The Autonomous Finance Operations  ·  Domain Suite  ·  08[cite: 11]

Compliance as architecture.
Not as a checklist.

Every regulatory obligation satisfied by a specific architectural component[cite: 11]. GDPR is not a privacy notice — it is CMEK, VPC-SC, and europe-west3 residency[cite: 11]. EU AI Act is not a policy — it is SHAP written to BigQuery before the HITL checkpoint is created[cite: 11]. Each obligation below is documented with the design decision that satisfies it and the evidence a regulator can query[cite: 11].

EU AI Act · Annex III[cite: 11] GDPR · Arts. 5 & 25[cite: 11] CSRD · ESRS G1[cite: 11] SOX/SEC · Purpose Limitation[cite: 11] OECD BEPS · Action 13[cite: 11] IFRS · Audit Trail[cite: 11]

§8.1 EU AI Act — Risk Classification per Agent

The EU AI Act does not classify systems uniformly — it classifies by use case and consequence[cite: 11]. Each Autonomous Finance agent has been individually assessed against Annex III (High Risk) criteria[cite: 11]. The classification is not aspirational — it is justified by specific architectural constraints that structurally prevent the agent from meeting the High Risk threshold[cite: 11].

Limited Risk · Art. 52[cite: 11]
IC Reconciliation Agent
Transparency obligation · explanation required[cite: 11]
Annex III High Risk requires AI to make or materially influence decisions affecting legal rights or access to essential services[cite: 11]. The IC agent flags anomalies — it cannot post corrections to SAP without an explicit Group Controller approval (HITL-IC-01, ADR-AF-01)[cite: 11]. The decision is the human's[cite: 11]. Annex III Art. 6(2) exclusion applies: the system outputs a ranked anomaly list with SHAP attribution and does not autonomously act on financial accounts[cite: 11]. ClaraVis entities are classified under NACE Rev. 2 Section C (Manufacturing — medical and dental instruments) — the IC agent is not within critical infrastructure under Annex III point 2[cite: 11]. Limited Risk applies: the system interacts with humans in a consequential context, triggering Art. 52 explanation obligations — satisfied by SHAP written to BigQuery before HITL creation[cite: 11].
Art. 13 — SHAP to BigQuery before HITL-IC-01 created[cite: 11]
Art. 14 — SAP write structurally blocked without hitl_id[cite: 11]
Art. 52 — Explanation surfaced in Group Controller queue[cite: 11]
Annex III exclusion — Art. 6(2): no autonomous act on financial accounts[cite: 11]
Limited Risk · Art. 52[cite: 11]
Cash & Treasury Agent
Transparency obligation · HITL-gated execution[cite: 11]
Annex III point 5(b) classifies AI for credit assessment or creditworthiness evaluation of natural persons as High Risk — the Treasury agent operates exclusively on legal entity cash positions and group FX exposure, not on individual creditworthiness[cite: 11]. Annex III point 2 (critical infrastructure) does not apply: the agent produces a 7-day cash forecast and hedge recommendation for group treasury, not for critical national financial infrastructure[cite: 11]. The agent cannot execute a bank instruction or intercompany sweep without Treasury Manager approval (HITL-TR-01)[cite: 11]. The hedge recommendation is not the hedge execution[cite: 11]. The execution gate (HITL) is structural, not conditional — it cannot be bypassed by a confidence threshold or configuration flag[cite: 11]. Art. 6(2) exclusion applies[cite: 11].
Art. 13 — Forecast confidence interval + SHAP shown before HITL[cite: 11]
Art. 14 — Bank instruction API requires hitl_id parameter[cite: 11]
Art. 52 — Recommendation framed as recommendation, not decision[cite: 11]
Annex III pt. 5(b) — No natural person creditworthiness involved[cite: 11]
Minimal Risk · No obligation[cite: 11]
AP Exception Agent
Classification only · all exceptions human-approved[cite: 11]
The AP Exception Agent classifies invoices into one of five exception types[cite: 11]. It does not reject invoices, does not make payment decisions, and does not interact with suppliers[cite: 11]. Every non-APPROVED classification routes to HITL-AP-01 for the AP Lead[cite: 11]. The APPROVED class (auto-routed invoices) only fires at confidence > 0.92 — below that threshold, all invoices reach a human regardless[cite: 11]. The agent is a classifier and sorter, not a decision-maker[cite: 11]. Minimal Risk applies[cite: 11]. No EU AI Act obligation is triggered — though SHAP is still written for every exception classification as a quality and audit practice[cite: 11].
No autonomous payment decision — HITL for all exceptions[cite: 11]
SHAP written voluntarily — exceeds Minimal Risk obligations[cite: 11]
Override rate monitored as drift signal (Page 09 MLOps)[cite: 11]
Shared EU AI Act obligations — all three agents[cite: 11]
Art. 13 transparency + Art. 14 human oversight · satisfied by architecture, not policy[cite: 11]
INFERENCE Model scores anomaly / exception SHAP WRITTEN TreeExplainer runs → BigQuery audit BEFORE HITL created HITL CHECKPOINT Group Controller / Treasury Manager / AP Lead reviews SHAP + context Art. 14 satisfied here DECISION Human approves / overrides · hitl_id committed to Firestore WRITE SAP / Bank API hitl_id mandatory structurally blocked ← Art. 13 satisfied here Art. 14 satisfied here →
Art. 13 — SHAP written BEFORE HITL (immutable, not retrospective)[cite: 11]
Art. 14 — Human reviews explanation, makes decision[cite: 11]
Write guard — structurally unreachable without hitl_id[cite: 11]

