How BNY Mellon Can Transform Securities Servicing and Treasury Management with Agentic AI
How BNY Mellon Can Transform Securities Servicing and Treasury Management with Agentic AI
Agentic AI in securities servicing and treasury management is quickly becoming the difference between incremental automation and a step-change in operational performance. For large, systemically important institutions like BNY Mellon, the opportunity is bigger than deploying another chatbot or speeding up a few tasks. The real prize is an operations co-pilot that can take action across tools and workflows while staying inside strict risk, compliance, and audit constraints.
Securities servicing and treasury teams live in a world of high volumes, complex exceptions, and constant time pressure. Most of the work is not “hard” because it’s mysterious; it’s hard because the information is fragmented across systems, the rules are nuanced, and the handoffs are endless. Agentic AI changes the economics by turning investigations, reconciliations, and servicing requests into orchestrated, end-to-end workflows that can be executed consistently, logged automatically, and escalated intelligently.
This article breaks down what agentic AI in securities servicing and treasury management really means, where it delivers the most value, how to implement it safely, and how to measure ROI in ways that resonate with operations, technology, and risk leaders.
What “Agentic AI” Means in a Bank (and Why It’s Different)
Definition (plain English)
Agentic AI in securities servicing and treasury management refers to AI systems that don’t just answer questions, but can plan steps, use tools, and carry out actions to complete a goal-driven workflow, such as resolving a reconciliation break, repairing a payment message, or preparing a corporate action election package for review.
Instead of generating a helpful paragraph and stopping there, an AI agent can navigate the work: gather data, cross-check it, draft outputs, open or update cases, route approvals, and maintain a record of what it did and why.
Here’s the simplest way to compare common automation approaches:
Agentic AI: goal-driven, can sequence tasks across tools, and operate with approvals and verification
RPA: rule-based automation that follows predefined steps, brittle when inputs vary
Traditional ML: predicts or classifies (risk scores, forecasts) but doesn’t execute workflows end to end
GenAI chatbots: helpful for Q&A and drafting, but typically don’t integrate deeply enough to take controlled actions
In practice, agentic AI in securities servicing and treasury management becomes most valuable when work is repetitive but not identical, and when resolution requires pulling evidence from multiple sources.
The “agent loop” in regulated operations
In banking operations, agents must behave less like improvisational assistants and more like disciplined operators. A useful mental model is an “agent loop” designed for regulated environments:
Observe → reason → act → verify → log
Verification and logging are not optional. In securities servicing and treasury management, the workflow itself often becomes the audit artifact. If an agent proposes a settlement instruction update, or recommends a payments repair, the organization must be able to answer:
What data did it use?
What checks did it run?
What policy constrained its recommendation?
Who approved the action?
What changed in the system, and when?
That’s the difference between experimentation and production-grade agentic workflows in banking.
Where agentic AI fits in BNY Mellon’s context
BNY Mellon operates in environments where scale and complexity collide: custody operations, fund services, corporate actions, collateral, settlement, and client servicing. These workflows tend to be:
High-volume and time-sensitive
Exception-heavy
Dependent on multiple internal and external systems
Sensitive to operational risk, client impact, and regulatory scrutiny
Treasury adds another layer: intraday liquidity demands, payments complexity, and a need for rapid decisions within strict policy and approval constraints. Agentic AI in securities servicing and treasury management fits best where the workflow can be decomposed into verifiable steps and where the biggest delays come from information gathering, handoffs, and investigations.
Why Securities Servicing and Treasury Are Ready for Agentic AI
Market pressures and operational realities
Servicing and treasury organizations face familiar pressures, but the intensity has increased:
Margin and fee pressure push leaders to improve productivity without increasing risk
Client expectations have shifted toward near real-time transparency and proactive service
Product complexity continues to grow across asset classes, markets, and regulatory regimes
Experienced operations talent is difficult to replace, and “tribal knowledge” becomes a key risk
Agentic AI in securities servicing and treasury management addresses these realities by standardizing how work gets done while allowing flexibility in how cases are investigated and resolved.
The exception economy (where most costs hide)
In mature operations environments, straight-through processing is already optimized for the happy path. The real cost sits in exceptions:
settlement fails and investigations
reconciliation breaks
missing or inconsistent standing settlement instructions
corporate actions discrepancies and late elections
payment rejects/returns and message repairs
client status chases that pull teams away from resolution work
Agentic AI can be most impactful when it reduces the “time-to-clarity” for exceptions: how quickly a team can identify root cause, assemble evidence, and decide the next best step.
