How to Build a customer support Agent Using AutoGen in Python for investment banking

A customer support agent for investment banking handles client questions about accounts, trades, statements, corporate actions, fees, and operational status without exposing sensitive data or giving unapproved advice. It matters because support in this domain is not just about speed; it has to be accurate, auditable, compliant, and tightly controlled around what the model can say.

Architecture

• •Client-facing assistant
  • •Receives the user request and classifies intent: account access, trade status, document retrieval, fee explanation, escalation.
• •Policy and compliance layer
  • •Enforces what the agent can answer.
  • •Blocks regulated content like investment advice, MNPI handling, or unverified transaction instructions.
• •Tool layer
  • •Connects to approved internal systems: CRM, ticketing, account lookup, document store, and case management.
• •AutoGen orchestration
  • •Uses AssistantAgent for reasoning and UserProxyAgent for execution and tool calls.
  • •Keeps tool execution deterministic and auditable.
• •Audit logging
  • •Stores prompts, tool calls, outputs, timestamps, user IDs, and escalation decisions.
• •Human handoff path
  • •Routes anything ambiguous or high-risk to a licensed operations or compliance team.

Implementation

1) Install AutoGen and define your safe tool surface

For investment banking support, do not expose raw database access to the model. Wrap only the exact functions you want the agent to call.

pip install pyautogen

from autogen import AssistantAgent, UserProxyAgent
from typing import Dict

def get_account_summary(account_id: str) -> Dict[str, str]:
    # Replace with a real internal service call
    return {
        "account_id": account_id,
        "status": "active",
        "base_currency": "USD",
        "service_level": "institutional"
    }

def get_ticket_status(ticket_id: str) -> Dict[str, str]:
    # Replace with a real ticketing API call
    return {
        "ticket_id": ticket_id,
        "status": "in_progress",
        "owner": "ops_support"
    }

2) Create an assistant with strict instructions

The system message should explicitly define boundaries. In investment banking support, the model should answer operational questions and escalate anything that looks like advice, trading instruction, or compliance-sensitive content.

llm_config = {
    "config_list": [
        {
            "model": "gpt-4o-mini",
            "api_key": "YOUR_OPENAI_API_KEY"
        }
    ],
    "temperature": 0
}

assistant = AssistantAgent(
    name="ib_support_assistant",
    llm_config=llm_config,
    system_message=(
        "You are an investment banking customer support agent. "
        "Answer only operational support questions. "
        "Do not provide investment advice, trade recommendations, legal guidance, or tax guidance. "
        "If a request involves MNPI, account changes, trade execution disputes, sanctions screening issues, "
        "or ambiguous compliance risk, escalate to a human reviewer. "
        "Always cite when a response is based on a tool result."
    )
)

3) Register tools on the user proxy and let AutoGen execute them

UserProxyAgent is the execution boundary. It can run Python functions and return results back into the conversation.

user_proxy = UserProxyAgent(
    name="support_gateway",
    human_input_mode="NEVER",
    max_consecutive_auto_reply=3,
)

user_proxy.register_function(
    function_map={
        "get_account_summary": get_account_summary,
        "get_ticket_status": get_ticket_status,
    }
)

Now wire the conversation so the assistant can request tools through AutoGen’s function-calling flow.

assistant.update_system_message(
    assistant.system_message + "\nAvailable tools: get_account_summary(account_id), get_ticket_status(ticket_id)."
)

message = (
    "Check account A12345 and tell me whether there are any open support issues."
)

chat_result = user_proxy.initiate_chat(
    assistant,
    message=message
)

print(chat_result.summary)

If you want more control over what gets executed in production, use explicit function registration metadata. This keeps the model from inventing arbitrary tool names.

from autogen import ConversableAgent

assistant = ConversableAgent(
    name="ib_support_assistant",
    llm_config=llm_config,
    system_message=(
        "You are an investment banking support agent. "
        "Use tools only for approved operational checks."
    )
)

assistant.register_for_llm(name="get_account_summary", description="Fetch approved account metadata")(get_account_summary)
assistant.register_for_llm(name="get_ticket_status", description="Fetch ticket status")(get_ticket_status)

user_proxy.register_for_execution(name="get_account_summary")(get_account_summary)
user_proxy.register_for_execution(name="get_ticket_status")(get_ticket_status)

4) Add escalation logic for compliance-sensitive requests

A support agent in this domain needs deterministic escalation triggers. If the prompt includes terms like “trade recommendation,” “insider information,” “change beneficiary,” or “wire transfer,” stop automation and hand off.

ESCALATION_TRIGGERS = [
    "investment advice",
    "trade recommendation",
    "mnpi",
    "wire transfer",
    "beneficiary change",
]

def should_escalate(text: str) -> bool:
    lowered = text.lower()
    return any(trigger in lowered for trigger in ESCALATION_TRIGGERS)

incoming = "Can you recommend whether I should buy more of this bond?"
if should_escalate(incoming):
    print("Escalate to human compliance/support.")
else:
    result = user_proxy.initiate_chat(assistant, message=incoming)
    print(result.summary)

Production Considerations

• •Deploy behind a policy gateway
  • •Put the agent behind authenticated APIs with SSO/MFA and role-based access control.
  • •Do not let anonymous users query account-level data.
• •Log everything needed for audit
  • •Store prompt text, tool invocations, returned fields, model version, timestamps, user identity, and escalation reason.
  • •Investment banking teams will need this for supervision and dispute resolution.
• •Enforce data residency
  • •Keep prompts and retrieved records within approved regions.
  • •If your bank requires EU or UK residency for client data, route inference accordingly and block cross-region logging.
• •Add response guardrails
  • •Validate outputs before returning them to users.
  • •Strip unsupported claims like “your funds are safe” unless that comes from an authoritative internal source.

Common Pitfalls

• •Letting the model talk directly to internal systems
  • •Avoid raw SQL or unrestricted API access.
  • •Wrap every action in a narrow Python function with fixed inputs and outputs.
• •Using vague system prompts
  • •“Be helpful” is not enough in investment banking.
  • •Spell out prohibited topics: advice, execution instructions, legal interpretation, MNPI handling.
• •Skipping human escalation
  • •Not every request should be automated.
  • •Build explicit routes for complaints about trades, sanctions issues, KYC changes, fraud claims, and anything involving account amendments.

If you build this with tight tool boundaries and hard escalation rules, AutoGen works well for investment banking support. The key is treating the agent like a supervised operations worker with limited authority—not a general-purpose chatbot.

Keep learning

• •The complete AI Agents Roadmap — my full 8-step breakdown
• •Free: The AI Agent Starter Kit — PDF checklist + starter code
• •Work with me — I build AI for banks and insurance companies

By Cyprian Aarons, AI Consultant at Topiax.