The New Control Problem
Agentic AI is forcing finance to rethink control, accountability, and systemic risk
Sources
The Quiet Warning That Matters
The Financial Stability Board’s new consultation report on responsible AI adoption in finance will not travel through the internet like a chatbot scandal. It does not have the instant absurdity of a consumer AI failure, the courtroom drama of a hallucinated legal filing, or the public theater of a company blaming a machine for a very human lapse in judgment.
The FSB does not write for virality. It writes for financial authorities, banks, insurers, market infrastructure operators, asset managers, payment providers, and the institutions that sit behind the visible machinery of global finance. Its language is cautious by design. Its documents are dense by necessity. When the FSB begins drawing attention to agentic AI, human oversight, third-party concentration, synthetic employees, financial transactions, kill switches, and correlated behavior across institutions, the signal should not be dismissed because the prose is restrained.
The deeper story is not that global regulators have noticed AI. They noticed AI years ago. The deeper story is that AI in finance is moving from a tool that supports decisions toward systems that can plan, sequence, act, and interact with other systems. That transition changes the governance question. Traditional AI risk management asks whether a model’s output is accurate, explainable, fair, secure, and compliant. Agentic AI adds a harder question: what happens when the model does not merely advise the institution but performs parts of the institution’s work?
Finance has always depended on controlled delegation. Traders, risk managers, claims adjusters, credit officers, compliance teams, and operations staff are allowed to act because institutions define authority, monitor conduct, record decisions, assign responsibility, and impose consequences. Agentic AI tests that architecture because it introduces a new class of actor inside the firm. The actor is not a legal person, not an employee, not a vendor in the conventional sense, and not merely software in the old sense. It can pursue goals, access tools, query systems, generate intermediate steps, and sometimes take actions whose full path may be hard to reconstruct after the fact.
That is the control problem underneath the FSB report. Finance is not simply adopting a more efficient technology. It is experimenting with operational agency.
What Changed When AI Became Agentic
Most institutions already know how to talk about AI as analytics. Banks have used machine learning for fraud detection, credit scoring, anti-money-laundering reviews, customer segmentation, cybersecurity, market surveillance, and operational efficiency. Those uses raise serious issues, but they fit within a familiar governance structure. A model generates a score, a classification, a recommendation, an alert, or a draft. A human or an automated workflow then uses that output within a defined process.
Agentic AI complicates the boundary between output and action.
An agent can receive a goal, break that goal into tasks, call tools, access data, interact with APIs, modify its plan, and execute steps with limited human intervention. In finance, that difference is not semantic. A system that summarizes a credit file is one thing. A system that extracts data, identifies inconsistencies, drafts a credit narrative, recommends a risk decision, and prepares execution steps is another. A system that flags suspicious activity is one thing. A system that identifies emerging fraud patterns, proposes detection rules, and helps change operational defenses in real time is another.
The FSB’s report recognizes this distinction without presenting it as science fiction. Agentic AI is not treated as a distant speculative category. It appears as part of the financial sector’s current adoption landscape, especially in areas such as fraud detection, customer service, back-office functions, trading-related workflows, compliance, and cyber risk. The Reuters account of the report notes that financial firms are already using agentic AI in some of these domains, while the FSB’s own text describes autonomous systems capable of planning, reasoning, and executing complex high-level goals independently.
The risk no longer sits only in the model’s answer. It also sits in the sequence of actions between the request and the outcome.
A model can be wrong in a single response. An agent can be wrong across a chain of decisions. It can take an incorrect intermediate step that appears harmless, use a data source outside the intended scope, call the wrong tool, interpret success too narrowly, or continue optimizing toward a goal after the surrounding context has changed. In an ordinary corporate process, those errors may create inefficiency or customer harm. In finance, they can also create conduct breaches, operational disruption, transaction errors, liquidity effects, data exposure, and correlated behavior across institutions using similar tools.
