← Back to podcast
The Current

Plaid Alum Sima Gandhi on Trust, Liability, and AI Agents in Payments

Transcript

[00:00]

Sima Gandhi: We were literally building infrastructure that connected old financial systems to new ones. And every conversation was about trust, permission, who's accountable when data flows between systems, and even, was it legal?

Ansel Parikh: Welcome to another episode of The Current, a bi-monthly podcast exploring the intersection of people, finance, and data. I'm Ansel Parikh, co-founder of Finch, the connectivity platform for the employment ecosystem. And today I'm joined by Sima Gandhi, a veteran fintech executive, investor, and policy strategist.

Sima was employee number 15 at Plaid, where she led the initiative to develop partnerships with financial institutions. And before that, she helped stand up the Consumer Financial Protection Bureau at the U.S. Treasury, and launched Bluebird with Walmart, one of the industry's first neobank products. She went on to co-found Creative Juice, a fintech platform for creators that was acquired in 2023. And today she advises companies in emerging industries through her firm, Alton Strategies, is a senior advisor at FS Vector, and leads the Coalition for Financial Ecosystem Standards, an industry self-governance initiative for fintech.

Sima, welcome to the show.

Sima: Hi, thanks for having me, Ansel.

Ansel: Yeah, it was quite a long background, and it sounds like you've got a lot more in the tank, so I'm super excited to talk with you. So, taking a step back and looking at your career, there's this interesting through line of the intersection of policy and technology. So when you look back, was there a single moment or decision that set you on this path, or did you just make it up as you went and it became more clear in hindsight?

Sima: You know, I used to ask myself this question when I was younger. I would look at other folks' career paths and think, how did they identify that passion, or how did they create such a great story around their career? It all just makes sense. And now, in my older age, I've come to realize that most of the time the thread becomes clear in hindsight. And that's definitely the case for me.

I was fascinated by how rules shape markets, and I think it really all started coming together around financial services, because I was really passionate about how changing the rules, and operating within the rules, helped people live better lives.

My first real inflection point was when I was at Treasury. This is post Dodd-Frank, post the Great Recession, this massive financial crisis. And I remember being in New York when the crisis set in, and the streets just feeling so heavy, right? It was a real moment in time that affected many, many of my friends. And being at Treasury, implementing this legislation that was intended to help protect and build the new safeguards for the next system, showed me that the most interesting problems sit at the boundary between what technology makes possible and what the rules allow.

And so, since then, I've loved playing within that gray area of what the rules allow, what rules actually make sense, and what technology enables us to do. And Plaid was really a natural next step. We were literally building infrastructure that connected old financial systems to new ones. And every conversation was about trust, permission, who's accountable when data flows between systems, and even, was it legal?

And I can't even imagine the financial system today without that free-flowing data and people who are able to permission that data. And so, since then, whether at Creative Juice, where we talk about the creator economy and what's permissible and not, to today, we've been wrestling at the Coalition with AI agents and payments and how that's changing the liability structure. So, can AI agents act on your behalf within our system?

The through line is the same: how do you build that trust infrastructure that lets innovation scale without leaving consumers behind, or markets being challenged and inhibited?

[03:45]

Ansel: Yeah, I really like that you talk about this rules-based through line. And I think what's really interesting about your experience and background is that you have this component of theory, you understand how things should work, but then that engineering background, that operator background, goes, well, here's actually how they get implemented.

And so you touched a bit on agents and payments, so I definitely want to dig into that, because I think we're right on that precipice of, we think we know what we want to do here, but when you introduce consumer behavior and incentives, it's going to create a whole lot of different externalities that people don't think about. And when we talk to some VCs and friends in this space, there's a lot of investment and a lot of excitement, major institutions and startups, like Visa and Mastercard working with startups, to really take advantage of this potential major shift. So I guess, when you look at this, where do you think we actually are on the path to fully autonomous agents that can transact on our behalf?