What success looks like (business outcomes)
When agentic AI in securities servicing and treasury management is implemented with the right guardrails, success looks like:
fewer aged exceptions and faster cycle times
higher STP where it’s safe, and faster exception resolution where it’s not
reduced operational risk through consistent procedures and enforced controls
improved client experience through proactive updates and fewer delays
better resilience: less dependence on individual experts for routine investigations
That combination matters because it improves productivity and reliability at the same time, which is the hard trade-off in regulated operations.
High-Impact Agentic AI Use Cases in Securities Servicing (BNY Mellon)
The most effective approach is to evaluate use cases with a consistent lens:
Problem → Agent workflow → Systems/tools → Controls → KPIs
1) Corporate Actions “Investigation-to-Resolution” Agent
Problem
Corporate actions require speed, accuracy, and defensible decisioning. Teams must monitor announcements, validate entitlements, manage elections, and handle discrepancies quickly. Delays or errors can create client harm and operational risk.
Agent workflow
Monitor incoming corporate action announcements and detect events requiring attention
Cross-check event details against holdings, entitlements, and client elections on file
Identify discrepancies (missing elections, mismatched entitlements, unusual terms)
Draft client outreach or internal escalation notes with supporting evidence
Prepare election packages and recommended actions with confidence and rationale
Route for approval and track completion status until resolution
Systems/tools
Corporate actions platforms, custody books and records, client instruction systems, case management, document repositories, and client communications tooling.
Controls
Evidence-first drafting: every recommendation tied to source data
Maker-checker approvals for elections and client communications
Policy constraints on what can be sent externally and what must be escalated
Full audit trail of data pulled, checks performed, and human approvals
KPIs
election timeliness and late-election reduction
error rate in elections and entitlements
manual touchpoints per event
exceptions aged beyond SLA
2) Settlement Fails and Exception Management Agent
Problem
Settlement fails are expensive and reputation-damaging. Investigations often require digging through multiple systems to identify root cause: instructions issues, inventory shortages, market constraints, mismatched counterparties, or documentation gaps.
Agent workflow
Detect fails and pull trade context, counterparty details, and settlement instructions
Classify likely root cause using rules plus learned patterns from historical resolutions
Gather evidence (SSI records, confirmations, settlement messaging, inventory/availability)
Recommend next best action: request missing info, correct instructions, open a case, escalate
Draft updates to relevant teams and client-facing status summaries
Track the case through resolution, with reminders and escalation triggers
Systems/tools
Settlement platforms, SSI repositories, messaging systems, inventory/positions data, case management, client reporting tools.
Controls
Read-only by default, controlled write actions only with approval
Segregation of duties: the agent can propose changes, not execute them unilaterally
Standardized taxonomy for fail reasons to improve downstream reporting
Audit log including recommendations, evidence, and final human decision
KPIs
fail duration and time-to-resolution
penalties avoided and reduction in repeat fails
investigation time per fail
percentage of fails resolved within target windows
3) Reconciliations and Break Resolution Agent (Cash and Positions)
Problem
Reconciliations are a constant drain because breaks rarely resolve themselves. Investigators spend time pulling statements, matching transactions, and assembling evidence. Many breaks follow patterns, but the evidence is scattered.
Agent workflow (step-by-step)
Ingest the break file and classify break type (timing, missing transaction, mismatch, corporate action, FX, fee)
Pull relevant transactions and balances from internal ledgers and custody/agent bank statements
Identify the most likely reconciliation explanation using historical resolutions and policy rules
Assemble an evidence pack: source transactions, timestamps, references, and matched items
Propose the resolution path: journal entry suggestion, investigation request, or escalation route
Route to the right approver based on risk tier and materiality
After approval, create or update the case, and log all actions and artifacts
Systems/tools
Internal general ledger or sub-ledgers, reconciliation tools, custodial statements, data lakes, case management, workflow engines.
Controls
Materiality thresholds to determine when additional approvals are required
Mandatory evidence pack before any resolution proposal is allowed
Dual approval for journal entries or adjustments
Continuous monitoring for drift: are break classifications and recommendations degrading?
KPIs
breaks volume and aged breaks
investigator productivity (breaks resolved per analyst per day/week)
time-to-evidence (how quickly the pack is assembled)
percentage of breaks resolved without back-and-forth handoffs
4) Client Servicing Agent for Status Updates (with guardrails)
Problem
A significant share of servicing workload comes from status chases: clients asking where a case stands, what’s next, and when it will complete. Answers must be accurate, consistent, and compliant.
