Every large bank now has the same instruction from its board: move artificial intelligence from pilot to production. The obstacle is rarely the model. It is that an autonomous system, asked to make or recommend a decision about a customer, a transaction or a counterparty, has no trustworthy account of the world in which that decision sits — and no way to show its work to the people who regulate it.
This paper sets out three pillars that, taken together, let agentic AI operate inside a tier-one financial institution: a connected system of record, governed and explainable reasoning, and agentic orchestration. None is novel in isolation. The argument is that all three are load-bearing, and that removing any one returns you to a system a regulator will not let you deploy.
Pillar I — A connected system of record
Banking data is not short; it is scattered. A single customer exists as dozens of partial records across core banking, cards, payments, KYC, sanctions screening and a decade of acquired systems. Most AI initiatives begin by flattening this into a feature table — and in doing so discard the one thing that carries risk: the relationships between entities.
A connected system of record keeps those relationships first-class. When an agent asks whether a payment is suspicious, it should be able to traverse from the transaction to the accounts, the beneficial owners, the addresses they share and the entities two and three hops away — the structure in which financial crime actually hides. This is the substrate the other two pillars stand on.
An agent without a system of record is improvising. At bank scale, improvisation is an audit finding.
Pillar II — Governed, explainable reasoning
The second pillar is the one supervisors care about most. A decision that affects a customer must be explainable, reproducible and bounded by policy before it is allowed to run — not annotated with a plausible-sounding rationale afterwards.1 Model risk management functions are explicit on this point, and the regulatory direction of travel only sharpens it.
Grounding reasoning in the connected system of record makes explanation structural. Because the agent reasons over real, governed relationships, the path it followed to a conclusion is itself the explanation: this transaction, to this account, to this sanctioned entity, two hops away. Lineage, access control and policy live with the data, so the same controls that govern the record govern every decision drawn from it.2
Pillar III — Agentic orchestration
The third pillar is where autonomy is given shape. Orchestration defines what an agent may see, what it may do, when a human must be in the loop, and how its actions are logged. It is the difference between a model that suggests and a system that is permitted to act.
Done well, orchestration is mostly the encoding of constraints: least-privilege access to the record, deterministic tools for anything consequential, and an unbroken audit trail. The agent is powerful precisely because the boundaries around it are explicit — and because those boundaries are the same ones the institution already answers for.
Putting it together
In a reference deployment the three pillars form a single loop. The system of record supplies grounded context; governed reasoning turns that context into an explainable decision; orchestration carries the decision into action within defined limits — and writes the result back to the record, where it becomes context for the next decision. Each pillar makes the next one safe.
This is the foundation that lets a bank say yes to production: not because the model is clever, but because the institution can see, govern and stand behind everything the model does.
Footnotes
-
Model risk management guidance has long required that decisions be reproducible and explainable; the same principles increasingly apply to AI-assisted decisioning. ↩
-
Lineage and access control held at the data layer mean a decision inherits its governance from the record it was drawn from, rather than depending on a separate, after-the-fact audit. ↩