MCP Architecture Guide for Financial Services: Connecting Trading & Client Systems to AI Agents
A practical walkthrough for CIOs, CTOs, and financial technology leadership.
See the Financial Services AI overview for business context, or the general MCP architecture guide for a broader introduction to MCP.
In this guide
- 1. The financial services data problem
- 2. Inventory your systems
- 3. Build MCP servers for each system
- 4. Add an MCP broker
- 5. Connect agents
- 6. Example: Portfolio risk assessment across systems
- 7. Example: Regulatory compliance check
- 8. Example: Client onboarding due diligence
- 9. Security checklist for financial services
- 10. Next steps
1. The financial services data problem
Financial institutions run on fragmented systems. Market data lives in Bloomberg or Refinitiv. Client relationships are in Salesforce Financial Cloud or Redtail. Core banking operations run through FIS or Fiserv. Compliance monitoring sits in Axiom or NICE Actimize. Portfolio management uses Charles River or Aladdin.
Advisors waste hours switching between platforms, manually reconciling data, and cross-referencing client information across systems. A compliance officer investigating a trade has to check the trading platform, communications archive, and regulatory database — three systems, three searches, three sets of results to reconcile.
MCP (Model Context Protocol) solves this by giving AI agents a standardized way to query each system through a thin API wrapper called an MCP server. Every MCP server runs on your infrastructure — inside your network, under your control. No client data or trading intelligence ever leaves your servers.
The result: an employee asks a question in natural language, and the agent pulls the answer from whichever systems hold the relevant data — all within your air-gapped environment.
2. Inventory your systems
Before building anything, catalog the systems your firm relies on. Each system becomes a candidate for an MCP server.
| System | Category | Example Products |
|---|---|---|
| Market Data | Data Feeds | Bloomberg, Refinitiv, FactSet |
| CRM & Client Platforms | Client Mgmt | Salesforce Financial Cloud, Redtail, Wealthbox |
| Core Banking & Trading | Operations | FIS, Fiserv, SS&C, Broadridge |
| Compliance & Risk | Regulatory | Axiom, Wolters Kluwer, NICE Actimize |
| Portfolio Management | Investments | Charles River, BlackRock Aladdin, Eze |
| Accounting & Billing | Finance | QuickBooks, FundCount, Geneva |
| Document Management | DMS | SharePoint, NetDocuments, Box |
| SSO / Identity | Security | Okta, Azure AD, SAML, smart card |
Your firm may use different products — what matters is the category. Every category is a candidate for an MCP server that runs on your infrastructure.
3. Build MCP servers for each system
Each system gets a thin API wrapper — an MCP server — that exposes a small set of tools. The server translates natural-language-friendly tool calls into the system's native API.
Critical: Every MCP server runs on your firm's servers, inside your network perimeter. No client data, trading intelligence, or proprietary models ever transit through any third-party infrastructure.
Example — a Bloomberg MCP server might expose these tools:
# Bloomberg MCP Server — runs on YOUR servers tools: - get_market_data(symbol, fields, date_range) - get_company_fundamentals(ticker, metrics) - search_securities(query, asset_class, region) - get_news(topic, date_range, relevance)
A Salesforce Financial Cloud MCP server might expose:
# Salesforce Financial Cloud MCP Server — runs on YOUR servers tools: - search_clients(query, advisor, segment) - get_portfolio_summary(client_id) - get_client_interactions(client_id, date_range) - get_compliance_flags(client_id)
Each server is a standalone service. If Bloomberg goes down, the CRM server still works. If you switch from Salesforce to Wealthbox, you replace one MCP server — agents don't change.
4. Add an MCP broker
The broker sits between agents and MCP servers. It routes requests, enforces access policies, and logs everything for regulatory compliance and audit.
Why a broker matters for financial services: Regulatory requirements and Chinese wall policies demand strict access controls. Only authorized personnel should access specific client or trading data. The broker enforces this — every request is authenticated, authorized, and logged.
| Role | Can Access | Cannot Access |
|---|---|---|
| Portfolio Manager | All client portfolios in their book, market data, research | Other managers' client notes |
| Compliance Officer | All trades, communications, regulatory filings | Client personal financial plans |
| Financial Advisor | Assigned client portfolios, market data, planning tools | Unassigned clients, trading desk data |
| Client Portal | Their own portfolio, statements, performance reports | All other client data |
Every request through the broker generates an audit log entry: who asked, what they asked, which systems were queried, what was returned. These logs are exportable for SEC examinations, FINRA reviews, and internal compliance audits.
5. Connect agents
Agents don't connect to Bloomberg, Salesforce, or FIS directly. They talk to the broker, which routes to the right MCP server based on the question.
Advisor asks:
"What's the current allocation for the Henderson
account and how has it performed this quarter?"
Broker routes to:
1. Salesforce MCP → get_portfolio_summary("henderson")
2. Portfolio MCP → get_performance("henderson", "Q1-2026")
Agent responds:
"The Henderson account has a 60/40 equity-bond
allocation with $2.3M AUM. Q1 2026 performance
is +4.2% vs. benchmark +3.8%. The account is
overweight in technology at 28% vs. target 22%."
All data stayed on your servers.The advisor sees a natural-language answer. Behind the scenes, the broker verified their access to the Henderson account, queried two MCP servers, and logged the entire interaction — all within your network.
6. Example: Portfolio risk assessment across systems
Scenario: An advisor needs to assess a client's exposure to regional banking after market news.
