Consumer AI Agents in Fintech

Would you ever trust an AI Agent to manage your finances? Plus; As the great de-risking of banks under consent orders continues, Column is a name that keeps popping up. My take inside.

Welcome to Fintech Brainfood, the weekly deep dive into Fintech news, events, and analysis. You can subscribe by hitting the button below, and you can get in touch by hitting reply to the email (or subscribing then replying)

Hey Fintech Nerds đź‘‹

Breaking: Mercury is partnering with Column Bank N.A. as part of its "multi-partner bank strategy."

As the great de-risking of banks under consent orders continues, Column is a name that keeps popping up. Do they have the ideal blend of first-rate compliance and developer-first? My take in đź‘€ Things to Know this week

Brex partnered with Navan to embed expenses. I didn't see this one coming, but it makes complete sense. Oh, and they're another big user of Column. đź‘€

Would you ever trust AI to run your finances? My Rant 📣 this week is on the legal innovation we need for “agents” or AI to actually custody your funds and make decisions

PS. This week, I had a real debate with Rex on our weekly YouTube series. Venmo vs. Zelle. Who has a right to win?

PPS. We're gonna record a live session at the Atomic booth at M2020 on Wednesday 30th AM if you're sticking around :)

Here's this week's Brainfood in summary

đź“Ł Rant: How do we make consumer AI Agents mainstream?

đź’¸ 4 Fintech Companies:

  1. FlowX AI - GenAI Agents for Bank Digital Transformation

  2. Jump - The employer for French Freelancers

  3. Loop - Cross-border banking for SMBs

  4. Geox Analytics - 3D property analytics for underwriters and insurers

đź‘€ Things to Know:

📚 Good Read: The Zombocom problem (LOVED THIS ❤️)

If your email client clips some of this newsletter, click below to see the rest

Weekly Rant đź“Ł

How do we make consumer AI Agents mainstream?

The big open question in financial services AI is, where are all the consumer AI agents?

AI agents will eventually switch deposits to the highest rate, switch utilities to the best supplier, and be your private banker buying investments for you.  

There's just one problem.

We won't get the AI agent vision unless these Agents can legally buy a financial product on your behalf.

We need to give AI the power of attorney.

We need to manage the real risks of harm to consumers.

While it annoys the tech crowd, this fact keeps us returning to law and regulation.

We might not like the EU's AI act for harming innovation or cheer Gavin Newsom's blocking of a California AI law to preserve it.

But at some point, we have to figure out the legal framework we use if AI Agents can buy financial products or sign contracts on your behalf.

That's starting to happen, and it doesn't have to be a bad thing.

In fact, it will be the true unlock for commerce, contracts, and AI agents more broadly.

If we get this right, all economic activity can be performed by agents. All AI tech is law tech; all law tech is becoming AI-first.

In this piece:

  1. Action-taking AI Agent use cases in finance

  2. Issue 1: How do we ensure they do the best thing for their human?

  3. Issue 2: How do we ensure nothing goes wrong financially or otherwise?

  4. Issue 3: How the heck do you regulate these things?

  5. What I think AI Agent Regulations will look like (based on Australia)

  6. Techniques for managing the risks of financial AI agents for consumers

  7. My wild idea: Defining AI Agents as legal persons

Consumer & Business AI Agents take action and make payments.

Today, brokers help you find better prices. Investment advisors run wealth. Finance teams can make payments on your company's behalf.

Now imagine all of those decisions and actions were instead taken by software, by AI agents.

  • Your wealth AI agent would move income into new funds.

  • Your CFA accountant AI agent would calculate and pay your tax bill.

  • Your wallet will switch suppliers, route payments to maximize rewards, and send money to your wealth AI Agent.

  • Your Finance Ops AI Agent will negotiate with suppliers and manage delivery, returns, and payments.

  • Your agent could buy things from other agents to perform complex tasks, like taking a celebrity's historic performances, translating them to multiple languages, and selling them to buyers worldwide. (agent to agent commerce)

I want that future.

