Over the past two years I have built more than fifty proof-of-value agentic systems for large enterprises: banks, capital markets desks, wealth managers, insurers, health insurers, retailers, telecoms. Different stacks, different regulatory weather, different definitions of "done." Somewhere around build thirty, the pattern stopped being interesting and started being reliable. That is the best thing a pattern can do. Boring patterns are the ones you can bet a roadmap on.

Here is the pattern: agents earn their keep in exception paths, not happy paths. The happy path of almost every enterprise process is already well served by code. It is deterministic, high-volume, and cheap to run, and it has usually been automated twice already. The exception path is where documents arrive with missing pages, counterparties disagree, three systems report three different truths, and a person spends forty minutes reconstructing what actually happened. The happy path wants code. The exception path wants judgment. Agents are a way to buy judgment at machine speed, and they are only worth their cost where judgment was the bottleneck.

This guide is the map I wish I had at build number five. It covers where agentic AI actually worked across those fifty-plus builds, organized two ways: by workflow shape (the useful abstraction) and by industry (the way buyers actually ask the question). No customer names anywhere; institutions are generalized to their honest silhouette, like "a major North American bank." Numbers are generalized the same way, like "days to minutes." And where something failed, I say so, because the failures drew this map as much as the wins did.

## The fit heuristic: deviation × tool count × stakes

Before any industry detail, this is the screening test I run on every candidate use case. Three questions, in order.

**Deviation.** How much does an individual case differ from the template? If 95% of cases follow the same five branches, write code. Enumerate the branches, encode them in a rules engine or a decision table, and be done. Agents in low-deviation workflows are pure overhead: slower, more expensive, and nondeterministic exactly where determinism was the requirement. High deviation is the opposite signal. When every case is a slightly different mess, the branch enumeration never converges, and the maintenance cost of the hand-coded decision tree exceeds the run cost of a model that can read the situation.

**Tool count.** This is my shorthand, and I have said it in enough rooms that I will commit it to writing: three tools versus ten tools. If the workflow touches three systems in a fixed order, orchestration is a solved problem. Write the three calls, wire the error handling, ship it. If the workflow needs ten tools and the right next call depends on what the last call returned, you are no longer writing integration code. You are hand-coding a planning problem, and that code rots the moment the process changes. That is where an agent's planning loop starts to earn its overhead: not because the model is smart, but because the alternative is a decision tree nobody will maintain.

**Stakes.** High stakes do not disqualify agents. They disqualify unsupervised agents. A high-deviation, high-stakes workflow (adjudicating a mortgage, examining a letter of credit, triaging a prior authorization) is often the best possible agent use case, provided the agent runs inside a control plane: validation gates, an audit trail that captures every tool call and its inputs, human checkpoints at the decisions that matter, and a deterministic fallback when the agent is unavailable or unsure. I covered the control-plane architecture in depth in [Governing Agentic AI](/guides/governing-agentic-ai/); this guide takes it as given.

The grid version, since the grid is what people photograph off the slide:

| Deviation | Stakes | What to build |
| --- | --- | --- |
| Low | Low | Code. Do not overthink it. |
| Low | High | Code plus a rules engine plus an audit trail. Determinism is the feature. |
| High | Low | A lightweight agent, reviewed after the fact, improved through evals. |
| High | High | An agent inside a control plane: validation gates, HITL checkpoints, deterministic fallback. |

Tool count is the tiebreaker inside each cell. Three tools pulls you toward code even at high deviation. Ten tools pulls you toward an agent even when deviation looks moderate, because moderate deviation across ten systems compounds into more branches than anyone will enumerate.

![Deviation by stakes fit quadrant: write code, code plus review, lightly governed agent, and agent plus control plane, with the three tools versus ten tools tiebreaker on the deviation axis](/diagrams/fit-heuristic.svg)

> Review comment: if your agent demo only shows the happy path, you have demonstrated the part of the process that least needed an agent.