Advisor asks:
"What's the Chen portfolio's exposure to regional
banking, and are there any compliance flags I
should know about?"
Agent flow:
1. Portfolio MCP → get_holdings("chen",
sector="financials", subsector="regional_banks"
)
2. Bloomberg MCP → get_market_data(
symbols=["KRE", "regional_bank_holdings"],
fields=["price", "change_1d", "vol_30d"]
)
3. Compliance MCP → get_compliance_flags("chen")
Agent responds:
"The Chen portfolio has 8.3% exposure to regional
banking through 4 positions ($186K total):
- First Republic: $62K (-3.2% today)
- Valley National: $48K (-1.8% today)
- Webster Financial: $44K (-2.1% today)
- Glacier Bancorp: $32K (-0.9% today)
Compliance flag: concentration exceeds the 7%
sector limit in the IPS. Rebalancing recommended.
No regulatory flags on the account."
All processing on your servers.7. Example: Regulatory compliance check
Scenario: A compliance officer investigates unusual trading activity ahead of an earnings announcement.
Compliance officer asks:
"Show me all NVDA trades in the 5 days before
their Q4 earnings announcement, and flag any
accounts with prior restricted-list hits."
Agent flow:
1. Trading MCP → get_trades(
symbol="NVDA",
date_range="2026-01-20 to 2026-01-25"
)
2. Compliance MCP → check_restricted_list(
accounts=[...from_trades],
symbol="NVDA"
)
3. Communications MCP → search_messages(
accounts=[...flagged],
keywords=["NVDA", "earnings", "nvidia"],
date_range="2026-01-15 to 2026-01-25"
)
Agent responds:
"14 NVDA trades across 8 accounts in the 5-day
window. 2 accounts flagged:
- Account #4521 (J. Martinez): Bought 500 shares
on 1/22. This account had a restricted-list hit
for NVDA in Q2 2025. 3 email mentions of
'nvidia earnings' found in the window.
RECOMMEND: Escalate to senior compliance.
- Account #7833 (K. Patel): Bought 200 shares
on 1/24. No prior restricted-list hits. No
relevant communications found.
RECOMMEND: Document and close.
Full trade log and communications export
attached for the investigation file."
No data left your network.
Full audit trail generated for SEC/FINRA.8. Example: Client onboarding due diligence
Scenario: An advisor needs to complete KYC/AML due diligence for a new corporate client.
Advisor asks:
"Run KYC/AML due diligence for new client
Meridian Holdings LLC and its beneficial owners
James Chen and Sarah Park."
Agent flow:
1. Compliance MCP → screen_sanctions(
entities=["Meridian Holdings LLC",
"James Chen", "Sarah Park"]
)
2. Compliance MCP → check_pep_status(
individuals=["James Chen", "Sarah Park"]
)
3. Document MCP → verify_documents(
client="Meridian Holdings LLC",
docs=["articles_of_incorporation",
"beneficial_ownership_form"]
)
Agent responds:
"KYC/AML screening complete for Meridian Holdings:
Sanctions screening: CLEAR — no matches on OFAC,
EU, or UN sanctions lists for any entity.
PEP status: CLEAR — neither James Chen nor
Sarah Park appear on PEP databases.
Document verification:
- Articles of incorporation: VERIFIED (Delaware,
filed 2019)
- Beneficial ownership form: RECEIVED, pending
notarization for Sarah Park
RECOMMENDATION: Proceed with account opening
pending Sarah Park's notarized BO form.
Risk classification: Standard (no enhanced
due diligence triggers)."
All PII processed on your servers.9. Security checklist for financial services
Financial services AI has unique security requirements driven by SEC, FINRA, SOX, and PCI DSS regulations.
- ✓All MCP servers on firm infrastructure — no cloud relay, no third-party processing. Client data and trading intelligence never transit through any external system.
- ✓Air-gapped deployment available — for firms handling the most sensitive strategies, the entire AI infrastructure can run without internet connectivity.
- ✓Role-based access with Chinese wall enforcement — information barriers between departments enforced automatically. Only authorized personnel access specific client or trading data.
- ✓Full audit logs — every agent interaction logged with who asked, what was queried, and what was returned. Exportable for SEC examinations, FINRA reviews, and SOX compliance.
- ✓Client data sovereignty maintained — no client PII, account data, or trading information ever flows to any third party.
- ✓Full code ownership — you own the entire platform source code. Inspect, modify, and audit every line. No black-box vendor dependencies.
- ✓Encryption at rest and in transit — all data encrypted within your network. TLS between components, AES-256 at rest.
- ✓AI assists, never makes investment decisions — agents provide research, analysis, and compliance support. Humans maintain full authority over all investment and trading decisions.
10. Next steps
Ready to connect your firm's systems to AI agents — on your own servers, with full code ownership?
- 1.Free 30-minute assessment — we'll map your systems, identify MCP server candidates, and outline the architecture. Schedule now →
- 2.Calculate your costs — see how ibl.ai compares to per-seat financial AI tools. AI Cost Calculator →
- 3.Check your readiness — 5 questions, 2 minutes. AI Readiness Assessment →
- 4.Explore the Financial Services AI overview — see all available agents and capabilities. Financial Services AI Solutions →
Also available: MCP Architecture Guides for Enterprise, Government, Higher Education, K-12, Legal, Medical/Healthcare, and Hospital/Health Systems.
For a general introduction to MCP, see the MCP Architecture Guide.