chevron_left Back
AI 28 May 2026

Agentic Commerce and the API Layer: What Banks Need to Build Before the Wave Hits

Key takeaways

  • McKinsey estimates the global potential of agentic commerce at $3 to $5 trillion by 2030, built directly on top of open banking, real-time payments, and omnichannel infrastructure that banks have already invested in.
  • AI agents generate machine-to-machine traffic that existing architectures were not designed for: real-time offer comparison, simultaneous service orchestration, automatic retries, and low-latency expectations at scale.
  • The API and integration platform is the operational backbone of agentic commerce. Institutions that treat it as a technical utility will find themselves routed around when autonomous traffic arrives at volume.
  • PSD3 and the EU AI Act are converging on the same requirements: stronger API quality, tighter consent governance, and clearer accountability for AI-enabled decision flows.

Most banks have spent years building APIs, open banking infrastructure, cloud platforms, and digital channels. That foundation is valuable. It is also not yet sufficient for what agentic commerce demands.

Agentic commerce puts AI agents on top of that infrastructure: browsing, comparing, and transacting on behalf of customers using the same PSD2 and e-commerce systems banks already operate. McKinsey estimates the global potential at $3 to $5 trillion by 2030. The timeline is shorter than most institutions currently plan for.

The readiness question is specific: can existing API and integration infrastructure handle a world where the primary consumer is an autonomous agent acting continuously on behalf of a customer, rather than a person clicking through a mobile app?

What agentic commerce changes for banks, merchants, and customers

Customers experience the shift as simplification. Finance moves to the background. They set policies and preferences, and their AI agent handles execution: browsing, comparing, selecting, transacting. The interaction becomes ambient.

Merchants face a less comfortable adjustment. Brand visibility no longer depends on advertising spend. AI agents look for structured product data and accessible APIs. An agent evaluating offers on a customer’s behalf does not respond to a campaign headline.

Banks face an operational challenge. When open banking services cannot deliver consistent, low-latency responses under autonomous traffic, agents route around them. The institution loses the interaction before the customer is aware it happened. At scale, that represents a material shift in where financial services volume flows.

Why the API layer is the strategic decision

Most discussions about agentic commerce focus on AI models and data quality. The layer that receives far less attention is the one responsible for securely exposing, governing, scaling, and monetizing access to that data.

This brings the industry back to integration architecture, but in a materially different form. Earlier ESB and middleware initiatives connected internal banking systems. The modern equivalent is a unified access and control plane responsible for authentication and delegated authorization, consent policy enforcement, real-time traffic monitoring, transaction orchestration across legacy and cloud systems, throttling and resilience, and observability for AI-driven flows.

APIs were technical interfaces. They are becoming distribution channels, the interface through which AI agents discover and consume financial services. Performance and governance are now competitive variables. Latency, API consistency, token lifecycle management, consent orchestration, and fine-grained authorization directly determine whether autonomous flows can operate reliably at scale.

What agent-driven traffic looks like in practice

A human customer visits a banking app a few times per week. An AI agent acting on that customer’s behalf may interact with multiple financial services simultaneously, in real time, retrying operations automatically when responses are slow or inconsistent.

The traffic is machine-generated, high-frequency, and intolerant of inconsistency. An agent that encounters slow or unpredictable responses moves immediately to a provider that responds reliably. It does not retry indefinitely or tolerate degraded performance.

API maturity, which many institutions currently treat as an internal technical metric, becomes a competitive variable in this environment. Institutions that expose reliable, well-governed, developer-friendly capabilities will be easier for agent ecosystems to integrate with and prioritize. Those that do not will find themselves excluded from automated flows they never knew were being evaluated.

How consent management needs to evolve

Traditional PSD2 consent flows were designed around direct user interaction and static permissions. A customer authorizes access, the authorization persists for a defined period, and transactions proceed within that scope.

Agentic commerce requires delegation models that existing consent infrastructure was not designed for. Customers define behavioral boundaries: spending limits, approved merchant categories, risk levels, preferred payment methods. Their AI agent executes within those boundaries autonomously. That requires policy-driven authorization and strong traceability across every automated decision, at a granularity that current consent frameworks do not support.

PSD3 and PSR proposals place stronger requirements on API quality, availability, transparency, and standardized access than PSD2. The EU AI Act increases expectations around accountability, explainability, human oversight, and governance for AI-enabled decision flows. Together, these frameworks push institutions toward architectures where API governance, consent management, security, and AI oversight are integrated rather than handled separately.

What institutions should focus on now

Most banks already have the essential components: open banking APIs, integration platforms, identity systems, security controls, and cloud-native capabilities. The gap is in how these components connect and operate together under autonomous traffic conditions.

Building the operational foundation for agentic commerce means modernizing API management and gateway capabilities, improving observability across integration flows, standardizing access to fragmented backend systems, introducing centralized policy and consent orchestration, reducing latency, strengthening resilience and failover mechanisms, and preparing infrastructure for high-volume machine-to-machine interactions.

The task is connecting and evolving what already exists into a model built for autonomous interactions.

Agentic commerce can significantly reduce friction in financial processes, automate repetitive transactions, and open embedded finance models at scale. The banks that capture that opportunity will be those that treat their API and integration layer as a strategic platform before autonomous traffic arrives at volume.

FAQ

What is agentic commerce in banking?

