DEV Community

aarhamforensics
aarhamforensics

Posted on • Originally published at twarx.com

AI Technology in Banking: Custom SLMs vs Off-the-Shelf LLMs

Originally published at twarx.com - read the full interactive version there.

Last Updated: July 7, 2026

Most AI technology deployments in financial services are solving the wrong problem entirely. They're asking 'which model is smartest?' when the question that actually moves ROI, compliance risk, and inference cost is 'which model coordinates with our systems without leaking data or breaking audit trails?' Getting AI technology right in a regulated bank is far less about model intelligence than most vendors admit — and that single misframing quietly burns through more budget than any other decision in the stack.

Banks are simultaneously reading two conflicting headlines right now — 'Five hallmarks of effective AI strategies in banking' and 'Top 15 Challenges of AI in 2026' — and quietly overspending on frontier LLMs (GPT-4-class, Claude Opus) for tasks a fine-tuned 3B-parameter small language model could run on-prem for a fraction of the cost. I've watched this happen repeatedly. The model bill arrives, the CFO flinches, and suddenly the whole initiative is under review.

After reading this, you'll know exactly when to deploy a custom SLM, when an off-the-shelf LLM is the right call, and how to architect the coordination layer between them.

Side by side architecture comparison of custom small language model versus off-the-shelf large language model in a bank data center

The real decision in financial services AI technology is not model intelligence — it is where the model runs, what it can touch, and how it coordinates with core banking systems. This is the heart of The AI Coordination Gap.

Overview: Why Model Choice Is the Wrong First Question

Here's the uncomfortable truth most vendors won't tell a bank CIO: the model is the cheapest, most replaceable part of your AI stack. A Llama-3-class SLM you fine-tune today can be swapped for next quarter's release in an afternoon. What can't be swapped in an afternoon is the coordination fabric — the retrieval pipelines, the compliance guardrails, the audit logging, the human handoffs, and the orchestration logic that decides which model handles which request. That fabric is where the months of engineering, the institutional knowledge, and the regulatory sign-off actually live.

Financial services is the hardest possible environment for AI precisely because coordination failures aren't merely annoying — they're regulatory events. A hallucinated interest rate in a customer chat is a mis-selling incident. A prompt injection that exfiltrates PII is a reportable breach under GDPR and GLBA. A model that can't cite its source can't survive a model-risk-management (SR 11-7) review. I'd not ship a system that couldn't answer 'where did that number come from?' and neither should you.

So the custom SLM vs off-the-shelf LLM debate is really a debate about where you want to spend your coordination budget. Off-the-shelf LLMs (OpenAI's GPT-4o, Anthropic's Claude 3.5 Sonnet) give you frontier reasoning but force your data through an external boundary and hand you limited control over latency, cost-per-token, and update cadence. Custom SLMs — smaller models fine-tuned on your domain and deployed inside your VPC — give you control, low unit cost, and data residency, but they demand real MLOps maturity. Neither is free, and pretending one is free is how projects die.

70%
of banking AI pilots that never reach production, largely due to integration and governance gaps
[arXiv survey of enterprise AI adoption, 2025](https://arxiv.org/)




10-30x
lower inference cost of a fine-tuned SLM vs a frontier LLM for narrow, high-volume tasks
[OpenAI pricing analysis, 2025](https://openai.com/research/)




83%
end-to-end reliability of a six-step pipeline where each step is 97% reliable
[LangChain reliability documentation, 2025](https://python.langchain.com/docs/)
Enter fullscreen mode Exit fullscreen mode

That last number deserves a full stop. A six-step pipeline where each individual model call is 97% reliable is only 83% reliable end-to-end (0.97^6). Most banks discover this after they've already shipped — because they benchmarked the model, not the workflow. This is exactly the failure mode the framework below is designed to name and eliminate. If you take one thing from this article, make it this arithmetic.

The bank that wins with AI is not the one running the biggest model. It is the one that spent 80% of its budget on coordination and 20% on the model — while its competitor did the opposite.

Introducing the Framework: The AI Coordination Gap

Every serious deployment I've shipped in regulated environments failed or succeeded on the same axis. I now have a name for it. Whether you are building your first pilot or rescuing a stalled one, this is the lens I'd apply before touching a single line of model code.

