The Autonomous Enterprise  ·  Domain Suite  ·  03

System Context

The complete boundary view of the Autonomous Finance system — C4 Level 1 context showing one system box and all external actors, followed by C4 Level 2 containers revealing agents, managed platform services, and inter-container communication[cite: 6].
C4 LevelsL1 Context + L2 Containers[cite: 6]
External Systems8 Integrations[cite: 6]
Human Actors4 ClaraVis Roles[cite: 6]
GCP Platform DepsVertex AI · Cloud Pub/Sub[cite: 6]
Compliance Regimes6 Frameworks[cite: 6]

§3.1 C4 Level 1 · System Context

C4 L1 Rule: A context diagram contains exactly one Software System box. No containers, components, agents, or shared services appear at this level — those are C4 L2 concerns[cite: 6]. This diagram shows the system as a black box and maps every external relationship[cite: 6].

The C4 Level 1 diagram answers a single question: what does the Autonomous Finance system do, and who does it talk to?[cite: 6] The system boundary is opaque[cite: 6]. The agents, the Event Bus, the HITL manager — none of these appear here[cite: 6]. They are container-level concerns documented in C4 L2 below[cite: 6].

Four human actors sit outside the boundary: CFO, Group Controller, Treasury Manager, and AP Lead[cite: 6]. Eight external software systems surround the boundary[cite: 6]. Every arrow carries a relationship description and integration protocol[cite: 6]. Vertex AI and Cloud Pub/Sub are GCP-managed platform dependencies — they appear as external software systems at L1 because the system does not own or deploy them, it consumes them via API[cite: 6].

The BTP Integration Suite is shown as a distinct relay node between the system and SAP S/4HANA — it is not a direct RFC connection from GCP to on-premise[cite: 6].

L1 SystemAutonomous Finance [Software System][cite: 6]
HumanCFO · Group Controller · Treasury Manager · AP Lead[cite: 6]
ExternalSAP S/4HANA (on-premise) via BTP Integration Suite[cite: 6]
ExternalBanking APIs × 4 — PSD2 Open Banking (REST/JSON)[cite: 6]
ExternalBanking APIs × 4 — SWIFT gpi / ISO 20022 (XML)[cite: 6]
ExternalFX Rate Feeds · ECB + Federal Reserve (REST)[cite: 6]
ExternalSupplier Invoice Ingestion · Email + EDIFACT[cite: 6]
GCP ManagedVertex AI Prediction Endpoints (europe-west3, VPC-SC)[cite: 6]
GCP ManagedCloud Pub/Sub — managed message bus (europe-west3)[cite: 6]
AE PlatformData Governance M-08 · GreenOps M-06 · Strategy Dashboard M-07[cite: 6]
C4 Level 1 System Context — one software system box · external actors · relationships only[cite: 6]
C4 LEVEL 1 — SYSTEM CONTEXT — THE AUTONOMOUS FINANCE OPERATIONS — CLARAVIS GROUP AUTONOMOUS FINANCE [Software System] AI-native finance operations platform IC reconciliation · cash & treasury · AP exception resolution — EU AI Act Annex III conformant GCP · europe-west3 · VPC-SC perimeter HITL-gated · Audit-trail native See C4 L2 below for internal containers CFO [Person] ClaraVis Group GROUP CONTROLLER [Person] TREASURY MANAGER [Person] AP LEAD [Person] ClaraVis Group HITL approval · high-risk gate IC override · annotation Hedge approval · cash review Exception review · escalation SAP BTP INTEGRATION SUITE [Software System — Relay] SAP S/4HANA On-premise · RFC [Software System] RFC OData/REST → RFC bridge approved journal posts BANKING APIs ×4 PSD2 Open Banking · REST/JSON Real-time balances · txn feeds BANKING APIs ×4 SWIFT gpi · ISO 20022 XML Intraday liquidity · cross-border reads balance feeds reads intraday msgs FX RATE FEEDS ECB + Federal Reserve · REST EUR/CHF/USD spot + forwards 15-min REST pull SUPPLIER INVOICES Email IMAP · EDIFACT Document AI structured extract async ingest VERTEX AI PREDICTION GCP Managed · europe-west3 VPC-SC perimeter · 3 endpoints [GCP Software System] gRPC inference <200ms AE PLATFORM [External Software Systems] DATA GOVERNANCE M-08 Feature validation gate [AE Platform] GREENOPS M-06 Carbon-aware retraining schedule [AE Platform] STRATEGY DASHBOARD M-07 KPI feed: close · AP rate · cash acc. [AE Platform] LEGEND Software System (this system) Person [C4 notation] External Software System GCP Managed Service AE Platform (external) Human interaction COMPLIANCE ENVELOPE: EU AI ACT · GDPR Art.5/25 · CSRD · SOX/SEC 17a-4 · IFRS · OECD TP — see C4 L2 and Compliance section for structural expression

§3.2 Inside the Boundary

C4 Level 2 opens the system box and shows the major containers — deployable/runnable units[cite: 6]. Agents are containers[cite: 6]. Cloud Pub/Sub and Vertex AI are GCP-managed platform dependencies — not internal components the system owns[cite: 6]. They appear inside the system's GCP project boundary but with a distinct visual treatment indicating they are managed services[cite: 6].