## The four workflow shapes

Across fifty-plus builds, nearly everything that worked collapsed into four shapes. Industries decorate them differently, but the load-bearing structure repeats. For each shape I will give the same four answers: what the agent does, what stays deterministic, where the human sits, and what to measure. If a vendor or an internal team cannot give you those four answers about their agent, they have a demo, not a design.

![The four workflow shapes as cards: examination of documents against a rulebook, investigation of evidence across systems, triage and resolution of exceptions, and a concierge guiding a multi-step journey, each with where the human sits and an example domain](/diagrams/workflow-shapes.svg)

### Examination: documents against a rulebook

One or more documents compared against a codified standard. Letter-of-credit examination against UCP 600. Claims adjudication against policy terms. Underwriting submissions against appetite guidelines. The rulebook is stable and versioned; the inputs are messy, scanned, and inconsistent. That asymmetry is the whole opportunity.

**What the agent does.** Reads the messy input, extracts and normalizes fields, compares them field by field against the rulebook, and writes a discrepancy narrative a trained human can verify in minutes instead of reconstructing in hours.

**What stays deterministic.** Every rule you can encode without interpretation. Date arithmetic, tolerance thresholds (UCP 600's quantity tolerance is arithmetic, not judgment), routing logic, and the final status transition. The agent proposes; code disposes.

**Where the human sits.** Reviewing flagged discrepancies above a materiality threshold, and always on the refuse or deny decision. Nobody's documents get rejected by a model alone.

**What to measure.** Discrepancy precision and recall against experienced examiners, per field. The single number that matters most is the false pass rate: a missed discrepancy means paying against noncompliant documents, and that failure is silent until it is expensive.

### Investigation: evidence across systems

Gather evidence from many sources, reconcile conflicts, and synthesize a case. KYC investigations. Network incident triage. The defining property is that nobody knows in advance which sources will matter for this particular case, which is exactly the property that kills hand-coded pipelines.

**What the agent does.** Plans its own queries across registries, watchlists, document stores, logs, and internal systems. Reconciles conflicting evidence (two registries, two spellings, one entity). Produces a case file with citations back to source records.

**What stays deterministic.** The mandatory-source checklist. An agent does not get to skip sanctions screening because it felt confident. The risk-scoring formula also stays in code, along with the escalation thresholds. The agent gathers evidence; a formula turns evidence into a score.

**Where the human sits.** On the disposition, and non-negotiably on adverse dispositions. The agent's job is to make the human's forty minutes of assembly disappear, not to make the decision disappear.

**What to measure.** Evidence completeness: the percentage of mandatory sources the agent actually consulted, measured from tool-call logs, not assumed from the prompt. Citation accuracy: does every claim in the case file trace to a real source record. Then time-to-disposition, which is the number the business bought.

### Triage and resolution: classify, then pick a path

An exception arrives; something did not match. Purchase-order discrepancies, failed payments, post-trade breaks. The workflow is a diagnosis followed by a choice among remediation paths.

**What the agent does.** Diagnoses the exception from the evidence and selects a remediation path from a bounded menu. Door one through door seven. The agent picks the door; it never builds a new door at runtime.

**What stays deterministic.** The remediation actions themselves. Each path is a pre-built, tested, deterministic flow. The agent's authority ends at the selection; execution is code.

**Where the human sits.** Approving irreversible or high-value paths before execution, and owning the "none of the above" queue. That queue is not failure; it is the backlog from which you design the next remediation path.

**What to measure.** Correct-path rate against a labeled gold set. Auto-resolution rate. And the cost asymmetry of a wrong path, because that asymmetry, not the average accuracy, determines where the approval gates go.

### Concierge: a guided journey with generative UI

A multi-step journey where the agent guides a person through a process: account onboarding, a complex purchase, a service request. The critical design choice, learned the hard way, is generative UI over chat. The agent generates the next step of the interface (a pre-filled form, a summary to confirm, a choice to make) instead of holding a conversation. People finish forms. They abandon conversations.