You probably want that future.

But there are obstacles.

The devil on my shoulder says, "Simon, think about the frauuuuud." (I can't help it; it's my day job.)

Issue 1: How do we ensure AI Agents do the right thing for customers?

With great difficulty.

This is a hard question to answer when "the right thing" is subjective. But let's assume that most people should pay off high-interest debt, build a savings buffer, and then progress to building long-term savings.

This waterfall of personal finance is well known, well understood, and works. Yet most people don't do it, even with fancy PFM tools.

So if we assume an AI agent would attempt to do that on behalf of a user, we can also imagine what might happen if something goes wrong. Like a sudden unexpected bill or family emergency.

Issue 2: How do we ensure nothing goes wrong with the AI Agent?

What could go wrong with AI Agents?

Everything.

Don't get me wrong. I don't think everything will go wrong with AI agents, they're gonna be epic. But there's just so much risk surface area because so much can go wrong in finance generally.

What if an AI Agent

  1. Buys a financial product that isn't suitable, like a high-interest loan.

  2. Makes a mistake like calculating the taxes incorrectly or paying the wrong amount.

  3. Creates financial difficulty by moving finances around during an emergency or driving a company or individual to become insolvent.

  4. Commits a crime like fraud. Stealing from AI agents could become an entire class of crime, as could using them to launder money without the owner knowing about it.

  5. Is it hacked or compromised? It ends up spending your entire life savings on a new car for a criminal gang.

  6. It leaks customer data through exploits or simple mistakes it could give away credentials to your financial accounts, again leaving you vulnerable.

These are the tip of the iceberg; it doesn't take a lot of riffing to imagine some nightmare scenarios. As humans, we seem drawn to what could go wrong but hasn't yet.

Imagine a world of AI agents running about making transactions (kind of like they do in financial markets today), but they all suddenly swarm and drain a bunch of bank accounts, creating a run-on-the-bank scenario.

That can be useful.

If you can imagine what would go wrong, you can also think about possible solutions to ensure prevention and cure.

Issue 3: How do you regulate AI Agents?

Most financial services activities are already regulated.

Regulation is designed to manage the bad outcomes that happen in finance, and it falls into five broad categories.

  1. What consumers need to know (Transparency and Disclosures). Your terms and conditions like fees, charges, and rights. In the US, you see this in the Truth in Lending Act (TILA), Fair Credit Reporting Act (FCRA), etc.

  2. How consumers should be treated (Fairness). Preventing discrimination or deceptive practices, e.g., ECOA, UDAAP, Fair Housing, etc.

  3. How consumers are protected and manage disputes (Protection). Like the CFPB complaints process or the Electronic Funds Transfer Act (ETFA), which dictates what happens in the event of fraud against a customer.

  4. How consumers' information is handled (Privacy). If too much data is available, it can be leaked or used against the user's wishes. So we see laws like the Gramm-Leach-Bliley Act (GLBA) ensuring it is only shared to manage fraud or crime etc.

  5. How the overall system is kept stable for consumers' benefit (Safety and Soundness). This stuff typically ensures banks don't fail, like FDIC insurance, or prevents the system from being overrun by criminals (ish). And I think this is the category we'd see AI Agents fall under.

Now, how do these apply to AI Agents? It's not straightforward.

  • Transparency: How do we ensure users understand what their AI Agent is doing?

  • Fairness: Can an AI Agent discriminate? How do we prevent it?

  • Protection: What happens when an AI Agent makes a million-dollar mistake?

  • Privacy: How do we stop AI Agents from becoming the ultimate data harvesters?

  • Safety and Soundness: Could AI Agents destabilize the entire financial system?

Then there's payment network and institutional rules. While these aren't regulations, they're also something you have to manage if you're going to have an AI agent interact with them at arm's length to any institution.

The card networks have chargebacks and disputes, and NACHA has the handbook (rulebooks apply to every payment system and major bit of financial market structure in the world).

If you wrap up all of that complexity, you can start to unpack how you would manage these risks for AI agents in practice.