Sima: Yeah, I think we are rapidly going to be able to do that. The technology is moving so fast. As you said, Visa and Mastercard are building the agent verification that works. OpenAI had instant checkout. And every major tech company that I've spoken to is building agents that can browse, compare, buy, and shop, right? But most of what exists today, at least in implementation, is what I call proposed-action systems.

The agent does research and presents options, and the human still needs to provide a final verification to buy. Fully autonomous agents, where the AI independently executes transactions without human approval at the point of sale, are technically possible. It's very possible, but it hasn't yet been deployed. And the reason isn't the technology, the technology allows us to do that. It's that we haven't resolved the trust infrastructure around them.

So you tell your AI agent, hey, please make sure I'm always stocked on my favorite toothpaste and give me the best price possible. And that AI agent takes your mandate, and then all of a sudden it buys you three years' worth of toothpaste, because that's the best deal possible and you are now fully stocked. Who's responsible? Are you allowed to return that? Is that purchase your own problem? Did the AI agent get scammed? Where are those lines today? We haven't resolved that, right? And that's a pretty innocuous example, because we haven't even gotten to scams, or AI agents that are scamming other AI agents.

And fundamentally, the payment system was built on a fundamental assumption, which is that a human is present at the point of transaction. So if you pressed buy and you bought three years' worth of toothpaste for yourself, that's on you. That's very clear, right? And we've got a ton of liability rules under Reg Z and Reg E, chargeback processes, fraud detection, but all of it assumes that a person gave the final yes at checkout.

So when you introduce that fourth actor, the AI agent, between the consumer and the merchant, we create genuine ambiguity around authorization, scope, and responsibility. And until, I would posit, the industry, as opposed to regulators or legislators, resolves this trust infrastructure, I think we're going to be stuck in this human-in-the-loop phase. Again, not because the technology is inhibiting us, but because the liability frameworks demand it.

[07:02]

Ansel: Yeah, when you mentioned the three years of toothpaste, I immediately recalled an episode, probably 12 years ago, from Silicon Valley, where one of the characters has a bot order, I think meat or something like that, and ends up ordering pallets. So, definitely ahead of its time. I don't know what you do with that much meat.

Sima: Yeah. Worse than toothpaste. That's got a shelf life.

Ansel: Yeah, exactly. But it is one of those things where it was definitely prescient. And to your point, the technology is there; it's really about that trust. When those things happen, where does the liability fall? Is it the agent itself? Is it the platform that hosts it? What do you think the liability framework needs to evolve into to capture that fourth actor that payments did not account for?

Sima: Yeah, I think this goes back to something that you articulated very clearly, which is that we understand what the rules are today, and then there's a question of what the rules should be, right? And how do we think the technology is going to evolve, and how do we balance competing interests, consumer interests, merchant interests, bank interests, to create that right trust framework?

So I can't say that I have all of the answers right now. But what I can say is that we need to have folks come together and resolve that. And this is a thesis for a lot of the work that we're doing right now, which is that the technology is moving so quickly, in a historic system where we relied on Congress to create rules for us.

But if we are relying on Congress or regulators to release these rules for us in a timely way, I can tell you, based on my Treasury experience, it is really hard when you are inside the building and you are trying to make those balanced judgments around what is right for the market in a timely way, right? Because, again, the technology just continues to move.

And so I really believe that we, as an industry, need to come together and start laying out the frameworks for where that liability should sit. And so we're starting to resolve the ambiguity around: if you ordered three years' worth of toothpaste, was that an ambiguous directive to the agent, or did it fit within certain bounds of intent mandates and within a tolerable ambiguity criteria?

I'm making some of this up, right? Maybe these are the metrics that will be used, maybe they won't, but that's the conversation that we should be having. We should build the right expectation-setting, so that there are no surprises, consumers don't wonder, am I going to be on the hook for this, or am I going to be able to return this? And that is the liability gap, and what we need to resolve. And if we don't, then it's going to become an adoption gap.