**What the agent does.** Drives the journey, adapts the next step to what it already knows about the user and the case, pre-fills what can be pre-filled, and explains what it needs and why.

**What stays deterministic.** The process state machine underneath. Validation rules, compliance steps (identity checks, suitability), and the boundaries of what data may be displayed. The agent decorates the state machine; it does not replace it.

**Where the human sits.** The customer is the human in the loop, step by step. In regulated journeys there is a second human: the back-office reviewer who signs off before anything binding happens.

**What to measure.** Completion rate against the static-form baseline. Where people abandon. Correction rate (how often the agent's pre-filled values get overridden). Escalation-to-human rate.

The four shapes, side by side:

| Shape | Agent's job | Deterministic core | Human's seat | North-star metric |
| --- | --- | --- | --- | --- |
| Examination | Extract, compare, narrate discrepancies | Rulebook math, thresholds, routing | Sign-off on refuse/deny | False pass rate |
| Investigation | Gather, reconcile, build the case | Mandatory sources, scoring formula | Final disposition | Evidence completeness |
| Triage & resolution | Diagnose, pick a remediation path | The remediation flows themselves | Approval on irreversible paths | Correct-path rate |
| Concierge | Drive the journey, generate the next step | Process state machine, compliance gates | Is the journey (plus a reviewer) | Completion rate |

One note on plumbing before the industry tour. I build these on Camunda because I want the deterministic core, the human tasks, and the audit trail in one orchestration layer, but nothing in the four shapes depends on that choice. The same designs port to Temporal, LangGraph with a proper state store, or plain Node.js with discipline. Shapes first, products second.

## Banking: investigation at case-file scale

The flagship banking build, repeated in variations across several institutions including top-5 Canadian banks, was a KYC investigation agent: identity verification, document analysis, sanctions and adverse-media screening, and structured evidence feeding a risk score. The honest outcome shape was days to minutes for case preparation. Not for the decision, for the preparation. Analysts went from assembling cases to reviewing them, which is both the productivity win and the control: a human still owns every disposition. Around that core sat the other banking builds: credit and mortgage adjudication with judge-agent validation gates on the work product, payment exception handling (a pure triage shape), and open-banking flows where agents orchestrate consented data access across institutions, a pattern I wrote about publicly on the Camunda blog.

Banking fits because KYC is investigation-shaped to a fault. Every case is a different mess: layered corporate structures, name variants across scripts, registry data that contradicts itself. The branch enumeration never converges, and the tool count is well past ten before you finish listing the watchlists. It is the clearest high-deviation, high-stakes cell in the grid, which is why it also demands the heaviest control plane I build anywhere.

The trap in banking is letting the agent compute the risk score. It will happily do so, and it will sound authoritative. Keep the split clean: evidence from the agent, score from a formula that model-risk teams can read, version, and challenge. A regulator asking "why this rating" gets an answer built from human-checkable evidence and a deterministic formula. "The model weighed the factors" is not an answer, and in my experience the institutions know this before their vendors do.

## Capital markets: the rulebook was the gift

The build I cite most is letter-of-credit examination against UCP 600: field-by-field discrepancy detection across the LC, the invoice, the bill of lading, and the supporting certificates, with a deterministic fallback to manual examination whenever extraction confidence dropped below threshold. The measured shape in the proof of value was hours to seconds per document set. I will attach the honest caveat immediately: that number came from a curated document set. Production scans are worse, handwriting exists, and the fallback path is not an optional extra, it is the reason the number is allowed to exist. Alongside LC examination sat trade reconciliation, post-trade remediation, and trade request and exception management, all of which turned out to be triage shapes: the agent classifies the break and selects the remediation, code executes it.

Capital markets fits because it hands you the rarest asset in this work: a stable, versioned, externally governed rulebook. UCP 600 has not changed since 2007. The inputs are chaos, the standard is stone, and examination-shaped agents live exactly in that gap. Document examiners are scarce, expensive, and retiring; the demand side of this build was never hard to explain.