Agent workflow
Pull case status from approved sources and compile a current summary
Draft a client-ready response using approved templates and tone
Include expected next steps and realistic timelines based on SLA and queue position
Flag potential risks (missing documentation, pending approvals, market cutoffs)
Route to a human for review before sending (or allow auto-send for low-risk categories)
Systems/tools
CRM, client communications, case management, knowledge base for product and process documentation.
Controls
Knowledge grounding: restrict responses to approved internal sources
Redaction and PII controls based on recipient and channel
Strict channel policies (what can be sent via email vs secure portal)
Logging of what was sent, by whom, and what data supported it
KPIs
response time and SLA adherence
first-contact resolution rate
reduction in inbound status-chase volume
client complaint rate tied to inaccurate updates
5) KYC/AML Operations Support Agent (supporting, not deciding)
Problem
KYC and AML operations involve dense documentation and checklists, with frequent rework due to missing fields or inconsistent data. Automation helps, but decisions must remain governed and reviewable.
Agent workflow
Summarize submitted documents and extract required attributes
Identify missing items against onboarding or periodic review requirements
Prepare an analyst checklist and draft client outreach for missing information
Route the package to the appropriate analyst queue with an audit trail
Systems/tools
Document management, onboarding workflow systems, CRM, screening tools, policy repositories.
Controls
No autonomous risk decisions: the agent supports analysts rather than clearing customers
Full provenance of extracted fields (what document/page it came from)
Role-based access to sensitive personal and corporate information
Audit-ready packaging of artifacts
KPIs
time-to-onboard and time-to-refresh
rework rate and number of client follow-ups
analyst time spent on document review
backlog reduction without compromising quality
Agentic AI Use Cases in Treasury Management (Bank and Corporate Treasury Lens)
Treasury is a natural fit for agentic workflows because the work is decision-heavy, time-sensitive, and constrained by policy. The key is to keep “recommendation” and “execution” clearly separated unless approvals and controls are airtight.
1) Intraday Liquidity Monitoring and Decision Support Agent
Problem
Intraday liquidity management requires pulling balances, forecasting flows, and identifying emerging stress early. Decisions must be fast, but also explainable and constrained by policy.
Agent workflow
Aggregate balances and exposures from internal and external accounts
Forecast inflows/outflows using schedules and live signals (payments queues, settlements)
Detect anomalies and liquidity stress scenarios
Recommend options: funding moves, collateral actions, internal transfers, throttles
Route recommendations with explanation and evidence to the right approvers
Systems/tools
Treasury workstations, balance and exposure systems, payments hubs, collateral systems, risk limits repositories.
Controls
Dual approval for funding actions and transfers
Policy constraints embedded (limits, eligible collateral, cutoff times)
Explainability requirements: “why this recommendation, based on what data”
Immutable logging of recommended actions and approvals
KPIs
overdraft events and near-miss reductions
liquidity buffer efficiency
time-to-detect stress and time-to-recommend action
fewer manual dashboard checks per shift
2) Cash Forecasting and Variance Explanation Agent
Problem
Forecasting accuracy matters, but the day-to-day pain is variance explanation: why the forecast was wrong, what changed, and what should be updated.
Agent workflow
Compare forecasts to actuals and decompose variance drivers
Attribute variance to clients, products, seasonality, and event-driven factors
Generate a “what changed” narrative with recommended forecast adjustments
Create follow-up tasks for treasury analysts (reach out, update assumptions, adjust models)
Systems/tools
Forecasting models, ERP/treasury systems, bank statements, payment data.
Controls
Guardrails to prevent unapproved changes to forecasting assumptions
Versioning for forecast logic and agent recommendations
Review checkpoints for high-impact forecast changes
KPIs
forecast accuracy over time
time spent producing variance explanations
reduced manual analysis workload
improved decision lead time for funding and investment actions
3) Payments Repair and Investigations Agent (SWIFT and ISO 20022)
Problem
Payment rejects, returns, and investigations create operational drag and client friction. Message repair is often repetitive but requires careful validation.
Agent workflow
Detect rejected/returned payments and parse message details
Identify root cause (missing fields, invalid beneficiary data, formatting, compliance flags)
Propose repairs and generate the corrected message draft
Route for approval and track resubmission and outcome
Generate standardized client communications where appropriate
Systems/tools
Payments hub, SWIFT interfaces, ISO 20022 translation layers, investigation queues, case management.
