AI Agent: Definition and Use in Compliance

What is AI Agent?

An AI agent is a software system that perceives inputs from its environment, applies reasoning or machine learning logic, and executes actions autonomously to complete a task. The core distinction from a traditional prediction model is agency: the ability to take consequential, multi-step actions rather than simply returning a score.

A fraud detection model that outputs a 0.87 risk probability is a model. An AI agent that reads that probability, pulls the account's 90-day transaction history, drafts a Suspicious Activity Report (SAR), and routes it to the compliance queue is an agent. It's the difference between informing a decision and executing one.

Most production AI agents share four components. A perception layer reads both structured data (transaction records, account attributes, entity registrations) and unstructured data (documents, news articles, email content). A reasoning engine applies logic to those inputs; today this is typically a large language model combined with rule-based filters. A memory component holds short-term task context (current case details) and retrieves long-term knowledge (policy documents, historical case patterns). An action layer writes outputs: database entries, compliance reports, system calls, or escalation flags.

The degree of autonomy is configurable. Some agents operate fully automatically for low-risk, high-volume decisions and escalate anything above a defined threshold for human review. Others run in supervised mode, where a human approves every action before execution. Which mode is appropriate depends on the decision type, its regulatory risk, and the institution's AI governance framework.

Under the EU AI Act (Regulation (EU) 2024/1689), AI systems that autonomously process data in Know Your Customer (KYC) or creditworthiness contexts are classified as high-risk. That classification carries documentation, testing, human oversight, and post-market monitoring requirements that apply regardless of internal architecture.

How is AI Agent used in practice?

The most common compliance deployment is alert triage. Transaction monitoring systems at large banks generate between 1,000 and 10,000 alerts per day. A standard analyst spends 20 to 40 minutes per alert collecting the same information: account history, prior SAR filings, counterparty profiles, sanctions screening results, and adverse media. An AI agent assembles this in seconds and pre-populates the case file before the analyst opens it.

The practical outcome is a shift in analyst work. Instead of evidence collection, they do evidence evaluation. In banks where agents handle first-pass evidence gathering and draft the SAR narrative, Money Laundering Reporting Officers (MLROs) report 40 to 60% reductions in time-to-file on priority cases.

Continuous monitoring is a second major deployment. Customer Due Diligence (CDD) refresh cycles are traditionally calendar-driven: review every client annually, low-risk accounts every three years. An AI agent can instead monitor trigger events in real time, a large wire to a new jurisdiction, an adverse media hit, a change in beneficial ownership, and initiate a refresh only when the risk profile actually changes. That's the risk-based approach applied operationally.

In Know Your Business (KYB) onboarding, a corporate client submits registration documents; the agent extracts entity structure, maps Ultimate Beneficial Owners (UBOs), cross-checks each party against PEP and sanctions lists, and flags discrepancies. A human reviews the exceptions. Routine extraction runs without human involvement.

The working constraint is always scope. Agents defined too broadly, with access to too many systems and unclear permission boundaries, become difficult to audit and govern. Teams that deploy successfully keep each agent's scope narrow: one workflow, defined data access, one documented escalation path. We've seen this distinction consistently separate functional deployments from ones that stall in production.

AI Agent in regulatory context

Regulators are paying close attention to autonomous AI systems, and the compliance implications are material.

The EU AI Act (Regulation (EU) 2024/1689) is the most detailed framework to date. It designates AI systems used for AML/CFT screening, creditworthiness assessment, insurance risk scoring, and biometric categorization as high-risk. For AI agents in any of these categories, the Act mandates technical documentation, human oversight mechanisms, accuracy and bias testing, logged decision records, and a post-market monitoring plan. Penalties reach €30 million or 6% of global annual revenue.

In the US, regulation is more fragmented. The Federal Reserve, OCC, and FDIC issued joint guidance in 2023 on third-party risk management that explicitly covers AI vendors. The Federal Reserve's SR 11-7 guidance, though written before agentic AI existed, applies to any model driving compliance or credit decisions. AI agents that influence SAR filings, customer risk ratings, or credit approvals must be validated, monitored, and periodically reviewed under those expectations.

