What CIOs in finance do to navigate AI agents

Agentic AI is poised to dominate many areas of software development in 2026. Seventy percent of companies plan to have more than 15 active AI agents within their organizations by the end of the year, according to a study by API management company Gravitee, which also estimates that more than one million bots will enter the workforce as well.

As AI agents permeate different lines of business, one area primed for growth is their use within finance. “AI and agent technology in financial services are set to advance significantly over the next 12 to 24 months,” says Shree Reddy, EVP and CIO of federal credit union PenFed Credit Union.

A core reason is the high degree of manual labor in financial workflows. Accounts receivable, document extraction, and managing bloated email inboxes are top manual functions, as found by Auditoria.AI’s 2025 State of AI Automation in the Finance Office report, which surveyed over 250 finance professionals. So interest in new tech trends, like gen AI and autonomous agents, now outpaces RPA for automating such tasks.

One early example of success with agents comes from Block, the financial services company behind Square and Cash App. Their open-source AI agent, Goose, is now used by more than 12,000 employees, who report saving up to 75% of their time on common tasks. As head of developer relations, Angie Jones writes on the Block engineering blog that the agent is used across every job function, tapping MCP to allow AI agents to interact with APIs, tools, and data systems.

In other financial environments, agents are already boosting information gathering, triage, and human decision-making. Still, agentic AI hasn’t taken full oversight of high-risk enterprise financial workflows, such as autonomously making payments.

Only 6% of organizations fully trust AI to handle end-to-end business processes entirely on its own, according to a December 2025 study conducted by Harvard Business Review sponsored by Workato, and 94% of companies keep AI agents on the edges for low-stakes and supervised tasks. To take AI agents to the next level in finance, therefore, CIOs must solve core infrastructure gaps while carefully balancing AI innovation with plenty of guardrails.

“When it comes to AI, we’re facing death by 1,000 AI module cuts,” says Joe Wilson, SVP and CIO at CSG International, a provider of business support systems software and services. In addition, LLM accuracy and access control issues threaten security, requiring more intentional rollouts. “CIOs need to move at a breakneck pace without breaking security best practices or falling into the pilot graveyard,” he says.

While regulatory frameworks limit the scope of agentic AI in financial and banking contexts, leaders still foresee agents and multi-agent systems working alongside people to achieve tangible outcomes. “It’s moving beyond passive assistance toward orchestrated, outcome-oriented systems, where agents don’t just respond, they act, collaborate, and help drive results,” says Dan Shmitt, CIO of Salesforce.

How AI agents can support finance

There are clear opportunities for agents to transform banking. On the user-facing side, AI agents can provide new experiences for customers, such as highly capable chat and voice assistants. “Traditional interactive voice response systems will evolve into intelligent voice agents, powered by natural language processing for seamless conversational banking,” says PenFed’s Reddy.

New advances in LLMs are improving accuracy and reducing hallucinations, which open up more use cases. Still, near-term adoption will focus on areas unaffected by regulation. “Non-regulatory use cases will move forward aggressively, while regulatory cases will maintain human oversight as the industry evolves,” he adds.

Another area is structured internal workflows with a high degree of toil, says Salesforce’s Shmitt. This includes procurement guidance, policy support, forecasting, contract review, and collections. “These workflows are processes with explicit rules, heavy documentation, and high volumes of repetitive questions, meaning agents have a clear opportunity,” he says.

Others agree that agentic AI is poised to streamline repetitive actions. “There’ll be an increase in AI agent usage to automate formerly manual, routine tasks,” says Charles Hearn, CTO at Alloy, an identity and fraud prevention platform, adding that tasks like resolving watchlist matches, document review, and due diligence information collection are well-suited for automation.

Then there’s data aggregation. “Agents excel at pulling data from multiple systems, classifying and summarizing information, and escalating only when human judgment is needed,” says Carl Froggett, CIO at Deep Instinct, a deep learning cybersecurity company. This is similar to how security operations use AI to automate risk detection and escalate to operators when needed.

