The compliance work assisted AI left unfinished
When banks first applied AI to compliance, the pitch was simple: reduce the time analysts spend on routine tasks. Intelligent document review, automated alert triage, machine learning for transaction monitoring - each tool delivered productivity gains of 15 to 20 percent in individual steps, according to McKinsey's analysis of KYC/AML transformation. Analysts worked faster. Caseloads stayed the same. Costs kept rising.
The reason is structural. Assisted AI hands a prepared summary back to a human. That human still decides, still coordinates, still files, still checks. The bottleneck moved earlier in the process - it didn't disappear. Compliance in most banks remains a sequence of human handoffs stitched together by people pulling data from disconnected systems, because no single system owns the end-to-end journey.
Agentic AI changes that equation. An agent doesn't summarize a regulatory update and wait for a compliance officer to read it. It reads it, maps it against the bank's current control library, identifies where controls fall short, drafts a remediation plan, and flags the items that genuinely require human judgment. The difference isn't speed - it's that the human's role changes entirely, from processing to reviewing exceptions.
Four compliance domains where agents own the work
Regulatory change monitoring
Compliance teams at mid-size banks monitor dozens of regulatory bodies across multiple jurisdictions. New circulars, updated guidance, proposed rules, and supervisory letters arrive daily. Most institutions handle this through a combination of manual subscriptions, legal newsletters, and periodic reviews by specialists. An agentic approach replaces that with a continuous monitoring agent that ingests regulatory feeds in real time, classifies each change by applicable business line and control area, assesses materiality against the bank's current policy library, and routes only the items that require human policy decisions. The analyst who once spent half a day reading updates now spends that time deciding on the 10% of changes that are genuinely ambiguous.
Intelligent document review for KYC and KYB
Commercial onboarding KYB reviews cost large institutions an estimated $175 million annually, and the process remains heavily manual at most banks. An agent operating in this domain doesn't just extract text from documents. It cross-references beneficial ownership data against sanctions lists, PEP databases, and adverse media sources simultaneously, flags inconsistencies in corporate structures, and scores the overall risk profile against the bank's customer risk appetite. Where earlier AI returned extracted fields for a human to verify, an agentic agent returns a completed case with a recommended risk rating and the evidence chain that supports it. The human reviews the recommendation, not the raw data. That shift alone compresses commercial KYB from days to hours.
Automated SAR filing and financial crime investigation
Suspicious Activity Report filing is one of the most time-consuming tasks in financial crime compliance. An investigator receives an alert, pulls transaction history, maps counterparty networks, checks prior SAR history, assesses typologies, drafts the narrative, and submits. Each step touches a different system. Deloitte's agentic AI research in banking shows how multi-agent orchestration handles these cross-system tasks autonomously, with deterministic workflows governing the known steps and agentic reasoning handling the unstructured evidence analysis. The result is a drafted SAR narrative, a supporting evidence bundle, and a flagged exception list - ready for a compliance officer to review rather than assemble. McKinsey's KYC/AML research suggests agentic approaches can deliver productivity improvements of 200 to 2,000 percent compared to the 15 to 20 percent typical of assisted AI tools, precisely because agents own the full case rather than a single step within it.
Continuous control testing
Most banks run control testing on a cycle - quarterly or annually for many second-line controls. Between tests, control weaknesses can emerge without anyone knowing. A continuous control testing agent changes this by running predefined test scripts against live data on a scheduled basis, generating exceptions when controls fail, routing them through an escalation workflow, and updating the control testing log automatically. What used to be a periodic exercise becomes a standing operational function. The compliance team sees a live view of control health rather than a point-in-time snapshot. This matters to regulators, who increasingly expect banks to demonstrate continuous rather than periodic assurance, and it matters to the internal audit trail that AI decisions require.
Why architecture determines whether any of this is possible
The challenge with agentic AI for banking compliance isn't the agent itself. Most compliance agents fail in production for the same reason most banking AI pilots fail: the underlying architecture is fragmented. An agent that needs to cross-reference a transaction against a customer risk profile, a prior SAR, a sanctions list, and an internal policy document is making four separate system calls. Each call returns a different data model, a different timestamp, and a different definition of the same customer. The agent reasons over inconsistent state and generates inconsistent outputs.
Jouk Pleiter, CEO of Backbase, put it directly in a recent conversation on AI governance: "If you don't solve the guard function, I don't see AI at scale in banks at all. I basically see the risk and compliance argument paralyzing innovation." The guard function he's describing is exactly what keeps agentic compliance from scaling past a pilot. Without a shared semantic layer and a decision authority system, autonomous compliance agents don't earn the organizational trust they need to operate beyond sandboxed experiments - and without an auditable trail, regulators won't permit it.
This is the architecture problem that AI-native banking is designed to solve. The AI-native Banking OS provides the things every compliance agent needs to operate at scale: Nexus - the Semantic Layer gives every agent a unified, real-time view of the customer, their transaction history, their risk profile, and their case context, drawn from a shared operational model rather than system-specific data extracts; Sentinel - the Authority Layer ensures no agent action executes without a Decision Token recording the policy applied, the model version used, the decision outcome, and the full context; and a mixed orchestration model runs deterministic steps as auditable workflows while reasoning-heavy steps run as bounded agent tasks within defined autonomy boundaries.