What would AI Agent Regulations Look like?

The constant push for privacy laws to be passed says, maybe yes.

Australia's new law could be sign of whats to come and its very interesting.

Australia's Consumer Protection Right has a new category called "Action Initiation." It allows AI agents to act on behalf of consumers to switch energy suppliers or move a mortgage to a lower-cost provider.

Its three elements are

  1. Declaration – Types of actions that can be initiated

  2. Rules - What rules apply to that action type

  3. Standards - That define the implementation of the action

It also creates two roles

  1. The Accredited Action Initiator or AAI who can give instructions on behalf of a consumer.

  2. An Action Service Provider or ASP required to take actions in accordance with those instructions.

How I think about managing AI Agent risks

In most cases, regulation is a standing regulation that could capture or cure some of the risks presented by AI Agents. We don't need explicit new regulation (although it may be clarifying and helpful).

There's a few layers here.

  • Strong identity credentials. As a foundation, we need a link between the agent and the human or entity it represents. What if Plaid identity tokens or Apple Wallet identities could sign transactions.

  • Consent management. Define what my AI Agent is allowed to do and not do without my intervention. Ensure it checks with me if anything goes beyond those boundaries.

  • Bake-in the regulations. One of GenAI's best use cases is reading and understanding the law and compliance. Bake that right into the agents. (In practice, this would be tricky, but if you think about this in more modular, microservice-like terms, or micro agents, it's a bit more plausible.)

  • Fraud and risk management. The ability to monitor, watch, and share data about agents between financial institutions, wallets, and payment networks will become crucial. Is this a bad AI agent? How do we know? Who's seen it before?

  • Cybersecurity best practices. Penetration testing, DDOS detection, leveraging strong authentication and 2+ factor authentication, etc.

  • Data engineering best practices. Perhaps the most important control is regular analytics, testing, and oversight of how AI Agents are performing.

But even with these technical solutions and the best intentions of teams and software developers, autopilot could still steer your finances in a direction you don't want to be.

Good intentions don't always create good customer outcomes (*cough* BaaS cough).

This is why we have regulations.

Regulation is not perfect.

It's also not going away.

But maybe there's one other thing we could add. A definition of what an AI Agent is under the law.

What if we defined AI Agents as Legal Persons?

A hacked together “instantiation” from the State of Delaware as an idea

A company is a legal person in the eyes of the law. Determining companies this way allows them to enter into contracts, own property, and take on rights and obligations (like debts or financial products).  

Perhaps the most elegant thing we can do to make AI Agents mainstream is to define them as legal persons. A sort of Stripe Atlas for AI Agents.

A sub-type of C-Corp or LLC may be a way to quickly create and wrap an agent as a legal person. These agents could then become fully economically active.

I must admit, the wannabe sci-fi writer in me is screaming, if we make them legal persons, they'll multiply, and the machine economy will overtake humans, and then the plot of The Matrix will play out.

But in reality, we could create a legal person-like definition with restrictions.

Just as a C-Corp is taxed differently to a natural person and doesn't get a passport, an agent would have some other category of legal person that helps manage the actions it can take on behalf of legal or natural persons.

Meet your new Financial AI Agents

The overwhelming promise of AI Agents in finance is too tempting to ignore. However, we won't get AI Agents to unlock better financial outcomes for consumers and businesses unless we tackle the risks head-on.

The Fintech industry is exceptional at developing new ways to manage these risks, so I think there has never been a more exciting time to be in Fintech.

Financial services history is littered with a cycle

  1. New innovation appears

  2. New innovation has unintended consequences.

  3. Regulators and the industry react with new approaches

  4. Repeat

We might speed-run it this time.

But the design space here is fascinating.

What would you build if AI Agents could make any payment, or manage any financial product?

Noodle on that.

Then go build it.

ST.