FinCEN hasn't published agent-specific guidance, but its longstanding emphasis on program effectiveness rather than technical methods means institutions using AI agents must demonstrate that those agents produce better compliance outcomes, not just faster processing.

The Financial Action Task Force (FATF) addressed AI in its 2020 digital identity guidance and reinforced the expectation in subsequent typology reports: AI tools must support, not replace, the human judgment behind suspicious activity determinations. An institution can't point to an agent's output as the reason a SAR wasn't filed if the circumstances warranted one. Accountability stays with the institution.

Model Risk Management (MRM) frameworks are now being extended to cover AI agents, though most institutions are still working out how to adapt SR 11-7's validation requirements to systems that reason and act rather than simply predict.

Common challenges and how to address them

Three problems appear consistently in AI agent deployments in financial services.

Explainability. When an agent flags a transaction for investigation, the analyst reviewing it needs to understand the specific reasoning, not a model architecture summary. "The system detected unusual activity" doesn't survive a regulatory examination. The fix is to build an explanation layer into the agent's output: every flagged decision should include a human-readable rationale listing the specific data points that drove it. The account received 14 wire transfers over 72 hours from three jurisdictions, each below the Currency Transaction Report (CTR) threshold. That's an explanation. The explainability requirement in the EU AI Act reinforces this as a legal standard for high-risk systems.

False positive rates. A poorly configured agent generates more work than it eliminates. Legacy rule-based systems routinely hit false positive rates above 90%. AI agents trained on historical disposition data can bring this to 40 to 60%, but that requires clean labeled data, which most compliance teams don't have in good shape. The investment in data quality before deploying an agent is unglamorous but necessary. Skipping it produces an expensive alert queue with an AI label attached.

Accountability gaps. When an agent misses a suspicious pattern and no report is filed, the institution carries the regulatory liability. During an examination, the question is: which human reviewed the agent's output, and what was the documented basis for their decision? This requires explicit human checkpoints in every agent workflow, logged with timestamps and reviewer identity. An audit trail showing a qualified analyst reviewed the agent's output on a specific date is defensible. A fully autonomous process with no human sign-off is not.

A fourth risk is model drift. Agent performance degrades when underlying data patterns shift, which in financial crime happens constantly. A model monitoring program for AI agents needs scheduled performance reviews and clear thresholds that trigger revalidation when detection rates fall outside acceptable bounds.

Related terms and concepts

AI agents don't operate in isolation. Several related concepts define how they fit into a compliance architecture.

Agentic AI is the broader category. It describes systems that pursue goals over multiple steps using tools, memory, and environmental feedback, as opposed to single-turn models that respond to a prompt and stop. An AI agent is an instance of agentic AI applied to a specific, bounded task with defined inputs, permissions, and outputs.

Human-in-the-loop (HITL) describes the governance model where human reviewers participate in agent decisions, either by approving actions before execution or by reviewing outputs before they become final. HITL is the current regulatory expectation for high-risk AI agents in financial services, and it's the standard the EU AI Act operationalizes for systems in AML/CFT and credit contexts.

Configurable autonomy is how institutions manage the tension between efficiency and oversight. An agent might run fully automatically for a defined category of low-risk decisions, require human confirmation for medium-risk actions, and always escalate to a qualified officer above a defined threshold. The configuration should be documented, tested, and auditable.

Kill switch is the mechanism for halting an agent immediately if it behaves unexpectedly or if an incident occurs. Regulators expect this to be documented, tested periodically, and operable by non-technical compliance staff, not only engineers.

Transaction monitoring and behavioral analytics are the primary data inputs for most compliance AI agents. Understanding what those systems produce is a prerequisite for configuring an agent that acts on their outputs effectively.

Finally, AI governance covers the policies, roles, and controls that define how AI agents are approved, deployed, monitored, and retired. An agent without a governance framework around it is, in regulatory terms, an unvalidated model making consequential decisions. That's a finding waiting to happen.