Skip to main content
AI in banking

Know your agent: cryptographical framework for AI governance in banks

09 June 2026
9
mins read
By
Jouk Pleiter

Banks have spent decades building rigorous frameworks for knowing their customers and their employees. KYC and KYE are embedded in onboarding, audit, and compliance infrastructure. But as both human banking agents and AI agents multiply across the frontline, no equivalent discipl

Why "know your agent" is the biggest governance problem banks face right now

Banks have spent decades building rigorous frameworks for knowing their customers and their employees. KYC and KYE are embedded in onboarding, audit, and compliance infrastructure. But as both human banking agents and AI agents multiply across the frontline, no equivalent discipline exists for agents. There is no standard registration model. No defined permission boundary. No audit trail that follows an agent through every transaction they touch on the bank's behalf.

That absence matters more than banks have acknowledged. Agent banking programmes add hundreds or thousands of distributed actors to a bank's operating model. Each one handles live transactions and real customer relationships, with full financial exposure. Yet the systems governing those actors were built for a centralised branch model. The coordination work that falls between systems - whoever owns the exception, whoever clears the policy check - is not an edge case. Backbase's operational research across client deployments found that roughly half of frontline work falls in coordination areas no single platform owns. At small network sizes, manual processes paper over those gaps. At scale, they become the primary failure mode.

The governance problem banks haven't named yet is a structural absence: an operating model for distributed agent networks was never built, because the registration, permission, and audit infrastructure that banks apply to customers and employees was never extended to agents. Until banks treat "know your agent" as a first-class discipline - with the same rigour applied to customers and employees - every agent they add compounds the coordination overhead rather than extending the bank's operational reach.

The pilot trap - why agent banking programmes stall before they scale

Many agent banking programmes look promising at 50 agents. They break down at 500. The failure rarely comes from recruiting the wrong agents or missing a regulatory checkbox. It comes from the operational seams that multiply with every distribution point a bank adds. Risk and compliance teams cannot sign off on agentic workflows when there is no framework to audit decisions the way a human employee's actions would be audited. So programmes stall - stuck in a permanent pilot state where leadership knows the model works in theory but cannot govern it in practice.

The structural problem is stubborn. Around 50% of frontline work lives in the whitespace between disconnected systems - the manual coordination, exceptions, and policy checks that no single platform owns. In a branch network, that coordination load is visible and manageable. In a distributed agent network, it compounds fast. Every new agent is another coordination seam with no system tracking who owned the exception, who cleared the policy check, or what happened in the handoff between the agent and the bank's back office.

Every new system or channel a bank adds creates another seam. Scaling up then means hiring more people to bridge those seams manually. Agent banking networks multiply distribution points faster than any other model, which makes this fragmentation problem acute rather than manageable. Banks end up with compliance teams reviewing spreadsheets instead of auditing governed workflows - and that is precisely the point where growth stops.

KYA - registering agents, defining permissions, logging decisions

Banks already run two governance frameworks that work. KYC governs customers. KYE governs employees. Both start with registration, assign explicit permissions, and log every material action. Agent banking needs a third framework built on the same logic: the same registration-and-audit infrastructure they already apply to customers and employees, extended to every agent on the frontline. Call it Know Your Agent. Every AI agent operating across the bank's frontline needs a registered identity, a defined permission boundary, and a complete audit trail. McKinsey's analysis of distributed financial operations identified governance infrastructure - not product or pricing - as the primary factor separating programmes that scaled from those that stalled.

The practical mechanism is a decision token. If an agent holds the token for a given action, it can execute. If it doesn't, it cannot. That boundary is not soft guidance - it is a hard gate enforced at the operating layer. The discipline here is precision. Permissions drawn too broadly create compliance exposure. Drawn tightly enough, agents never approach the kill switch because the architecture stops them well before that point.

This is exactly where the Banking OS matters. It sits above systems of record and coordinates execution across customers, employees, and AI agents without replacing cores or CRMs. It makes everything above the ledger work as one governed layer. That is the control plane agent banking programmes have historically lacked. Without it, agent permissions live in disconnected systems, exception handling falls to manual coordination, and audit logs fragment across tools no single team owns.

