Financial Services

AI Agents in Financial Services: The Knowledge Problem No One Is Solving

Jitender

Financial services firms have been early movers on AI. The business case is obvious: compliance documentation, risk assessment, client reporting, regulatory filings — these are labour-intensive, high-stakes processes where AI can do serious work.

The deployments have followed. AI tools across front office, risk, and compliance. Significant capital invested. Executive mandates to scale.

And yet most deployments have plateaued. The productivity gains from early use cases have not translated into the transformational change that was promised. The AI tools are being used, but they are not compounding. The same problems that were present on day one are still present twelve months later.

The reason is almost never the model. It is the knowledge problem.

What AI Agents in Financial Services Are Missing

A compliance agent deployed at a bank has access to the same underlying intelligence as a compliance agent deployed anywhere else. GPT, Claude, and Gemini have read the regulatory frameworks. They know what Basel III requires, what GDPR specifies, and what MiFID II mandates.

What they do not know is how your specific organisation has chosen to interpret and apply those requirements. They do not know the jurisdiction-specific variations your legal team has documented over years of regulatory engagement. They do not know the internal risk appetite thresholds that sit above and beyond the regulatory minimums. They do not know which client segments are subject to enhanced due diligence under your enhanced AML framework, and why.

That knowledge — the gap between the public regulatory framework and your firm’s specific implementation of it — is where most compliance work actually happens. And it is knowledge that generic AI models do not have.

The Regulatory Risk of Knowledge-Gap AI

The consequences of deploying AI agents without adequate institutional knowledge are not theoretical in regulated industries.

A compliance agent that applies the public regulatory standard but misses your firm’s internal interpretation generates assessments that are technically compliant with regulation but inconsistent with your firm’s actual compliance framework. At the individual transaction level, this is a nuisance. Across 10,000 transactions a month, it is a material compliance risk.

The audit trail problem compounds this. If an AI agent generates a risk assessment and that assessment is later queried by a regulator, the firm needs to be able to show not just what the agent concluded, but why it concluded it — and specifically whether the agent applied the firm’s actual compliance framework or a generic approximation of it.

Generic AI agents cannot provide that assurance. They can tell you what the model said. They cannot tell you what institutional knowledge the model applied, because they had none.

Three Knowledge Layers Financial Services Firms Need to Capture

Effective AI deployment in financial services requires systematic capture of knowledge at three levels.

Regulatory interpretation knowledge. Every financial services firm has developed specific interpretations of regulatory requirements — refined through regulatory engagement, legal review, and years of compliance practice. This is not generic knowledge; it is proprietary institutional knowledge that took years to build. It should be captured, structured, and made available to AI agents as explicitly as any policy document.

Client and counterparty context. The risk profile of a client or counterparty is not just a function of their documented characteristics. It reflects the history of the relationship, the nature of their business, the jurisdictions they operate in, and the specific risk considerations that have emerged through prior engagements. AI agents making risk assessments without this context are working with incomplete information.

Internal control and exception logic. Every firm has situations where standard controls are applied with adjustments — legacy clients under grandfathered terms, jurisdictions where local regulatory requirements take precedence over standard group policy, products or transaction types where the standard framework does not apply cleanly. This exception logic is exactly the kind of institutional knowledge that is almost never documented and is most critical for AI agents to have.

What Good Looks Like: A Concrete Example

Consider a wealth management team using AI agents to support client suitability assessments.

Without institutional knowledge: the agent applies MiFID II suitability criteria as documented in public regulatory guidance. It produces an assessment that is correct against the published standard but misses the firm’s enhanced suitability framework for clients above a certain asset threshold, does not account for the specific risk appetite adjustments the team applies in volatile market conditions, and cannot reflect the relationship history that affects how certain types of recommendations should be framed for this particular client.

With institutional knowledge properly structured: the agent knows the firm’s enhanced suitability framework and applies it correctly. It knows the client’s documented risk tolerance, the history of prior assessments, and the adjustments applied in previous volatile market periods. Its assessment reflects not just regulatory compliance but the firm’s actual practice — and every conclusion is traceable back to the specific knowledge entry from which it was derived.

The second agent is not smarter. It is better-informed. And in a regulated environment, the difference between the two is the difference between a tool that creates liability and a tool that reduces it.

The Audit Trail Advantage

One capability that knowledge-structured AI agents have that generic agents do not is full source traceability.

When an agent’s assessment can be traced back to a specific document section, a specific regulatory interpretation, or a specific internal policy entry — each with a timestamp and a confidence score — the audit trail transforms from a compliance requirement into a competitive advantage.

Regulatory examinations that previously required weeks of manual documentation can be reduced to the production of a structured audit log. Disputes about the basis for a risk assessment can be resolved in minutes rather than days. The consistency of the firm’s compliance practice becomes demonstrable rather than asserted.

This is not a marginal improvement. In a regulatory environment where demonstrating the quality of your compliance process is as important as the compliance output itself, structured knowledge with full source traceability changes what is possible.

Building for the Regulatory Examinations of the Future

Regulators are beginning to pay attention to AI in financial services. The FCA, SEC, and MAS have all issued guidance or consultation papers on AI governance. The direction of travel is consistent: AI systems used in regulated activities need to be explainable, auditable, and demonstrably consistent with the firm’s approved compliance framework.

Firms that have deployed AI agents with proper institutional knowledge structures — where every output is traceable to specific knowledge entries, every entry carries source and confidence metadata, and conflicts are surfaced for human resolution — are well-positioned for this regulatory environment.

Firms that have deployed generic AI agents and are relying on model capability to approximate their compliance framework are accumulating regulatory risk with every assessment their agents produce.

The knowledge problem is not a technical problem. It is a governance problem. And in financial services, governance problems have regulatory consequences.