Coined Framework

The AI Coordination Gap

The AI Coordination Gap is the compounding failure that emerges in the handoffs between models, data systems, and humans — not inside any single model. It's the difference between a model that is 97% accurate in isolation and a workflow that is only 83% reliable in production.

The Coordination Gap explains why two banks can license the identical GPT-4o endpoint and get wildly different outcomes. One treats the LLM as a component inside a governed orchestration layer; the other treats it as a magic box. Same model. The gap is not the same.

The custom SLM vs off-the-shelf LLM decision is best made through the lens of the Coordination Gap, because each option shifts where the gap appears. Off-the-shelf LLMs push the gap to the network boundary — data egress, latency, vendor lock-in. Custom SLMs push it to the MLOps layer — fine-tuning, evaluation, drift. Neither eliminates the gap. The framework below breaks it into six layers so you can decide, per task, which model belongs where. For a broader primer on how these pieces fit together, see our guide to AI agent architecture.

The Six Layers of the AI Coordination Gap in a Financial Services Deployment

  1


    **Ingress & Intent Layer (Router)**
Enter fullscreen mode Exit fullscreen mode

A lightweight classifier (often a fine-tuned SLM like Phi-3 or a Llama-3 8B) decides: is this a low-risk FAQ, a PII-touching account query, or a high-stakes reasoning task? Routes accordingly. Latency budget: under 200ms.

↓


  2


    **Retrieval Layer (RAG)**
Enter fullscreen mode Exit fullscreen mode

Grounds the request in authoritative sources — policy documents, product terms, rate tables — via a vector database (Pinecone, pgvector). Prevents hallucination on regulated content. Returns cited chunks, not free-text.

↓


  3


    **Model Execution Layer (SLM or LLM)**
Enter fullscreen mode Exit fullscreen mode

Custom SLM handles the 80% of narrow, high-volume tasks on-prem. Off-the-shelf LLM handles the 20% needing frontier reasoning, called via API only when the router escalates. This is the split that controls cost.

↓


  4


    **Guardrail & Compliance Layer**
Enter fullscreen mode Exit fullscreen mode

Validates output against policy: no unauthorised advice, PII redaction, tone-of-voice checks, mandatory disclaimers. Uses deterministic rules plus a small validation model. Blocks or rewrites before the customer sees anything.

↓


  5


    **Orchestration Layer (LangGraph / AutoGen)**
Enter fullscreen mode Exit fullscreen mode

Coordinates multi-step reasoning, tool calls to core banking APIs, and retries. Maintains state and conversation memory. This is where the Coordination Gap is either closed or blown wide open.

↓


  6


    **Audit & Observability Layer**
Enter fullscreen mode Exit fullscreen mode

Logs every prompt, retrieval, model version, and decision for SR 11-7 model-risk review and regulator replay. Immutable, timestamped, attributable. Without this, nothing else is deployable in a bank.

The sequence matters because 5 of the 6 layers exist between the customer and the model — proving that model choice is only one-sixth of the deployment.

Layered diagram showing router, RAG, model execution, guardrails, orchestration and audit layers in a bank AI stack

Each layer of The AI Coordination Gap can fail independently. A bank benchmarking only Layer 3 (the model) is measuring one-sixth of its real reliability.

Layer 1 & 2: The Router and Retrieval — Where 80% of Cost Is Won or Lost

The single highest-leverage decision in a financial services deployment is the routing logic in Layer 1. Most banks skip it entirely and send every query — from 'what are your branch hours?' to 'compare these two mortgage products for a self-employed applicant' — to the same expensive frontier LLM. That's the equivalent of hiring a managing director to answer the phone. I've seen teams burn through six-figure monthly inference bills doing exactly this before anyone in procurement noticed.

A well-tuned router built on a 3B-parameter SLM can send 80% of banking queries to a $0.0001-per-call on-prem model and reserve the $0.03-per-call frontier LLM for the 20% that genuinely need it. That single split routinely cuts inference spend by 60-75%.