Ansel: Yeah, that's a really good point, because it's more tangible if you're scared to make transactions that can potentially just snowball and then change your entire financial life, right? And all it takes is—

Sima: Yeah, and in this example, I was giving you a consumer example, because we often think about commerce, right? But there's the enterprise challenge. A lot of transactions are actually consummated enterprise to enterprise, think B2B, right? So in that space, when you have one company's agent processing an invoice for another company's agent, where are those responsibilities sitting? So I think it's a parallel category here, where you've got to be able to resolve this, because companies, enterprises, won't deploy agentic systems in payments at scale until they can also predict their liability exposure.

Ansel: Yeah, that makes sense, a great point. I didn't think about the B2B side of things, because you're right. And personally, I don't want to be reviewing every single bill and invoice myself; I would love to streamline that and also create rules. But do I trust that today? Probably not. And I also don't know if a Fortune 500 company we work with would be willing to accept that, right? If anything went wrong, I don't know who to blame, and I think that is pretty scary. So I know part of the solution, like you said, was building a Coalition, maybe for financial ecosystem standards. So I'm curious: is there maybe something specific you all are approaching as a piece of this? Because it's such a large, there are so many different ways to pay, so many different parties involved. Is there one where you think, hey, this is where we're going to start our focus, to bridge that regulatory gap and get people to understand where this is going and how to be prepared for it?

[10:55]

Sima: Yeah. So I should say, CFES, this Coalition, has taken on a variety of these issues where technology is moving fast and we need to figure out some kind of framework for approaching it. So one of the areas that we started in a couple of years ago was bank-fintech partnerships, because that was very different from the way that banks were interacting with the fintech ecosystem. And one thing that we think is very important, whenever we approach an issue like AI agents or bank-fintech partnerships where there's a lot of ambiguity and terms being thrown out and people talking past each other, is to put out framing papers.

We wanted to start with: what is the central question here? And the answer starts with recognizing that we have payments law today. So it's understanding what the payments law is and how it should apply in a current context, and then raising the points of how we operationalize it for agents. The existing framework handles analogous situations.

For example, if you give your credit card to your friend and you're like, hey, grab me some food for dinner on your way home, I trust you to pick up whatever, and then they go on a shopping spree and grab a whole bunch of, I don't know, they go shopping for clothes and update their wardrobe. You're on the hook. You gave that credit card to your friend. So even though your friend exceeded the permission set that you gave them, you are still on the hook, because you, by giving them that card, authorized that transaction.

So there are analogies for the agent. Well, did the agent, in buying three years' worth of toothpaste or that pallet of meat, exceed the authority? We don't know exactly what the answer is to that, but we have a framework within the existing payment system for answering those. And so what we really tried to do was focus on areas that might benefit from the industry coming together and locking hands, at a high level, on how we should start creating clarity here, so that we're clearing that adoption gap.

One of them, for example, is authorization and scope, right? Very familiar concepts to tech people, who think about authorization in many different contexts. And I think something that we need here is intent mandates. Think about the digital power of attorney: what does it actually mean, and what's the scope of that permission? And how do we start defining that? That's something that tech can do.

In your business, I'm sure that's something you can think about as you start automating decision layers on top of payroll and other employer data, what authority has been given to you, and how do you build the trust that you're only going to operate within a certain parameter? The same thing applies for payments. And it could be as blunt as: an agent will never exceed a $50 purchase. That could theoretically be a safeguard.

I'm not saying it's the right one, I'm just giving you an example. A second might be revocation. Today, when you gave your credit card to your friend and they went on that shopping spree and updated their wardrobe, as soon as you found out they charged your credit card, you call and you're like, I no longer authorize purchases on this credit card. Revoked. Anything after that will not go through. We've got to figure out the same thing for an AI agent. What if your AI agent goes bonkers? How do you immediately revoke it and make sure that revocation is transmitted to all parties in the payment chain?

