What is prompt engineering in AI Agents? A Guide for compliance officers in retail banking

Prompt engineering is the practice of writing instructions for an AI system so it produces the right output, in the right format, with the right constraints. In AI agents, prompt engineering is how you control what the agent does, what it can use, what it must avoid, and when it should escalate.

How It Works

Think of prompt engineering like drafting a branch operations manual for a new employee.

A good manual does not just say, “Handle customer requests.” It says:

• •what counts as a valid request
• •which policy to follow
• •which systems to check
• •what to do if the customer asks for something restricted
• •when to stop and hand off to a human

An AI agent works the same way. The prompt is the instruction set that tells the agent how to behave across a task. In retail banking, that might mean:

• •summarize a customer complaint without exposing account numbers
• •classify a request under complaints, fraud, or servicing
• •refuse to provide regulated advice
• •ask for missing information before proceeding
• •escalate if the case touches sanctions, AML, or vulnerable customer handling

For compliance teams, the key point is this: prompt engineering is not just “wording.” It is control design.

A typical agent prompt has layers:

The analogy I use with non-technical teams is airport security. You do not train staff by hoping they “use judgment” in every case. You give them rules for screening, escalation paths for exceptions, and clear prohibited actions. Prompt engineering is the AI version of those operating procedures.

The difference with AI agents is that they can take multiple steps on their own. They may read a policy document, query a CRM record, draft an email, and decide whether to escalate. That means prompts must define not only what answer to produce, but also how far the agent is allowed to go.

Why It Matters

Compliance officers in retail banking should care because prompt engineering directly affects control quality.

• •

  It reduces policy drift
  A well-written prompt keeps agent behavior aligned with approved procedures instead of letting outputs vary by phrasing.

• •

  It supports auditability
  Structured prompts make it easier to show why an agent took a certain path and whether it followed required rules.

• •

  It helps prevent prohibited outputs
  Clear instructions can block advice on products, limit disclosure of personal data, and force escalation on regulated topics.

• •

  It improves consistency across channels
  The same underlying policy can be applied in chatbots, complaint triage tools, call-center assistants, and back-office workflows.

For banks operating under strict conduct and operational risk expectations, this matters because an AI agent is only as safe as its instructions. If the prompt is vague, the agent may be helpful in ways that create compliance exposure. If the prompt is precise, it becomes easier to govern.

Real Example

Here’s a practical example from retail banking: customer complaint triage.

A bank wants an AI agent to read incoming complaints and classify them before sending them to the right team. The compliance requirement is that the agent must never invent facts, must preserve customer privacy, and must escalate anything involving fraud or vulnerable customers.

A weak prompt would look like this:

Read the complaint and summarize it.

That leaves too much room for error. The model might over-summarize sensitive details or misclassify a conduct complaint as general servicing.

A better prompt looks like this:

You are a complaint triage assistant for a retail bank.

Task:
1. Read the complaint text.
2. Classify it into one of these categories: payments_error, card_issue, fees_charges,
   fraud_suspected, vulnerability_flagged, service_delay, other.
3. Extract only non-sensitive facts needed for routing.
4. Do not include full account numbers, card numbers, passwords, or full addresses.
5. If fraud_suspected or vulnerability_flagged appears likely from the text,
   set escalation_required = true.
6. If you are unsure about classification, set category = other and escalation_required = true.
7. Return output as JSON only.

Why this works better:

• •It narrows the task
• •It limits sensitive data handling
• •It defines escalation triggers
• •It reduces free-form language that could complicate downstream processing

Example output:

{
  "category": "fraud_suspected",
  "summary": "Customer reports unauthorized card transactions after losing wallet.",
  "escalation_required": true,
  "notes": "Potential card compromise; route to fraud team."
}

From a compliance perspective, this kind of prompt does three useful things:

• •enforces minimum necessary data usage
• •makes routing decisions more predictable
• •creates clearer evidence for review if the case is challenged later

That said, prompt engineering is not a substitute for controls around access management, logging, testing, or human oversight. It sits inside your broader governance model.

Related Concepts

• •

  System prompts
  The higher-priority instructions that define overall behavior for an AI agent.

• •

  Guardrails
  Rules that restrict unsafe or non-compliant actions such as disallowed disclosures or advice generation.

• •

  Tool use / function calling
  How agents interact with internal systems like CRM platforms, policy stores, or case management tools.

• •

  RAG (Retrieval-Augmented Generation)
  A method where the agent pulls approved documents before responding so answers are grounded in current policy.

• •

  Human-in-the-loop review
  A control pattern where sensitive or uncertain cases are routed to staff before any final action is taken.

Keep learning

• •The complete AI Agents Roadmap — my full 8-step breakdown
• •Free: The AI Agent Starter Kit — PDF checklist + starter code
• •Work with me — I build AI for banks and insurance companies

By Cyprian Aarons, AI Consultant at Topiax.