The speed of finance intensifies the problem. Financial systems already operate through automated execution, real-time risk monitoring, high-volume payment flows, fast-moving markets, and interconnected infrastructure. Adding more autonomous software to that environment may improve detection, efficiency, and resilience. It may also compress the time available for humans to understand what is happening before consequences spread.
That is why “human oversight” becomes less comforting as a slogan. The relevant question is not whether a human appears somewhere in the governance chart. The question is whether that human has the practical ability, authority, incentive, and time to intervene before an agent’s actions become irreversible or systemically relevant.
The Failure of Cosmetic Oversight
The FSB’s treatment of human oversight is one of the most important parts of the report because it rejects the easy version of control. Human oversight is not meaningful merely because a person is assigned to approve something, spot-check something, or sit above a workflow in theory. Oversight can become ceremonial when the human lacks information, technical understanding, institutional authority, or enough time to interrupt the machine.
Financial institutions should recognize this problem immediately. They already live with versions of it in model risk management, compliance approvals, and operational controls. A policy can require review while the surrounding incentives encourage speed. A dashboard can show alerts while the alert volume makes serious review impossible. A committee can approve a system while depending almost entirely on the team that built or bought it. A human can remain nominally accountable while the actual decision path is buried inside automation, vendor architecture, or a chain of intermediate machine actions.
Agentic AI makes this worse because the action path can be dynamic. If an agent can plan, call tools, query systems, and adapt to its environment, oversight cannot be reduced to approving a fixed output. The institution must understand the agent’s permissions, operating boundaries, escalation triggers, tool access, data access, transaction authority, monitoring regime, and failure modes. It must also know who is responsible when the agent does something unexpected.
The FSB’s report makes a crucial distinction here. It identifies different forms of human oversight, including human approval of AI decisions, AI used to support human monitoring, periodic human intervention, high-level human command, kill switches, and contestability. Those categories are not merely compliance vocabulary. They show that oversight must be designed around the autonomy, materiality, complexity, explainability, and risk of the use case.
A low-risk customer service bot may not need the same control structure as an agent that can affect payments, customer funds, trading workflows, fraud rules, or operational access. A tool that drafts internal summaries may not require the same logging standards as a system that interacts with external APIs or customer records. A compliance assistant that proposes language is not equivalent to a system that can alter controls or trigger downstream actions.
The control structure has to match the agent’s effective power.
This is where many AI governance programs remain immature. They classify tools by vendor, model type, or department, when the better question is what the system can actually do. Can it retrieve confidential data? Can it interact with customer records? Can it initiate or prepare financial transactions? Can it modify rules used by other systems? Can it communicate externally? Can it influence advice, pricing, underwriting, claims, sanctions screening, fraud controls, trade execution, or customer eligibility? Can it learn from its environment in ways that change its behavior after deployment?
When the answer to those questions changes, the governance category should change with it.
Synthetic Employees and the Institutional Imagination
One of the most revealing phrases in the FSB report is “synthetic employees.” The term is easy to overplay, but it captures a shift that conventional software language does not handle well.
A spreadsheet is not an employee. A database is not an employee. A rules engine is not an employee. Even a predictive model, in most cases, is not plausibly treated like an employee. It produces an output within a narrow environment. It may be powerful, but it does not resemble a worker moving across tasks.
An AI agent is different enough to create a governance analogy. It may have an identifier. It may require access rights. It may need permissions, supervision, escalation paths, performance monitoring, behavior testing, and restrictions on scope. It may interact with other agents, systems, employees, customers, or vendors. It may create records that must be audited. It may need to be suspended, downgraded, retrained, or removed from a process.
That does not mean AI agents are people. The point is the opposite. They are not people, yet they may occupy parts of institutional workflows that were previously controlled through people. The employee analogy matters because firms already know how to govern delegated authority when the delegate is human. They use identity management, role definitions, access controls, segregation of duties, approval thresholds, supervision, training, conduct rules, disciplinary systems, audit trails, and accountability chains.