C4 Level 2 Container Diagram — deployable units, GCP managed deps, inter-container communication[cite: 6]
C4 LEVEL 2 — CONTAINER DIAGRAM — AUTONOMOUS FINANCE OPERATIONS — CLARAVIS GROUP GCP PROJECT · europe-west3 · VPC-SC PERIMETER IC RECONCILIATION AGENT [Container: Python · Cloud Run] Entity-graph · TP docs · GL post CASH & TREASURY AGENT [Container: Python · Cloud Run] FX exposure · liquidity forecast AP EXCEPTION AGENT [Container: Python · Cloud Run] Priority score · resolution route CLOUD PUB/SUB [GCP Managed Service — not application-owned] publish publish / subscribe publish HITL STATE MANAGER [Container: Cloud Run + Firestore] Intercepts high-risk action proposals AUDIT TRAIL WRITER [Container: Cloud Run + BigQuery] Subscribes all topics · immutable log FEATURE STORE ADAPTER [Container: Cloud Run] Validates via M-08 before write agent.action.proposed all topics finance.feature.delta VERTEX AI PREDICTION ENDPOINTS [GCP Managed Service · regional endpoint · VPC-SC enforced] IC classifier · FX forecaster · AP priority scorer — inference only, no training gRPC inference (<200ms) · VPC-private endpoint GCP MANAGED SERVICES (dashed = not owned) approved → BTP → SAP EXTERNAL SYSTEMS (from C4 L1) SAP BTP + S/4HANA Banking APIs (PSD2 + ISO 20022) FX Feeds · Supplier Invoices AE Platform (M-06/07/08) See C4 L1 diagram above and Integration table below for full protocol, direction, and SLA specification PERSONS CFO [Person] GRP CONTROLLER [Person] TREASURY MGR [Person] AP LEAD [Person] reviews HITL queue C4 L2 · CONTAINERS · AUTONOMOUS FINANCE OPERATIONS · CLARAVIS GROUP · europe-west3

§3.3 Event & Signal Flow

Cloud Pub/Sub is a GCP-managed service[cite: 6]. Agents publish to it; they do not own it[cite: 6]. Topic names follow a structured namespace — domain.entity.event-type — reflecting the enriched, structured nature of the payloads (not raw SAP dumps)[cite: 6]. The HITL State Manager subscribes to finance.action.proposed and routes to human review or autonomous execution based on the risk classification schema[cite: 6].

