How to Build a customer support Agent Using AutoGen in TypeScript for retail banking

A retail banking customer support agent handles routine account questions, card disputes, fee explanations, branch info, and next-step routing for cases that need a human. It matters because support volume is high, answers must be consistent with policy, and every response has compliance, audit, and data-handling implications.

Architecture

• •

  Channel adapter

  • •Receives messages from web chat, mobile app, or authenticated banking portal.
  • •Normalizes session context: customer ID, locale, product type, and consent flags.
• •

  Policy-aware assistant

  • •Uses AssistantAgent to classify intent and draft responses.
  • •Keeps answers constrained to approved retail banking policy.
• •

  Tool layer

  • •Exposes functions for account lookup, card status, fee schedule lookup, case creation, and branch search.
  • •Keeps the LLM away from raw core-banking systems.
• •

  Human escalation path

  • •Uses UserProxyAgent or a service queue when the request is sensitive.
  • •Required for disputes, fraud suspicion, complaints, and regulated disclosures.
• •

  Audit and observability layer

  • •Logs prompts, tool calls, model outputs, and final decisions.
  • •Needed for compliance review and incident reconstruction.
• •

  Data boundary controls

  • •Redacts PII before model input where possible.
  • •Enforces residency rules by keeping traffic in-region and using approved models only.

Implementation

1. •

   Install AutoGen for TypeScript and define your banking tools

   Start with a narrow tool surface. For retail banking support, you usually need read-only account metadata plus a case creation tool for escalation.

   npm install @autogenai/autogen
   

   import { AssistantAgent } from "@autogenai/autogen";
   
   type CustomerContext = {
     customerId: string;
     locale: string;
     authenticated: boolean;
     region: "us" | "eu";
   };
   
   async function getAccountSummary(customerId: string) {
     return {
       maskedAccountNumber: "****4821",
       product: "Checking",
       balance: 1842.15,
       currency: "USD",
       status: "Active",
     };
   }
   
   async function createSupportCase(input: { customerId: string; reason: string }) {
     return {
       caseId: `CASE-${Date.now()}`,
       status: "Open",
       assignedQueue: "Retail-Banking-Support",
     };
   }
   

2. •

   Create an assistant with strict instructions

   The key is not “chatty” behavior. The agent should answer only from approved bank policy and escalate anything sensitive. In retail banking, that includes fraud claims, disputes older than policy allows the bot to resolve, overdraft hardship requests, and any request involving full PAN or authentication bypass.

   const supportAgent = new AssistantAgent({
     name: "retail_banking_support_agent",
     systemMessage: `
   

You are a retail banking support agent. Rules:

• •Do not invent policy.
• •Do not request or expose full account numbers, card PANs, CVV, PINs, passwords, or OTPs.
• •If the user asks about fraud, chargebacks/disputes beyond basic status checks, complaints, legal notices, or identity verification failures, escalate to a human.
• •Use tools only for read-only account summary and case creation.
• •Keep responses concise and compliant. `, llmConfig: { model: "gpt-4o-mini", temperature: 0, }, });

3. •

   Wire tool execution into the conversation loop

   This pattern keeps the model as the planner while your code remains the source of truth for data access. You pass authenticated context into the agent message flow and let the assistant decide when to call tools or escalate.

   import { UserProxyAgent } from "@autogenai/autogen";
   
   const userProxy = new UserProxyAgent({
     name: "customer_proxy",
     humanInputMode: "NEVER",
     maxConsecutiveAutoReply: 3,
   });
   
   async function handleCustomerMessage(message: string, ctx: CustomerContext) {
     if (!ctx.authenticated) {
       return "Please sign in to continue.";
     }
   
     const result = await supportAgent.run(
       [
         {
           role: "user",
           content: `Customer context:
   

• •

  customerId: ${ctx.customerId}

• •

  locale: ${ctx.locale}

• •

  region: ${ctx.region} Message: ${message}`, }, ], { // keep execution inside your controlled environment tools: { getAccountSummary, createSupportCase, }, } );

  return result.finalOutput; }

4. •

   Add escalation logic for regulated cases

   Retail banking support cannot be fully automated. If the message contains fraud language or dispute keywords, route directly to a case instead of letting the model free-form an answer. That reduces regulatory risk and avoids accidental promises on timelines or liability.

   function needsEscalation(message: string) {
     const text = message.toLowerCase();
     return [
       "fraud",
       "unauthorized charge",
       "chargeback",
       "dispute",
       "complaint",
       "legal",
       "lawsuit",
       "identity theft",
     ].some((term) => text.includes(term));
   }
   
   async function respond(message: string, ctx: CustomerContext) {
     if (needsEscalation(message)) {
       const caseRef = await createSupportCase({
         customerId: ctx.customerId,
         reason: message.slice(0, 200),
       });
       return `I’ve created case ${caseRef.caseId} and routed it to our support team.`;
     }
   
     return handleCustomerMessage(message, ctx);
   }
   

Production Considerations

• •

  Deploy in-region

  • •Keep inference in the same geography as your customer data.
  • •For EU customers, avoid sending personal data outside approved regions unless your legal basis and vendor contracts explicitly allow it.
• •

  Log everything needed for audit

  • •Store prompt version, tool calls, model output hash, escalation reason, timestamp, and operator actions.
  • •Mask PII in logs; auditors need traceability without exposing raw customer data.
• •

  Set hard guardrails

  • •Block prompts that ask for PINs, OTPs, passwords, full card numbers, or account takeover actions.
  • •Force human review for disputes/fraud/complaints instead of trying to “handle it better” with prompt tuning.
• •

  Monitor answer quality by intent

  • •Track containment rate separately for balance questions, card status checks, fee explanations, and escalation cases.
  • •Retail banking failures are usually intent-specific; one global accuracy number hides real risk.

Common Pitfalls

1. •

   Letting the model see too much data

   • •Don’t pass raw statements or full customer profiles into every prompt.
   • •Send only what is needed for the current task plus masked identifiers.
2. •

   Using free-form generation for regulated answers

   • •Fee waivers、chargeback timing، overdraft policies، and complaint handling need approved copy.
   • •Put those answers behind retrieval from controlled policy text or hardcoded templates.
3. •

   Skipping escalation rules

   • •If you rely on the agent to “know when to hand off,” you will miss edge cases.
   • •Use deterministic routing first; let AutoGen handle conversation after your risk checks pass.
4. •

   Ignoring residency and retention requirements

   • •Some banks cannot move customer data across borders or retain prompts indefinitely.
   • •Define retention windows up front and keep all storage aligned with your compliance program.

Keep learning

• •The complete AI Agents Roadmap — my full 8-step breakdown
• •Free: The AI Agent Starter Kit — PDF checklist + starter code
• •Work with me — I build AI for banks and insurance companies

By Cyprian Aarons, AI Consultant at Topiax.