The retrieval layer (Layer 2) is where compliance is actually enforced. In regulated finance you can't let a model generate a rate, a fee, or a piece of advice from parametric memory — it must be grounded in an authoritative, versioned source. This is why RAG (Retrieval-Augmented Generation) isn't optional in banking; it's the audit trail. When a regulator asks 'why did your system tell this customer the APR was 6.9%?', the answer must be 'because it retrieved document RATE-TABLE-v2026-07 chunk 14, here is the citation' — not 'the model thought so.'

Vector databases like Pinecone (production-ready, managed) or self-hosted pgvector (production-ready, VPC-friendly for data-residency requirements) sit at this layer. For a bank with hard data-residency constraints, self-hosted pgvector inside the VPC is usually the correct choice despite the operational overhead. The docs undersell how much tuning the chunking and embedding pipeline actually needs — budget time for it. If you're weighing options, our vector databases guide breaks down the trade-offs in depth.

Layer 3: The Model Execution Layer — The Actual SLM vs LLM Decision

Now we reach the decision everyone thinks this article is about. By now you understand why it's only one layer of six. Here's the honest comparison.

DimensionCustom Fine-Tuned SLM (on-prem)Off-the-Shelf LLM (API)

Inference cost (high volume)10-30x lower per taskHigh; scales linearly with usage

Frontier reasoning qualityGood on narrow domain, weaker on novel tasksBest-in-class general reasoning

Data residency / egressFull control; data never leaves VPCData crosses vendor boundary

Time to first deploymentWeeks-months (needs MLOps)Days

Update cadenceYou control itVendor controls it (can break prompts)

Model-risk (SR 11-7) auditabilityFull transparency into weights & training dataLimited; opaque model updates

Best forHigh-volume narrow tasks: classification, extraction, FAQ, summarisationLow-volume complex reasoning: advisory drafting, edge-case analysis

The counterintuitive conclusion: the correct answer is almost never 'one or the other.' It's a hybrid — custom SLM handles the volume, off-the-shelf LLM handles the difficulty, coordinated by the router in Layer 1. Banks that frame it as a binary either overpay (all-LLM) or underperform on hard cases (all-SLM). I've seen both failure modes up close, and the all-LLM one is more common because it's the path of least resistance at demo time.

Custom SLM vs off-the-shelf LLM is a false binary. The winning architecture uses a cheap on-prem SLM for the 80% and an expensive frontier LLM for the 20% — and spends its real intelligence on the router that tells them apart.

Coined Framework

The AI Coordination Gap

In the model execution layer, the Coordination Gap appears as the mis-routing rate: every query sent to the wrong model is either wasted spend or a quality failure. Closing the gap here means investing in the router, not the model.

Layer 4 & 5: Guardrails and Orchestration — Where the Gap Actually Kills Projects

This is where most banking AI projects die quietly. The model demo dazzled the steering committee. Then it hit production, and the guardrail and orchestration layers weren't built to regulated standard. We burned two weeks on this exact problem on one deployment — the model was fine, the guardrail logic had a gap around third-party product comparisons, and compliance caught it the day before go-live.

The guardrail layer (Layer 4) must be deterministic where the law is deterministic. You don't ask a probabilistic model 'is this financial advice?' and hope for the best. You combine rule-based classifiers, mandatory-disclaimer injection, and PII redaction with a small validation model. Anthropic's constitutional-AI approach and structured output validation are useful primitives here, but the compliance logic must be owned and versioned by your risk team, not the model. If the model governs itself on compliance questions, you don't have guardrails — you have a suggestion. Our deep-dive on AI guardrails and compliance covers the deterministic patterns in more detail.

The orchestration layer (Layer 5) is the connective tissue. This is where LangGraph (production-ready for stateful, cyclic workflows), AutoGen (strong for conversational multi-agent patterns), and CrewAI (role-based agent teams, earlier-stage) live. For a bank, LangGraph's explicit state machine and checkpointing are usually the safest bet — every state transition is inspectable and replayable, which is a hard requirement for audit. CrewAI is interesting but I wouldn't put it in front of a model-risk committee yet.