For any banking transaction, there must be at least two approving parties. This principle, referred to as maker and checker, is foundational for financial institutions. It has historically required a high degree of manual decision-making, but agentic AI could streamline decisions or act upon them autonomously one day.

“Faster movement comes from plugging agents into existing maker and checker approval and governance processes, without changing an institution’s risk posture,” says Froggett. The result is helping financial teams move at a quicker pace and focus on more high-value tasks, he adds. “Adopting agents is no different from hiring new staff or right-shoring teams to lower-cost locations.”

Agents in high-value financial operations

Some enterprises are beginning to entrust agents alongside those higher-value operations, beyond just acting in a supporting role. For instance, Salesforce is experimenting with how agents can inform strategies on the periphery of transactions. Shmitt shares identifying which invoices require follow-up, and determining which actions operations should take to achieve monthly cash targets. “By combining insights with actions, agents are already helping to resolve customer issues faster, all while improving our ability to improve decision-making,” he says.

Applying agents in monetary transactions is nascent, if not nonexistent, and anything that comes close to it requires extra-tight controls and value-defined thresholds. Even so, when agents aren’t conducting direct monetary functions, they still require control to maintain trust and reliability. “We’re focused on defining clear roles for agents with strong data governance, transparent reasoning, and human oversight to prevent any potential financial risk,” says Shmitt. “We believe agents must operate at a foundational level that’s safe, auditable, and predictable.”

Alloy’s Hearn adds that the core of decision-making for these make-or-break, high-value operations needs to be predictable and reproducible. For him, agentic AI is a better fit on the outskirts of key transactions, like reconciling data or reviewing abnormalities.

“Our agentic tools are better at understanding patterns of issues, which help prevent fraud, whereas our predictive AI is what we still use for our highest-value transactions,” says Hearn. “Reconciling, correlating, and augmenting those transactions is a central component of a money movement program, and that can all be done more efficiently with agents.”

Others are keeping AI agents in the realm of intelligence and customer service. As Reddy says, PenFed is deploying Salesforce’s Agentforce 360 Platform to introduce AI agents that automate processes, and enhance employee and member experiences. “These target essential financial functions like autonomous anomaly detection and response, intelligent quality control, and intelligent servicing and processing,” he says. The credit union has already noticed a 10% reduction in average handle time for its support agents, and is seeing a 30% reduction in operational expenses using intelligent agents.

These capabilities still come with strict governance, though. Reddy shares that they’ve built guardrails such as comprehensive audit trails for every AI-assisted decision, stringent monitoring for model drift and bias, and immediate kill-switch capabilities if certain risk thresholds are met that are tied to clearly defined financial exposure limits. 

Overcoming gaps for agentic finance

Ideally, cross-functional agents intersect lines of business within enterprise finance. But before truly autonomous agentic behaviors can enter financial settings and scale across domains, it’ll take a combination of forces. CIOs must solve data issues, safely oversee the lifecycle of new AI agent deployments, and ensure interoperability and orchestration, all while balancing humans in the loop.

One big area for sectors like credit unions is data quality, says Reddy. “Poor data governance leads to unreliable outcomes, which is unacceptable for personal finance,” he says. For him, key gaps remain around AI agents and data, including inconsistent data, limited system interoperability, weak access control, and insufficient audit trails.

“Addressing these requires improved data standardization, modernized integrations, real-time monitoring, and robust governance,” he adds. “PenFed enterprise technology is making progress, but ongoing focus on AI model governance and human-in-the-loop safeguards remains essential.”

Others agree that the basic security hygiene playbook still applies. “Compliance, access controls, and identity management matter now more than ever,” says CSG’s Wilson. “From the research stage to investment to orchestration, governance and security mechanisms need to be baked in at every stage.”

Still, it’ll take a more complex infrastructure for agents to truly act across different domains. “Businesses that effectively deploy agents that can autonomously orchestrate multiple workflows across different domains, such as across supply chains and procurement, have more complex infrastructure needs,” says Shmitt.

To realize this, a universal agent communication layer could deliver better collaboration between workflows, domains, and departments, Shmitt adds. “CIOs should also work with their teams to design and deploy a scalable architecture that supports agent interactions that can scale up and down based on need,” he says.

