AI Agents for investment banking: How to Automate customer support (multi-agent with AutoGen)

Investment banking support teams spend a lot of time answering repetitive, high-volume requests: trade status checks, settlement questions, corporate action updates, onboarding status, document retrieval, and client entitlements. The problem is not just volume; it’s the need to respond with precision, within SLA, and without leaking restricted information across desks, entities, or jurisdictions.

A multi-agent system built with AutoGen fits this problem well because support work in banking is already split into roles. One agent can classify the request, another can retrieve policy-checked answers from internal systems, and a supervisor agent can enforce approval rules before anything reaches the client.

The Business Case

• •

  Reduce first-line support handling time by 35-55%

  • •A typical investment banking support desk may spend 6-10 minutes per ticket on triage, lookup, and response drafting.
  • •With agents handling classification, retrieval, and draft generation, that drops to 3-5 minutes for standard cases.
• •

  Cut L1/L2 support cost by 20-30%

  • •For a regional investment bank with 25-40 support analysts across markets and operations, that usually means several million dollars annually in labor cost.
  • •Automation does not remove the team; it shifts them toward exceptions, escalations, and relationship management.
• •

  Lower response errors by 40-70% on repetitive queries

  • •Most mistakes in support come from manual copy-paste across systems: wrong account mapping, stale settlement dates, or incorrect entitlement references.
  • •A retrieval-backed agent with policy checks reduces those errors materially if it is constrained to approved sources.
• •

  Improve SLA compliance from ~85-90% to 95%+

  • •Investment banking clients expect same-day answers for operational issues.
  • •An agentic triage layer can route urgent items instantly and keep routine requests from sitting in queues.

Architecture

A production setup should be boring in the right way: narrow scope, clear ownership, and hard guardrails.

• •

  Client intake and routing layer

  • •Use a web portal or secure email ingestion service to capture requests from institutional clients.
  • •Add LangChain for normalization and intent detection.
  • •Classify into buckets like trade confirmation, settlement fail, onboarding KYC status, corporate actions, or access request.
• •

  Multi-agent orchestration layer

  • •Use AutoGen as the core conversation framework.
  • •Split responsibilities into agents such as:
    • •Triage Agent: identifies request type and urgency
    • •Policy Agent: checks entitlement rules and disclosure constraints
    • •Retrieval Agent: queries approved internal sources
    • •Supervisor Agent: approves or blocks responses
  • •For more deterministic workflows, wrap AutoGen inside LangGraph so every branch is explicit.
• •

  Knowledge and retrieval layer

  • •Store policy docs, SOPs, runbooks, product FAQs, and client-specific service notes in pgvector or Pinecone.
  • •Keep source-of-truth data in controlled systems like CRM, ticketing platforms, reference data services, or document stores.
  • •Use retrieval only from approved corpora; do not let the model “reason” over raw emails or unvetted PDFs.
• •

  Controls and audit layer

  • •Log every prompt, retrieved document ID, response draft, approval decision, and final output.
  • •Integrate with SIEM tooling and retention policies aligned to SOC 2 controls.
  • •Add role-based access control and field-level redaction for PII and MNPI-sensitive content.

What Can Go Wrong

A few compliance notes matter here. GDPR affects how you store and process personal data for EU clients. SOC 2 matters for access control, logging, change management, and incident response. If your platform touches credit exposure reporting or operational risk data used in capital calculations downstream, align controls with Basel III governance expectations. HIPAA is usually irrelevant unless you serve healthcare-related financial clients with protected health information in a specific workflow; don’t overclaim it unless it truly applies.

Getting Started

1. •

   Pick one narrow use case

   • •Start with high-volume but low-risk requests like settlement status or onboarding document status.
   • •Avoid anything involving trading advice, pricing commitments, legal interpretation of ISDA terms on day one.
   • •Scope the pilot to one region or one business line.
2. •

   Build a six-week pilot team

   • •You need:
     • •1 product owner from operations
     • •1 engineering lead
     • •1 ML engineer
     • •1 data engineer
     • •1 compliance/risk partner part-time
     • •2 support SMEs for review
   • •That is enough to ship a controlled pilot without turning it into an enterprise transformation program.
3. •

   Run read-only mode first

   • •For the first 4-6 weeks, let the system draft responses but do not auto-send them.
   • •Measure:
     • •intent classification accuracy
     • •retrieval precision
     • •average handling time
     • •human override rate
   • •If override rates stay above ~20%, your scope is too broad or your source data is too messy.
4. •

   Expand only after auditability is proven

   • •Once you have stable metrics and clean logs for at least one month of traffic, move to partial automation for low-risk categories.
   • •Keep human approval for anything involving legal terms, cross-border disclosures, fee disputes, sanctions-related issues, or client complaints.

The practical pattern here is simple: let agents do triage and drafting, not judgment. In investment banking, that distinction keeps you compliant while still taking real load off the support desk.

Keep learning

• •The complete AI Agents Roadmap — my full 8-step breakdown
• •Free: The AI Agent Starter Kit — PDF checklist + starter code
• •Work with me — I build AI for banks and insurance companies

By Cyprian Aarons, AI Consultant at Topiax.