[14:30]

Ansel: Yeah, I wanted to come back to one of the things that you pointed out, because we've talked a little bit about people paying people, people paying businesses. But there's this one piece of the equation of businesses paying people, specifically employees. And so, obviously, we look at the payroll ecosystem and the employment ecosystem as something that's very rule-bound, right? There are even more regulations, and very, very high-stakes payment flows, and it's a lot of money, because it's entire paychecks. And oftentimes it touches other parts: taxes from withholdings, benefits, deductions, and even garnishments if there are legal mandates.

So when you think about AI agents operating autonomously in financial services, there are probably layers of where you think adoption happens first. I'm curious: do you think payroll, and that fund transfer from employers to employees, is a system where it's like, hey, this is ripe for value and unlocking? Or are there just way too many potential consequences downstream that impact people's lives to really hand it over to an autonomous agent?

Sima: Yeah, I think, candidly, much of our process orientation will be handled by AI agents. When you think about it from a payroll perspective, every year you're doing your healthcare selections, right? Your auto-enrollment. Let's say your deductions change, or you have a child or a dependent and you need to update your withholding requirements. These are things that I imagine, at some point, an AI agent can do on behalf of someone. You change your bank account, you need to update payment information with your employer, right? Or your system of record and the payroll provider. And the question really is going to be, how do we enable that trust layer, right?

The stakes are really high, because tax withholding, benefits deductions, garnishments, multi-state compliance, there's really not room for error. Think if someone sees a mistake in their paycheck hitting their bank account, or worse, the paycheck not hitting their bank account. That's going to be a real issue. That regulatory overlay is really dense, and it's important to figure out how to navigate it. But that's where AI agents are going to add a lot of value. They're not going to replace the human judgment on high-concept decisions around how you optimize or what you want to do, those are judgment calls.

But I really do think that the payroll system, it's pretty dense, it's very paperwork-heavy. AI agents can orchestrate those data flows through tax engines and compliance databases. And we've just got to do our job, and that the relevant stakeholders within that part of the ecosystem, I'd encourage the same thing that I'm telling payment folks: create the clear accountability framework, create the right trust framework on decisions that matter, so we're clearing the adoption hurdles.

But these types of conversations can ultimately unlock a lot of growth if you're building the right accountability frameworks and the right trust frameworks. So, yeah, I'd say payroll has really strong analogies, a great callout to what we're doing in the payment space.

[17:28]

Ansel: Yeah, and I want to call back to your time at Plaid, where it is about trust. And that's what infrastructure at that very base layer is, like, hey, I trust that you are accessing this data in a compliant, secure way. And they've really expanded, right? They've built different products and really expanded into, what are the insights behind this information? How do you think about the role of AI agents coming from the infrastructure connectivity layer versus, maybe, the people that hold the data, right? Like banks building agents versus, say, a Plaid doing that. Do you think there's room for both? Does it overlap? Is that the way that trust becomes a bit tighter? I'm curious how you think about it.

Sima: I think agents will be built by all of the different parties that have infrastructure or platforms. And some will be focused on internal workflows, and maybe they need to get permission from a consumer because it's touching the data. But if there's any B2B2C or B2C interaction, I think we'll see agents there.

Just think about your 401(k) contribution, right? You pick it during open enrollment and maybe revisit it once a year, but your financial situation changes, you get a raise, or some unexpected medical expense, or whatever it is, and you want your agent, or you want to be able to interact with another agent, to change some of those settings, right? So I think, fundamentally, these concepts of consent and liability infrastructure need to be really solid, so that it's clear the consumer has authorized the scope of that agent's authority to be able to make those adjustments for the benefit of that consumer.