The trap is treating the agent's "compliant" as final. A false pass in LC examination means a bank pays against discrepant documents, and the loss arrives months later wearing someone else's signature. Every serious version of this build kept a human sampling regime re-examining a slice of "clean" verdicts, with the false pass rate on a dashboard where the desk head could see it. When the sampling rate drifts to zero, the control has failed, whatever the accuracy chart says.

## Wealth: the concierge that had to earn advisor trust

For wealth managers I built onboarding concierges with generative UI (the journey shape, exactly as described above) and a risk-assessment plus portfolio-recommendation flow where the agent drafts and an advisor reviews. The onboarding work is where I became convinced that generative UI beats chat for journeys: completion, not conversation quality, is the metric, and step-shaped interfaces complete. The recommendation flow is where the human-in-the-loop placement mattered most. The agent assembles the client picture and drafts a proposal; the suitability rules run deterministically; the advisor reviews, edits, and owns what the client sees.

Wealth is also where my evaluation practice grew up. During a proof of value at a major North American bank, we benchmarked models on the actual workflow rather than trusting tier pricing, and found a mid-tier model matched the premium model's accuracy at roughly 1/13th the cost, with tool-skip rates measured from logs, not assumed. That finding changed how I scope every build since, and it is the origin story of [Evaluating Agentic Systems](/guides/evaluating-agentic-systems/). The general lesson travels: in agentic workflows the tool loop and the guardrails do more work than raw model quality, so measure before you pay.

The trap in wealth is shipping the recommendation straight to the client because the draft looks polished. Polish is precisely the risk. A fluent, wrong portfolio proposal is more dangerous than a clumsy one, because nothing about its surface invites scrutiny. The advisor gate is not a transitional arrangement to be optimized away; in a suitability regime it is the product.

## Insurance: underwriting as examination plus judgment

The insurance build was commercial P&C underwriting support: document intelligence across the submission (loss runs, schedules of values, broker emails that bury the one material fact in paragraph nine), deterministic appetite and risk rules, and a judge agent validating the assembled work product before an underwriter sees it. The outcome shape was submission-to-quote-ready time collapsing from days of assembly to under an hour of review, with every extraction and every rule firing logged for the audit trail. The system was designed to regulator-style expectations from the first sprint, not retrofitted, because in insurance the audit story is part of the sale.

Underwriting fits because it is examination-shaped with an investigation garnish. The appetite guide is the rulebook; the submission is the messy document set; and the deviation is enormous because no two commercial risks arrive described the same way. The tool count clears the bar too, once you count the loss-run parsers, the property data services, the sanctions checks, and the internal exposure systems.

The trap is burying the appetite rules in the prompt. It works in the demo, and then it drifts, silently, in a way no risk officer can inspect. Rules that decide whether the carrier wants the risk belong in a rules engine (DMN or equivalent) that underwriting leadership can read, version, and change without a prompt engineer in the room. The agent's job is to structure the submission so the rules can fire, not to become an unversioned copy of them.

## Healthcare: speed where speed is safe

For a major US health insurer (generalized, as everything here is) I built claims processing and prior-authorization-style triage. The design principle was asymmetric automation: the agent accelerates approvals and assembles evidence, and humans own every denial. An approval-shaped case gets checked against clinical criteria deterministically and moves in minutes. A case heading toward denial gets a complete, cited evidence package and a human reviewer, full stop. The measured shape was the approval queue moving from days to same-day, while denial decision quality got better rather than faster, because reviewers started from an assembled case instead of a document pile.

Healthcare fits the shapes cleanly (claims are examination, prior-auth triage is triage), but it earns its own section because the stakes are not symmetric and the design must encode that. A slow approval costs money. A wrong denial costs care, then litigation, then headlines. Any architecture that treats those two errors as the same class of defect is wrong before the first line of code.

