BNY: The World's Largest Custody Bank and Where WorkingAgents Fits

What BNY Does

BNY (Bank of New York Mellon) is the world’s largest custody bank and one of the oldest financial institutions in the United States, founded by Alexander Hamilton in 1784. With $59.3 trillion in assets under custody/administration and $2.2 trillion in assets under management, BNY sits at the center of global capital markets infrastructure.

Products and Services

Custody and Asset Servicing The core business. BNY safeguards and services assets for institutional investors worldwide – mutual funds, pension plans, insurance companies, sovereign wealth funds. Services include trade settlement, corporate actions processing, income collection, tax reclamation, and regulatory reporting. They serve over 90% of Fortune 100 companies and nearly all top 100 banks globally.

Asset Management (BNY Investments) Nearly $2 trillion AUM through specialist firms: Dreyfus, Insight Investment, Mellon Investments, Newton Investment Management, Siguler Guff, Walter Scott, and ARX Investimentos. Each firm operates independently with its own investment philosophy.

Treasury Services and Payments $12 trillion in outstanding debt serviced. $1.6 trillion in daily payment volume processed. Global cash management, foreign exchange, trade finance, and liquidity solutions for corporations, financial institutions, and governments.

Pershing (Clearing and Custody for Broker-Dealers) Clearing, custody, trading and settlement, middle and back office support, data insights, and business consulting for broker-dealers and wealth advisors.

Wealth Management Private banking, estate planning, family office services, and investment management for high-net-worth individuals and families.

Digital Assets Tokenized deposits on a private permissioned blockchain, digital asset custody, on-chain data insights, and a partnership with SWIFT for blockchain-based cross-border payment settlement. BNY and Goldman Sachs launched a tokenized money market funds solution. This is not experimental – it is production infrastructure for institutional digital asset operations.

The AI Strategy: Eliza

BNY’s enterprise AI platform, named Eliza (after Eliza Hamilton), is the most ambitious agentic AI deployment in global banking.

Scale: 20,000 employees actively building AI agents. 125+ live use cases across operations, markets, and compliance. Tens of thousands of “Agentic Assistants” deployed – one of the first transitions from experimental generative AI to a full-scale agentic operating model.

Infrastructure: NVIDIA DGX SuperPOD with H100 systems deployed on-premises – BNY was the first major bank to do this. Microsoft Azure hosts much of the Eliza infrastructure. Google Cloud’s Gemini Enterprise powers agentic deep research for predictive analytics on trade settlements.

Governance: All prompting, agent development, model selection, and sharing happens inside Eliza’s governed environment. The orchestrator layer provides permissioning, oversight, and telemetry at the core. 99% workforce completion of responsible AI training.

Results: 60% reduction in client plan preparation time. Learning content development dropped from one month to one hour. Near-term roadmap includes predictive trade analytics (agents identifying settlement risks and autonomously initiating remediation) and client co-pilots giving institutional clients direct access to agentic research tools.

The Synergy Map

BNY operates at a scale where governance is not optional – it is existential. 20,000 employees building AI agents across $59.3 trillion in custodied assets. Every agent action touches regulated financial infrastructure. The governance challenge is immense and growing.

1. Governance for 20,000 Agent Builders

BNY’s Eliza platform has 20,000 employees building agents. That is 20,000 people creating autonomous workflows that interact with financial systems, client data, and market infrastructure. Eliza provides an internal governance framework, but the challenge scales non-linearly: more agents, more interactions, more permission boundaries to enforce.

WorkingAgents provides a complementary governance layer:

Per-agent identity and permissions – every agent built by every employee gets a capability-based permission set. An operations agent cannot access trading systems. A compliance agent can read but not modify records. A research agent can query data but not initiate transactions.
Virtual MCP Servers – define permission boundaries per agent role. The custody team’s agents see custody tools. The treasury team’s agents see payment tools. No cross-contamination.
Structured audit trails – every tool call, every data access, every agent action logged with user identity, agent identity, timestamp, and result. Queryable for regulatory review.

At BNY’s scale, governance is not a feature – it is infrastructure. WorkingAgents provides that infrastructure as a platform rather than custom code per use case.

2. Client Co-Pilot Governance

BNY is exploring “Client Co-pilots” – giving institutional clients direct access to agentic research and analysis tools. This is the highest-risk surface in agentic AI: external users interacting with agents that touch internal systems.

WorkingAgents’ three-checkpoint guardrails are designed for exactly this:

Pre-execution – validate the client’s request before the agent acts. Does this client have permission to access this data? Is the query within scope?
During execution – monitor agent behavior in real time. Is the agent accessing only authorized data sources? Is it staying within the client’s permission boundary?
Post-execution – validate the output before it reaches the client. PII detection across 20+ categories. Ensure no internal-only data leaks into client-facing responses.

Each institutional client gets a scoped view – their portfolios, their transactions, their reports. WorkingAgents’ permission model makes it technically impossible for Client A’s co-pilot to access Client B’s data.

3. Digital Asset Operations Governance

BNY’s tokenized deposit platform, blockchain ledger with SWIFT, and digital asset custody create a new category of agent-accessible operations. Smart contracts, on-chain transactions, and cross-chain settlements are programmatic by nature – perfect for AI agents, and perfectly dangerous without governance.

WorkingAgents provides:

Transaction-level permissions – agents that can read on-chain balances but cannot initiate transfers. Agents that can prepare settlement instructions but require human approval above thresholds.
Circuit breakers – automatic halts when agent behavior deviates from expected patterns. An agent processing 1,000 normal settlements that suddenly attempts an anomalous transaction gets stopped.
Cross-system audit trails – a single trail that spans the traditional ledger and the blockchain ledger, connecting the on-chain action to the agent that initiated it, the employee who authorized it, and the client it serves.

