontrolled autonomy, but a strategic leap in contextual automation—moving from single-step assistance to end-to-end process execution under clear human oversight and governance.

Here I provide a simple yet strategic framework for banking leaders. It cuts through the hype to offer a pragmatic roadmap for deploying AI Agents to capture tangible value, manage inherent risks, and build a durable competitive advantage. The focus is on a disciplined, ROI-driven approach, orchestrated from the top to ensure alignment with the bank's core strategic priorities.

What will change

Previous waves of AI provided tools that helped employees perform individual tasks more efficiently, a model of human assistance. The operational shift now is to deploy LLM powered systems that take controlled ownership of a specific business process within a defined domain boundary. This is not about a vague "Do It for Me" request; it is about delegating the execution of a well-defined workflow to a digital LLM agent, while humans retain control and accountability.

For example, an agent can be tasked with the data gathering and initial deterministic verification stages of customer onboarding. It can interface with core systems, check third-party databases, and assemble a complete digital file. However, this process operates under a "Human-on-the-Loop" governance model. The human operator is not a passive supervisor but an active decision-maker who reviews the completed file, adjudicates exceptions flagged by the agent, and provides the final sign-off required for regulatory compliance.

This is where the operational leverage materializes: a single, highly-skilled employee no longer executes one process at a time. Instead, they manage a portfolio of automated processes, focusing their expertise on handling complex exceptions, adjudicating on conflicting signals, authorizing key decisions, and continuously improving the agents' performance via feedbacks. The result is a fundamental re-architecting of operational capacity, allowing the institution to scale its operations while re-focusing its human talent on the highest-value activities: judgment, strategy, and client interaction.

What it would mean

Deploying AI Agents at scale is not just a technology project; it is a fundamental shift in the bank's operating model. This shift introduces significant new risks that must be proactively and rigorously managed from the outset. Leadership must focus on five critical areas:

1. Organizational & Talent Model Upheaval:

The most profound impact will be on our people and structure. This is not a simple matter of role replacement. The traditional pyramid structure, with large teams executing manual processes at the base, will get huge productivity boost, to the order of 10x or even 100x. We must prepare for a radical shift toward a model that prioritizes expertise, where smaller teams of highly-skilled operators manage deterministic portfolios of automated processes. This requires a complete overhaul of job descriptions, compensation models, and career paths, alongside a massive investment in re-skilling our workforce to become agent managers, trainers, and exception handlers.

2. The Accountability Gap & Concentrated Model Risk:

When an agent makes a multi-million dollar mistake in pricing or compliance, who is accountable? The developer? The business owner? The data provider? Without a crystal-clear governance framework, we create a dangerous accountability vacuum. Every agent must have a named human owner, responsible for its decisions. Furthermore, as we automate end-to-end processes, we are concentrating operational risk into a single model or system. A single flaw in an agent's logic could generate thousands of errors in minutes, a scale of failure far exceeding human error. This demands a new, more stringent level of model risk management (MRM) that includes real-time monitoring and automated "circuit breakers" to halt rogue agents.

3. The "Shadow AI" Crisis and Agent Sprawl:

Without strong central oversight, we risk repeating the errors of the early days of Robotic Process Automation (RPA), but on a catastrophic scale. Business units, eager for results, will inevitably build their own one-off, undocumented, and ungoverned agents. This "agent sprawl" creates a shadow AI ecosystem that is fragmented, insecure, and impossible to manage. We must establish a mandatory Central Agent Registry and Orchestration Platform from day one. No agent can be deployed without being registered, governed, and monitored by this central function to prevent operational chaos. Its very much like the problems associated with “Data swamps” created in the past age of Data lakes.

4. The Loss of Institutional Knowledge:

As agents systematically take over the execution of complex processes, the humans who once performed those tasks, and understood their undocumented nuances, will be reassigned or will leave the bank. There is a significant risk that this deep, practical "how things actually work" knowledge will atrophy and disappear. We must implement a disciplined process where, before a process is automated, the agent development team works with subject matter experts to explicitly codify this institutional knowledge, ensuring it is preserved and embedded into the automated system.

