MCP isn’t KYC-ready: Why regulated sectors are wary of open agent exchanges

For something launched in November, the Model Context Protocol (MCP) started to collect a large number of users, anything but the guarantee of the mass acceptance needed to make it an industrial stand.

But there is a subset of companies that do not come to the hype for the time being: regulated industries, in particular financial institutions.

Banks and other companies that offer access to loans and financial solutions are not strangers to AI. Many have been pioneers in machine learning and algorithms, and even play an essential role in making the idea to invest with the help of robots extremely popular. However, it does not mean that financial service providers want to immediately jump into the Bandwagon of MCP and Agent2Agent (A2A).

Although many regulated companies, such as banks, financial institutions and hospitals, have started experimenting with AI agents, these are usually internal agents. Regulated companies have APIs. Yet so much of the integration that these companies undertake have taken years of viseases to guarantee compliance and safety.

“They are very early days in a rapidly accelerating domain, but there are some fundamental building blocks that are missing, at least as standards or best practices with regard to interoperability and communication,” said Sean Neville, also -founder of Catena Labs. “In the early days of the web there was no e-commerce because there were no HTTPs, and no way to safely transactions, so you can’t build Amazon. You need these basic buildings, and now those building blocks exist and we don’t even think about it.”

Increasingly, companies and AI platform providers are establishing MCP servers while they develop multi-agent systems that interact with agents from external sources. MCP offers the possibility to identify an agent, allowing a server to determine the tools and data with which he has access. However, many financial institutions want more certainty that they can control integration and ensure that only approved tasks, tools and information are shared.

John Waldron, senior vice president ElavonA subsidiary of American bankVenturebeat told in an interview that while they explore the use of MCP, there are many questions about the standard.

“Not many standard solutions come up, so we are still many ways to make that, including perhaps make that connection without an MCP exchange if the agent technology is common between the two and they are just two different domains,” Waldron said. “But what is the traceability of the data exchange without a different exposure in that message? Much of what is currently happening within MCP evaluation is to find out whether the protocol simply handles the exchange and does not offer any further risk leak. If this is the case, it is a feasible path that we explore for handling that exchange.”

Models and agents are different

Financial institutions and other regulated companies are not strangers for AI models. Much of Passive Investing finally grew when RoboDvisers – where algorithms took decisions about financial planning and investments with little or no human intervention – popular. Many banks and asset managers have invested early in natural language processing to improve the efficiency of document analysis.

However, Salesforce Vice President and General Manager of Solutions and Strategy sector, Greg Jacobi, said Venturebeat that some of their financial customers already have a process to assess models, and they find it a challenge to integrate AI models and agents with their current risk scenarios.

“Machine learning and predictive models fit pretty well with that risk frame because they are deterministic and predictable,” said Jacobi. “These companies immediately take LLMs to their model riskomités and discovered that LLMS yields a non-determinist result. That is an existential crisis for these financial service providers.”

Jacobi said that these companies have risk management frameworks where, if they give input to models, they expect the same output every time. All variations are considered a problem, so they require a method for quality control. And while regulated companies have embraced APIs, with all the tests involved there, most regulated entities are “afraid of openness, to make something so public” that they cannot check.

However, Elavon’s Waldron is not dissing of the possibility that financial institutions can work in the future to support MCP or A2A.

“Looking from a business perspective and ask, I think MCP is a very crucial part of where I think the company logic is going,” he said.

Waldron said that his team will remain in the evaluation phase and “we have not yet built a server for pilot purposes, but we will see how we can deal with that bone-to-bot exchange of messages.”

Agents cannot do any other agent KYC

Neville from Catena Lab said that he looks at interoperability protocols such as MCP and A2A with great interest, especially because he believes that AI agents will be a customer for banks as human consumers in the future. Before he started with Catena Labs, Neville, co -founder of Circle, was the company that founded the USDC Stablecoin, so he has first -hand experience with the challenges to bring new technology to a regulated company.

Because MCP is open source and new, it still undergoes constant updates. Neville said that although MCP offers agentination, which is the key for many companies, there are still some missing functions, such as guardrails for communication and, above all, an audit track. These problems can be solved via MCP, A2A or even a completely different standard such as Loka.

He said one of the biggest problems with the current MCP is all about authentication. When agents are part of the financial system, even MCP or A2A, there is no real way to “know your-CUSTOMER” on agents. Neville said that financial institutions should know that their agents are dealing with recognized entities, so the agent must be able to point this out.

“There must be a way for an agent to say:” This is who I am as an agent, here is my identity, my risk and who I use on behalf of. ” That verifiable identity in a way that can understand all these different agent frameworks.