The first wave of AI in financial services was automation: rules-based workflows, report generation, data normalization. The second wave is search: natural language queries over institutional knowledge, governed by structured retrieval architecture.
The third wave is already forming. It’s called knowledge agents AI systems that don’t just retrieve and answer, but reason, act, and complete multi-step tasks against a firm’s own data. The firms building the governance infrastructure today are the ones who will have the foundation to deploy agents when they’re ready.
The firms that skip the foundation work will still be troubleshooting basic search failures when agents become table stakes.
A chatbot answers questions. A knowledge agent completes tasks.
The distinction sounds subtle but the operational difference is significant. A chatbot retrieves relevant documents and synthesizes a response. A knowledge agent can do that and then take the next step: populate a template with retrieved data, flag a compliance anomaly it found while answering a different question, generate a summary that triggers a review workflow, or compare today’s holdings against a historical threshold and notify the relevant analyst.
This isn’t science fiction. It’s the natural evolution of the retrieval architecture we described in the earlier posts in this series. The same data foundation, retrieval layer, and output governance that produces trusted search also provides the substrate an agent needs to act reliably.
The difference between a trustworthy knowledge agent and a dangerous one is the same as the difference between a trustworthy LLM and an unreliable one: governance.
Three use case categories are appearing first across financial services firms deploying governed AI:
Compliance monitoring. An agent that continuously queries the document corpus for potential compliance gaps flagging new research notes that reference restricted securities, identifying audit trail inconsistencies, or surfacing precedents from past SEC examinations that apply to a current situation. This isn’t a query run on demand; it’s ongoing monitoring with structured outputs that feed into existing compliance workflows.
Research synthesis. An agent that ingests new content earnings calls, regulatory filings, market data and generates first-pass summaries for analyst review, tagged to relevant portfolio positions and cross-referenced against historical research. What currently requires a research associate to spend hours preparing briefing materials becomes a structured deliverable available at the start of the business day.
Portfolio operations. An agent that monitors data feeds for anomalies positions that exceed concentration thresholds, benchmark mismatches, missing valuations and generates exception reports for operations staff rather than requiring manual monitoring. The agent acts on the same data the operations team uses, within the same access controls, with full audit logging.
In each case, the agent’s value is bounded by the quality of the underlying data foundation. An agent operating on unstructured, ungoverned data will produce unreliable outputs. An agent operating on a governed Snowflake data layer will produce outputs that operations leaders trust enough to act on.
This is the reason governance work done today matters beyond the immediate search use case.
An AI agent has more access to more data and takes more consequential actions than a search tool. The downstream effects of an agent operating on bad data are larger than the downstream effects of a search tool returning an incorrect answer.
Three things are non-negotiable for agents in a financial services environment:
Access control must be exact. An agent acting on behalf of a portfolio manager should only have access to data that portfolio manager is authorized to see. This isn’t a new requirement it’s RBAC applied to an agent’s permission scope. But it has to be right. An agent that can retrieve data across permissions boundaries creates exactly the kind of compliance exposure firms are trying to avoid.
Actions must be logged. Every retrieval, every synthesis, every action an agent takes must be traceable. The audit requirement that applies to human analysts applies to agents acting on their behalf. Snowflake’s native logging infrastructure provides this; firms that build their agent layer on top of Snowflake inherit it.
Outputs must be grounded. An agent that synthesizes content from training data rather than from the governed corpus will hallucinate institutional knowledge that doesn’t exist and act on it. Grounding is not optional for agents.
The firms that will deploy reliable knowledge agents in the next 18\u201324 months are the ones building three things today:
A unified, governed data layer in Snowflake with consistent metadata, versioning, and access controls across structured and unstructured data.
A retrieval architecture that handles both semantic document search and structured query generation so an agent can reason across both compliance documents and holdings tables in a single task.
An output governance model that logs, cites, and access-controls every response creating the audit trail that makes agent actions defensible.
This isn’t a separate initiative from the knowledge search architecture. It’s the same architecture extended to support action, not just retrieval.
The firms that got knowledge search right are already positioned for agents. The firms that are still in the “garbage in, garbage out phase” as one COO we spoke with described it have foundational work to do before agents are on the roadmap.
Search was the proof of concept for governed AI in financial services. Agents are the production deployment. The time to build the foundation is before you need it.