Agentic AI forces institutions to rebuild parts of that logic for non-human actors.
This is not a branding issue. It is a control architecture issue. If an AI agent has access to customer data, market data, internal communications, payment systems, fraud tools, or operational workflows, the firm needs to know what that agent is allowed to do, how those permissions were granted, who approved them, how they are monitored, when they expire, and what happens when the agent behaves outside the intended scope. If an agent can participate in a decision path, the institution needs records that are useful after something goes wrong, not merely logs that exist somewhere in a technical system.
The employee analogy also highlights a governance trap. Human employees can be interviewed, trained, reprimanded, or held personally responsible. AI agents cannot. Responsibility therefore moves upward and outward. It belongs to the institution that deployed the system, the managers who approved the use case, the teams that set the permissions, the vendors that supplied critical components, and the control functions that allowed the system to operate. The more agentic the system becomes, the less credible it is for a firm to claim that a surprising action was simply a technical anomaly.
In finance, accountability cannot disappear into automation. If an agent acts inside the institution, the institution acts through the agent.
The Systemic-Risk Layer
The most serious implication of the FSB report is not confined to individual firms. The FSB’s mandate is financial stability, and that lens changes the discussion.
A single institution deploying an AI agent poorly can harm customers, violate rules, expose data, or create operational losses. Those are important risks, but they are not the full concern. The systemic question is what happens when many firms adopt similar AI systems, rely on similar infrastructure, use similar foundation models, depend on similar cloud providers, train on similar data, and optimize toward similar objectives.
Finance already has a long history of correlated behavior. Models can produce herding. Risk systems can encourage similar de-risking. Market participants can respond to the same signals at the same time. Liquidity can evaporate when everyone tries to reduce exposure simultaneously. Automation can accelerate feedback loops before human judgment has time to intervene.
Agentic AI could add a new layer to that old problem.
If agents are used for trading-related research, market surveillance, portfolio analysis, liquidity forecasting, customer engagement, cyber defense, fraud detection, compliance, and operational resilience, their individual errors may not remain individual. Similar agents may interpret similar data in similar ways. Similar vendor models may produce similar recommendations. Similar guardrails may fail under similar conditions. Similar operational dependencies may create common points of fragility.
The FSB report points directly to concentration risks in cloud infrastructure, hardware, foundation models, and key points in the AI supply chain. It also warns that reliance on common AI models, datasets, or infrastructure can lead to correlated outcomes across financial institutions, potentially amplifying herding, procyclicality, liquidity stress, and asset price vulnerabilities.
This is the part of the story that deserves more attention. AI governance is often discussed as if each firm can solve the problem independently by improving its internal controls. Internal controls are necessary, but the financial system is not a collection of isolated machines. It is an interdependent network of firms, markets, infrastructure, vendors, standards, incentives, and shared assumptions.
If agentic AI becomes a common operational layer across finance, the governance problem extends beyond the individual deployment. Supervisors will need better visibility into where agents are being used, which functions they affect, which vendors or models are widely depended upon, how failures could propagate, and whether industry-wide adoption is creating hidden synchronization.
The irony is that many AI tools are being sold as ways to make institutions more responsive and resilient. That may be true at the firm level. It may also create fragility at the system level if many institutions become responsive in similar ways at similar speeds.
The Vendor Problem Behind the Governance Problem
Agentic AI also sharpens a problem that has been building across financial technology for years: the growing dependency of regulated institutions on external infrastructure and opaque technology suppliers.
Financial firms can outsource functions, but they cannot outsource responsibility. That principle is familiar in financial regulation. Yet AI makes it harder to operationalize because the most important components may sit outside the firm’s direct control. A bank may use a third-party foundation model, a cloud provider, specialized AI infrastructure, external data sources, orchestration tools, monitoring software, and vendor-managed updates. The firm may be accountable for the use case while lacking full visibility into the model, the training data, the update cycle, the testing environment, or the failure modes.