Agentic commerce refers to commerce conducted by AI agents acting autonomously on behalf of customers. In banking, this means AI agents browsing financial products, comparing offers, initiating transactions, and managing financial processes within parameters defined by the customer, without requiring active human input for each interaction. The infrastructure that enables this is largely the same open banking and API infrastructure that banks have already built for PSD2 compliance and digital channels.

Why does agentic commerce require a different API architecture?

AI agents generate machine-to-machine traffic at a scale and frequency that human-initiated interactions do not. They compare offers in real time, retry operations automatically, and expect low-latency responses across multiple services simultaneously. Existing API architectures designed for human-paced mobile or web interactions may not handle this traffic reliably. Institutions need API management, observability, consent orchestration, and resilience capabilities explicitly designed for autonomous traffic patterns.

What is the estimated market size of agentic commerce?

McKinsey estimates the global potential of agentic commerce at $3 to $5 trillion by 2030. This is built directly on top of existing open banking, real-time payment, and e-commerce infrastructure, rather than requiring entirely new systems.

How does PSD3 affect agentic commerce readiness?

PSD3 and the accompanying PSR proposals place stronger requirements on API quality, availability, transparency, and standardized access than PSD2. These requirements align with what agentic commerce demands operationally: consistent, well-documented, high-availability APIs that autonomous systems can integrate with reliably. Institutions preparing their API layer for PSD3 compliance are simultaneously preparing it for agent-driven traffic.

What role does consent management play in agentic commerce?

Agentic commerce requires more granular and dynamic consent models than traditional PSD2 frameworks support. Customers define behavioral policies: spending limits, approved categories, risk parameters. AI agents execute within those policies autonomously. This requires policy-driven authorization, strong traceability across automated decisions, and auditability at a level that static consent models do not provide. Institutions that modernize their consent infrastructure for agentic commerce will also be better positioned for the accountability requirements in the EU AI Act.

What should banks do now to prepare for agentic commerce?

The priority is strengthening the operational foundation of the API and integration layer. This means modernizing API management and gateway capabilities, improving observability across integration flows, standardizing access to fragmented backend systems, introducing centralized policy and consent orchestration, reducing latency, and preparing infrastructure for machine-to-machine traffic at scale. Most banks already have the individual components. The work is connecting and evolving them into a model built for autonomous interactions.

Joanna Maciejewska Marketing Specialist
chevron_left Previous post Next post chevron_right

Related posts

    Blog post lead
    AI Automation Compliance Security

    Automating AML/KYC: Where RPA Reaches Its Limits and Where AI Takes Over

    Key takeaways Compliance teams running AI-supported AML systems face a governance problem that technology vendors rarely describe clearly. Machine learning models process thousands of variables to generate risk scores and transaction alerts. When those models work correctly, they clear thousands of transactions per day with minimal human review. When they drift, they adapt silently to […]

    Blog post lead
    AI Data Technology

    Feature Stores Explained: Why Enterprise AI Teams Adopt Them and How to Start Without a Big Budget

    Key Takeaways What Problem Does a Feature Store Solve? A feature store in machine learning is a centralised platform for defining, computing, and serving the data features used by AI models. Its core function is to ensure that the same feature logic runs consistently across training and production environments, eliminating the gap that causes model […]

    Blog post lead
    AI Operations Technology

    AI Treated as a Shortcut Produces Answers. AI Treated as a Partner Produces Better Questions.

    AI treated superficially produces outputs that look convincing on paper. They rarely survive contact with operational reality. The root cause is a usage problem, not a technology problem, and it is one of the most consistent patterns in organizations that have invested in AI over the past three years without extracting proportionate value. Three Takeaways […]

This website uses cookies

We use cookies to optimise the content on our website. Data may also be shared with our partners for analytics purposes or to personalise advertising. You can accept all cookies or choose individual settings. Detailed information about cookies is available in the footer of our website and in the Cookie Policy.

Adjust consent preferences

We use cookies to help you navigate efficiently and perform certain functions. Below, you will find detailed information about all cookies in each consent category.

Cookies classified as “Necessary” are stored in your browser as they are essential for enabling the basic functionalities of the website.

Necessary

These cookies are essential to enable you to navigate the website and use its features, for example by displaying the website properly depending on the device you are using. These cookies will be stored and used even if you do not consent to the use of cookies.

Preferences

These cookies allow the website to be tailored to users' needs and preferences, for example by remembering the preferred language or region. This information has very limited use and is stored only for a specified period of time. It is completely anonymous and is not used for any other purpose. We use these cookies only if you have given your consent via the cookie banner.

Statistical

These cookies collect information about how you use the website, for example which pages you visit most often, in order to determine whether the content we present is useful, what users are interested in, and how the website's performance can be improved. We also use tracking pixels to count website visits and performance cookies to check how many individual users and how often they visit our website. This information is used exclusively for statistical purposes. We use these cookies only if you have given your consent via the cookie banner.

Marketing

These cookies are used to deliver advertisements that are more relevant to you and your interests, both on external websites and on our website, in line with user preferences regarding service selection. They also help measure the effectiveness of advertising campaigns. They remember that you have visited our website, and this information may be shared with other organizations, such as advertisers. We only use these cookies if you have given your consent via the cookie banner.

Privacy Policy
Cookies Policy
© Copyright 2026 by Onwelo