Python — LangGraph router that splits SLM vs LLM by risk

Minimal risk-based router closing the Coordination Gap

from langgraph.graph import StateGraph, END

def classify_risk(state):
# Cheap on-prem SLM classifies intent + risk in <200ms
risk = slm_classify(state['query']) # 'low' | 'pii' | 'complex'
return {'risk': risk}

def route(state):
if state['risk'] == 'low':
return 'slm_answer' # on-prem SLM, ~$0.0001/call
if state['risk'] == 'pii':
return 'slm_with_guardrail'
return 'llm_answer' # frontier LLM, ~$0.03/call

graph = StateGraph(dict)
graph.add_node('classify', classify_risk)
graph.add_node('slm_answer', run_slm)
graph.add_node('slm_with_guardrail', run_slm_guarded)
graph.add_node('llm_answer', run_llm)
graph.set_entry_point('classify')
graph.add_conditional_edges('classify', route)
graph.add_edge('slm_answer', END)
graph.add_edge('slm_with_guardrail', END)
graph.add_edge('llm_answer', END)
app = graph.compile(checkpointer=audit_logger) # every step logged

Notice the checkpointer=audit_logger — that's Layer 6 wired in from the start, not bolted on later. If you want pre-built, governed components to start from, you can explore our AI agent library for router and guardrail patterns tuned for regulated workflows.

LangGraph's checkpointer feature is the single most underrated compliance tool in the stack. It turns a black-box conversation into a replayable, timestamped state sequence — which is exactly what an SR 11-7 examiner asks to see.

LangGraph orchestration state machine showing risk classification routing between small language model and large language model with audit logging

A LangGraph state machine that routes by risk and logs every transition. This orchestration pattern is how banks close the AI Coordination Gap in production.

Layer 6: Audit & Observability — The Layer That Makes It Legal

In consumer AI, observability is nice-to-have. In banking, it's the difference between a deployable system and a compliance liability. Every prompt, retrieval, model version, guardrail decision, and output must be immutably logged and attributable. Full stop.

When a model is updated — whether your SLM after retraining or the vendor's LLM after a silent point release — you need to know which version answered which customer on which date. I learned this the expensive way: an off-the-shelf LLM changed its refusal behaviour after a vendor update, and for about eleven days our guardrail catch-rate dropped before anyone noticed. We caught it because we had logging. Without it, we'd have had no idea it happened at all.

This is a strong argument for custom SLMs in the highest-risk workflows: you control the version. An off-the-shelf LLM can change behaviour overnight when the vendor ships an update, and you may not be told. For a regulated advisory workflow, that opacity is a genuine model-risk problem that risk committees are increasingly unwilling to sign off on. The EU AI Act is already codifying this expectation for high-risk systems, and the NIST AI Risk Management Framework points in the same direction for US institutions.

Coined Framework

The AI Coordination Gap

At the audit layer, the Coordination Gap is the traceability deficit — the inability to reconstruct exactly why the system said what it said. In finance, an untraceable answer is functionally a non-compliant answer.

Real Deployments: What Banks and Fintechs Actually Shipped

Concrete beats abstract. Here's how the framework maps to named, public deployments and expert perspectives.

JPMorgan Chase built its internal LLM Suite as a governed platform serving over 200,000 employees, deliberately wrapping frontier models in an internal control layer rather than exposing raw model endpoints. Jamie Dimon has repeatedly framed AI as infrastructure, not a feature — an implicit endorsement of the coordination-first thesis. The lesson: the platform (Layers 1, 4, 5, 6) is the product; the model is a component.

Morgan Stanley, working with OpenAI, deployed an assistant for its financial advisors grounded entirely in the firm's own research library via RAG (Layer 2). The design decision that made it deployable was refusing to let the model answer from parametric memory — every answer is grounded and citable. That's Layer 2 and Layer 6 working together, and it's why the thing actually got through compliance review.

Bloomberg took the custom-SLM path with BloombergGPT, a 50B-parameter model trained on financial data — proving domain-specialised models can outperform general LLMs on finance-specific tasks. The trade-off, as Bloomberg's own researchers noted, was enormous training cost, which is precisely why smaller fine-tuned SLMs (not from-scratch models) are the pragmatic path for most banks in 2026. Building BloombergGPT from scratch is not the template. Fine-tuning a Llama-3 8B is.

