By Amir Elion

AI Agents for Financial-Services Executives

Q: How does this connect to the other papers?

It is the regulated-industry application of [Managing AI Agents Like Teammates](/papers/managing-ai-agents-like-teammates) and [Governance and the EU AI Act for AI Agents](/papers/governance-and-the-eu-ai-act). Read those for the framework and the governance posture, and this one for where agents fit, and do not, across financial services.

The regulated-industry view: where agents earn their place, and where they do not.

Why this paper exists

Financial services is where the discipline in these papers matters most. The stakes per action are high and the regulation is heavy, and there is almost no tolerance for a confident wrong answer. That makes it the clearest place to see the rule that should organize every agent decision in a regulated business: the agent proposes and a human commits, and autonomy is earned one bounded step at a time.

This is principle-level, not a legal brief, and nothing here is legal advice. From the insurance teams I have worked with, the pattern is consistent: the firms getting real value are the deliberate ones, careful about where autonomy belongs rather than rushing to hand it over.

The autonomy gradient, in one industry

Insurance shows the whole spectrum inside a single business, which is why it is worth looking at closely.

At one end, claims. Lemonade's claims agent takes around 96 percent of first notices of loss without a human in the loop and fully automates roughly half of claims, settling a clean one in seconds. But the design is not "automate everything." Anything the agent is not authorized to settle, or anything it flags, escalates to a person. High autonomy on small and reversible decisions, with a hard boundary.

At the other end, underwriting. Here the same industry deliberately keeps the human in charge. The strong examples are assistive: a tool that summarizes ninety-page medical reports so an underwriter decides faster, cutting review time by about half, or one that produces a non-binding preliminary assessment in minutes instead of a day. The agent compresses the information. The underwriter still makes the call.

Same kind of company, opposite levels of autonomy. What sets the level is the stakes and the reversibility of the decision, rather than the technology. That gradient is the paper.

Where the line sits, and why

You do not need to be a lawyer to lead here, but you do need to know which decisions the law treats as serious. At a principle level:

The EU AI Act classes some financial-services uses as high-risk, including credit scoring of individuals and risk assessment and pricing in life and health insurance. High-risk means the heaviest obligations, including human oversight, audit logging, and documented data governance. The exact dates for those obligations are the most fluid part of the picture, expected around 2026 and, under the proposed simplification package, now likely pushed toward late 2027, so treat the timing as a moving target.

DORA, the EU's operational-resilience regime, has applied since early 2025 and treats your AI tooling as third-party technology that must sit inside your ICT and vendor-risk governance. Model risk management expectations, long established in banking through US and UK supervisory guidance, apply to AI models too: independent validation and the governance the industry already runs for its models. And GDPR gives individuals the right not to be subject to decisions based solely on automated processing where the effect is significant, which courts have already applied to credit scoring. Get proper counsel for your jurisdiction and use case, but recognize the shape: the closer an agent gets to deciding about a person's money, the more the law expects a human to stand behind it.

Where agents earn their place in financial services

The value is real, and it clusters where actions are reversible and a human stays the actor.

Internal productivity behind the firewall is the safest and most proven: large banks have rolled out assistants to tens of thousands of staff for everyday work like drafting and summarizing, with the employee always in control. Research and synthesis is similar, where advisor-facing tools surface information and draft responses but assist the professional rather than advise the client. Document processing is a strong fit, as the underwriting examples show, because the agent compresses information and the human decides. Customer support works when it is bounded and has a real escalation path. And fraud and compliance monitoring is a natural home, where an agent watches the signal and proposes, as one large bank's fraud system does by drafting new detection rules that its analysts review and approve before anything goes live.

Where they should not act alone yet

The other side of the line is just as clear. Underwriting and pricing decisions should not be made autonomously today, and neither should credit and lending decisions or claims decisions of any size. The leaders do not, even when they technically could. Unsupervised financial advice to clients is the firmest boundary of all: the well-built tools in wealth and asset management are explicitly barred from giving advice, and even the client-facing ones are scoped to information rather than recommendations or trades.

That is not timidity. It is matching autonomy to a decision where a wrong, hard-to-reverse action is a regulatory and fiduciary problem.

The five elements in financial services

The framework from Managing AI Agents Like Teammates tightens in a regulated setting. The job is narrowly scoped with explicit prohibitions. The context has to respect data residency and confidentiality, including how it handles material non-public information. Autonomy starts low and is earned. Tools mean least privilege and segregated credentials, with a full audit trail. And oversight is a named, accountable owner, plus the independent validation and drift monitoring the industry already knows how to do for models. None of this is new to a financial-services leader. It is the existing risk culture, applied to a new kind of worker.

What this changes for the leadership team

In financial services, start where it is reversible and the oversight is strong, and earn autonomy from there. The firms creating value are the deliberate ones. The competitive advantage goes to whoever automates the right decisions and can show their regulator exactly how.

What to do this week

Take one financial-services use case you are considering and sort its decisions into two lists: the reversible ones, where the agent can act and a human checks after, and the one-way doors, where the agent proposes and a human commits. Start the agent only where the first list is long and the second is short. That single sort will tell you, quickly, whether you have an agent or a liability.

Frequently asked questions

Isn't financial services too regulated for AI agents? No. Bounded and advisory uses are already in production at major banks and insurers. What regulation rules out is autonomous decisions about a person's money, not agents as such. The constraint shapes where you deploy, it does not forbid it.

Can an agent make the underwriting or credit decision itself? Not autonomously, today. Those uses are treated as high-risk under the EU AI Act and are exposed to the automated-decision provisions of GDPR. The leaders keep these as "AI assesses, human decides," and so should you.

What about customer-facing agents in finance? They work when they are bounded and have a clear escalation path, and when they stay on the right side of the advice wall: information, not personalized financial advice, unless a human is accountable for it.

How does this connect to the other papers? It is the regulated-industry application of Managing AI Agents Like Teammates and Governance and the EU AI Act for AI Agents. Read those for the framework and the governance posture, and this one for where agents fit, and do not, across financial services.