Picture this. You wake up on a Monday morning and, before you have had your first cup of coffee, something extraordinary has already happened. An AI system — one you set up last week with a few instructions about your financial goals — has reviewed your salary account, noticed your savings are earning less than inflation, identified a better product at a competing bank, completed the application, transferred your funds, and closed your old account. You did not lift a finger. You did not sign a thing. You just set a goal, and a machine acted on it.
This is not a distant hypothetical. It is the direction of travel for what the technology world is calling agentic AI — and it is moving into financial services faster than most people, including most regulators, are prepared for. Understanding what this technology actually is, what makes it different from the AI tools already in use across South Africa's financial sector, and what regulatory questions it raises is no longer a niche interest. It is a mainstream concern — because the consumers who will interact with these systems first, and who will bear the consequences when things go wrong, are ordinary people.
From answering questions to taking action
To grasp why agentic AI is a paradigm shift, we need to understand the limitations of the AI we currently use. Most generative AI tools today (think of the chat assistants embedded in your banking app) are conversational and reactive. You ask a question — "What is my balance?" or "How do I reverse a debit order?" — and the system retrieves the answer. It is sophisticated retrieval, but it is passive.
Agentic AI, as recently defined in working papers by the OECD, crosses the boundary from text generation to task execution.[1] These are systems endowed with agency. They do not just formulate a plan; they have the authorisation to access software interfaces, navigate the web, and execute the steps of that plan autonomously over a prolonged period. In the financial sector, an AI agent is essentially a piece of software that has been granted a power of attorney over a specific set of digital actions.
The operational benefits for financial institutions are immense. The Financial Stability Board's (FSB) November 2024 report on AI's stability implications explicitly warned of the capacity constraints human operators face when dealing with complex, high-volume data streams.[2] Agentic AI promises to solve this. Instead of a human analyst reviewing a corporate loan application by pulling data from multiple disparate systems, an AI agent could autonomously scrape the client's financials, verify their tax status against public registries, check their sanctions screening, compile the risk report, and execute the approval in the core banking system.
The accountability vacuum
But here is where the regulatory framework begins to creak. Financial regulation is built on a foundational assumption: that behind every financial action, there is a human or an identifiable legal entity whose intent can be interrogated and who can be held accountable.
When an autonomous agent executes a sequence of financial actions that results in consumer harm — perhaps it aggressively moves a client's funds into high-yield, high-risk assets that subsequently collapse — where does the liability lie? Is it the consumer, for giving the initial instruction? Is it the bank, for deploying the agent? Or is it the third-party technology vendor that built the foundational model on which the agent operates?
Traditional concepts of 'human in the loop' — where a person must sign off on a machine's decision — become unworkable here. The entire value proposition of agentic AI is that it operates independently and at speed. If a human has to review every action, the agent loses its utility. The European Union's AI Act attempts to mandate human oversight for high-risk systems, but as many scholars have noted, providing meaningful oversight over a system that executes complex, multi-step tasks autonomously is practically impossible.[4] The machine moves faster than the human can verify.
How regulators must respond
For South African regulators — specifically the Financial Sector Conduct Authority (FSCA) and the Prudential Authority (PA) — agentic AI demands a shift from regulating the output of a system to regulating the parameters of its autonomy.
First, we need to establish the principle of bounded agency in financial services. An AI agent should not have an open-ended mandate to act on a consumer's behalf. Regulations must require institutions to hardcode limits — 'guardrails' — into these systems. For example, an agent might be authorised to rebalance a portfolio, but only within specific, pre-defined asset classes, and it cannot execute a single transaction above a certain monetary threshold without human authentication.
Second, the concept of consent needs to be radically overhauled. Currently, consent in digital finance usually involves clicking "I agree" to a static set of terms and conditions. But how do you consent to an AI agent whose future actions, by definition, cannot be fully predicted? Consent in the era of agentic AI must be continuous, granular, and easily revocable. The Monetary Authority of Singapore (MAS) has already begun exploring these concepts in its proposed guidelines on AI risk management, suggesting that transparency must evolve from explaining how a model works to explaining the limits of what an autonomous system is permitted to do.[3]
Third, we must confront the reality of systemic risk. If thousands of AI agents deployed by different banks are all autonomously reacting to the same market signal — say, a sudden drop in a currency's value — they could collectively execute trades at a speed and volume that triggers a 'flash crash'. The interconnectedness of agentic systems means that micro-level efficiencies could precipitate macro-level instability.
We are standing at the edge of a fundamental shift in how finance operates. Technology is moving us from a system where humans use tools to execute transactions, to a system where the tools execute the transactions themselves. South Africa is fortunate to have, in the FSCA and the SARB, a regulatory architecture that genuinely cares about consumer outcomes. The task now is to extend that care into an era where the entity making financial decisions on your behalf might not be a person at all — and to make sure that when it gets it wrong, the person who suffers is not left alone with the consequences.