Welcome to AI for FIs, from Dixon Strategic Labs. Each week, this newsletter curates critical developments in agentic AI and explains why they matter for your credit union.
Last week, TD Bank launched an AI agent that handles the early-review work for a mortgage or Home Equity Line of Credit (HELOC) application in under three minutes. That work used to take a combined fifteen hours of human time across documents, income validation, and policy checks. A human underwriter still makes the final decision.
TD is moving fast. Most institutions deploying agentic AI cannot yet show how their systems operate, what humans review, or who remains accountable.
Only 3% of organizations say they have security controls built specifically for AI agents.
Building that discipline is part of deploying agentic AI. The issue closes with an exercise for a leadership team to map what the institution can explain about one of its AI systems (and to surface open questions that need to be answered).
TD Bank's agent handles the early review on mortgages and HELOCs
TD Stories / PYMNTS · May 21, 2026
TD Bank launched an agentic AI system that reduces the early review of mortgage and HELOC applications from 15 hours to under three minutes. The system classifies documents, extracts data, calculates income, validates against policy, flags discrepancies for human underwriters, and generates summary memos.
TD's Trustworthy AI team evaluates every system for privacy, security, fairness, accountability, and explainability before deployment, a function DataIQ recognized in 2025 as the best responsible AI program in North America.
TD targets $1 billion in annual value from AI, split evenly between cost savings and new revenue.
Why it matters: Speed multiplies whatever the agent gets right and whatever it gets wrong. The hardest mistakes to catch are systematic, like Zillow's pricing algorithm that cost over $500M before its automated home-buying program shut in 2021. Random-sample audits estimate how often files contain errors, but a systematic bias can look reasonable on any single file even as it compounds across all of them.
3% of organizations have security controls built for AI agents
CIO / Krti Tallam · May 26, 2026
Source: CIO
In a CIO piece, AI security researcher Krti Tallam reports new survey data. 37% of organizations have deployed AI agents or are testing them, up from 27% a year earlier. Only 3% have broadly deployed agent-specific security controls, and 20% have none at all.
Traditional controls relied on "human friction," pauses that accidentally prevented risky action chains.
Tallam ran a red-team exercise (a security test where defenders intentionally try to break a system). An internal IT-support agent used individually authorized access to ServiceNow, SharePoint, and an internal directory. Within two hours, it reconstructed an in-progress reorganization.
Why it matters: Model risk management covers software that produces scores and forecasts. Agent systems take actions.
Ron Shevlin argues that agentic AI vendors market outcomes like "80% faster decisions" but cannot explain how their systems reach those decisions in a way buyers can govern or audit. The 3% measures how few institutions have adapted controls for that difference.
Reuters / BNP Paribas Press · May 26, 2026
BNP Paribas expanded its Mistral partnership, adding on-premises agentic AI for sensitive work and a group-wide assistant.
BNP Paribas extended its three-year partnership with Mistral, the French AI lab, to strengthen its AI defenses and expand a group-wide employee assistant. The bank's digital banking assistant, already serving over a million customers, runs on Mistral models.
Mistral offers deployment paths a cloud-only provider does not. Several of its models are open-weight and can run on an institution's own servers, and BNP is using it for sensitive on-premises work like KYC as part of a broader multi-model approach.
Mistral targets regulated industries: finance, government, defense. BNP Paribas is also a financial backer, alongside HSBC, MUFG, and France's public investment bank Bpifrance.
Why it matters: For an agent, accountability includes knowing where the model runs and where the data sits. Open-weight and on-premises options let an institution keep sensitive data inside its own walls instead of a vendor's cloud. Most US FIs are defaulting to three cloud providers (Anthropic, OpenAI, Google)… BNP chose an alternative path.
On the Radar
Robinhood opened its platform to AI agents. Agents can trade equities from a sandboxed account funded separately from a user's main portfolio, and a new virtual Gold Card lets an agent make purchases up to a user-set spending limit, with optional approval on every buy.
Anthropic now lets enterprises keep the data-touching parts of an AI agent inside their own servers, with the model's reasoning still running at Anthropic.
The OCC signaled an AI governance gap: existing model risk guidance was not written for agents that take actions. Until regulators catch up, the institution is the only backstop.
Try This: The Explanation Conversation
The Open Ethics Canvas v1.0, a one-page conversation framework for teams evaluating AI systems. Source: Open Ethics Initiative
Last week's issue asked who is liable when an agent acts. This week's stories raise the question what would an institution need to be able to explain before letting an AI agent affect its members?
The Open Ethics Canvas is one way to start. It is designed as a structured conversation… ideally happening within a roomful of the right people.
Here’s how it could work:
A leadership team picks one AI system it is using, considering, or being pitched. Representation from across the org is ideal in this conversation, and teams will likely want representation from operations, compliance or risk, IT, and member/customer/user experience.
The canvas has roughly 20 sections. For a first conversation, these five carry meaningful operational weight: stakeholders, decision logic, explainability, human oversight, and failure modes.
The goal is to find the specific gaps in what the institution can explain about this system.
For a lending agent, a group might ask themselves:
What data enters the system?
What policy rules does it apply?
Which outputs are recommendations versus actions?
What can the human reviewer override?
What evidence gets stored?
What happens when the system misreads income, misses a discrepancy, or produces a memo the underwriter trusts too much?
The canvas's authors describe it as a conversation starter, and this is a conversation worth having.
In a moment where agentic AI is rewriting operational rules, I help credit union leaders sort out what this means for the future. Drop me a note at [email protected].
How this newsletter is made: Brent curates the research and writes the analysis. Claude helps with drafting and editing. Published on Beehiiv. ⚡ Alakazam ⚡.
Know someone who should be reading this? Send them the subscribe link.