KYA closes that by treating every agent the same way compliance teams already treat people - as an entity with a verifiable identity, bounded authority, and a logged decision record. The registration step is not overhead. It is the foundation that makes a distributed agent network auditable at scale.

Fragmentation compounds with every agent you add

Each new system or channel a bank adds creates another seam in its operations. Someone has to manage that seam - and in many banks, that someone is a person. Agent banking multiplies distribution points fast. A network that starts at 200 agents can reach 2,000 within two years. Every new agent added to a fragmented operating model brings another set of handoffs, exceptions, and coordination tasks that no existing system owns. The result is not linear growth. It is compounding overhead.

The pattern plays out the same way across deployments we have seen. In a deployment we tracked, a disputed transaction touched four internal teams before resolution - and when compliance requested the record three weeks later, no single system held the full chain. That outcome is not unusual. Multiply that by hundreds of agents running daily transactions across disconnected tools, and the coordination cost becomes structural. Banks end up with back-office headcount that exists purely to maintain the operation, not extend it. BCG analysis of banking operations points to exactly this dynamic as a core driver of cost inefficiency in distributed models.

Banks that unify their frontline break this pattern. In deployments where the control plane owns every exception and handoff, banks have added agents without adding coordination staff - because the system resolves what previously required a phone call. Those that stay fragmented face the opposite dynamic: every agent deployed adds coordination overhead rather than net capacity. For a distributed agent network, that is not a manageable inefficiency. It is a ceiling on scale. A control plane sitting above the systems of record is not an optional upgrade at that point - it is what makes the programme operable.

The unified frontline as the control plane for governed agent execution

The operational layer that agent banking programmes have historically lacked is not a new core system or a compliance portal. It is a coordination plane that sits above systems of record and makes everything above the ledger work as one. Backbase's Banking OS does exactly this. It does not replace cores or CRMs. It connects them, so that a transaction started by an AI agent in the field can be escalated, approved, and logged without leaving the governed layer.

That distinction matters for agent banking specifically. Every human agent added to a distributed network creates new handoffs, new exception paths, and new audit surface. Without a control plane, banks absorb that complexity manually. With one, the network stays governed at any size. Sentinel operates within this architecture as the active governance layer - watching every delegated action in real time, stopping anything outside defined boundaries before execution, and writing a full decision record to the audit log. Know Your Agent moves from a periodic compliance review to a live operational signal.

In deployments where the control plane owns every exception and handoff, banks have added agents without adding coordination staff - because the system resolves what previously required a phone call. Banks that stay fragmented face the opposite dynamic: every new agent compounds the overhead. The Banking OS is purpose-built for that structural control, giving agent programmes what they need without forcing a rip-and-replace of the infrastructure already in place.

Why ungoverned agent networks plateau at 500

A bank running a governed agent network does not add coordination overhead as it grows. Fragmented operations compound the problem with every new agent deployed - more exceptions, more manual handoffs, more compliance exposure. A unified frontline inverts that dynamic. Elastic capacity means the network absorbs volume without forcing headcount decisions at every inflection point.

The performance numbers make this concrete. In deployments where the control plane owns exception handling, execution time dropped by more than half and cost-to-serve fell by roughly a third - figures that hold across at least three client networks we can document. Those figures matter because they shift the ROI case for agent banking: measuring execution speed and cost-to-serve rather than branch headcount avoided, the model becomes a frontline efficiency play - one where every agent interaction runs inside a governed operating layer that compliance teams can audit and sign off on. Gartner's research on banking technology underscores that auditability and operational transparency are now baseline expectations for enterprise-grade financial platforms.

Auditable decisions are the part most agent banking programmes get wrong. When agent actions live inside a single control plane, every delegation and exception carries a traceable record - including escalations the system caught before they became incidents. Compliance teams stop piecing together evidence from disconnected logs. Managers stop chasing status updates across fragmented tools. The operational picture is visible in one place, which is what makes scale manageable rather than structurally chaotic.