5. The "Intelligibility" Challenge for Regulators and Auditors:

It is not enough for an agent to produce the correct answer; we must be able to explain how it arrived at that answer to regulators, auditors, and internal control functions. Many advanced AI models are notoriously opaque. A core requirement for any agent deployed in a critical function must be "explainability-by-design." Every decision an agent makes must be logged in a clear, human-readable audit trail that traces the decision back to the specific data inputs and logical steps it took. Failure to ensure this level of transparency will result in regulatory sanctions and an inability to operate these systems at scale.

The Value Unlocked: An Optimized, Real-Time Institution

When these agentic capabilities are built for scale and governed correctly, the bank ceases to be a collection of siloed departments operating on lagging data. It transforms into a single, cohesive system that can sense and respond to opportunities and risks in real-time. Instead of teams manually reacting to market shifts or compliance changes over weeks, the institution develops a predictive "immune system." This system can contextual automate and recognize hidden patterns leading to credit defaults, model the second-order effects of a supply chain disruption on our loan book, and automatically adapt operational processes to a new regulation, all before a crisis materializes. This is not just automation; it is the achievement of systemic intelligence and resilience combined with human judgement and accountability.

The tangible value of this operating model is most clearly seen in the bank's core profitability. Today, we offer standardized products to broad customer segments. In the optimized state, a Net Interest Margin (NIM) Defense Agent can treat every customer as a "segment of one." It can run thousands of micro-simulations to determine the precise, hyper-personalized deposit rate needed to retain a high-value client without overpaying, or dynamically price a loan based on a real-time, holistic view of that client's risk combined with the bank’s policy domain. This ability to perform surgical, portfolio-wide optimization delivers a direct and sustainable improvement to our bottom line, moving us from reactive price-takers to proactive, data-driven managers of our own profitability.

Finally - Leadership's Mandate & The First 90 Days

The transition to an collaborative intelligence ( Human+Ai Agents) operating model is a CEO- and Board-level responsibility because it fundamentally re-architects how the bank functions and creates value. Success is not contingent on the CEO playing abstract roles, but on executing three non-negotiable mandates.

The CEO's Three Non-Negotiable Mandates:

1. Establish Unambiguous Governance and Accountability: The CEO must personally sponsor the creation of a cross-functional AI governance body from day one. This council, comprising leaders from Technology, Risk, Compliance, and the Business, will set the "rules of the road." The CEO's mandate is to ensure there is zero ambiguity about who is accountable for agent performance and the risks they introduce.
2. Force Ruthless Prioritization and Protect Investment: This transformation cannot be a series of underfunded, disconnected science projects. The CEO must lead the executive team in selecting a maximum of two or three high-impact "lighthouse projects" and ensure they are fully funded. They must protect this investment from short-term budget cuts and demand a clear line of sight to measurable ROI within an 18-month horizon.
3. Drive the Talent and Culture Reset: The CEO must deliver a clear and consistent message: this is a fundamental change in how we work, not just a new tool. They must visibly sponsor the re-skilling initiatives required to turn our employees into agent managers and supervisors, publicly celebrating successes and creating a culture where human expertise is valued for judgment and oversight, not manual execution.

The First 90 Days: A Disciplined Start

The speed of technological change is not an excuse for recklessness. A "just do it" approach is a formula for failure. Instead, we will begin with a disciplined, three-step mobilization:

1. Step 1: Appoint the Governance Nucleus. Before any project is launched, the CEO will appoint a single executive to lead the agentic transformation and form the core governance council. This group's first task is to draft the initial guardrails for agent development, testing, and deployment, including a mandatory "explainability" standard.
2. Step 2: Select Two Lighthouse Projects. The council will identify two initial initiatives. The ideal candidates are not in high-risk, client-facing areas. They are internal, high-volume, low-complexity processes (e.g., internal IT helpdesk ticket routing, invoice reconciliation in accounts payable). The goal is to learn how to build, govern, and measure agents in a low-risk environment to build muscle for more complex challenges.
3. Step 3: Fund a Central Enablement Team. Instead of letting business lines build their own agents in silos, we will fund a small, central team of experts. This "Center of Excellence" will support the lighthouse projects, ensuring that we build a single, reusable set of tools and a common agent registry from the very beginning. This is the most critical step to prevent the chaos of agent sprawl.