Emerging protocols, standards, and best practices

In addition to the security guardrails, open standards and protocols are at the root of agent-driven financial processes. “Implement MCP and Agent2Agent (A2A) protocols, vendor-neutral orchestration, and policy-as-code guardrails,” says Reddy. “Standardize single sign-on, OpenID Connect, and SAML integration for agent clients, too.”

Other developing payment protocols may soon play a role in enabling AI agents to conduct safer autonomous transactions. For instance, Coinbase developed x402, an open standard to enable AI agents to make programmatic payments to web services. Other protocols, like Agentic Commerce Protocol (ACP), codeveloped by Stripe and OpenAI, and Universal Commerce Protocol (UCP), open-sourced by Google and partners, are intended to power agentic commerce with a standard and secure transactional method for online merchants.

For now, CIOs point to hardening security frameworks and best practices to enable more governed, agent-driven financial processes. “Adopt recognized standards such as NIST AI RMF for risk governance,” says Reddy. “Incorporate dual authorization, real-time telemetry, observability, confidence scoring, and audit trails to ensure secure and governed AI agent usage.”

And consider ISO 27001 as a starting point for organizational security hygiene, adds CSG’s Wilson. “But don’t stop there. I’d point to ISO 42001 as a rock-solid AI framework for organizations to consider pursuing, to tighten security across the whole business, from HR to research and development.”

He also recommends adopting proper scoping for AI agent capabilities. “Have more agents do less. Focus each AI agent on tightly scoped, purpose-specific tasks that only require a small subset of data access.” This aligns with a zero-trust approach, which grants more granular control over information flow to reduce data exposure.

Shmitt agrees that security and success come from introducing agents with well-defined areas. “In financial operations, the strongest emerging practices center on how teams introduce and manage agents inside existing control frameworks,” he says. “We’re seeing success when organizations start with narrow, well-defined workflows, like procurement questions, contract reviews, or collections follow-up, and let agents handle the routine steps first.”

CIOs also recommend quality documentation, auditability, and human-in-the-loop control as important to ensure accuracy with AI agents in financial services.

“Institutions need frameworks that prioritize auditability and policy-driven access,” says Deep Instinct’s Froggett. “What’s gaining traction are frameworks that emphasize model governance for agentic systems; zero-trust applied to agents; secure integration patterns for core systems; and explainability so every agentic action is traceable and reviewable.”

Evaluating the ROI of agents in finance

Although attaining ROI remains tricky, most enterprises are still committed to AI agent experimentation. Nearly 80% of senior tech leaders plan to increase AI usage in 2026, according to The 2026 Reveal Top Software Development Challenges Survey. And momentum is gathering in finance. Gartner research also found that nearly 60% of finance functions plan to increase AI investments by at least 10% over the next two years.

Once AI agents move from retrieval to action, ROI will become clearer. This will equate to measurable improvements in terms of operational efficiency, reducing cycle times, and handling tasks without as much human prompting, says Schmitt. Longtail benefits include faster insights and stronger customer outcomes, he adds.

Others agree that ROI is achieved from deploying agents for data analysis, but anticipate more meaningful future returns. “Near-term ROI will come from automating manual workflows, reducing latency, and freeing teams for higher-value analysis and oversight,” says Frogget. “As governance matures, agents will take on more complex decision workflows in compliance, risk scoring, and fraud detection, where benefits are immediate and measurable.”

PenFed’s vision is for technology to empower and responsibly drive the business forward, says Reddy, and ROI from AI agents equates to more personalized customer interaction and engagement, and improved productivity and operational efficiency. “The value we create is returned to the community through better rates and enhanced service, supporting the mission and purpose of credit unions,” he adds.

Others see the benefits as empowering CIOs with increased, near-real-time analysis of their internal ecosystem, reducing regulatory risks. “AI agents will allow banks to create a living, breathing compliance function,” says Wilson. “With eagle-eyed visibility, banking CIOs will shorten cycles of evidence, strengthen accuracy, build assurance across the full lifecycle, and lighten administrative burden.”