4 Fintech Companies đź’¸

1. FlowX AI - GenAI Agents for Bank Digital Transformation

FlowX helps financial institutions modernize their apps, upgrade infrastructure, and change internal processes. The service can take a FIGMA design and assign sub-tasks to build workflows, develop front-end and back-end code, and test script code. It has compliance agents to ensure financial services laws are followed. It is already used by global and European regional custodian banks, and it's now expanding to the US.

🧠 Every bank should want this if it works. In the past decade, banks have spent billions launching mobile apps and trying to modernize and move to the cloud. FlowX, at worst, could help with some of that lift. I'm mindful that every junior engineer loves GenAI, and every senior hates how hard it is to debug. There are risks here, but I love that they're thinking about agents in clusters who correct each other's work. Feels like a glimpse of where the world is headed. A decade ago, every mid-sized bank put in an omnichannel solution like Backbase or try and do digital. Maybe the next Decade is FlowX with specialist in-house teams.

2. Jump - The employer for French Freelancers

Jump allows freelancers to bill their customers, create payslips, and receive salary. In France, this gives them access to the national healthcare system. The service also offers workplace benefits like private healthcare and insurance.

🧠 Employee of Record for freelancers is an interesting twist. Countless freelancers have their own company, and then stack benefits around it. Services like Deel or Remote offer employee-of-record services, but packaging that as a tech platform is a nice twist. It reminds me a little bit of Catch (RIP), which was for 1099s but with a French twist. That local market context could be crucial because the admin burden is substantial.

3. Loop - Cross-border banking for SMBs

Loop provides a modern account, multi-currency wallet, and spend management for SMBs in North America. They aim to eliminate between 2 and 6% of FX fees and save SMBs time and money.

🧠 Everyone is trying to solve cross-border problems. SMBs operating global businesses are poorly served. Loop estimates that last year, SMBs saw an 11 percent failure rate on cross-border transactions. Goodness! Banks see SMBs as profitable, sticky deposits and are often not sophisticated enough to compete on rates. Companies like Novo have done well with a domestic client base, but for those who are default global, perhaps they'll be default Loop.

4. Geox Analytics - 3D property analytics for underwriters and insurers

Geox uses satellite photography to get recent and relevant property data into the hands of underwriters and property management companies. This helps them understand the property's condition, any risks, and how to target potential borrowers. It helps show flooding risk, roof conditions and predict potential losses.

🧠 I remember Google Maps selling this in 2019. What has changed since then is that the world is now obsessed with and ready to buy AI. Perhaps that's the wedge someone like Geox needs to be mainstream.

Things to know đź‘€

Mercury has partnered with Column N.A., Member FDIC, as an "additional partner bank." Mercury says this is part of its a multi-partner bank strategy for resilience. Column N.A provides checking and savings accounts and payment capabilities, including same-day ACH processing and accepting non-USD wire transactions.

🧠 Column is becoming a big winner in the great de-risking. Brex, Mercury, and countless others are now looking for a bank that’s not under a consent order and is developer-friendly.

🧠 Most experienced partner banks are being picky. There’s a line outside the door of places like Column, Fifth Third, and Coastal (and a handful of Utah banks). Everyone wants in, so these banks can afford to be picky. Plus, there are no prizes for rushing into a partnership with a Fintech.

🧠 Newline by Fifth Third and Column appear to be winners in this market turmoil. There are a handful of scale players representing massive opportunities for banks looking for new partners. Fifth Third and Column recently seem to pop up often in the major brands, which suggests they’re benefitting from this market.

🧠 If you can sustain compliance, your competitive advantage will be capability. It’s notable that Column offers same-day ACH and non-USD wires. If you’re a Fintech company like Mercury, this improves the proposition you can sell.

🧠 The de-risking is about to become urgent. What follows bankruptcy and consent orders are forced migrations. It will get ugly.

Pro-tip: If you’re a Fintech company, don’t approach your new potential partner bank as a “backup.”

Brex and Navan have partnered to embed Brex virtual cards in the Navan user experience. The Brex cards can support local currency in 50+ countries, saving on FX fees. The combined solution also creates a single hub for reconciliation.

