Morgan Stanley's decision to open its wealth platforms to external AI agents reveals the future—and it exposes a dangerous gap in how UK firms are preparing. Speed without governance will cost you your FCA approval.
Agentic AI  Trovix SiftFinancial Services

On 3 June, Morgan Stanley announced it will allow external AI agents from thousands of corporations to connect directly to ShareWorks and Equity Edge—its critical stock administration platforms. This is significant because it marks the first major US wealth manager willing to expose core infrastructure to third-party agentic systems. For UK financial services firms, accountancies, and insurers, the immediate message is uncomfortable: clients will now expect the same direct, agent-driven integrations. But the FCA Consumer Duty (PS22/9) demands you act in client interests, and PRA SS1/23 requires sound governance of third-party AI risk. Simply opening your systems to external agents is not the answer.

This news sits within a broader industry confession: the old gatekeeping model—where institutions controlled all user interaction—is collapsing. Clients no longer want to log into your portal and wait. They want their own AI agents, their own workflows, their own tools to speak directly to your infrastructure. Morgan Stanley's move signals that the wealth sector is finally accepting this reality rather than fighting it. But acceptance and good execution are not the same thing. We have watched law firms rush to deploy Harvey or Copilot without proper governance frameworks, and insurers integrate Luminance into underwriting workflows without auditing hallucination risk. The pattern is always the same: speed wins over control, then control becomes a liability.

Trovix's view is this: agent connectivity is inevitable, but it must be architected, not bolted on. UK firms need to understand the difference between exposing raw APIs—which is what Morgan Stanley is doing—and exposing carefully mediated, logged, governed touchpoints. Raw API exposure means your compliance burden shifts entirely to third-party agent builders you cannot audit. The EU AI Act (and its eventual UK equivalent) will hold you liable for harm caused by agents you did not design. The ICO's UK GDPR guidance on third-party processing is clear: you remain the controller. Instead of following Morgan Stanley's platform play, regulated firms should implement agent gateways—intermediary layers that capture all agentic interactions, validate outputs against your data, and maintain an auditable record. This is where Trovix Sift becomes essential: it sits between your systems and external agents, extracting and validating data before it moves through the connection. Without this layer, you are betting your FCA approval on the quality of someone else's prompt engineering.

If you are a mid-market wealth manager, insurance broker, or accountancy firm, your next step is not to panic and certainly not to rush into raw API exposure. Instead, audit your current system landscape. Which platforms carry the most sensitive data? Which agent integrations are your clients already requesting? Then design a pilot program—not a full-platform opening—using a controlled agent gateway that logs every interaction and validates every output. Involve your compliance team and your technology team together. The firms that will win the next three years are those that move faster than their competitors but slower than their instincts demand. Morgan Stanley has chosen speed; you must choose governance.

Source: CNBC

Related Trovix product:

Trovix Sift →Book a demo →