Agentic AI and data governance are banking’s big bet against fraud

In a context of increasingly automated fraud, the banking sector faces a new paradigm in the adoption of artificial intelligence (AI), which no longer only faces challenges in accessing the technology, but also in operating it with traceability, supervision and real integration in critical infrastructures, for which agentic AI and data governance are key.

This is shown by the conclusions of the first report ‘Babel Banking Radar: Agentic Financial Crime 2026’, which has been prepared by the technology company specialized in digital transformation together with the Digit Institute and was presented this Tuesday at a meeting with the press.

Specifically, the report reflects how the sector no longer only needs to incorporate models or automate processes, but must also guarantee that these models can operate in critical environments, ensuring control, traceability and human supervision.

This scenario is highlighted at a time when many financial institutions continue to evaluate how to bring agentic AI to production, while malicious actors are already using advanced automation to sophisticate fraud campaigns, generate synthetic identities and accelerate evasion capabilities, as explained by the general director of the Banking sector at Babel, Marga García.

Collecting data at a global level, García has exemplified how, in the last year alone, financial crime has tripled in the United States, with the use of techniques such as ‘deepfake’, which has multiplied by 20.

Thus, fraud is no longer committed “one by one”, but rather an operation on an industrial scale, in which criminal organizations deploy fleets of agents and synthetic identities to “move money and disappear in a matter of minutes”, as the directive has stressed.

The trend has also been put on the table that fraud no longer comes only from anomalous patterns, but rather it is the users themselves who authorize transfers voluntarily, after being deceived through sophisticated social engineering techniques.

Stop it, the banking sector is using agentic AI with a process in which agents examine what the global context is, what the customer context is and how they are operating. With this information they identify possible frauds that are delegated to human analysts to make a final decision and act to stop the fraud.

CHALLENGES AND LIMITATIONS OF FRAUD DETECTION IN BANKING

Despite these advances, Babel’s study highlights how the traditional banking model, based on rules, massive human review and fragmented architectures, has lagged behind and shows “limitations in the face of rapidly evolving offensive systems.”

An example is that, as the company has shared, less than 1 percent of the money that could be considered fraud is currently intercepted. In addition, there is also a saturation of false positives, given that between 90 and 95 percent of the alerts generated end up not being frauds, which represents “enormous operational noise” and, for analysts, “looking for a needle in a haystack.”

It must also be taken into account that the same technology that automates fraud detection is used to sophisticate attacks and accelerate malicious operations. This poses a clear imbalance, since both attackers and banks have “the same toolbox” but with different rules.

“Those who attack already automate complete processes, while a good part of the financial sector continues between proofs of concept and limited deployments,” said the general director of Exponential Technologies at Babel, Isabel Fernández.

AGENTIC AI AS A SOLUTION

With all this, faced with a crime that operates at scale and that continues to sophisticate its processes, the only response is agentic AI at scale from the banking side which, although it is subject to some regulations, is also favored thanks to the fact that it plays with global context, while the attackers “play blindly.”

An example of the advantages of the context and joint action of the banking sector is the FrauDfense initiative, a service presented this Monday, which has been launched together with Banco Santander, BBVA and CaixaBank, to promote the secure exchange of information between financial entities and, thereby, help increase the aforementioned global context.

In this way, with agentic AI, banks can analyze global contexts and receive help for the work of human analysts when making decisions with already refined information. Thus, currently, one in ten banks already have operational agent platforms to defend themselves and it is expected that this technology will continue to be implemented in less than two years.

In the case of Spain, adoption cases stand out such as BBVA, which has already distributed assisted AI licenses to more than 120,000 employees with OpenAI. Likewise, Banco Santander also stands out, with 15,000 licenses and CaixaBank with GalaxIA.

RELIABLE AI DEPENDS ON ROBUST GOVERNANCE AND CONSISTENT DATA

To continue implementing this technology effectively, Babel has noticed a bottleneck that goes beyond the technological. This is due to data fragmentation and lack of governance, as major obstacles to bringing AI agents to production in a secure and audited way to fight cybercrime.

According to international analyzes included in the report, 63 percent of financial entities operate with limited or non-existent governance models for generative AI. Likewise, 95 percent of organizations currently doubt their ability to detect or contain a compromised agent, while only 17 percent continuously monitor interactions between agents.

Regarding data fragmentation, data silos, low consistency between systems and the difficulty of integration make it difficult to deploy reliable agents in critical processes. It is necessary to be able to guarantee that the models operate on homogeneous, contextualized and governed information because “without coherent data there is no reliable AI,” stated Babel.

For his part, as Fernández recalled, although an agent can automate very complex decisions, “it also amplifies errors if the information on which it operates is not correctly governed.”

“The difference is no longer in accessing technology, but in operating it in a safe and governed manner in environments of high regulatory demand and operational pressure,” both directives have agreed, while determining that it is necessary to deploy agents with “human supervision, traceability and operational governance.”

“The financial sector needs to move towards models capable of combining automation, analytical capacity and operational governance without losing traceability of critical decisions,” García said.

AI TO PRIORITIZE RELEVANT CASES

Finally, the report also discusses how the next phase of agentic AI adoption will rely less on experimentation and will focus more on integrating, monitoring, and operating models in real-world environments.

Instead of acting as now, with traditional fraud prevention and money laundering systems, which use models focused on reviewing large volumes of low-value alerts, agentic AI will allow us to go further and add the capacity to prioritize cases and investigate operations with more context.

Therefore, Babel has concluded that the challenge is not to automate more processes but to “decide where autonomy adds value and where it is still essential to maintain human supervision.” In this regard, it also requires reviewing the quality and traceability of the data, which are critical to scaling agentic AI “without increasing operational risk.”