Governance Gives AI Agents Permission to Grow Up
As the training wheels start to look like they can come off for The Prompt Economy, the next phase of agentic AI is starting to look less like a lab experiment and more like an operating model that needs to scale to be truly effective.
Evidence for this comes from Nubank researchers who recently reported production deployments of AI customer-support agents across card delivery, debt management, credit-limit support, card management and product explanations. The work spans a customer base of more than 100 million users and shows how AI agents are being pushed into real customer workflows, not just internal productivity tools. In one card-delivery deployment, Nubank said large-scale A/B testing produced a 37 percentage-point improvement in AI transactional Net Promoter Score and a 29 percentage-point gain in self-service rate compared with prior agent variants.
That is the production proof point banks and FinTechs have been waiting for. The industry has spent the past two years testing copilots, chatbots and internal assistants. Now the focus is shifting to agents that can handle higher-volume, higher-stakes workflows with measurable impact.
Other financial services players are moving in the same direction. Experian launched an Agent Operating System inside its Ascend Platform, positioning it as a way for financial institutions to scale agentic AI across the lending lifecycle with controls, auditability and human oversight. HSBC and Google Cloud also announced a multi-year AI partnership expected to support more than 200 new AI use cases over two years, including wealth management and financial crime risk management.
The common thread is that AI is moving into regulated workflows. Credit, card servicing, debt support, anti-money laundering, fraud and lending operations are all areas where decisions must be explainable, monitored and auditable.
That raises the bar for deployment. Banks and FinTechs will need clear escalation paths to humans, detailed call logs, data lineage, policy testing and outcome monitoring. In payments, AI customer-service records could increasingly become part of the evidence trail for chargebacks, fraud claims and consumer complaints.
The story is no longer whether financial institutions will use AI agents. The story is how quickly they can scale them without losing control of the workflow.
Governance Becomes the Scaling Test for Agentic AI
The first wave of production AI agents shows that financial services firms can move beyond pilots. The next issue is whether companies across industries can govern those agents once they start acting on their own.
That was the central theme of a recent SSON report on agentic AI governance, which argued that autonomous systems are changing the role of enterprise oversight. AI no longer just recommends an action to a human. In more advanced deployments, it can execute tasks, trigger workflows and interact with core business systems. That makes governance less of a compliance checkpoint and more of an operating requirement.
The report, based on discussions at SSON’s Agentic & Applied AI for the Enterprise conference, said companies are rethinking a basic management question: Who owns the agent? In older automation programs, governance often came near the end. Teams identified an opportunity, built a tool, tested it and then submitted it for approval. That sequence worked better for rules-based systems. Agentic AI creates a different problem because risk continues after launch.
As LinkedIn’s Bhupinder Singh Narang put it in the report, governance is no longer just a policy document. It has become an engineering problem. That means controls have to be built into the workflow from the beginning, including audit logs, scoped permissions, approval thresholds, rollback mechanisms and continuous monitoring.
The lesson applies well beyond financial services. In human resources, AI agents could screen candidates, answer employee questions or trigger payroll-related workflows. In procurement, they could negotiate with suppliers or reorder goods. In shared services, they could handle finance, customer support, claims or back-office tasks. Each use case creates the same basic issue: An agent that acts independently needs boundaries.
The report also reframed governance as an enabler of scale, rather than a brake on innovation. Too much control can slow experimentation. Too little can create operational and reputational risk. The practical answer is risk-based governance, where low-risk use cases move quickly inside clear guardrails, while higher-risk workflows require deeper review.
For companies trying to scale agentic AI, the checklist is becoming clearer: assign a business owner, technical steward and risk sponsor for every agent; use trusted data; document actions; monitor outcomes; and make sure humans can intervene.
The scaling race will not be won by the firms that deploy the most agents. It will be won by the firms that know exactly what their agents are allowed to do.
For all PYMNTS AI coverage, subscribe to the daily AI Newsletter.