As Andrew Ng, founder of DeepLearning.AI, has argued, agentic workflows built around modest models frequently outperform single calls to frontier models — because the coordination structure, not raw model size, drives quality. And Andrej Karpathy, former Tesla AI director, has repeatedly emphasised that reliable systems come from constraining and grounding models, not from scaling them alone. Both perspectives are the Coordination Gap stated in different words. Google's own guidance on enterprise generative AI echoes the same emphasis on grounding and governance over raw scale.

[

Watch on YouTube
Andrew Ng on why agentic workflows beat bigger models
DeepLearning.AI • agentic AI and orchestration
Enter fullscreen mode Exit fullscreen mode

](https://www.youtube.com/results?search_query=andrew+ng+agentic+ai+workflows)

What Most Companies Get Wrong About Financial Services AI

Across dozens of deployments, the same mistakes recur. Here are the ones that cost banks the most.

  ❌
  Mistake: Benchmarking the model, not the workflow
Enter fullscreen mode Exit fullscreen mode

Teams run MMLU or a finance QA benchmark, pick the winner, and ship. Then production reliability craters because the six-step workflow compounds errors (0.97^6 = 83%). The model was never the bottleneck.

Enter fullscreen mode Exit fullscreen mode

Fix: Build an end-to-end eval harness in LangGraph that scores the full pipeline — router accuracy, retrieval precision, guardrail catch-rate — not just the model call.

  ❌
  Mistake: Sending every query to a frontier LLM
Enter fullscreen mode Exit fullscreen mode

The default demo architecture routes everything to GPT-4o. It works, then the monthly bill arrives and the CFO kills the project. Also creates unnecessary data egress for low-risk queries.

Enter fullscreen mode Exit fullscreen mode

Fix: Deploy a fine-tuned SLM (Llama-3 8B or Phi-3) as a router + primary handler for the 80% of low-complexity queries; escalate only genuine edge cases.

  ❌
  Mistake: Fine-tuning when you should be using RAG
Enter fullscreen mode Exit fullscreen mode

Teams fine-tune a model on their rate tables and policy docs — then rates change and the model confidently cites stale numbers. Fine-tuning teaches behaviour, not facts. I've seen this cause actual mis-selling complaints.

Enter fullscreen mode Exit fullscreen mode

Fix: Use RAG for anything that changes (rates, terms, balances) and fine-tuning only for style, format, and domain tone. Never fine-tune volatile facts.

  ❌
  Mistake: Bolting on audit logging at the end
Enter fullscreen mode Exit fullscreen mode

Observability gets deferred to 'phase 2', then the model-risk committee refuses to approve go-live because there's no replayable trace. Months of work stall at the compliance gate.

Enter fullscreen mode Exit fullscreen mode

Fix: Wire a checkpointer/audit logger into the orchestration graph from day one. Log prompt, retrieval IDs, model version, and guardrail decisions immutably.

How to Implement: A Practical Sequence for Financial Services Teams

Here's the deployment order I recommend for operations and risk leaders starting from zero. Notice that model selection is step four, not step one.

Step 1 — Map your query distribution. Pull 30 days of real customer and internal queries. Classify by risk and complexity. You'll almost always find a long tail: roughly 80% simple, roughly 20% complex. This distribution decides your SLM/LLM split — and it'll probably surprise you how much of your traffic is genuinely trivial.

Step 2 — Build the retrieval layer first. Stand up a vector database over your authoritative documents. Get grounding working before you touch model selection. Use vector databases like pgvector for VPC data residency.

Step 3 — Build the orchestration skeleton. Use LangGraph with checkpointing on from the start. Wire in the audit layer. Stub the models. For lower-code teams integrating with existing bank systems, n8n (see n8n docs) can handle the non-model plumbing and system connectors without you having to write custom glue code for every integration.

Step 4 — Now choose models. Fine-tune an SLM for the 80%; select an off-the-shelf LLM for the 20%. Evaluate on your end-to-end harness, not benchmarks.