The trap, obviously but it needs saying because the industry keeps attempting it, is automating denials. It is the single worst place in any industry I work in to put model autonomy: legally exposed, ethically indefensible, and reputationally radioactive. The pitch that sells and survives is faster yeses and better-prepared maybes. I have declined to build the other version.

## Retail: exceptions at Fortune-10 scale

For Fortune-10-scale retailers I built order and purchase-order exception triage: quantity mismatches, pricing disputes, shipping-notice discrepancies, invoice-versus-receipt breaks. Pure triage shape. The agent classifies the exception, gathers the two or three facts that disambiguate it, and routes it down one of a bounded set of remediation flows; high-value and irreversible paths queue for human approval. At that scale the arithmetic is blunt: exception volume is so large that an auto-resolution rate in the 60-70% shape returns real money, and the residual queue arriving pre-classified with evidence attached makes the human half faster too.

Retail fits because deviation lives exactly where the volume is. The happy path (order placed, shipped, received, paid) was automated decades ago. The exception tail was never automated because every exception is a snowflake, and snowflakes are what the fit heuristic selects for. The second retail thread is agentic commerce, the concierge shape applied to purchasing, which I keep architecturally separate because the moment an agent can spend money the control problem changes species. That problem has its own protocol surface and its own guide: the [AP2 field guide](/guides/ap2-field-guide/).

The trap is chasing 100% auto-resolution. The last decile of exceptions is not like the first nine: it is where fraud lives, where the genuinely novel failures live, and where a confidently wrong remediation writes off real money. Cap the agent's authority by value and reversibility, keep the "none of the above" queue human, and treat that queue as the design backlog for the next remediation path rather than as a defect count to be driven to zero.

## Telecom: triage before the war room

The telecom build was NOC incident triage: an agent that meets the alarm storm, correlates across network layers and element managers, pulls the change records and the topology, and produces an incident summary with probable cause, blast radius, and suggested next diagnostic. Investigation shape under time pressure. The outcome shape was time-to-first-meaningful-action dropping from tens of minutes to a couple of minutes, which in an outage is the only clock anyone cares about.

Telecom fits because incident evidence is scattered by design: alarms in one system, changes in another, topology in a third, customer impact in a fourth. Correlation is the job, every incident correlates differently, and the tool count is comfortably past ten. It is also a rare case where the "user" is an expert under stress, which raises the bar on summary quality: a wrong probable cause does not just waste time, it aims the whole war room at the wrong layer.

The trap is measuring summaries produced instead of operator behavior changed. If the NOC still opens the same five consoles and runs the same manual correlation after reading the agent's summary, you have built decoration, and expensive decoration at that. Instrument what operators do next. And keep remediation strictly gated: an agent that can restart elements on a live network without an approval step is not a triage agent, it is an unreviewed change to the network with a language model attached.

## Cross-cutting lessons

Four lessons survived contact with every industry above.

**Document intelligence is the workhorse.** The unglamorous truth of fifty builds: in most of them, the majority of delivered value was turning messy documents into structured, confidence-scored claims. LCs, loss runs, KYC documents, prior-auth packets, broker emails. Nobody puts extraction on the keynote slide, and nothing downstream survives without it. If I could only fund one capability in an enterprise agent program, it would be this one.

**Judge agents as validation gates.** A second model, with a different prompt and ideally a different model family, checks the first agent's work product against an explicit rubric before it reaches a human or a system of record. I used this in mortgage adjudication and in underwriting, and it is the cheapest insurance in the stack. It does not make the first agent smarter; it makes its failures visible before they compound, and it catches the drift that per-release evals miss because it runs on every case.

**Every production-bound system had a deterministic fallback.** Agent unavailable, extraction confidence low, cost budget exceeded, judge verdict failed: the case routes to the pre-existing manual or coded path. The system degrades to yesterday's process, not to nothing. This is also, quietly, what made risk and compliance teams sign off. The pitch is not "trust the agent," it is "the worst case is the process you already run."