The FSB report emphasizes third-party risk, transparency, data quality, supply-chain concentration, business continuity, and contractual arrangements with AI providers. Those concerns are not administrative details. They define the boundary between governed adoption and borrowed opacity.
For traditional software, vendor risk management often focuses on service availability, cybersecurity, data processing, contractual rights, and operational resilience. For AI, those remain necessary but insufficient. The institution also needs assurance about model behavior, version changes, performance drift, explainability, monitoring, incident reporting, and the vendor’s own oversight of the system. If the model changes after deployment, the risk profile of the financial institution’s use case may change without the institution having made an explicit business decision.
That is a profound governance challenge. A firm can approve one system and later find itself relying on a materially different one because a provider updated the model, changed the architecture, altered a safety layer, modified a retrieval system, or adjusted the tool orchestration. In a lightly regulated consumer context, that may produce confusion or poor service. In finance, it can affect compliance, customer outcomes, transaction integrity, and market behavior.
This is also where market power enters the story. If a small number of model providers, cloud providers, chip suppliers, and AI infrastructure firms become essential to financial operations, then operational resilience becomes entangled with technology concentration. The financial sector’s risk profile begins to depend on companies that may not be financial institutions, may not be supervised in the same way, and may have incentives shaped by scale, product velocity, and platform dominance rather than financial stability.
The FSB’s language is careful, but the implication is significant. Agentic AI is not only a model governance issue. It is a dependency issue.
When Speed Becomes a Risk Variable
Financial institutions are attracted to AI because it can increase speed. It can process more information, identify patterns earlier, draft documents faster, detect fraud in real time, support customer interactions at scale, and reduce manual workload. These benefits are real. The FSB report does not deny them. In some domains, not adopting AI may become risky because fraud, cyberattacks, and market complexity can outpace human-only monitoring.
The harder question is where speed helps and where it becomes a risk variable.
An agent that detects emerging fraud patterns quickly can protect customers and institutions. An agent that changes controls too aggressively can create false positives, block legitimate activity, or introduce vulnerabilities elsewhere. An agent that scans news and prepares trading instructions can improve workflow efficiency. If poorly constrained, it can also accelerate flawed reasoning into market action. An agent that supports compliance can improve consistency. If it is overtrusted, it can normalize errors at scale.
Speed is valuable when the institution can verify, constrain, and reverse what is happening. Speed is dangerous when the action outruns the control system.
The FSB’s concern that agentic AI risks can materialize at great speed should be read in that context. In traditional governance, delay is often treated as friction. AI adoption programs commonly promise to remove friction from processes. Yet in high-stakes financial contexts, some friction is a control. Approval thresholds, segregation of duties, escalation protocols, reconciliation steps, documentation requirements, and manual checks exist because unchecked efficiency can become institutional negligence.
The challenge is not to preserve every old friction point. Some are obsolete, redundant, or performative. The challenge is to distinguish bad friction from protective friction. Agentic AI makes that distinction more urgent because it can remove operational delays while also removing moments where responsibility, judgment, and evidence used to enter the process.
That is why governance has to be designed before agents are deeply embedded in critical workflows. Retrofitting controls after deployment is difficult when systems are already integrated with data sources, customer interactions, internal tools, and operational routines. Once business teams become dependent on agentic workflows, control functions may face pressure not to slow them down. The institution then discovers that the real governance decision was made earlier, when autonomy was granted.
The Board-Level Question
The FSB’s report repeatedly points to boards and senior management. That emphasis is not symbolic. Agentic AI cannot be governed as a narrow technical implementation because it changes business processes, risk appetite, accountability, vendor dependence, operational resilience, and strategic competition.
Boards do not need to understand every model architecture. They do need to understand where the institution is delegating action to systems that can affect customers, markets, capital, liquidity, compliance, data, and operations. They need to know which use cases are low-risk productivity tools and which are becoming operational actors. They need to understand whether human oversight is meaningful or merely documented. They need to ask whether the institution can stop an agent, reconstruct its actions, explain its decisions, and assign responsibility when something fails.