So I think you guys, again, are kind of sitting right in this space, right? Because we've got to figure out a way where payroll systems need to be standardized in a way that verifies an agent's instruction is legitimate and within scope. Again, the analogy is that intent mandate, how do you really know that it's within that parameter, and that there's a clear chain of accountability if the agent does a bad optimization, if it does something that the consumer didn't believe was in their best interests? So, again, who's responsible? Where does the liability sit? Can you make the consumer whole again, or reverse the decision? I don't know. We've got to be able to figure those things out.

And the trust layer sits on top of that tooling. It's the authorization, the verification, the liability standards. And, again, I think that's some really clear adoption gap, and it'll help facilitate a lot of these automations in a way that will hopefully save us all a lot of time and avoid the pain of the paperwork that I don't think anyone really enjoys.

Ansel: Yeah. I do like that, especially throughout this whole conversation, you're always leaving room for people to be involved in the places they need to be, whether it's authorizing or creating trust or verifying intent, but you're allowing the agents to do some of the hard work, or the things that we may not be good at or may not want to do.

I find it pretty refreshing. Your perspectives in the past, I think, generally push back on this narrative that AI is going to replace people wholesale. Like, employment's going to go, unemployment's going to go to like 20% because all the work's being done by bots. What do you think is the nuance that maybe some of these people, a lot of the people who hold that fear, are missing about that conversation?

[20:36]

Sima: So, I mean, this is a fun question. I think I'm often on the minority side of this, so maybe I'm wrong, but the analogy for me is when ATMs were first installed at branches. There was a lot of fear: ATMs are going to replace tellers and branch workers, and we're going to have massive unemployment because all of those people that used to give you your dollar bills and cash your checks are no longer needed. No, you can't check your bank balance by talking to someone. There was a lot of uproar in financial services.

Fast forward, and we have more branches than we did before, and the number of folks working in a branch is greater than pre-ATM. And the reason why is that the ATM was able to automate some of the more straightforward, menial tasks. And that meant folks that worked in the branches could be trained to do more and offer more services than consumers otherwise had access to. Take that and apply it to today, and a lot of our days are spent on menial tasks.

So I think that humans, I like to believe that, at ground, we're industrious people, we want to do more. And so if AI is giving us the tools to do more, I don't know that we're going to stop doing things. I just think we're going to get more productive at what we do. And I also think it's less job replacement and more just displacement. It's going to shift, just like we saw with the ATM. Maybe that shift is happening faster than it has in the past, and that retraining and retooling of the workforce. But I do believe that people will be able to find employment.

Ansel: Yeah, I think I subscribe to a good chunk of that. I think the pain is just the displacement and having to retrain a lot of people, because it's a massive shift in behavior, a massive shift in thinking.

The one thing I'll maybe differ with you on is that, the more and more I use it, I don't necessarily think I'm saving time as much as decision energy. Like, my battery of the number of decisions I can make a day is just a lot higher, or at least directed toward the ones that actually need my attention, versus the death by a thousand cuts of, hey, what am I going to cook this week for dinner? Things like that, versus something that's maybe higher decision functioning.

Sima: Sure. I think both things can coexist, but that's true. Yeah, for sure.

Ansel: Yeah. So, final question, that we've tried to ask everyone here: given all the changes that are happening, this shift in AI agents and having them incorporated into our daily lives, how do you think these shifts will change what your job looks like in the next five years?

Sima: Well, I think that's both a personal and an industry perspective, right? I think the work that I'm doing now, building trust infrastructure and standards for agentic systems, or just different types of financial-service partnerships and banking, will be more important in five years than it is even today. I think there's so much opportunity for industry to partner with government and build those public-private partnerships, and to help be regulated and set the tone for that, because at the end of the day, builders know the technology the best. And so if they can partner, it's better than having the regulations being pushed on you.

And every wave of innovation needs some type of governance infrastructure. It may not start with one, but it will end up having one. Open banking is a really great example, it needed data-sharing standards. Mobile payments needed tokenization and authentication frameworks. And I think agentic commerce is going to need authority, verification, and liability standards. And there's probably an analogous conversation in the payroll and HR space, right?

