How to Build a customer support Agent Using CrewAI in TypeScript for investment banking
A customer support agent for investment banking handles client queries on account access, trade status, statement requests, product eligibility, and service issues without exposing sensitive data or crossing compliance lines. It matters because support in this domain is not just about response time; it is about accuracy, auditability, data residency, and making sure every answer stays inside the bank’s approved policy surface.
Architecture
- •
Client intake layer
- •Receives requests from web chat, email, or CRM tickets.
- •Normalizes the message into a structured case with client ID, channel, jurisdiction, and request type.
- •
Policy retrieval layer
- •Pulls approved knowledge from internal sources: SOPs, product docs, escalation rules, and compliance playbooks.
- •Must be read-only and versioned so every response can be traced back to a source.
- •
CrewAI agent layer
- •One primary support agent that classifies the request and drafts a response.
- •One compliance reviewer agent that checks for restricted content, unsuitable advice, and missing disclosures.
- •
Tooling layer
- •Functions for ticket lookup, FAQ retrieval, case tagging, and escalation creation.
- •Keep tools narrow. A support agent should not have free-form access to internal systems.
- •
Audit and logging layer
- •Stores prompt inputs, tool calls, retrieved documents, final output, and reviewer decisions.
- •Required for model risk review and post-incident reconstruction.
Implementation
1) Set up the project and install dependencies
Use the TypeScript CrewAI package plus a minimal runtime for environment variables.
npm init -y
npm install @crewai/crewai dotenv
npm install -D typescript tsx @types/node
Create a tsconfig.json with standard Node settings:
{
"compilerOptions": {
"target": "ES2022",
"module": "NodeNext",
"moduleResolution": "NodeNext",
"strict": true,
"esModuleInterop": true,
"skipLibCheck": true,
"outDir": "dist"
}
}
2) Define tools for controlled access to support data
For investment banking support, tools should expose only approved lookups. Do not connect the agent directly to raw databases or unrestricted APIs.
import 'dotenv/config';
import { Agent } from '@crewai/crew';
type SupportCase = {
caseId: string;
clientId: string;
jurisdiction: string;
category: 'statement' | 'trade_status' | 'access' | 'product_query' | 'other';
message: string;
};
const lookupPolicy = async (category: string) => {
const policies: Record<string, string> = {
statement: 'Statements are available after T+1. Do not promise intraday delivery.',
trade_status: 'Trade status can be shared only if the requester is authenticated and entitled.',
access: 'Password reset requires step-up authentication.',
product_query: 'Do not provide suitability or advice. Refer to approved product documentation.'
};
return policies[category] ?? 'Escalate to human support.';
};
const createEscalation = async (caseId: string, reason: string) => {
return { ticketId: `ESC-${caseId}`, reason };
};
export const supportAgent = new Agent({
name: 'Investment Banking Support Agent',
role: 'Client service specialist',
goal: 'Resolve routine client support requests using approved policy only',
backstory:
'You handle investment banking client support cases with strict compliance boundaries.',
});
3) Build a two-agent crew with a compliance reviewer
The pattern here is simple: one agent drafts the response, another checks it before anything goes out. That second pass is what keeps you out of trouble when the model tries to be helpful in ways your policy does not allow.
import { Crew } from '@crewai/crew';
const complianceAgent = new Agent({
name: 'Compliance Reviewer',
role: 'Policy checker',
goal: 'Block responses that violate banking policy or regulatory constraints',
backstory:
'You review every customer-facing answer for suitability, confidentiality, disclosure gaps, and escalation needs.',
});
async function handleSupportCase(input: SupportCase) {
const policyText = await lookupPolicy(input.category);
const draftTask = {
description: `
Classify this client request and draft a concise support reply.
Case ID: ${input.caseId}
Jurisdiction: ${input.jurisdiction}
Category: ${input.category}
Message: ${input.message}
Approved policy: ${policyText}
Rules:
- Do not provide financial advice
- Do not reveal internal procedures
- Escalate if identity or entitlement is unclear
- Keep tone professional and concise
`,
expectedOutput:
'A client-safe draft response plus an escalation flag if needed.',
agent: supportAgent,
};
const reviewTask = {
description: `
Review the draft for compliance risks.
Reject any answer that includes advice, unsupported promises,
confidential information leakage, or missing disclosures.
If unsafe, return an escalation note instead of a client reply.
`,
expectedOutput:
'Approved final response or escalation instructions.',
agent: complianceAgent,
context: [draftTask],
};
const crew = new Crew({
agents: [supportAgent, complianceAgent],
tasks: [draftTask as any, reviewTask as any],
process: 'sequential',
});
const result = await crew.kickoff();
return result;
}
4) Run the workflow and route unsafe cases to humans
In production you do not want every case auto-resolved. Anything involving entitlement checks, trading issues with money movement impact, complaints, sanctions-related wording, or cross-border data concerns should escalate.
(async () => {
const result = await handleSupportCase({
caseId: 'CS-10421',
clientId: 'C-77881',
jurisdiction: 'UK',
category: 'trade_status',
message:
'Can you confirm whether my equity trade settled and send me the execution details?',
});
console.log(JSON.stringify(result, null, 2));
})();
If your CrewAI version exposes richer primitives like Task, Process, or built-in tool registration in your installed package version of @crewai/crew, use them instead of anonymous task objects. The production pattern stays the same:
- •classify request
- •retrieve approved policy
- •draft response
- •run compliance review
- •escalate when confidence or entitlement is low
Production Considerations
- •
Deployment
- •Keep runtime in-region if your bank has residency requirements.
- •Pin model endpoints to approved vendors and regions; do not route EU client data through US-only infrastructure unless legal approves it.
- •
Monitoring
- •Log prompt versions, retrieved policy IDs, tool outputs, reviewer decisions, and final responses.
- •Track refusal rate and escalation rate by category; spikes usually mean broken retrieval or bad prompt changes.
- •
Guardrails
- •Add hard filters for prohibited content such as investment recommendations, pricing commitments beyond published terms, and internal control details.
- •Require step-up authentication before any account-specific answer leaves the system.
- •
Human handoff
- •Escalate complaints tied to trades, fees disputes over material amounts, sanctions screening hits, legal threats around confirmations/statements.
- •Preserve full conversation history so a human can continue without re-asking sensitive questions.
Common Pitfalls
- •
Giving the agent broad system access
- •Mistake: connecting it directly to core banking APIs or unrestricted search.
- •Fix: expose only narrow tools with read-only scopes and explicit allowlists.
- •
Skipping compliance review
- •Mistake: letting the first draft go straight to clients.
- •Fix: use a second CrewAI agent as a reviewer or enforce deterministic rule checks before send-out.
- •
Ignoring audit requirements
- •Mistake: logging only final answers.
- •Fix:
- •store input message
- •store retrieved policy snapshot
- •store tool calls
- •store model output
- •store reviewer decision
- •
Treating all requests as automatable
- •Mistake: resolving anything that looks simple on the surface.
- •Fix:
- •escalate entitlement issues
- •escalate complaints
- •escalate anything with legal or regulatory implications
- •escalate when jurisdiction is ambiguous
Keep learning
- •The complete AI Agents Roadmap — my full 8-step breakdown
- •Free: The AI Agent Starter Kit — PDF checklist + starter code
- •Work with me — I build AI for banks and insurance companies
By Cyprian Aarons, AI Consultant at Topiax.
Want the complete 8-step roadmap?
Grab the free AI Agent Starter Kit — architecture templates, compliance checklists, and a 7-email deep-dive course.
Get the Starter Kit