How to Build a customer support Agent Using AutoGen in TypeScript for investment banking

A customer support agent for investment banking handles client queries about onboarding, trade status, document requests, fee explanations, and service routing. It matters because every response sits inside a regulated workflow: one bad answer can create compliance exposure, break auditability, or leak sensitive client data.

Architecture

• •

  Client intake layer

  • •Receives requests from chat, email, or an internal portal.
  • •Normalizes the message into a structured support ticket with client ID, product line, urgency, and jurisdiction.
• •

  Policy and compliance guardrail

  • •Checks the request against bank policy before any model response.
  • •Blocks advice-like language, restricted disclosures, and unsupported actions.
• •

  AutoGen agent

  • •Uses AssistantAgent to classify the request, draft a response, or route it to the right desk.
  • •Keeps the conversation state in a controlled runtime.
• •

  Tool layer

  • •Exposes approved functions like lookupTicketStatus, getClientProfile, and createCase.
  • •Never gives the model raw database access.
• •

  Audit logging

  • •Stores prompt inputs, tool calls, model outputs, and final user-facing responses.
  • •Needed for surveillance, incident review, and regulatory evidence.
• •

  Human escalation path

  • •Routes high-risk cases to operations or compliance staff.
  • •Required for complaints, trading disputes, KYC issues, and anything that crosses policy boundaries.

Implementation

1) Install AutoGen for TypeScript and define your support tools

Use the AutoGen TypeScript package and keep all external systems behind explicit tools. In investment banking, this is where you enforce data minimization and residency rules.

npm install @autogen/agentchat @autogen/core zod

import { z } from "zod";

type SupportTicket = {
  ticketId: string;
  clientId: string;
  category: "onboarding" | "trade-status" | "fees" | "documents" | "complaint";
  status: string;
};

export async function lookupTicketStatus(ticketId: string): Promise<SupportTicket> {
  // Replace with internal case management API call
  return {
    ticketId,
    clientId: "C-10291",
    category: "trade-status",
    status: "Pending settlement confirmation",
  };
}

export async function createEscalationCase(input: {
  clientId: string;
  reason: string;
}): Promise<{ caseId: string }> {
  // Replace with CRM / workflow system integration
  return { caseId: `ESC-${Date.now()}` };
}

export const TicketLookupInput = z.object({
  ticketId: z.string().min(1),
});

2) Build the AutoGen assistant with a strict system message

Use AssistantAgent for the support brain and keep it narrow. The system message should tell it what it can do, what it must not do, and when to escalate.

import { AssistantAgent } from "@autogen/agentchat";

export const supportAgent = new AssistantAgent({
  name: "investment-banking-support-agent",
  modelClient: {
    // Wire this to your OpenAI-compatible model client in your environment
    model: "gpt-4o-mini",
    apiKey: process.env.OPENAI_API_KEY!,
    temperature: 0,
  },
  systemMessage: `
You are a customer support agent for investment banking clients.

Rules:
- Answer only support questions about onboarding, trade status, documents, fees, and routing.
- Never provide investment advice, legal advice, tax advice, or market recommendations.
- Never reveal account numbers, PII beyond what is necessary, or internal policy text.
- If the user asks about complaints, disputes, suspicious activity, sanctions screening,
  KYC remediation, or anything requiring judgment beyond standard support,
  escalate immediately.
- Use approved tools when you need ticket status or case creation.
- Keep responses short, factual, and suitable for audit review.
`,
});

3) Add a guarded run loop with tool execution and escalation

The pattern below shows how to route a request through policy checks before generating a response. This is the part that keeps the agent usable in production instead of becoming an uncontrolled chat bot.

import { Tool } from "@autogen/core";

const lookupTicketTool = new Tool({
  name: "lookupTicketStatus",
  description: "Look up the status of a support ticket by ticket ID.",
  inputSchema: TicketLookupInput,
});

async function handleSupportRequest(userMessage: string) {
  const blockedTerms = ["recommend", "buy", "sell", "guarantee return"];
  if (blockedTerms.some((term) => userMessage.toLowerCase().includes(term))) {
    return {
      action: "escalate",
      reason: "Potential investment advice request",
    };
    }

  const result = await supportAgent.run({
    messages: [
      {
        role: "user",
        content: userMessage,
      },
    ],
    tools: [lookupTicketTool],
    maxTurns: 3,
  });

  return {
    action: "respond",
    output: result.messages.at(-1)?.content ?? "",
    traceId: crypto.randomUUID(),
  };
}

4) Wire escalation into your application boundary

Do not let the agent decide silently on high-risk cases. The app layer should convert those cases into a human workflow with an auditable reason code.

async function processIncomingMessage(message: string) {
if (message.toLowerCase().includes("complaint") || message.toLowerCase().includes("sanction")) {
    const caseRef = await createEscalationCase({
      clientId: "C-10291",
      reason: "High-risk compliance-related inquiry",
    });

    return {
      reply:
        `I’ve routed this to a specialist team. Your reference number is ${caseRef.caseId}.`,
      escalated: true,
    };
}

const result = await handleSupportRequest(message);
return result;
}

Production Considerations

• •

  Data residency

  • •Keep prompts and logs inside approved regions only.
  • •If your bank has EU/UK clients or region-specific booking entities, make sure model traffic does not cross those boundaries.
• •

  Auditability

  • •Persist every input message, tool invocation, model output, escalation reason code, and final response.
  • •Store immutable traces with correlation IDs so compliance can reconstruct decisions later.
• •

  Guardrails

  • •Add deterministic filters for restricted content before and after model execution.
  • •Block account disclosure unless identity verification has already completed in your upstream auth layer.
• •

  Operational monitoring

  • •Track escalation rate, tool failure rate, blocked-policy hits, latency by desk/category, and false-route incidents.
  • •Alert on unusual spikes in complaint routing or repeated attempts to solicit advice-like answers.

Common Pitfalls

1. •

   Letting the model talk directly to internal systems

   • •Avoid exposing databases or CRM APIs as raw context.
   • •Wrap every integration in narrow tools with schema validation and permission checks.
2. •

   Using vague prompts instead of hard policy controls

   • •A system message is not enough for regulated workflows.
   • •Enforce pre-checks for advice requests, complaint handling, sanctions topics, and PII disclosure at the application layer.
3. •

   Skipping escalation design

   • •Support agents in investment banking must know when not to answer.
   • •Build explicit handoff paths for disputes, KYC exceptions, suspicious activity reports, and anything requiring judgment from operations or compliance teams.

Keep learning

• •The complete AI Agents Roadmap — my full 8-step breakdown
• •Free: The AI Agent Starter Kit — PDF checklist + starter code
• •Work with me — I build AI for banks and insurance companies

By Cyprian Aarons, AI Consultant at Topiax.