What is function calling in AI Agents? A Guide for compliance officers in banking

Function calling is a way for an AI agent to ask a system to run a specific action, like checking an account, creating a case, or retrieving policy data. In practice, it means the model does not guess the answer itself; it selects a predefined function and passes structured inputs to it.

For compliance officers in banking, the key point is simple: function calling turns an AI agent from a chat interface into a controlled workflow runner. That matters because controlled workflows are easier to audit, restrict, and monitor than free-form text generation.

How It Works

Think of function calling like a bank teller with a strict playbook.

The teller can listen to a customer request, but they cannot improvise sensitive actions. If the customer asks for an account balance, the teller uses an approved process. If the customer asks to dispute a transaction, the teller routes it through the correct case-handling system. The teller is not “deciding” from scratch; they are selecting from approved procedures.

That is what an AI agent does with function calling:

• •The user asks something in natural language.
• •The model interprets the intent.
• •Instead of answering directly, it chooses one of the available functions.
• •It sends structured parameters, such as customer_id, account_number, or case_reason.
• •Your application executes the function and returns the result.
• •The model then formats that result into a human-readable response.

A simple example looks like this:

{
  "function": "get_account_status",
  "arguments": {
    "customer_id": "C12345",
    "account_id": "A99881"
  }
}

The important control point is that the model does not get arbitrary database access. You define which functions exist, what inputs they accept, and what they are allowed to return. That gives compliance teams something concrete to review: named actions with known boundaries.

For banking teams, this is different from letting an AI “just answer questions.” Function calling forces the agent through approved rails. It is closer to workflow automation than open-ended conversation.

Why It Matters

Compliance officers should care because function calling changes how AI risk shows up in production.

• •

  It reduces uncontrolled behavior

  • •The model cannot freely invent actions if only approved functions are exposed.
  • •That helps limit unauthorized account access, unsupported advice, or accidental disclosure.
• •

  It improves auditability

  • •Every function call can be logged with timestamp, user context, input parameters, and output.
  • •That creates a clean trail for reviews, investigations, and regulatory evidence.
• •

  It supports least privilege

  • •You can expose only narrow capabilities, such as “fetch KYC status” or “open AML review case.”
  • •The agent never needs broad system access just to complete common tasks.
• •

  It makes policy enforcement practical

  • •Rules can be embedded before execution: block certain actions, require human approval, or redact fields.
  • •This is much easier than trying to police raw text after the fact.

In banking terms, function calling is not just an engineering feature. It is part of your control environment.

Real Example

Let’s say a retail bank wants an internal AI assistant for branch staff handling suspicious activity questions.

A branch employee types:

“Can you check whether this customer has an active AML alert before I continue onboarding?”

Without function calling, the model might respond with vague guidance or hallucinate details. With function calling, the agent can trigger a controlled backend lookup:

{
  "function": "check_aml_alert_status",
  "arguments": {
    "customer_id": "C12345"
  }
}

The backend service returns:

{
  "active_alert": true,
  "alert_type": "Enhanced Due Diligence",
  "next_step": "Escalate to compliance queue"
}

The agent then responds:

“This customer has an active EDD alert. Escalate to the compliance queue before proceeding.”

From a compliance perspective, this pattern is useful because:

• •The AI never sees more data than necessary.
• •The action is constrained to one approved lookup.
• •The result can be logged and reviewed.
• •If policy requires human review before onboarding continues, that rule can be enforced outside the model.

You can apply the same pattern in insurance for claims triage:

• •get_policy_coverage
• •create_claim_case
• •flag_fraud_review
• •request_human_approval

The model decides which tool to use; your policy layer decides whether it may proceed.

Related Concepts

• •

  Tool use

  • •Broader term for letting models interact with external systems.
  • •Function calling is one implementation pattern inside tool use.
• •

  Agent orchestration

  • •The logic that decides which step happens next after each tool call.
  • •Important when multiple systems are involved in one workflow.
• •

  Human-in-the-loop approval

  • •A control where certain actions require manual review before execution.
  • •Common for high-risk banking operations.
• •

  Structured outputs

  • •Model responses formatted as JSON or another schema instead of free text.
  • •Useful for validation and downstream automation.
• •

  Policy engines

  • •Rule systems that decide whether an action should be allowed.
  • •Often used alongside function calling to enforce compliance controls.

Keep learning

• •The complete AI Agents Roadmap — my full 8-step breakdown
• •Free: The AI Agent Starter Kit — PDF checklist + starter code
• •Work with me — I build AI for banks and insurance companies

By Cyprian Aarons, AI Consultant at Topiax.