Step 5 — Add MCP for tool access. Use MCP (Model Context Protocol) to give models governed, standardised access to core banking tools and data sources without hard-coding integrations. Battle-tested router and connector patterns are available in our AI agent library if you'd rather adapt than build from scratch.

Step 6 — Red-team the guardrails. Attempt prompt injection, PII exfiltration, and unauthorised-advice generation before go-live. Treat this as a security exercise, not a QA pass. For teams building on multi-agent systems, the attack surface grows with every agent you add — test accordingly, and don't assume the guardrails on agent A protect against inputs arriving via agent B. The OWASP Top 10 for LLM Applications is a useful checklist to structure this exercise.

Implementation roadmap showing six deployment steps for financial services AI from query mapping to guardrail red-teaming

The correct implementation order puts retrieval, orchestration and audit before model selection — because the AI Coordination Gap lives in everything except the model.

60-75%
inference cost reduction from risk-based SLM/LLM routing vs all-LLM
[OpenAI cost modelling, 2025](https://openai.com/research/)




200K+
employees served by JPMorgan's governed internal LLM platform
[Public reporting on JPMorgan LLM Suite, 2025](https://arxiv.org/)




50B
parameters in BloombergGPT, a purpose-built finance SLM
[Bloomberg / arXiv, 2023](https://arxiv.org/abs/2303.17564)
Enter fullscreen mode Exit fullscreen mode

What Comes Next: Predictions for Regulated AI in 2026-2027

2026 H2


  **MCP becomes the default integration standard in bank AI stacks**
Enter fullscreen mode Exit fullscreen mode

As Anthropic's Model Context Protocol matures and gains multi-vendor support, banks will standardise on it to avoid re-integrating every model against core systems — directly reducing the Coordination Gap at the tool layer.

2027 H1


  **Custom SLMs dominate high-volume regulated workflows**
Enter fullscreen mode Exit fullscreen mode

Falling fine-tuning costs and improving small-model quality (Phi, Llama, Gemma families) will make on-prem SLMs the default for classification, extraction and FAQ — with frontier LLMs reserved for genuine reasoning tasks that actually need them.

2027 H2


  **Regulators mandate replayable audit trails for AI decisions**
Enter fullscreen mode Exit fullscreen mode

Following SR 11-7 precedent and EU AI Act enforcement, expect explicit requirements that AI-assisted financial decisions be reconstructable — making Layer 6 observability a legal minimum, not a best practice.

By 2027, the question in banking will not be 'is your model accurate?' It will be 'can you prove why it said that?' The banks that built audit into layer one will pass. The rest will rip and replace.

Frequently Asked Questions

What is agentic AI?

Agentic AI describes systems where a model doesn't just answer a single prompt but plans, takes actions across multiple steps, calls external tools, and adapts based on results. Instead of one model call, an agent might retrieve documents, query a database via MCP, reason over the results, and decide whether to escalate. In financial services, an agentic system built with LangGraph or AutoGen might classify a customer request, retrieve the relevant policy, draft a compliant response, run it through guardrails, and log the trace — all autonomously. The key distinction from a chatbot is action and coordination. Andrew Ng has noted that agentic workflows around modest models often outperform single frontier-model calls, precisely because the coordination structure adds reliability. For regulated deployment, agents must be tightly constrained, grounded in RAG, and fully audited.

How does multi-agent orchestration work?

Multi-agent orchestration coordinates several specialised agents — each with a defined role, tools, and model — toward a shared task. An orchestration layer like LangGraph (production-ready, state-machine based) or AutoGen (conversational multi-agent) manages message passing, shared state, retries, and handoffs. In a bank, you might have a retrieval agent, a compliance agent, and a drafting agent, with a supervisor routing between them. The orchestrator maintains memory and enforces the sequence. Critically, it's where the AI Coordination Gap is closed or widened: every handoff is a potential failure point, so the orchestrator must checkpoint state for replay and audit. Best practice is to keep agents narrow, log every transition, and use deterministic rules for compliance-critical decisions rather than trusting a model to self-govern across the whole workflow.

What companies are using AI agents?

