Agentic AI in Finance: $17.5T Upside, Liability Questions, and the Race for Trust

Agentic AI: New Challenges and Opportunities for Finance

September 20, 2025 at 8:31 PM GMT+8

Agentic AI-systems that act autonomously on behalf of users-is moving from concept to commerce. Forecasts suggest it could influence up to $17.5 trillion in global transactions by 2030, with early signals pointing to significant adoption across payments and consumer engagement. Yet the operational, legal, and risk implications are far from settled.

Why this matters now

• Liability is unclear: Who pays when an agent makes an erroneous purchase-bank, merchant, platform, or consumer?
• Standards are needed: Merchant catalogs must be machine-readable so agents can compare SKUs, prices, fees, delivery windows, and return policies without ambiguity.
• Security risk is rising: Malicious actors can hijack agents, steer them off-policy, or scrape sensitive data. "Remember, AI can't tell a sketchy website from a legitimate one, so there is a lot of opportunity for shenanigans," said industry expert McPherson.

Market impact and the operating cost curve

Analysts indicate agentic AI could cut bank operating costs by ~20% through automation of service, ops, and back-office workflows. The catch: meaningful spend on core upgrades, data quality, monitoring, and a new fraud stack.

Expect margin pressure. Agents will auto-move deposits to better rates, reallocate card balances to zero-interest offers, and negotiate fees in real time. Price transparency becomes default; cross-sell becomes earned, not assumed.

Adoption paths for financial institutions

• Build: Proprietary agent platforms for high-value use cases (treasury moves, portfolio rebalancing, card optimization).
• Partner: Work with fintechs or hyperscalers to accelerate time-to-market while retaining control over risk and data.
• Integrate: Plug into merchant or non-bank agent platforms to preserve acceptance and customer reach.

Scaling hinges on merchant participation. Make it simple for sellers to publish agent-readable catalogs, present clear fulfillment rules, and expose refund/chargeback terms. The easier it is for agents to "shop the shelf," the faster adoption will spread.

Security, fraud, and data foundations

• Data: Define data contracts, lineage, and retention. Separate sensitive PII into vaults. Build event-level telemetry for every agent action.
• Security: Use allowlisted retrieval, content filtering, egress controls, and signed actions. Isolate model execution and sessions. Enforce least privilege for tools and connectors.
• Fraud: Device binding, behavioral biometrics, anomaly scoring, and step-up challenges tied to transaction risk. Treat agent actions as high-variance by default until proven stable.

Proving "who controlled the agent" and "what was intended"

This is the toughest problem for banks-and it varies by payment rail. Card-not-present, push payments (ACH/SEPA), RTP/UPI, and wires all have different confirmation, revocation, and dispute mechanisms.

• Controls to prioritize:
  • Strong customer authentication: FIDO2/WebAuthn, possession plus biometrics, and out-of-band step-up.
  • Transaction signing with dynamic linking (amount, payee, and context bound to the signature).
  • Consent tokens with explicit scope, value caps, merchant allowlists, and short TTLs.
  • Cryptographic receipts and immutable audit logs for replay-free dispute evidence.
• By rail:
  • Cards: Agent-aware 3DS step-up, reason code mapping for agent error vs. consumer fraud.
  • ACH/SEPA: Pre-authorization prompts and micro-delay windows for high-risk new payees.
  • RTP/UPI: Real-time confirmation UX with per-merchant and per-amount policy gates.
  • Wires: Dual control, callback verification, and payee fingerprinting; always-on step-up.

Merchant catalog readability: the overlooked bottleneck

• Structured product data: standardized attributes, units, fees, fulfillment windows, and return terms.
• Clear SKUs and variants: no hidden add-ons; machine-inferable total cost and delivery date.
• Policy disclosures: warranty, refund eligibility, and restocking fees in a consistent schema.

Operating model checklist

• Legal: Terms for agent-initiated transactions, liability matrix, arbitration, and merchant agreements that recognize agent behavior.
• Risk: Model risk management for agents and tools, red-teaming, and kill-switches. Define fraud tax expectations and loss reserves.
• Tech: API-first orchestration, policy engine for permissions, event bus, and monitoring. Use allowlisted tool access and prompt sanitization.
• Payments: Scheme-specific evidence models for intent, plus dispute runbooks. Map where revocation is feasible vs. finality.
• Customer experience: Permission UX with budgets, merchant allowlists, and confirmation thresholds that scale with risk.

90-day action plan

• Stand up a cross-functional "agentic" squad (payments, fraud, security, legal, data). Pick two high-frequency use cases and define success metrics.
• Prototype in a sandbox: agent-triggered purchase flows with consent tokens, step-up logic, and signed audit trails. Measure false positives/negatives.
• Draft a multi-party liability framework covering agent error, prompt injection, and account takeover. Socialize with top merchants and processors.
• Launch a merchant beta (5-10 sellers) to test machine-readable catalogs, price/fee disclosures, and refund automation.
• Train fraud ops and customer support on agent-specific patterns and evidence handling.

Helpful standards and references

• NIST AI Risk Management Framework
• FIDO2/WebAuthn for strong customer authentication

Upskill your finance team

• AI tools for finance: curated picks and use cases
• Courses by job: build AI skills for banking and payments roles

Bottom line: Agentic AI can cut costs and boost customer utility, but only if banks and merchants prove control and intent, standardize data, and harden the fraud stack. Build the evidence model now, or prepare to fund the dispute budget later.

Source: IndexBox Market Intelligence Platform