Practitioners’ Insights on Agentic AI in Financial Services

Practitioners’ Insights on Agentic AI in Financial Services

As banks move from AI experimentation toward operational deployment, agentic systems are emerging as one of the most actively debated areas of financial services technology. At FIBE 2026, moderator Tom Matsuda, a journalist covering the European fintech landscape, put exactly that question to a panel of senior practitioners who are currently deploying these systems. The discussion focused less on theory and more on operational deployment. 

The panel brought together Sam Everington, CEO of Engine by Starling; Arthur Gruca, Chief Digital and Operating Officer at HypoVereinsbank / UniCredit Bank; and Hassan Salamony, COO and Co-Founder of 3AI. 

Defining Agentic AI in Financial Services 

Hassan Salamony set the scene from an investment intelligence perspective. For 3AI, agentic AI is not simply about data, analytics, or even automation, but more about the decision layer. “We have an agentic AI layer that sits on top of publicly available financial data, harnessing it into a usable signal and from there we use agentic AI to develop portfolio construction.” In practice, he argued, the human role becomes more supervisory than analytical. Rather than deciding how to construct a portfolio, the user takes a view on the output the AI agent has already produced. 

Arthur Gruca framed it as the logical next phase of competitive advantage. Having led HypoVereinsbank to become the most profitable bank in Germany over the past four years, operating at a cost-income ratio materially below the sector average, he described agentic AI as the mechanism for creating the next major source of competitive differentiation for banks. He emphasised that strong operational performance enables banks to deliver greater value to customers without passing internal inefficiencies onto them as additional cost. Instead, those resources can be invested more effectively into technology innovation and long-term transformation initiatives. “We’re moving from human-driven workflows supported by automation towards agent-driven workflows overseen by humans,” he said. “That is what is genuinely new.” 

Sam Everington drew the sharpest distinction from what came before. Previous machine learning applications, like credit scoring and fraud detection, were rules-based and mathematically deterministic. Agentic systems, by contrast, incorporate broader customer context into decision-making. A customer saving for a goal no longer needs to navigate a rigid product menu. They can explain their situation in natural language and receive guidance that adapts to it. “It uses your context (a huge amount of context that a human would naturally have) to guide, advise, and ultimately take action,” he said. 

Where the Real Value Lies 

Everington described Starling’s vulnerability detection agent as a system that listens to contact centre calls, identifies signs that a customer may be experiencing a permanent or temporary security vulnerability, and checks whether the human agent has recognised and responded to that appropriately. “Chatbots are useless at picking this up,” he said. “Humans are reasonably good at it, but they still miss examples.” The agent provides an additional layer of assurance without replacing human judgment. 

Gruca echoed the point by outlining HypoVereinsbank’s AI deployment across three categories: growth (customer experience and investment matching), protection (fraud and deep-fake prevention at the point of account opening), and operational efficiency. His most striking example concerned the bank’s AI-powered fraud detection system, which found itself in a direct contest with an AI attempting to open a fraudulent account. “You really need to understand what is going on,” he remarked — stressing both the sophistication of the technology and the arms-race dynamic now shaping financial cybersecurity. 

Salamony highlighted a dimension of agentic AI that is often overlooked in enterprise discussions. A firm’s outputs must now be legible not only to its own systems, but to its clients’ agents as well. “It’s not just your own agentic AI running across the data sets you’re producing. It’s also other customers’ agentic AIs.” Salamony argued that emerging standards such as the Model Context Protocol (MCP) could become increasingly important as firms expose AI-readable interfaces across the investment chain. 

Legacy Systems Meet Agentic AI 

All three panellists emphasised the importance of reliable data foundations. Data integrity was the unanimous starting point, but according to Gruca the data preparation burden has shifted compared to the machine learning era. “You used to have to get the data perfectly clean to train the models. Because of the contextuality these systems have, anomalies are acceptable now. It is more of a technology problem than a data cleansing problem.” 

Everington focused more on the structural constraints facing larger institutions. Much of the data in major banks remains siloed by product and function, and the APIs through which an agent might take action are often simply absent or incomplete. Batch mainframe systems, card processors that only surface balance changes rather than the full richness of transaction data, and patching cycles built for 12-to-18-month update windows — all of these create friction in a world where model providers such as Google may deprecate a Gemini version with only days’ notice. “That is a very, very different technology release management environment,” Everington observed. 

Accountability, Governance, and the Human in the Loop 

The question of liability became one of the most detailed parts of the discussion. Everington noted that, in important respects, the accountability equation has not fundamentally changed. UK regulation already places reimbursement liability for fraudulent payments with the bank, regardless of whether the instruction originated with a human or an agent. “It doesn’t matter whether the human instructed it or the agent instructed it — the bank is liable.” His practical response is to require active customer confirmation before an agent executes a consequential action, combined with intelligent scam-detection tooling that flags transactions which appear too good to be true. 

Gruca offered the regulatory perspective on AI more broadly. Under the EU AI Act, high-risk decisions — lending, for example — require meaningful human oversight; the model can prepare analysis and surface recommendations up to the moment of decision, but a human must take that final step. Rather than lamenting this constraint, however, he argued it is genuinely useful. “It doesn’t stop us from doing the AI. I think it’s good that the regulations are there, because they regulate exactly these things.” Explainability requirements, he suggested, serve as an embedded trust mechanism rather than a bureaucratic obstacle. 

Salamony rounded out the regulatory picture from the perspective of a non-regulated entity operating in regulated adjacent activities. Regulators, he noted, are focused on three things: ensuring firms are not “AI washing” (claiming AI capabilities they do not actually have), verifying that decisions are explainable at a granular level, and confirming that humans remain in the loop. “The regulators are not approving you,” he summarised. “They are saying we do not object, but if this goes wrong, you are on the hook.” 

Fostering Adoption Inside Large Organisations 

One of the more operationally focused parts of the discussion concerned the challenge of driving meaningful adoption within large institutions. Gurca emphasised that the goal of AI innovation hubs is not technical literacy for its own sake but the removal of anxiety, particularly the fear of job displacement. “You need to make it accessible from a human standpoint, so that everyone understands this is not replacing their job. It is augmenting their role rather than replacing it.” 

Salamony identified a parallel challenge facing technology providers: ensuring that end-user adoption follows the initial sale. The risk is that if a firm licenses a product for 100 users and only 10 use it, the relationship ends. His prescription is to provide tooling that integrates into existing workflows rather than requiring a new standalone system, and secure adoption at the enterprise level as well as the individual desk. The two reinforce each other and neither alone is sufficient. 

Conclusion 

The discussion made clear that agentic AI is already moving beyond experimentation in financial services. Agentic AI is live in production at institutions of widely varying sizes and mandates. The challenges ahead are data infrastructure, governance frameworks, model explainability, and pace of change. But they are, as Gruca put it, “engineering homework,” not fundamental obstacles. 

As Everington suggested, the most valuable applications of agentic AI may not be those that reduce cost or eliminate headcount, but those that allow institutions to support customers in ways that were previously too resource-intensive to sustain. If deployed thoughtfully, these systems can make more personalised and responsive financial services economically viable at scale. 

Subscribe to our newsletter