Agentic AI: Definition and Use in Compliance

What is Agentic AI?

Agentic AI is an AI system that can autonomously plan and execute a sequence of actions toward a defined objective, selecting tools, evaluating results, and adjusting its approach without step-by-step human instruction. It's the difference between answering a question and completing a task.

Traditional AI models, including large language models used in simple document summarization or Q&A, respond to a single input and produce a single output. Agentic systems go further. They break a goal into sub-tasks, invoke external tools (databases, APIs, code interpreters, external data services), assess whether each sub-task succeeded, and loop until the goal is complete. The NIST AI Risk Management Framework (AI RMF 1.0, January 2023) describes this as a distinct capability tier, one that makes agentic AI fundamentally different from reactive AI in terms of both capability and risk profile.

In financial crime compliance, the implications are concrete. Consider case management: an AI agent assigned an open investigation retrieves transaction records, queries a third-party data provider for beneficial ownership information, cross-references sanctions screening results, and flags inconsistencies between the customer's stated source of funds and their actual activity pattern. A traditional AI model would answer specific questions about each of those data sets separately. The agentic system connects them into a coherent investigation workflow.

The NIST AI RMF categorizes agentic systems separately from predictive models because their risk profile is different. A predictive model produces a score. An agentic system takes actions, and those actions can have downstream consequences that compound. This is why regulators from the Bank of England to the Monetary Authority of Singapore have begun addressing agentic AI specifically in their AI governance guidance, rather than treating it as a variant of conventional machine learning.

The defining governance question is accountability. When an agent makes ten sequential decisions to arrive at an outcome, who is responsible for each decision? The institution is. This is why AI governance frameworks for agentic systems require decision-level logging, not just input-output records.

How is Agentic AI used in practice?

The most common deployment in regulated financial institutions right now is alert triage in anti-money laundering (AML) operations. A transaction monitoring system generates an alert. Instead of routing it to an analyst, an agentic system starts a structured investigation: retrieving 90-day transaction history, identifying peer-group deviations, checking counterparty information against politically exposed person (PEP) lists and adverse media sources, and producing a structured evidence package. If the risk score is below threshold, the case closes with documented rationale. If it's above threshold, the agent escalates to a human analyst with a pre-built case summary.

This cuts analyst time per alert from 45 to 90 minutes down to under 10. The analyst still makes the final call, but they're reviewing conclusions rather than building them from scratch.

Know Your Customer (KYC) refresh is a second high-value use case. Large banks run periodic re-verification on existing customers, but the process is manual-intensive and backlogs accumulate. An agentic system can pull current ID documents, cross-check business registries for ultimate beneficial owner (UBO) changes, run adverse media searches, and update the customer risk rating. For low-risk customers whose profile hasn't changed, the refresh completes without any human touch. Higher-risk customers or those with material profile changes get routed to an analyst with a full evidence package.

Fraud operations use agentic AI differently. When a potential account takeover is detected, an agent can lock the account, retrieve device fingerprint history, review recent login patterns, and initiate customer contact simultaneously. The full sequence takes seconds.

The compliance requirement across all these deployments is an audit trail for every agent action, including the reasoning behind each step. Regulators expect to reconstruct exactly what the agent did, in what order, and on the basis of what evidence.

Agentic AI in regulatory context

Regulators have moved from generic AI guidance to agentic-specific frameworks faster than most compliance officers expected.

The NIST AI Risk Management Framework (2023) defines AI systems on a spectrum of autonomy. At one end: fully human-controlled predictive models. At the other: systems that act autonomously over extended periods. Agentic AI sits toward the autonomous end, which places it into higher-risk categories for governance purposes. NIST's companion playbook guidance, published in 2024, specifically addresses agentic deployment in financial services and calls for enhanced human oversight mechanisms as a baseline requirement.

The EU AI Act (Regulation 2024/1689, effective August 2024) classifies AI systems by risk level. Systems used in credit assessment, fraud detection, and AML screening are explicitly listed as "high-risk" under Annex III. Agentic deployments in these areas inherit all the Act's obligations: conformity assessment, technical documentation, full explainability, and human oversight. The Act doesn't use the word "agentic" as a defined term, but its definition of "AI system" covers systems capable of autonomous decision-making with real-world effects, which describes most agentic deployments in financial services.

