AI systems are no longer answering questions. They are making decisions, executing transactions, and managing compliance — with limited human oversight. Here is what that actually means.
In 2023, the standard AI use case inside a large institution was a chatbot: a system that answered questions, drafted documents, and summarised reports. A human reviewed the output. A human decided what to do with it. The AI was a tool, not an agent.
In 2026, that model is being replaced. Lloyds Banking Group announced that this year will see enterprise-wide deployment of agentic AI across its operations, with the bank expecting these systems to generate £100 million in value by automating fraud investigations, settling routine trades, and managing complex complaints. JPMorgan and Wells Fargo have embedded large language models and machine learning directly into payment screening and authentication workflows. At Algar Telecom in Brazil, an AI agent named "Billy" was introduced in 2024 and is now influencing financial processes across the organisation.
The shift from AI-as-tool to AI-as-agent is not primarily about the technology getting better, though it has. It is about institutions making a deliberate choice to grant AI systems transactional authority — the ability to act, not just advise. That choice has consequences that are not yet fully understood, and the regulatory frameworks designed to govern it are at least two years behind the deployment curve.
What "Agentic" Actually Means
The term is used loosely and often incorrectly. An agentic AI system is one that can pursue multi-step goals autonomously — taking sequences of actions, using tools such as APIs and databases, making decisions within defined parameters, and adjusting behaviour based on intermediate results — without requiring human approval at each step.
This is categorically different from a generative AI system that produces text for a human to review. An agentic system can book a flight, execute a trade, file a compliance report, initiate a bank transfer, and send a customer communication — all as part of a single workflow, without a human touching any individual step.
The capability has been enabled by two developments arriving simultaneously: the dramatic improvement in large language model reasoning ability and the standardisation of tool-use interfaces that allow AI systems to interact with existing software infrastructure. A well-designed agentic system can slot into existing enterprise workflows without requiring those workflows to be rebuilt from scratch.
Why Finance Is First
Financial services is the first major institutional sector to move from AI experimentation to agentic deployment at scale. The reasons are structural, not accidental.
Financial workflows are high in volume, repetitive in structure, and rule-governed — exactly the conditions in which agentic systems perform reliably. Fraud detection, trade settlement, compliance checking, and customer triage follow defined decision trees that can be encoded into AI agent behaviour.
The financial sector has also been building AI infrastructure longer than most. Large banks have had machine learning teams for over a decade. The transition from predictive ML to agentic LLM is an evolution, not a revolution, for organisations that already have data pipelines and internal risk controls.
Most directly: the cost case is undeniable. Bank staff costs are enormous. Automating routine decisions at scale — even partially — generates measurable savings that justify the investment in a way that is harder to demonstrate in sectors where outcomes are less quantifiable.
The Governance Gap
The deployment of agentic AI is running ahead of the frameworks designed to govern it.
What distinguishes the agentic AI governance challenge is the specific nature of the risk: agentic systems can cause harm not through obvious errors, but through the accumulation of individually reasonable decisions that produce collectively problematic outcomes.
The example regulators raise most frequently: if multiple major financial institutions deploy agentic AI systems trained on similar data and optimised for similar objectives, those systems may make correlated decisions during a market stress event — amplifying volatility rather than absorbing it. This is the AI equivalent of the correlated risk that contributed to the 2008 crisis, but operating at machine speed.
The Financial Stability Board has published preliminary guidance on AI governance for financial institutions. The EU AI Act classifies certain financial AI applications as "high risk" and requires human oversight mechanisms. The UK's Financial Conduct Authority is developing specific agentic AI guidance for 2026. None of these frameworks have been tested against a real crisis scenario.
The Labour Displacement Question
The macroeconomic implications of agentic AI deployment are genuinely difficult to assess — not because the direction is uncertain, but because the scale and speed are.
A moderate estimate: agentic AI will automate 20–30% of current financial services tasks within three years. This does not mean 20–30% of financial workers lose their jobs. It means the sector's output capacity increases substantially without proportionate headcount growth — which translates, over time, to hiring freezes, restructuring, and a shift in the skill profile of the jobs that remain.
The World Economic Forum's risk analysis projects that public and political backlash against AI-driven automation will intensify between 2026 and 2028 as the employment effects become visible. Whether productivity gains from automation are distributed broadly or concentrated in corporate earnings and shareholder returns is not a technical question. It is a political economy question — and no major institution has provided a satisfying answer to it.
The Security Dimension
Agentic AI creates attack surfaces that traditional cybersecurity frameworks were not designed to address.
The most immediate concern is prompt injection — a technique where malicious instructions are embedded in data that an AI agent processes, causing it to take unintended actions. If an agentic system is reading external emails, browsing supplier websites, or processing customer communications as part of its workflow, any of those external inputs could potentially redirect the agent's behaviour.
Security researchers have demonstrated prompt injection attacks against agentic AI systems in controlled environments. In a financial context, the potential consequences — unauthorised transactions, data exfiltration, compliance violations — are significant and not yet adequately priced into most institutions' risk frameworks.
The Realistic Assessment
Agentic AI will not uniformly deliver on the transformational claims being made for it. Individual deployments will fail, sometimes expensively. Regulatory pushback will slow adoption in certain sectors and geographies. The governance frameworks will catch up, eventually.
What will not change is the fundamental economic logic. In sectors characterised by high-volume, rule-governed decision-making, autonomous AI systems are structurally more efficient than human equivalents at many tasks. The institutions that figure out how to deploy them responsibly — with appropriate oversight, clear accountability structures, and genuine resilience against adversarial inputs — will have a durable competitive advantage.
The institutions that deploy them recklessly, or that use AI oversight as a compliance checkbox rather than a substantive control, will eventually have a very public failure. In financial services, those failures tend to be expensive, regulatory, and reputational simultaneously.
The technology is not the uncertainty. The governance is.