Real-time compliance monitoring only works when the agent's view of the customer matches reality at the moment it acts. That requires unified operational state, not a patchwork of system queries.
The governance question Temenos and others get wrong
Temenos dominates AI overview results for agentic compliance because they've been vocal about compliance automation for years - and because most coverage of this topic treats governance as a constraint to work around. Deploy the agent, then add guardrails. That sequence creates the fragility that Deloitte's 2026 research flags explicitly: banks racing to embed agentic AI without concurrent governance frameworks are advancing at the expense of clear strategy. The governance model has to be co-designed with the agent, not appended after.
The Backbase approach inverts this. Sentinel governs every agent action as a native capability of the Banking OS Runtime - it's not a compliance layer added to an existing agent deployment. Every compliance agent operating within the Banking OS inherits Decision Authority, policy constraints, escalation rules, and audit trail generation as built-in capabilities. An agent reviewing a suspicious transaction can't exceed its defined scope, can't file a SAR without passing the bank's policy checks, and can't operate without leaving a verifiable evidence chain that a regulator can inspect. Autonomy is earned and graduated - the same Assistive to Delegated to Autonomous progression that governs every other domain in the Banking OS. Banks move compliance agents up that autonomy ladder as they accumulate the performance history that justifies expanded delegation.
This matters because McKinsey's 2026 AI Trust Maturity Survey found that only about one-third of organizations report mature governance capabilities for agentic AI specifically. Organizations treating AI trust as a core business capability, rather than a compliance requirement, are better positioned to scale. Banks that attach governance onto existing agent deployments are managing fragility, not risk - because the guardrails aren't designed to the same tolerance as the system they're guarding. PwC's research on technology in risk management confirms that embedding governance at the architectural level, rather than retrofitting it, is the defining factor in sustainable AI deployment at scale.
What 50% of compliance work has in common
The most persistent insight from working with 120+ banks is that roughly half of all frontline compliance work lives in the whitespace between systems - the coordination tasks, cross-referencing steps, and exception handling that no individual system owns. Assisted AI touched the tasks inside systems. Agentic AI can claim the whitespace. That's where the real cost lives, and it's where human-in-the-loop oversight remains essential for the highest-stakes decisions while agents handle the volume.
Valbona Dhjaku, technology and digitalization leader at Credins Bank, captured the shift well: "AI for me is about the revolution and not the evolution of what you have." Compliance teams that deploy agentic AI on the same fragmented operational model aren't running a revolution - they're accelerating the same process. The revolution arrives when the architecture changes underneath: when agents operate from a shared semantic model, when every action carries a Decision Token, and when the compliance function shifts from executing routine case work to governing the agent workforce that handles it.
The compliance function of 2027 won't look like a faster version of the compliance function of 2024. It will look like a control room - fewer people managing more coverage, with agentic AI owning the routine and humans owning the judgment. The banks building that model now, with the right architectural foundation, will set the standard that regulators come to expect from everyone else. Unified data and operational context aren't nice-to-haves for that model. They're the foundation everything else runs on.
Frequently asked questions
What is agentic AI for banking compliance?
Agentic AI for banking compliance refers to AI agents that autonomously execute end-to-end compliance tasks - such as regulatory change monitoring, KYC document review, SAR filing, and control testing - rather than just assisting human analysts with individual steps. Unlike assisted AI, agentic systems own the full workflow and route only genuine exceptions to humans.
How does agentic AI improve KYC and AML compliance workflows?
Agentic AI transforms KYC and AML by cross-referencing customer data, sanctions lists, adverse media, and transaction history simultaneously, then producing a completed case with a risk rating and evidence bundle. McKinsey estimates productivity improvements of 200 to 2,000 percent compared to assisted AI tools, because agents own the full case rather than a single step within it.
Why do agentic AI compliance deployments fail at scale?
Most agentic compliance pilots fail because the underlying architecture is fragmented. Agents pulling data from disconnected systems encounter inconsistent customer records and conflicting policy definitions. Without a shared semantic layer and a governed decision authority system, compliance agents can't operate reliably in production - making architecture, not the AI model itself, the deciding factor.
How does Sentinel govern agentic AI in banking compliance?
Sentinel is the Authority Layer of the AI-native Banking OS. It ensures no compliance agent action executes without a Decision Token - a verifiable record of the policy applied, the model version, the decision outcome, and the full context. This gives banks and regulators a complete, inspectable audit trail for every agentic compliance decision, from alert triage to SAR filing.
What compliance tasks should remain human-led even with agentic AI?
Agentic AI for banking compliance works best on high-volume, evidence-driven tasks like document review, alert triage, and routine SAR drafting. High-stakes judgment calls - complex financial crime investigations, novel typology assessment, regulatory relationship management, and escalation decisions with material legal risk - should remain human-led, with agents providing the evidence and humans making the final call.