**HITL placement is a design decision, not an afterthought.** Approve-before-act where actions are irreversible or high-value. Review-after-the-fact where they are cheap to undo. Sampling regimes where volume forbids full review. Each placement buys a different trade of risk against throughput, and the choice belongs in the design workshop, not in the panicked week after the pilot readout. Every failed HITL story I have seen was a placement chosen by default rather than by decision.

## What didn't work

The honest section, because the failures drew the map.

**Low-deviation workflows forced into agents.** The clearest case was an access-management approval flow. The approval logic was a matrix: role, resource, sensitivity, manager chain. Fully encodable. The agent version we first sketched was slower, more expensive, and nondeterministic precisely where the security team needed determinism. Code won, and it was not close. The only agent that survived was a thin one at intake, interpreting free-text requests into structured ones, which is document intelligence by another name. Deviation was low, tools were three, and the heuristic had the answer before we did.

**Chat interfaces bolted onto processes nobody asked for.** Early on, more than once, I shipped "chat with your process" because it demos beautifully. It impressed in the meeting and died in the pilot, every time. The users' job was a queue, and they wanted the queue handled, not a conversation about the queue. The distinction that took me too long to articulate: generative UI inside a journey works, because it moves the user forward; chat as a layer over an existing process adds a translation step to a job that already had a faster interface.

**Autonomy theater.** Several requests amounted to wrapping a single API call in an agent loop so the roadmap could say "agentic." One tool, one path, no judgment. That is a function call with extra steps and a per-token bill. I now say so in the first meeting, and it has cost me nothing: the teams that hear it trust the recommendations that follow.

> Review comment: a chat window is not a use case. If the user's job is a queue, build for the queue.

## The one-paragraph version

After fifty-plus enterprise builds, the pattern is boring and reliable: agents earn their keep in exception paths, not happy paths, because the happy path wants code and the exception path wants judgment. Screen every candidate with deviation × tool count × stakes (three tools in a fixed order means write the code; ten tools whose order depends on the data means an agent can earn its overhead; high stakes means the agent lives inside a control plane). Almost everything that works is one of four shapes: examination (documents against a rulebook), investigation (evidence across systems), triage and resolution (classify, then pick a bounded remediation path), and concierge (a guided journey with generative UI, not chat). In every shape, keep scoring formulas, rulebooks, and remediation actions deterministic, put a judge agent in front of anything consequential, place humans at the decisions by design rather than by default, and keep a deterministic fallback so the worst case is the process you already run. Where deviation is low, code wins, and the honest thing is to say so in the first meeting.

## References

- [Governing Agentic AI](/guides/governing-agentic-ai/), my field guide to the control-plane architecture assumed throughout this document: validation gates, audit trails, HITL checkpoints, deterministic fallbacks.
- [Evaluating Agentic Systems](/guides/evaluating-agentic-systems/), the evaluation practice behind the "measured, not assumed" numbers here, including tool-skip rates and cost-versus-quality benchmarking.
- [AP2 Field Guide](/guides/ap2-field-guide/), for agentic commerce and the distinct control problem of agents that spend money.
- [Using A2A to Achieve Your Business Goals, part 1](https://camunda.com/blog/2026/02/using-a2a-to-achieve-your-business-goals-pt-1/) and [part 2](https://camunda.com/blog/2026/02/using-a2a-to-achieve-your-business-goals-pt-2/), Camunda blog posts I co-authored on multi-agent coordination.
- [Agentic AI Puts Open Banking to Work](https://camunda.com/blog/2025/12/agentic-ai-puts-open-banking-to-work/), Camunda blog post covering the open-banking flows referenced in the banking section.
- ICC Uniform Customs and Practice for Documentary Credits (UCP 600), the rulebook behind the letter-of-credit examination build.
- Public repos and demos: [github.com/letmereviewyourcode](https://github.com/letmereviewyourcode).