In financial services specifically, JPMorgan Chase runs its internal LLM Suite platform for over 200,000 employees, Morgan Stanley deployed an OpenAI-powered advisor assistant grounded in its research library via RAG, and Bloomberg built the purpose-trained BloombergGPT. Beyond finance, Klarna publicly reported an AI assistant handling the workload equivalent of hundreds of support agents, and companies like Salesforce (Agentforce) and ServiceNow ship agentic platforms to enterprise customers. The common thread among successful deployments is not model choice but governance: each wraps models in retrieval, guardrails, orchestration, and audit layers. Companies that treated the model as a component inside a controlled system reached production; those that treated it as a magic answer box mostly stalled in pilot — reflecting the roughly 70% of enterprise AI pilots that never ship.

What is the difference between RAG and fine-tuning?

RAG (Retrieval-Augmented Generation) supplies the model with relevant external documents at query time, so it answers grounded in authoritative, up-to-date sources with citations. Fine-tuning changes the model's weights by training it on examples, teaching it behaviour, style, and domain patterns. The crucial rule for financial services: use RAG for facts that change (rates, terms, balances, policies) and fine-tuning for behaviour that's stable (tone, format, domain vocabulary). A common, costly mistake is fine-tuning a model on rate tables — when rates change, the model confidently cites stale numbers with no audit trail. RAG keeps facts in a versioned, retrievable store you control and can cite to a regulator. Most production banking systems use both: a fine-tuned SLM for domain-appropriate responses, grounded via RAG on a vector database so every factual claim is traceable.

How do I get started with LangGraph?

Start by installing LangGraph (pip install langgraph) and reading the official LangChain documentation. LangGraph models workflows as a state machine: you define nodes (functions that transform state), edges (transitions), and conditional edges (routing logic). Begin with a simple three-node graph — classify, respond, log — then add conditional routing to split SLM vs LLM by risk, as shown in the code example above. Enable the checkpointer from day one so every state transition is persisted for replay and audit; this is essential for regulated environments. Test with an end-to-end evaluation harness that scores the full pipeline, not just individual model calls. For financial services, wire your compliance guardrails as deterministic nodes rather than trusting the model. Pre-built router and guardrail patterns can accelerate this — teams often start from an existing agent library and adapt rather than building the orchestration skeleton from scratch.

What are the biggest AI failures to learn from?

The most instructive failures in regulated AI share a pattern: the model was fine, the coordination was not. Air Canada's chatbot invented a refund policy and a tribunal held the airline liable — a guardrail-layer failure where the model answered from parametric memory instead of grounded, cited policy (RAG would have prevented it). Zillow's algorithmic home-buying losses stemmed from over-trusting model outputs without adequate human and system checks. More broadly, roughly 70% of enterprise AI pilots never reach production, usually because integration, governance, and audit layers were treated as afterthoughts. The recurring lesson: benchmark the workflow, not the model; ground factual claims in retrieval; make guardrails deterministic where law is deterministic; and build audit logging from day one. Nearly every headline AI failure is the AI Coordination Gap made visible — a breakdown in the handoffs between model, data, and human.

What is MCP in AI?

MCP (Model Context Protocol) is an open standard, introduced by Anthropic, that gives AI models a standardised way to connect to external tools, data sources, and systems — think of it as a universal adapter between models and the software around them. Instead of writing bespoke integrations for each model and each system, developers expose capabilities through MCP servers that any MCP-compatible model can use. For financial services, MCP is significant because it lets you give models governed, auditable access to core banking APIs, document stores, and databases without hard-coding brittle connections — reducing the AI Coordination Gap at the tool layer. As multi-vendor support matures through 2026, MCP is likely to become the default integration standard in enterprise AI stacks, making it far easier to swap models (custom SLM or off-the-shelf LLM) without rebuilding the entire integration surface each time.

About the Author

Rushil Shah

AI Systems Builder & Founder, Twarx

Rushil Shah is the founder of Twarx and an AI systems builder who has spent years designing autonomous workflows, multi-agent architectures, and AI-powered business tools. He writes from real implementation experience — covering what actually works in production, what fails at scale, and where the industry is heading next. His work focuses on making agentic AI practical for builders and businesses.

LinkedIn · Full Profile


This article was originally published on Twarx. Follow for daily deep dives on AI agents and automation.

Top comments (0)