HITL Risk Classification Schema — EU AI Act Annex III Operationalisation
Action Type Risk Tier Trigger Condition Disposition EU AI Act Basis
GL journal post — IC settlement High · HITL Required Amount > €50k OR cross-jurisdiction OR new counterparty entity Group Controller approval queue · 4h SLA Annex III §5(b) — AI influencing financial decisions for legal persons[cite: 6]
GL journal post — IC settlement Low · Autonomous Amount ≤ €50k AND same-jurisdiction AND known entity AND confidence ≥ 0.92 Direct SAP write via BTP · logged to Audit Trail Annex III §5(b) — below materiality threshold, explainability logged[cite: 6]
FX hedge recommendation High · HITL Required Notional > €500k OR tenor > 90 days OR model confidence < 0.80 Treasury Manager approval queue · 2h SLA Annex III §5(b) — material financial risk to legal entity[cite: 6]
AP payment release routing High · HITL Required New supplier (first 3 invoices) OR disputed PO OR invoice > €100k AP Lead review queue · 8h SLA Annex III §5(b) — payment instruction with financial consequence[cite: 6]
AP exception classification Low · Autonomous Known supplier · matched PO · amount within 2% tolerance · confidence ≥ 0.90 Auto-route to resolution queue · no SAP write · logged Classification only — no financial action, exempted[cite: 6]
Model inference (all agents) Logged · No Gate Every inference call SHAP attribution + confidence logged to Audit Trail · no human gate on inference itself Art. 13 Transparency — model output explainability requirement[cite: 6]
End-to-End Signal Flow — Corrected Topic Names
EVENT & SIGNAL FLOW — CORRECTED TOPIC NAMES — CLOUD PUB/SUB (GCP MANAGED) ① INBOUND BTP DELTA FEED IC entries (enriched) BANK FEEDS ×4 PSD2 + ISO 20022 FX RATE FEEDS ECB · BoC REST SUPPLIER INVOICES Email + EDIFACT ② CLOUD PUB/SUB (GCP) sap.ic-entries.enriched bank.transactions.stream market.fx-rates.updated supplier.invoices.parsed finance.action.proposed hitl.decision.resolved audit.event.written sap.journal.committed ae.kpi.finance.updated finance.feature.delta CLOUD PUB/SUB GCP MANAGED not application-owned ③ AGENTS · PROCESS IC RECONCILIATION AGENT Sub: sap.ic-entries.enriched Pub: finance.action.proposed CASH & TREASURY AGENT Sub: bank.transactions.stream · market.fx-rates.updated Pub: finance.action.proposed AP EXCEPTION AGENT Sub: supplier.invoices.parsed Pub: finance.action.proposed ④ GATE & LOG HITL STATE MANAGER Sub: finance.action.proposed Routes per risk classification schema Pub: hitl.decision.resolved AUDIT TRAIL WRITER Sub: ALL topics (wildcard) BigQuery immutable append Pub: audit.event.written FINANCE PERSONS CFO · Controller · Treasury Mgr · AP Lead [Person — C4 notation] ⑤ EXECUTE & WRITE SAP GL POST (via BTP) IFRS-formatted · approved only TP DOCUMENTATION OECD BEPS Action 13 artifact AE STRATEGY KPIs ae.kpi.finance.updated → M-07 AUDIT TRAIL (BigQuery) Immutable · regulatory inspection HITL REVIEW QUEUE High-risk actions pending human gate FEATURE STORE (M-08 GATED) finance.feature.delta → validation ① Ingest ② Route (Pub/Sub) ③ Process ④ Gate & Log ⑤ Execute ALL TOPICS SUBSCRIBED BY AUDIT TRAIL WRITER · BIGQUERY IMMUTABLE APPEND · europe-west3 · VPC-SC

§3.4 Integration Pattern Register

Open Banking (PSD2) and ISO 20022 are distinct protocols with different transport formats, authentication mechanisms, and data semantics — they are listed separately[cite: 6]. SLA targets and availability tiers are specified for each integration[cite: 6]. GCP-managed services (Vertex AI, Cloud Pub/Sub) are listed with their VPC-SC and regional endpoint configuration requirements[cite: 6].

System Deployment Protocol Data In Data Out Latency SLA / Availability
SAP BTP Integration Suite SAP Cloud (relay) REST/OData → RFC translation IC delta events, GL entries, entity master data Approved journal posts forwarded to S/4HANA via RFC Near Real-Time 99.9% · SAP SLA[cite: 6]
SAP S/4HANA On-premise RFC (via BTP relay) GL/IC entries, open item lists, entity master Journal posts, IC settlement confirmations, TP doc writes Near Real-Time Customer-managed · ≥99.5%[cite: 6]
Banking APIs ×4 (PSD2) Cloud SaaS (banks) PSD2 Open Banking · REST/JSON · OAuth 2.0 Real-time account balances, retail transaction feeds, account metadata None — read-only Real-Time 99.5% · PSD2 mandated[cite: 6]
Banking APIs ×4 (SWIFT) SWIFT Network ISO 20022 XML · SWIFT gpi · MX messages Intraday liquidity position, cross-border payment confirmations, MT→MX migrated messages None — read-only (payment initiation out of scope L1) 15-30 min batch 99.9% · SWIFT SLA[cite: 6]
FX Rate Feeds (ECB + BoC) Public API REST pull (scheduled) · JSON/XML EUR/CHF/USD spot rates, forward curves, historical series None — read-only 15-min Poll Public · no SLA · retry logic req'd[cite: 6]
Supplier Invoice Ingestion Hybrid (email + EDI) Email IMAP · EDIFACT D.96A · Document AI API Structured invoice fields: supplier, PO ref, line items, amounts, currency, due date, exception flags None — intake only; AP posting via SAP Async / Event-driven Best-effort · dead-letter queue[cite: 6]
Vertex AI Prediction (GCP) GCP europe-west3 (managed) gRPC · regional private endpoint · VPC-SC enforced Feature vectors: IC mismatch signals, cash position vectors, invoice exception embeddings Inference scores, confidence intervals, SHAP attribution values Real-Time <200ms 99.95% · GCP SLA · VPC-private[cite: 6]
Cloud Pub/Sub (GCP) GCP europe-west3 (managed) Pub/Sub API · push + pull · VPC-SC enforced Agent action proposals, HITL decisions, audit events, feature deltas Routed messages to subscribers (HITL, Audit Trail, Feature Store Adapter) Real-Time 99.95% · GCP SLA[cite: 6]
AE Data Governance (M-08) AE Platform (GCP) Feature Store API · synchronous gate Feature definitions, lineage metadata for validation Validated feature versions approved for Feature Store write; DQ score Pre-batch gate 99.9% · AE Platform SLA[cite: 6]
AE GreenOps (M-06) AE Platform (GCP) Scheduler API · carbon-aware (Grid Carbon API) Retraining job manifests, carbon intensity signals Carbon-optimised batch schedule; green execution windows; Scope 3 emissions tags per run Batch / Scheduled Best-effort · carbon-aware[cite: 6]
AE Strategy Dashboard (M-07) AE Platform (GCP) Pub/Sub push · ae.kpi.finance.updated topic None — write-only KPI feed: close duration (days), cash forecast accuracy (%), AP exception rate, IC mismatch count, hedge P&L attribution Near Real-Time 99.9% · AE Platform SLA[cite: 6]