The difference is that this wave is moving faster than any previous one. That's the same agitator that's probably affecting people's perceptions of their employment opportunities, right? And complexity is higher, because you're layering AI decision-making on top of already very complex regulatory frameworks. And by the time you think you've figured it out, it's already evolved.

So I'm really grateful that there are people like me who can help translate between the technology and the regulatory community. I feel very lucky to be in a place where that is a really relevant conversation and skillset, and I get to keep my feet in both worlds. You know, we were chatting about this a little earlier, but I think the next five to 10 years are going to be transformative across industries, financial services, energy, defense tech, and manufacturing. And so I'm very bullish on the power of technology to improve our lives and to build a better life for us as a society. I don't know exactly what that looks like, but I'm very eager to help shape what those rules should look like.

[25:06]

Ansel: Yeah, I mean, that's super important, and I'm really excited for that future. I'm very excited for the work you all are doing, because I do think it will help set the standards, set the precedent of how other industries can actually work together to help build their own roles as well. Because, like you said, there are corollaries across so many mission-critical parts of our society that will need the same level of, hey, we need to all sit down together and figure out, what are we solving for here, and what are the trust factors that need to be implemented? So I'm really excited to see that come together. It's going to take time, but I really appreciate you spending time sharing about the work you're doing, and also some of the things you've done in the past and how that comes full circle.

Sima: Yeah, it's my pleasure. I think it's not just a feel-good, building the trust framework, but it's a growth engine. And so I'm really thrilled to be having this conversation with you, because I know you all are so thoughtful about how you think about that infrastructure layer and building the trust on top of it as well. So thank you so much for having me, and for having this conversation.

Ansel: Yeah, of course. Thank you. We'll see you soon.

Sima: Okay, bye.

Show notes

Our current payments system was built on the basic assumption that behind online purchases, there was a human clicking “buy.” Now that AI agents are challenging that assumption, the financial industry needs new standards.

In this episode of The Current, Finch co-founder Ansel Parikh sits down with Sima Gandhi to unpack why it’s questions about liability — not technology — that stand in the path of fully autonomous AI agents in payments. 

Sima explains how today's payment rules assume a human at the point of sale, what breaks when an agent becomes the fourth actor in a transaction, and why it’s the industry, not regulators, that will have to build the trust infrastructure first. 

Listen to this episode to learn:

  • Why the bottleneck for autonomous AI payments is liability, not technology
  • Why the industry, not Congress, will have to set the standards for agentic commerce
  • The three-years-of-toothpaste problem, and why authorization, scope, and revocation need new rules
  • The parallel between the introduction of ATMs and the rise of AI, and why Sima believes AI won’t replace jobs
  • How a former Treasury and Plaid leader thinks about building trust before tech adoption stalls

Meet the expert

Sima Gandhi
Fintech executive & policy strategist

Sima Gandhi is a fintech executive, investor, and policy strategist who has spent nearly two decades building and scaling regulated technology businesses. She helped stand up the Consumer Financial Protection Bureau at the U.S. Treasury and was employee #15 at Plaid, where she ran global bank partnerships and policy through the company's hypergrowth years. Today she advises emerging-industry companies through her firm Alton Strategies, serves as a Senior Advisor at FS Vector, and co-leads the Coalition for Financial Ecosystem Standards, an industry self-governance initiative for fintech.

About The Current

The Current is a bi-monthly podcast that explores the intersection of people, finance, and data, featuring conversations with the operators, builders, and leaders shaping the employment ecosystem.

About the host

Ansel Parikh
Co-founder & COO, Finch

Ansel Parikh is the co-founder and COO of Finch, the leading API platform for payroll, HR, and benefits connectivity. He’s spent the last six years building the infrastructure that enables secure, permissioned access to HR and payroll data for a broad ecosystem of software companies serving employers, employees, and service providers.