How to Build a customer support Agent Using AutoGen in Python for fintech
A customer support agent for fintech handles account questions, card disputes, transaction explanations, fee breakdowns, and status updates without exposing sensitive data or making unsupported promises. It matters because support in financial services is not just about speed; it has to respect compliance, auditability, data residency, and strict boundaries around what the agent can say or do.
Architecture
- •User-facing assistant
- •Receives the customer’s message and classifies intent: balance question, charge dispute, failed transfer, KYC status, fee explanation.
- •Policy/guardrails layer
- •Blocks requests involving raw PANs, CVVs, secrets, or regulated advice.
- •Enforces “no action without confirmation” for money movement or account changes.
- •Tool layer
- •Calls internal APIs for ticket lookup, transaction history, dispute status, and knowledge base search.
- •Keeps all sensitive access behind authenticated service endpoints.
- •Supervisor / routing agent
- •Decides when to answer directly and when to escalate to a human queue.
- •In AutoGen terms, this is often a
GroupChatManagercoordinating specializedAssistantAgents.
- •Audit logger
- •Stores prompts, tool calls, model outputs, timestamps, and escalation reasons.
- •Needed for incident review and regulatory audits.
- •Human handoff path
- •Creates a support ticket with context when the agent hits uncertainty or policy boundaries.
Implementation
1) Install AutoGen and define the support tools
For fintech support, the agent should not “know” customer data from memory. It should query internal systems through narrow tools that return only what is needed.
from typing import Dict
import requests
def get_ticket_status(ticket_id: str) -> str:
# Replace with your internal ticketing API
resp = requests.get(f"https://support.internal/api/tickets/{ticket_id}", timeout=10)
resp.raise_for_status()
data = resp.json()
return f"Ticket {ticket_id}: {data['status']}"
def lookup_transaction(txn_id: str) -> str:
# Replace with your ledger/transaction API
resp = requests.get(f"https://ledger.internal/api/transactions/{txn_id}", timeout=10)
resp.raise_for_status()
data = resp.json()
return (
f"Transaction {txn_id}: {data['state']}, "
f"amount={data['amount']}, currency={data['currency']}"
)
def search_kb(query: str) -> str:
# Replace with your approved knowledge base search
resp = requests.post(
"https://kb.internal/api/search",
json={"query": query},
timeout=10,
)
resp.raise_for_status()
hits = resp.json().get("results", [])
return "\n".join([f"- {h['title']}: {h['snippet']}" for h in hits[:3]]) or "No results"
2) Create specialized AutoGen agents
Use one assistant for customer support responses and another as a policy reviewer. The support agent can use tools; the reviewer enforces compliance rules before anything goes back to the user.
import autogen
llm_config = {
"config_list": [
{
"model": "gpt-4o-mini",
"api_key": "YOUR_OPENAI_API_KEY",
}
],
"temperature": 0,
}
support_agent = autogen.AssistantAgent(
name="support_agent",
llm_config=llm_config,
system_message=(
"You are a fintech customer support agent. "
"Answer only using approved tools and policy-safe language. "
"Never request or reveal PAN, CVV, passwords, OTPs, or full bank details. "
"Escalate disputes involving fraud suspicion, chargebacks beyond status updates, "
"or anything requiring account changes."
),
)
policy_agent = autogen.AssistantAgent(
name="policy_agent",
llm_config=llm_config,
system_message=(
"You are a compliance reviewer for fintech support. "
"Reject any response that reveals sensitive data or makes unsupported commitments. "
"Ensure auditability, data minimization, and safe escalation."
),
)
3) Wire up a group chat flow with tool execution
AutoGen’s UserProxyAgent can act as the controlled executor. In production you’d wrap the functions above as registered tools or expose them via your own orchestration layer; this pattern shows the actual AutoGen conversation loop.
user_proxy = autogen.UserProxyAgent(
name="user_proxy",
human_input_mode="NEVER",
code_execution_config=False,
)
groupchat = autogen.GroupChat(
agents=[user_proxy, support_agent, policy_agent],
messages=[],
max_round=6,
)
manager = autogen.GroupChatManager(groupchat=groupchat, llm_config=llm_config)
prompt = """
Customer says:
"I was charged twice for card payment txn_12345. Can you check the status and tell me what happened?"
"""
user_proxy.initiate_chat(manager, message=prompt)
The key pattern here is that the assistant should not answer from raw model memory. It should retrieve ticket state or transaction state through approved systems first, then produce a short customer-safe response.
4) Add escalation logic for high-risk cases
Fintech support needs hard stops. If the user mentions fraud loss, account takeover, sanctions screening issues, or asks to bypass verification, route directly to a human queue.
HIGH_RISK_TERMS = {
"fraud", "stolen", "account takeover", "chargeback", "sanctions",
"cvv", "otp", "password", "wire reversal"
}
def needs_escalation(message: str) -> bool:
text = message.lower()
return any(term in text for term in HIGH_RISK_TERMS)
customer_message = "My card was stolen and there are three suspicious charges."
if needs_escalation(customer_message):
print("Escalate to human support with full audit trail.")
else:
user_proxy.initiate_chat(manager, message=customer_message)
Production Considerations
- •
Deploy behind authenticated service boundaries
- •Put the agent behind your normal API gateway and identity layer.
- •Do not let it call ledger or KYC systems directly from client-side code.
- •
Log every decision path
- •Store user input, retrieved tool output IDs, model response version, escalation reason, and final disposition.
- •This matters for SOC2 evidence, complaint handling, and regulator requests.
- •
Keep data residency explicit
- •If your fintech operates across regions, pin model inference and vector storage to approved jurisdictions.
- •Customer data from EU accounts should not silently route to non-compliant infrastructure.
- •
Add deterministic guardrails
- •Use rule-based filters before LLM generation for PAN/CVV/OTP leakage.
- •For money movement or account changes: require human approval or out-of-band confirmation.
Common Pitfalls
- •
Letting the model improvise on account facts
- •Mistake: asking the LLM to explain balances or transfers without querying source systems.
- •Fix: make all factual answers come from tools like
lookup_transaction()or ticket APIs.
- •
Skipping compliance review on generated replies
- •Mistake: sending raw assistant output straight to customers.
- •Fix: run a policy pass with a second agent or deterministic validator before delivery.
- •
Overexposing internal context
- •Mistake: stuffing full customer profiles into prompts “for better answers.”
- •Fix: minimize context. Pass only the fields needed for the current request.
- •
Ignoring handoff criteria
- •Mistake: trying to automate fraud cases end-to-end.
- •Fix: define clear escalation triggers for disputes, suspicious activity, legal complaints, and identity verification failures.
A good fintech support agent is not a chatbot with access to billing data. It is a controlled workflow that answers low-risk questions fast while preserving auditability and pushing risky cases into human review.
Keep learning
- •The complete AI Agents Roadmap — my full 8-step breakdown
- •Free: The AI Agent Starter Kit — PDF checklist + starter code
- •Work with me — I build AI for banks and insurance companies
By Cyprian Aarons, AI Consultant at Topiax.
Want the complete 8-step roadmap?
Grab the free AI Agent Starter Kit — architecture templates, compliance checklists, and a 7-email deep-dive course.
Get the Starter Kit