Banks that skip governance infrastructure don't save time - they pay for it later

Every agent you add without a unified control plane adds coordination overhead. Exceptions multiply. Handoffs break. Compliance exposure widens. That compounding drag is why many agent banking programmes plateau well before they reach meaningful scale - not because recruitment stalled, but because the operating model underneath couldn't hold the weight.

The banks that will scale agent networks successfully are not the ones with the most agents or the fastest regulatory approvals. They are the ones with governance infrastructure that treats every agent, employee, and AI as part of one operated frontline. That requires a single control plane - not a patchwork of channel tools - that owns every handoff, exception, and workflow across the network.

When that infrastructure is in place, the ROI story changes. In deployments where the control plane owns exception handling, execution time dropped by more than half and cost-to-serve fell by roughly a third - and those figures compound across every agent the bank adds. Banks that skip governance infrastructure don't save time - they pay for it later in coordination staff and compliance exposure.

Banks that build KYA governance infrastructure now - extending the same registration-and-audit discipline they already apply to customers and employees to every agent on the frontline - will be the ones who can add agents without adding chaos, and scale their frontline without scaling their headcount. For a deeper look at what this means in practice, the agentic AI frontline architecture framework offers a concrete starting point.

Frequently asked questions

What is 'know your agent' and how does it differ from KYC in banking?

Know Your Agent applies the same registration, permission, and audit logic that KYC applies to customers, but targets every agent operating on the bank's frontline. Where KYC governs who a customer is, KYA governs what an agent is permitted to do and creates a traceable decision record for every action it takes.

Why do many agent banking programmes stall at the pilot stage rather than scaling?

The failure is structural, not regulatory. Around 50% of frontline work lives in the coordination areas between disconnected systems, covering handoffs, exceptions, and manual work that no single platform owns. At 50 agents those gaps are manageable. At 500, the coordination overhead compounds faster than any team can absorb, and compliance cannot audit workflows that have no governed structure.

How should a bank define and enforce permission boundaries for AI agents operating on the frontline?

The practical mechanism is a decision token. If an agent holds the token for a specific action, it executes. If not, it cannot proceed. That boundary operates as a hard architectural gate, not soft guidance. Permissions drawn tightly enough mean agents never approach a kill switch because the operating layer stops them well before that point.

What does an auditable agent decision log need to contain to satisfy risk and compliance teams?

Every delegation and exception needs a traceable record tied to a registered agent identity, including escalations the system caught before they became incidents. Compliance teams need to see who owned each step, what permission boundary applied, and how exceptions were resolved. When those records live inside one control plane rather than fragmented across tools, audit becomes a live operational signal rather than a post-hoc reconstruction exercise.

How does a Banking OS differ from a core banking system when it comes to managing a distributed agent network?

A core banking system manages the ledger. A Banking OS sits above it, coordinating work across customers, employees, and AI agents inside a single governed operating model without replacing existing infrastructure. For a distributed agent network, that coordination layer is what keeps permissions enforced, exceptions tracked, and audit trails intact as the network grows beyond manual management.

About the author
Jouk Pleiter
Founder & CEO, Backbase

Jouk Pleiter is founder and CEO of Backbase, the AI-native Banking OS he built from a small startup in Amsterdam in 2003 into a profitable, global fintech leader. Under his founder-led stewardship, Backbase scaled organically to hundreds of millions in annual revenue, grew to a 2,000-person team, and built a client roster of 120+ leading banks and financial institutions serving tens of millions of end users worldwide. Known for a pragmatic, long-term leadership style, Jouk stresses close customer partnership and relentless product innovation. He partners closely with bank C-suite leaders to turn strategy into measurable customer and business outcomes.

Table of contents
Vietnam's AI moment is here
From digital access to the AI "factory"
The missing nervous system: data that can keep up with AI
CLV as the north star metric
Augmented, not automated: keeping humans in the loop
Insight
Subline
Subline
Blog
09 June 2026
Subline
Subline

Related

No items found.
No items found.