🧠 This takes embedded finance to a place I didn't expect it. I don't know why, but I just didn't imagine embedding the expense card into the travel portal. But creating a virtual card for every trip makes so much sense the more you think about it.

(I know Divvy has done this, and technically Concur is in SAP but into Navan so cleanly, that's neat).

🧠 The reality is that most growth companies have Navan PLUS an expenses card. Whether they're using Ramp, Brex, Mercury, or something else, they're probably also using Navan. Where a legacy enterprise would use Amex Travel + SAP Concur + a corporate card, modern ones could now use Navan + Brex.

🧠 This competes directly with Ramp and Ramp travel. Ramp is the darling of Fintech, one of the fastest-growing companies in the world. However, if they have an Achilles heel, they can't serve global enterprises as well as Brex. Navan + Brex is a slick solution for that client profile.

🧠 The age of Fintech on Fintech partnerships is upon us. Navan's pivot to "bring your own card" saw them partner with Citi, but the depth of integration with Brex is special.

🧠 Bonus for the embedded finance nerds. Brex's T+C's now note that Fifth Third Bank provides the Brex card and that it "also" provides cards with Sutton. Newline by Fifth Third is the quiet winner in the sponsor bank chaos of the last 12 months. Shout out to those guys. In fact, their T+Cs read like recent beneficiaries of the chaos. Column + Fifth Third.

3. FTC to make canceling subscriptions easier - what's the future of subscription Fintech?

The Federal Trade Commission announced a final "click-to-cancel" rule to make it easy to cancel "as it was to sign up." The rule applies to everything from Netflix and Prime to Gym memberships. Businesses must give info like how to cancel before they sign up. It also applies to companies who offer free trials but charge you if you don't cancel in time.

The FTC said it receives 70 complaints daily, and the rule should be in place within 180 days.

🧠 Consumer Fintech companies should still offer subscription bundles. Subscriptions work because they're low friction and offer seemingly insane value—all the songs ever for $9.99 a month. I don't think Fintech has nailed that.

🧠 Bank-packaged accounts are crap. But what does the millennial Fintech version of that version look like? Imagine an account with no fees for payments that included subscriptions to the Wall St Journal, a gym and was your mobile telco too. That's kinda what Revolut and Nubank offer. Why wouldn't that work in the US?

🧠 Did you notice Mastercard quietly acquired a subscription management Fintech company a couple of weeks back? The timing might have been a coincidence, but it might not have been.

🧠 How many merchants use Stripe Billing for this sort of thing? Imagine if Stripe just made the opt-out flow work in its subscription checkout experience?

Good Reads đź“š

Sure, Amazon is the everything store, but first it had to be the book store.

The Zombocom website was one of the first-ever Internet meme's that simply stated over and over, "Welcome to zombocom… you can do anything at zombocom… anything at all… the only limit… is yourself…"

🧠 The genius of Amazon was to build the online bookstore in order to build a platform. It was never described as a platform or everything store. People got it.

🧠 You can't be all things to all people, so be something to someone. You see this plainly in companies like Plaid who've become a verb for one thing, but actually do so many other things.

🧠 By the time you're a full-scale platform, people will get it naturally. You can't market your way into being a platform. You need to sell a product and have people realize it's a platform.

Tweets of the week đź•Š

That's all, folks. đź‘‹

Remember, if you're enjoying this content, please do tell all your fintech friends to check it out and hit the subscribe button :)

(1) All content and views expressed here are the authors' personal opinions and do not reflect the views of any of their employers or employees.

(2) All companies or assets mentioned by the author in which the author has a personal and/or financial interest are denoted with a *. None of the above constitutes investment advice, and you should seek independent advice before making any investment decisions.

(3) Any companies mentioned are top of mind and used for illustrative purposes only.

(4) A team of researchers has not rigorously fact-checked this. Please don't take it as gospel—strong opinions weakly held

(5) Citations may be missing, and I've done my best to cite, but I will always aim to update and correct the live version where possible. If I cited you and got the referencing wrong, please reach out