Controls
Repair suggestions only, with approval required for resubmission
Mandatory validation checks against formatting and policy rules
Recipient/channel controls for communications
Strong monitoring for error patterns and repeat causes
KPIs
repair cycle time and investigation backlog
reject rate reduction
fewer client escalations tied to payment delays
improved operational throughput per analyst
4) Treasury Policy and Controls Agent (documentation and compliance)
Problem
Treasury policies, procedures, and controls must stay current as products, regulations, and systems evolve. Audit preparation is often a scramble.
Agent workflow
Keep policies updated by detecting process changes and mapping them to documents
Draft updates and route them through review workflows
Map controls to treasury processes and generate evidence packs for audits
Identify control gaps and recommend remediation steps
Systems/tools
Policy repositories, workflow engines, audit management tools, process documentation systems.
Controls
Formal approval workflow for policy changes
Version control and traceability of edits
Access controls for sensitive control documentation
Change logs tied to business and regulatory triggers
KPIs
audit prep time reduction
fewer control exceptions
policy update cycle time
improved consistency across procedures and training materials
Reference Architecture: How BNY Mellon Could Implement Agentic AI Safely
A safe implementation of agentic AI in securities servicing and treasury management isn’t one big model plugged into everything. It’s a layered architecture built to enforce controls, reduce risk, and support auditing.
Core components (layered model)
Agent orchestration layer Manages planning, tool calling, step sequencing, memory boundaries, and approval flows.
Tool connectors layer Secure integrations into case management, data platforms, workflow engines, reconciliation tools, treasury systems, messaging, and document stores.
Knowledge layer Policies, procedures, product documentation, and operational playbooks accessible through retrieval that keeps outputs grounded in approved internal sources.
Observability layer End-to-end traceability: prompts, tool calls, retrieved evidence, decision steps, approvals, and outcomes. Includes evaluation harnesses and performance monitoring.
Security layer Identity and access management, encryption, segmentation, data retention policies, and environment controls appropriate for regulated workloads.
The biggest architectural mistake is treating agents like generic assistants. In servicing and treasury, agents must be designed as controlled workflow participants.
Data readiness checklist (what must be true)
Before scaling agentic AI in securities servicing and treasury management, the organization should confirm:
Golden sources exist for positions, cash, settlement instructions, and case status
Data lineage is clear enough to explain where facts came from
Permissions are defined down to the field level for sensitive data
Retention rules and redaction policies are enforceable by design
Event timestamps and reference IDs are reliable enough for investigations
If these aren’t true, agents will still be able to draft plausible narratives, but they won’t be able to operate safely.
Human-in-the-loop design patterns
Human review is not a sign of failure; it’s a design pattern that keeps agents deployable in regulated workflows. Practical patterns include:
Draft mode vs execute mode Start by drafting evidence packs, summaries, and recommendations. Expand to controlled writes only after validation.
Approval thresholds by risk category Higher materiality, external impact, or policy sensitivity requires stronger approvals.
Segregation of duties (maker-checker) The agent can propose; a human approves; a separate role executes or finalizes where required.
Exception gating If confidence is below threshold or inputs are incomplete, the agent must escalate rather than guess.
Guardrails every bank agent needs:
role-based access controls at the tool and data layer
grounding to approved data sources and procedures
verification steps before recommendations are produced
mandatory approvals for write actions and external communications
immutable audit logs of tool calls, evidence, and outcomes
monitoring for drift, error patterns, and policy changes
Risk, Compliance, and Governance for Agentic AI in Financial Services
Agentic AI in securities servicing and treasury management introduces new operational leverage, but also new risk modes. The goal is not to eliminate risk. It’s to make risk explicit, controlled, and measurable.
Key risks to address (mapped to controls)
Hallucination or incorrect action
Control approach: grounding, retrieval from approved sources, verification steps, confidence thresholds, and required approvals for actions.
Data leakage
Control approach: access controls, redaction, environment isolation, strict retention rules, and audited data paths.
Model drift and performance decay
Control approach: ongoing monitoring, periodic revalidation, regression tests on historical cases, and controlled rollout of changes.
Third-party risk
Control approach: vendor oversight, security reviews, clear SLAs, incident processes, and exit strategies. Agents must be portable enough to avoid lock-in risk.
Model Risk Management (MRM) and auditability
For agentic workflows in banking, MRM expands from “model output validation” to “workflow behavior validation.” What must be documented includes:
prompts and system instructions that define behavior
tool access and permissions
the evidence retrieved and how it was used
the sequence of actions and decision points
approvals and overrides
outcome quality metrics tied to business KPIs
Validation looks like a combination of test suites, scenario testing, and adversarial inputs. The most credible deployments treat evaluation as a continuous process, not a one-time sign-off.