A board that treats agentic AI as an innovation program will ask whether adoption is moving fast enough. A board that treats it as a control problem will ask a different set of questions. It will ask where agents are authorized to act, where they are prohibited from acting, what thresholds require human approval, how identity and access are managed, how performance drift is monitored, how vendor updates are controlled, how agent interactions are logged, how rollback works, and how the firm would respond if multiple agents behaved unexpectedly at the same time.
This does not mean boards should block adoption. The competitive and defensive case for AI in finance is real. Fraud detection, cyber defense, regulatory compliance, operational efficiency, document review, and risk monitoring are all areas where AI can improve institutional performance. But the governance must match the authority being delegated.
The board-level issue is therefore not whether the firm uses AI. That question is already becoming outdated. The issue is whether the firm understands the difference between using AI and authorizing AI to act.
The Coming Supervisory Divide
The FSB’s consultation report is non-binding. It does not create an international standard. It does not impose a prescriptive rulebook. That makes it easy to underestimate.
Soft guidance often matters before hard law arrives. It gives supervisors a vocabulary. It gives institutions a benchmark. It gives boards a warning about what regulators will consider foreseeable. It also gives enforcement agencies, litigators, auditors, and counterparties a way to ask whether a firm’s controls were reasonable for the risks it chose to take.
The consultation period also reveals that this area is still unsettled. The FSB is asking whether the proposed practices strike the right balance between general AI risks and risks tied to more complex forms of AI, including generative and agentic systems. It is asking whether the practices are flexible enough to address newer forms of AI over time. Those questions matter because the technology is moving faster than formal regulatory architecture.
This creates a likely divide in the financial sector.
Some institutions will treat the FSB report as a compliance document and respond with policies, inventories, committees, and approval language. Others will treat it as an early map of the next control environment and begin redesigning how they classify AI use cases, govern agent permissions, structure human oversight, monitor third-party dependencies, and prepare for supervisory scrutiny.
The second group will have an advantage. Not because it will move more slowly, but because it will move with a clearer understanding of where autonomy changes risk. In finance, credible governance can become a strategic asset. It allows adoption to scale without forcing the institution to pretend that every AI use case belongs in the same category.
The firms that struggle will be those that adopt agentic AI through scattered business-unit experimentation, vendor-led pilots, informal access, weak documentation, and unclear accountability. They may appear faster in the beginning. They may also accumulate hidden risk until a failure exposes how little control existed behind the productivity story.
The Deeper Shift
The FSB warning should be read as an early institutional recognition of a broader shift. Finance is entering a phase in which AI systems will not only inform decisions but increasingly participate in carrying them out. That changes the meaning of model risk, operational risk, conduct risk, cyber risk, third-party risk, and systemic risk.
The old governance question was whether the machine could be trusted to produce a useful answer. The new governance question is whether the institution can remain in control when the machine is allowed to pursue a goal.
That difference reaches far beyond finance, but finance will feel it first because the consequences are measurable, regulated, and potentially contagious. Money moves quickly. Markets react quickly. Fraud adapts quickly. Operational failures propagate quickly. In that environment, agentic AI is not just another productivity layer. It is a new delegation layer inside the machinery of financial activity.
The FSB is not telling institutions to abandon AI. It is telling them that responsible adoption requires a more serious control model. Boards must understand the authority being granted. Managers must define boundaries that mean something. Risk teams must monitor behavior, not just outputs. Vendors must be subject to deeper assurance. Human oversight must be designed so that humans can actually intervene. Systemic risk must be considered before common infrastructure and common models quietly synchronize institutional behavior.
The firms that understand this will not treat agentic AI as a chatbot with better workflow integration. They will treat it as a new kind of operational actor whose power depends on access, autonomy, and institutional permission.
That is the story beneath the consultation report. The financial system is not merely asking whether AI can work. It is beginning to ask who, or what, is allowed to act.