§3.5 Compliance Architecture

Compliance constraints are expressed architecturally — not as policy overlays[cite: 6]. Each framework maps to a specific structural decision[cite: 6]. CSRD is cited at the correct category level for a manufacturing group (not Category 15, which applies to financial institutions' financed emissions)[cite: 6]. GDPR is cited at the correct articles with accurate scope[cite: 6]. SOX/SEC recordkeeping compliance is expressed through jurisdiction-aware routing visible in the architecture[cite: 6].

EU AI Act
Annex III §5(b) · Art.13 Transparency
Classified as Annex III high-risk under §5(b) — AI influencing financial decisions for legal persons[cite: 6]. HITL is not a blanket intercept: it activates per the risk taxonomy defined in Section 03[cite: 6]. Art.13 Transparency requires SHAP attribution values logged with every inference output[cite: 6]. Conformance documentation is generated per inference cycle, not per deployment event[cite: 6].
GDPR
Art.5 Lawfulness · Art.25 Privacy-by-design · europe-west3
Art.5 governs lawfulness, fairness, purpose limitation, and the data minimisation principle (one of seven Art.5 principles)[cite: 6]. Art.25 mandates privacy-by-design and by-default[cite: 6]. The system processes personal data (supplier names, bank account references, employee reimbursement records) — this is pseudonymised at point of ingestion and minimised before Feature Store write[cite: 6]. All storage and processing is locked to europe-west3 via VPC Service Controls[cite: 6]. Retention windows are configurable per entity jurisdiction and data category[cite: 6].
CSRD
Scope 3 Category 1 · Double Materiality
For ClaraVis as a manufacturing and services group, the relevant CSRD Scope 3 category is Category 1 (Purchased goods and services) — not Category 15 (Investments / Financed Emissions), which applies to financial institutions' loan portfolios[cite: 6]. Each IC settlement carries a Scope 3 Category 1 emission attribution tag derived from entity-level carbon intensity data, enabling consolidated group reporting without retrospective calculation[cite: 6]. GreenOps M-06 handles Scope 3 attribution for retraining compute[cite: 6].
SOX / SEC 17a-4
US Financial Recordkeeping · US Entity Routing
Sarbanes-Oxley §802 and SEC Rule 17a-4 obligations are expressed architecturally: all events originating from the US entity carry a jurisdiction: US envelope tag[cite: 6]. The routing layer applies US-specific retention (7 years per SOX §802 and SEC 17a-4 requirements), access controls aligned to SOX's internal-controls accountability principle, and ensures the Federal Reserve FX feed data path is tagged as a US-jurisdiction data flow[cite: 6]. This is visible in the Pub/Sub event envelope — not enforced only at the policy layer[cite: 6].
IFRS
Recognition · Measurement · Journal Schema
All SAP journal posts generated by the IC Reconciliation Agent conform to the entity's configured IFRS recognition and measurement policies[cite: 6]. The agent implements these policies deterministically from a per-entity configuration store — it does not make accounting policy judgements[cite: 6]. Journal post schema validation occurs before BTP submission; non-conformant outputs are rejected to the HITL queue, not silently corrected[cite: 6].
OECD TP
BEPS Action 13 · Contemporaneous Documentation
Transfer-pricing arm's-length documentation is generated synchronously at the point of each IC settlement — not retrospectively[cite: 6]. BEPS Action 13 requires contemporaneous documentation; generating it at write time eliminates the audit exposure of retrospective reconstruction[cite: 6]. For DE, NL, and CA entities, failure to maintain documentation exposes the group to TP adjustment surcharges of up to 25% of assessed underpayment[cite: 6]. The IC agent eliminates this risk as a byproduct of normal operation[cite: 6].
Platform Hooks:
Data Governance GreenOps · Scope 3 Strategy Dashboard Identity & Access Audit Ledger