Scaling Agentic AI in Financial Services: Procurement as Enabler

At a glance 

Agentic AI is moving from pilot to early, bounded production across financial services. The shift from tool to teammate adds continuous decision-making to regulated workflows, reshaping accountability and oversight. In Europe, the EU AI Act, DORA, and national supervisory rules formalize AI governance as a board-level obligation, reinforced by EBA, ECB, and Basel expectations on operational resilience.

This article discusses:

As autonomous capabilities begin to interact across suppliers, data platforms, and infrastructure, the speed and safety of adoption are increasingly shaped by how technology is sourced and governed externally. At this point, execution risk shifts away from models and into operating design. Procurement plays a critical role at this boundary by embedding regulatory and risk requirements into supplier and commercial arrangements.

How agent-like systems are changing the operating reality for financial institutions
Why adoption remains constrained despite technical progress

How sourcing and supplier design influence the practical limits of autonomy
What leadership teams should decide before scaling further

Why Agentic AI matters now for procurement

Financial institutions are pushing past the limits of traditional automation, but they are doing so cautiously. BCG’s 2025 global survey on agentic AI adoption across industries found that 35% of companies already use agentic AI, and another 44% plan to adopt it soon. In financial services, however, this momentum translates into supervised, human-in-the-loop deployments with clearly bounded decision authority, rather than fully autonomous systems in production.  

What is emerging are systems that can interpret context, propose actions, and execute within predefined limits, with escalation and override mechanisms built in by design. These capabilities extend human judgment rather than replace it, and they sit between advanced intelligent automation and early agent-like behavior. 

This pattern is visible across core functions, where institutions are testing different forms of bounded autonomy under strict controls: 

Front office: portfolio-rebalancing agents monitoring client goals and market shifts, proposing and executing trades once approved
Middle office: claims-settlement agents validating data, requesting missing information, and escalating low-confidence cases 
Back office: Optimization agents detecting performance issues and adjusting systems automatically

Even at this stage, the shift is material. Once systems begin initiating actions rather than simply executing instructions, accountability moves from a technical concern to an operating one. Decisions must remain explainable, traceable, and reversible under supervisory expectations, which pushes AI governance into the core of how financial institutions determine what can be deployed and scaled in practice. 

Adoption is shaped less by technical ambition and more by governance, risk tolerance, and formal decision rights.

The challenge for financial institutions

 Most financial institutions are AI-ready but not agentic-ready. Data, infrastructure, and machine-learning capability are increasingly in place. What remains underdeveloped are the operating conditions required once systems act with delegated authority, including how decisions are approved, overridden, audited, and ultimately owned. Without this, autonomy stalls at the edge of pilot. 

This gap becomes visible as institutions attempt to scale. Agent-like systems introduce new dependencies on external models, data providers, and cloud platforms, extending risk beyond IT and into governance, resilience, and accountability. 

In practice, constraints concentrate in four areas: 

Model governance requirements for systems that adapt or act across workflows 
Third-party dependency and concentration risk across AI, data, and cloud providers 
Operational resilience, including fallback controls and recovery when systems fail
Contracting structures that define accountability, explainability, and supervisory access

How technology is sourced and governed increasingly defines the practical boundaries of autonomy, determining whether experimentation can move into sustained operation. 

Procurement: The enabler of scalable autonomy 

Procurement does not govern autonomy on its own. Model risk management, compliance, and operational risk functions define the internal control requirements for agentic systems. Procurement’s role is to translate those requirements into enforceable supplier and commercial constraints that shape how autonomous capabilities are supported, adapted, and held accountable over time. 

This role becomes critical as delegation increasingly sits with external providers. When autonomy is embedded in supplier technologies rather than internal systems, control is exercised less through code and more through contracts, incentives, and accountability mechanisms. In this context, procurement supports the autonomy control framework by ensuring that supplier relationships remain auditable, aligned with risk appetite, and compatible with supervisory expectations across the AI lifecycle.  

In effect, sourcing becomes a control surface.

For each use case, procurement determines how authority is sourced, reflecting different control and risk profiles:

Build, when control and knowledge retention are paramount, accepting longer timelines and higher capability demands
Partner, when speed and differentiation require shared accountability and aligned incentives
Buy, when reliability and regulatory readiness outweigh customization

Most institutions blend these approaches across their AI portfolios. 

Across these sourcing choices, three design elements determine whether autonomy can scale without eroding control:

Control architecture, defining where systems may act independently and where human approval and escalation remain mandatory
Capital focus., directing investment toward measurable outcomes such as error reduction, cycle-time improvement, and compliance performance rather than technical capability alone
Ecosystem design., structuring supplier relationships so accountability, auditability, and supervisory access are preserved as systems evolve

Evidence points: Institutions applying progressive sourcing and control mechanisms report reductions in average time-to-scale of approximately 30–40 percent while maintaining audit readiness. 

Questions for the leadership

1. Where does autonomy begin? 

Which use cases introduce decisions that go beyond fixed rules or scripted workflows, and where does accountability sit once systems initiate actions? 

4. How do we intend to scale without losing control? 

As pilots move toward broader deployment, are there staged investment and review points that tie proof of concept, MVP, and rollout to verified outcomes, resilience testing, and risk acceptance rather than technical success alone? 

2. What level of delegation are we prepared to tolerate? 

For those use cases, what decision authority is explicitly granted to systems, what remains with humans, and how are override and escalation mechanisms enforced in practice? 

5. What does value mean once systems act autonomously? 

Are success measures defined around business and control outcomes, such as process stability, accuracy, recovery time, and manual effort reduction, rather than usage or model performance in isolation? 

3. Are our supplier relationships built for supervisory scrutiny, not just delivery? 

Do sourcing models and contracts translate supervisory expectations under the EU AI Act and DORA into operational reality, including how accountability, auditability, incident handling, and ICT outsourcing constraints are applied when systems adapt or fail? 

Preparing for the next stage

In financial services, trust is currency and, under EU supervision, a licensed asset. Scaling agentic AI safely requires that autonomy be designed not only into systems, but into the external relationships that sustain them. 

The upcoming whitepaper will build on this perspective, outlining sourcing models, contract structures, and governance templates that help financial institutions operationalize agentic AI within regulatory and risk constraints. 

This perspective is written in the context of the European financial regulatory environment (EU AI Act, DORA, BaFin, EIOPA, ECB). 