Regulatory expectations (high-level, non-legal)
Regulators generally expect transparency, accountability, and resilience. For agentic AI in securities servicing and treasury management, that translates into:
clear ownership of systems and decisions
explainable and traceable workflows
strong operational controls and change management
resilience planning and fallback procedures
emphasis on augmentation: humans remain responsible for outcomes
Measuring ROI: KPIs That Matter in Servicing and Treasury
The quickest way for agentic AI programs to stall is to measure the wrong things. Token counts and generic productivity claims don’t resonate with operations leaders. Tie ROI to the metrics already used to run the business.
Operational efficiency metrics
aged exceptions and backlog size
touches per case and handoffs per investigation
cycle time from detection to resolution
STP improvement where safe
reconciliation breaks and fail duration
Risk and quality metrics
error rates and rework rates
client complaints and escalation rates
audit findings and control exceptions
near misses and prevented losses (tracked carefully and conservatively)
Client experience metrics
response time and first-contact resolution
SLA adherence for key workflows
proactive notifications sent vs inbound status chases
fewer “where is my case” interactions
A simple ROI model
A practical ROI model for agentic AI in securities servicing and treasury management can be expressed as:
(labor time saved + penalties avoided + retention uplift) – (build cost + run cost + governance cost)
To keep it credible, start with a small set of measurable workflows and use baseline comparisons from historical data. The most persuasive ROI stories connect operational metrics to client outcomes: fewer fails, faster resolutions, better transparency, and fewer escalations.
A Practical 90-Day Roadmap for BNY Mellon (Pilot to Scale)
A 90-day plan works best when it focuses on one workflow that is exception-heavy, measurable, and defensible from a risk perspective.
Phase 1 (Weeks 1–3): Pick the right workflow
Selection criteria:
high volume and recurring pain
clear definition of “done”
identifiable golden sources and evidence paths
manageable risk for an initial deployment
obvious KPIs tied to time, backlog, and error reduction
Strong candidates:
reconciliation break triage and evidence pack generation
settlement fails investigations
payments repair and investigations
Phase 2 (Weeks 4–8): Build and validate
Start read-only: the agent gathers, classifies, and drafts outputs
Build an evaluation set using historical cases with “gold” resolutions
Define escalation rules, confidence thresholds, and approval gates
Validate not only accuracy, but also behavior under edge cases and missing data
Phase 3 (Weeks 9–12): Deploy with controls and monitoring
Shadow mode first: agent runs alongside humans without impacting production
Limited rollout next: a subset of queues or teams
Expand gradually: as metrics prove stable and controls mature
Establish continuous improvement: feedback loops, error analysis, and retraining of procedures and prompts as policies evolve
Operating model for scale
Scaling agentic AI in securities servicing and treasury management requires clear ownership:
AI product owner accountable for outcomes and roadmap
operations SMEs defining procedures and edge cases
risk, compliance, and audit partners embedded from the start
platform engineering to standardize connectors, logging, and deployment patterns
a center of excellence to set guardrails, with domain squads to execute
This structure helps avoid one-off agents that can’t be governed or reused.
The Strategic Upside: From “Servicing as Cost Center” to Differentiated Platform
New client propositions enabled by agents
Once agentic AI is embedded in the operating model, it enables product-level differentiation, not just cost takeout:
proactive corporate actions guidance based on entitlement and election intelligence
predictive fail prevention using patterns from historical investigations
near real-time treasury insights paired with automated investigations and recommended actions
standardized evidence packs and transparent status that clients can trust
Over time, this becomes a platform story: better information, faster resolution, more consistent controls.
Building trust as the differentiator
In institutional finance, trust beats novelty. The most valuable agentic AI in securities servicing and treasury management will be the system that:
shows its work with transparent evidence
behaves consistently under policy constraints
logs actions and decisions for audit
improves measurable KPIs without introducing hidden risk
That is how agentic workflows in banking move from pilots to production at scale.
Agentic AI in securities servicing and treasury management is not about replacing teams. It’s about giving operations and treasury professionals an execution layer that can investigate, draft, route, and record work at the speed and consistency modern markets demand, while staying aligned with governance.
To see how secure, enterprise-grade AI agents can be deployed across complex banking workflows with control and auditability, book a StackAI demo: https://www.stack-ai.com/demo