4. Regulatory Compliance at Scale

BNY operates under SEC, OCC, Federal Reserve, FINRA, FCA, ECB, and dozens of other regulatory frameworks across every jurisdiction where it custodies assets. The EU AI Act requires transparency and auditability for AI-assisted financial decisions. US regulators are tightening expectations around AI in banking.

WorkingAgents is designed for SOC 2, HIPAA, GDPR, and FedRAMP compliance:

PII detection across 20+ categories prevents agent-mediated data leaks
Injection detection prevents prompt manipulation that could bias financial outputs
Encryption at rest and in transit for all agent communications
Immutable audit logs that satisfy regulatory examination requirements

BNY’s 99% responsible AI training completion is a cultural achievement. WorkingAgents provides the technical enforcement that makes the cultural commitment operationally real.

5. Multi-Cloud Agent Orchestration

BNY runs Eliza across NVIDIA on-premises infrastructure, Microsoft Azure, and Google Cloud. Agents built on different clouds need consistent governance regardless of where they execute. An agent running on Azure touching custody data needs the same permission enforcement as an agent running on Google Cloud analyzing trade settlements.

WorkingAgents’ MCP Gateway is cloud-agnostic:

Same permission model across all environments
Same audit trail format regardless of infrastructure
Same guardrails whether the agent runs on-premises or in the cloud
Central governance dashboard spanning all agent deployments

6. Pershing: Governance for Broker-Dealer Agents

BNY’s Pershing division serves broker-dealers and wealth advisors. As these firms adopt AI agents for clearing, settlement, trading, and client service, each firm needs governance appropriate to its size, regulatory status, and client base.

WorkingAgents’ one-instance-per-customer model maps directly: each Pershing client firm gets its own governance instance. The clearing firm’s agents operate within clearing permissions. The wealth advisor’s agents operate within advisory permissions. Pershing maintains oversight across all instances through a federated governance view.

Value Proposition

For BNY

WorkingAgents gives BNY a standardized governance layer for its agentic AI ecosystem – 20,000 agent builders, 125+ use cases, multi-cloud infrastructure, and the upcoming client co-pilot program. Instead of building governance per use case, BNY gets a platform that enforces permissions, guardrails, and audit trails consistently across every agent, every cloud, and every division.

The specific unlock: client co-pilots. BNY cannot give institutional clients direct access to agentic tools without per-client permission boundaries, real-time monitoring, and audit trails that satisfy every regulator in every jurisdiction. WorkingAgents provides this as infrastructure.

For WorkingAgents

BNY is the validation deployment. If WorkingAgents governs agents at a $59.3 trillion custody bank with 20,000 agent builders, every other financial institution takes notice. BNY’s scale, regulatory complexity, and NVIDIA partnership make it the highest-credibility reference customer possible for AI governance in financial services.

Together

The combined position: BNY’s Eliza builds the financial AI agents. WorkingAgents governs them. BNY’s NVIDIA infrastructure provides the compute. WorkingAgents’ MCP Gateway provides the control plane. The result is an agentic financial services platform where 20,000 employees can build AI agents that are powerful, auditable, and constrained – exactly what regulators, clients, and boards of directors need to see.

GTC Approach

BNY is deeply embedded in the NVIDIA ecosystem – they were the first major bank to deploy a DGX SuperPOD. They will have presence at GTC 2026 (March 16-19, San Jose). Their AI and technology leadership will be thinking about the next phase: scaling from 20,000 internal agent builders to client-facing co-pilots.

The Conversation Starter

“You have 20,000 employees building agents on Eliza. When those agents start facing clients directly, how are you enforcing per-client permission boundaries across Azure, Google Cloud, and your on-premises NVIDIA infrastructure?”

This targets the exact problem they are solving right now. Client co-pilots are on their near-term roadmap. The governance challenge of external-facing agents is fundamentally different from internal ones.

Key Talking Points

“We govern AI agents at the infrastructure level, not the application level.” BNY’s team understands infrastructure. They built Eliza as a platform, not a collection of point solutions. WorkingAgents speaks the same language – governance as infrastructure.
“Per-agent identity with capability-based permissions. Every agent gets a keycard that defines exactly what it can access.” Maps to BNY’s own governed environment within Eliza. Extends it with fine-grained, per-tool enforcement.
“Cloud-agnostic governance across Azure, Google Cloud, and on-prem.” Directly addresses BNY’s multi-cloud reality. One governance layer, consistent enforcement, regardless of where the agent runs.
“Your Pershing clients will need their own governance. Our model is one instance per customer.” Plants the seed for the distribution play – every Pershing client firm deploying AI agents is a WorkingAgents instance.
“We sit at the MCP layer. Your agents connect through us. We enforce permissions, log everything, and stop what should not happen.” Technical and concrete. BNY’s engineering leadership will evaluate this on architecture, not slides.

What to Ask Them

How is Eliza handling permission boundaries between divisions (custody vs. treasury vs. asset management)?
What is the governance model for the upcoming client co-pilots?
Are they evaluating MCP or A2A Protocol for agent-to-system communication?
How are they thinking about governance consistency across their multi-cloud infrastructure?
What does Pershing’s AI governance roadmap look like for their broker-dealer clients?

What to Offer

A proof of concept on one Eliza use case: take a client co-pilot workflow (e.g., institutional client requesting portfolio analysis) and run it through WorkingAgents’ governance layer. Demonstrate per-client permissions, real-time guardrails, and a structured audit trail that a compliance officer can review. Show that governance does not slow the agent down – it makes it deployable.

Sources: