AI analyst agents for a global fintech.

Augmenting a regulated business analyst function with AI.

A global financial technology provider serving FCA-regulated institutions approached us to augment their business analysis function with AI. Their analysts were overwhelmed with repeatable, high-stakes tasks: regulatory mapping against PSD2 and Open Banking requirements, compliance diff checks for ISO 20022 migration, and vendor migration documentation requiring full audit trails.

These tasks consumed up to 40% of their time, were prone to human error, and were spread across siloed tools such as Excel, JIRA, and Confluence. Our mandate was to design self-hosted AI agents that could streamline analytical workflows while maintaining complete data sovereignty and the traceability required by financial regulators.

Regulatory accountability, data classification, explainability.

• Regulatory accountability: Every AI-assisted decision needed documented reasoning for potential regulatory review, with clear audit trails linking outputs to source documents and human approvals.
• Data classification complexity: Analysts worked with mixed-sensitivity data including PCI-scoped card scheme specifications, proprietary trading logic, and client PII requiring granular access controls.
• Fragmented toolchain: Critical knowledge was scattered across JIRA, Confluence, internal wikis, and legacy documentation systems with inconsistent metadata and access patterns.
• Explainability requirements: FCA SYSC 8 outsourcing rules meant any AI system needed clear human oversight, explainable outputs, and documented escalation procedures.

A domain-specialised agentic crew with state-machine orchestration.

• Domain-specialised agentic crew: Five specialised agents covering payment workflows (SWIFT, SEPA), card scheme compliance (Visa, Mastercard mandate tracking), ISO 20022 migration analysis, regulatory change management, and documentation generation. Each agent operates within defined boundaries with explicit capability declarations.
• State-machine orchestration: A structured, graph-based agent workflow with explicit decision checkpoints that record reasoning, enable human-in-the-loop approval for sensitive actions, and provide complete traceability for audits.
• Intelligent model routing: Adaptive model-routing layer that dynamically chooses the best LLM runtime for each task. High-sensitivity queries are confined to self-hosted deployments, and critical decisions are verified using cross-model output triangulation.
• Domain fine-tuning with provenance: Fine-tuned models using 50,000 plus annotated examples from internal documentation, regulatory filings, and expert-labeled project histories. Training data lineage is fully documented with version control.
• Native tooling integration: Agents operate within analysts' existing workflows via JIRA (ticket creation and updates with approval chains), Confluence (documentation generation with diff tracking), Slack (real-time assistance with conversation logging), and internal IDE extensions.
• Zero-trust security: Workspace-level data isolation ensures project boundaries are never crossed. Private vector stores with namespace separation, API-level RBAC, encrypted embeddings (AES-256), and TLS 1.3 for all inter-service communication.

%%{init: {"theme":"base","themeVariables":{"background":"#0a0b0c","primaryColor":"#a9dbe6","primaryTextColor":"#efefe8","primaryBorderColor":"#a9dbe6","lineColor":"rgba(239,239,232,.3)","secondaryColor":"#0d0f11","tertiaryColor":"#0d0f11","textColor":"#efefe8","mainBkg":"#0d0f11","secondBkg":"#0a0b0c","border1":"rgba(239,239,232,.12)","border2":"rgba(239,239,232,.06)"}}}%%
flowchart LR
  Analysts["Analysts / Compliance Officers"]
  Orchestrator["AI Orchestrator
(State Machine + HITL)"]
  Agents["Domain AI Agents
(Payments · ISO20022 · Regulatory · Docs)"]
  ModelRouter["Model Router
(Sensitive to on-prem)"]
  OnPrem["Self-Hosted LLMs"]
  OptionalCloud["Optional Cloud LLMs"]
  VectorStore["Vector Store
(pgvectorscale)"]
  Database["PostgreSQL
(Row-Level Security)"]
  Docs["JIRA · Confluence · File Repo"]
  Audit["Audit Logging"]
  Security["Zero-Trust Security"]
  Analysts --> Orchestrator
  Orchestrator --> Agents
  Agents --> ModelRouter
  Agents --> VectorStore
  Agents --> Docs
  ModelRouter --> OnPrem
  ModelRouter --> OptionalCloud
  VectorStore --> Database
  Docs --> Database
  Orchestrator --> Audit
  Agents --> Audit
  Security -.-> OnPrem
  Security -.-> Database
        

Posture built for FCA SYSC 8.

• Audit trail: Every agent action generates an immutable log entry including timestamp, user context, input data hash, model used, reasoning chain, output, and any human approvals. Logs are stored with tamper-evident checksums and 7-year retention aligned to FCA record-keeping requirements.
• Data classification enforcement: Automatic classification of ingested documents (Public, Internal, Confidential, Restricted) with policy-driven access controls. PII detection pipelines flag and optionally redact sensitive data before model processing.
• Human-in-the-loop governance: High-stakes decisions (regulatory submissions, client-facing documentation, compliance attestations) require explicit human approval via workflow gates. Approval chains are configurable by document type and sensitivity level.
• Model governance: Version-controlled model deployments with staged rollouts (canary, 10%, 50%, 100%). Automated evaluation suites run on each deployment measuring accuracy, hallucination rate, and latency. Rollback is automated on regression detection.
• Access control: OIDC integration with the client's Azure AD. Role-based permissions (Analyst, Senior Analyst, Compliance Officer, Admin) with least-privilege defaults. All access logged and reviewable.

Measurable impact across productivity and compliance.

• 60% reduction in repeatable manual work for analysts, measured via time-tracking integration over a 3-month baseline comparison.
• Compliance documentation preparation cut from 3 days to 4 hours, with AI-generated first drafts achieving 80% acceptance rate after human review.
• 100% audit coverage: Every AI-assisted decision now has documented reasoning, source citations, and approval chain, satisfying internal audit requirements.
• Junior analyst onboarding time reduced by 40% through AI-guided knowledge navigation and contextual documentation retrieval.
• Model accuracy maintained at above 94% task completion rate via continuous evaluation against golden datasets, with automated rollback on regression.