The Bank for International Settlements has addressed AI governance in banking directly, noting that AI systems chaining decisions without human checkpoints create compounding error risks that are harder to detect than single-step prediction errors. By the time the final output appears, the causal chain can be opaque to both internal reviewers and examiners.

For AML compliance specifically, the Financial Action Task Force (FATF) guidance on new technologies for AML/CFT (July 2021) establishes that automated decision-making in customer due diligence must be auditable and explainable. An agentic system that runs CDD end-to-end must preserve every decision step, not just the final output.

The practical implication for compliance teams: agentic AI deployments require model risk management that covers the agent as a whole system, not individual component models in isolation.

Common challenges and how to address them

The most consistent problem is accountability diffusion. When an agent makes eight sequential decisions, each reasonable in isolation, but the aggregate result is a compliance failure, determining which decision caused the failure requires step-level logging. Most early agentic deployments log the final output and the initial input. That's not enough for a regulatory examination.

The fix is decision-level logging from day one. Every tool call, data retrieval, and branching decision should be timestamped and stored in an immutable record. The EU AI Act and NIST AI RMF both require that high-risk AI systems maintain records sufficient to reconstruct the decision chain. An audit trail that covers only the final output will fail an examiner's review.

A second challenge is scope drift in autonomy. An agent deployed to triage false positives will encounter edge cases that are genuinely ambiguous. Without clear autonomy boundaries, agents either over-escalate (adding noise to human queues) or under-escalate (missing real risk). The solution is explicit configurable autonomy: define the precise conditions under which the agent can act without oversight and the conditions under which it must escalate. Pair this with a kill switch that can remove the agent from the workflow entirely if anomalous behavior is detected.

Prompt injection is a security risk specific to agentic systems. A malicious actor who can influence data that the agent retrieves (through a fraudulent document, a poisoned external data source, or a crafted transaction description) can potentially alter agent behavior. Banks deploying agentic systems should treat all external data as untrusted input and validate it before the agent acts on it. This applies to third-party data feeds, document uploads, and any structured data the agent queries.

Finally, model drift affects agentic systems differently than static models. If an underlying component drifts, the agent's behavior changes, potentially without any single output looking obviously wrong. Continuous model monitoring at the component level, combined with behavioral testing of the full agent pipeline, are both necessary. Monitoring one without the other creates blind spots.

Related terms and concepts

Several terms appear alongside "agentic AI" in compliance discussions, and the distinctions matter.

AI agent is the narrower term. An AI agent is a single autonomous software component that perceives its environment and takes actions. Agentic AI is the broader category: a system that may coordinate multiple agents working in parallel or sequence. When a fraud investigation system routes a case to one agent for transaction analysis, a second for identity verification, and a third for report drafting, that's an agentic AI system composed of multiple AI agents.

Human-in-the-loop (HITL) is the governance mechanism that determines where humans remain in the decision chain. Human-in-the-loop controls in agentic systems are mandatory for high-consequence actions: filing a Suspicious Activity Report (SAR), blocking a customer account, or making a credit decision. For lower-stakes triage and investigation tasks, fully autonomous operation is increasingly acceptable to regulators, provided the audit trail is complete and the escalation logic is documented before deployment.

Explainability is the requirement that a system can articulate why it took each action in terms a human reviewer can evaluate. For agentic systems, this is harder than for single-step models because the explanation must cover the full decision chain. Explainability in agentic contexts means step-by-step rationale, not just a feature importance score on the final output.

AI governance is the policy and control framework that sets rules for how AI systems are deployed, monitored, and retired. For agentic AI, governance frameworks must address autonomy boundaries, escalation logic, and model validation at the system level rather than just the component level. The NIST AI Risk Management Framework provides the most widely used reference structure for this in financial services.

AI risk management covers the identification, measurement, and control of risks that agentic AI introduces: operational failures, model bias, security vulnerabilities, and accountability gaps. Agentic systems require risk management frameworks that account for multi-step failure modes. A single-prediction model either gets the answer right or wrong. An agentic system can get nine steps right and one step wrong in a way that invalidates the entire output, which is a different category of failure that standard model risk frameworks weren't designed to catch.