§8.2 GDPR — Arts. 5 & 25 · Privacy by Design

GDPR compliance in the Autonomous Finance is architectural, not procedural[cite: 11]. The system processes financial transactions between legal entities — not individuals[cite: 11]. Feature vectors are entity-level aggregates[cite: 11]. Where individual-adjacent data appears (AP — supplier invoice decisions), explanation rights are satisfied by SHAP queryable from BigQuery[cite: 11]. All storage is europe-west3, CMEK-encrypted, within VPC-SC perimeter[cite: 11].

GDPR data architecture — europe-west3 perimeter[cite: 11]
Data flow · residency · minimisation · CMEK · VPC-SC · no personal data in inference path[cite: 11]
VPC-SC PERIMETER · europe-west3 · No data egress for inference SAP S/4HANA GL entries entity-level Bank APIs balances · flows account-level Invoices supplier · amount · PO FEATURE ENGINEERING Entity aggregates only No names · No IDs No payment details Art. 5(1)(c) — Data minimisation ✓ FEATURE STORE CMEK encrypted europe-west3 Vertex AI managed lineage tagged (DG) VERTEX AI Inference only No data stored WIF auth only europe-west3 BIGQUERY AUDIT TRAIL SHAP explanations HITL decisions Immutable · CMEK Art. 22 queryable Art. 22 — AP invoices only Supplier queries SHAP for AP exception decision
Art. 5(1)(c) — Data minimisation: entity aggregates only, no personal data in feature vectors[cite: 11]
Art. 25 — Privacy by design: CMEK, europe-west3, Feature Store lineage[cite: 11]
Art. 22 — Right to explanation: applies to AP agent only (supplier-adjacent data)[cite: 11]
Art. 5(1)(b) · Purpose Limitation[cite: 11]
Financial data processed only for its stated purpose[cite: 11]
IC entries are processed for reconciliation only[cite: 11]. Treasury data is processed for cash positioning only[cite: 11]. Invoice data is processed for AP exception routing only[cite: 11]. No cross-purpose reuse[cite: 11]. Documented in data processing register (DPA with each entity)[cite: 11].
Evidence: BigQuery IAM dataset-level permissions · one dataset per use case · no cross-dataset query grants[cite: 11]
Art. 5(1)(c) · Data Minimisation[cite: 11]
Feature vectors contain no personal identifiers[cite: 11]
IC features: entity_pair_id · amount · currency · posting_timing_delta · period[cite: 11]. No individual names, employee IDs, or authoriser details enter any feature vector[cite: 11]. These fields are in the raw SAP record — they are dropped at the feature engineering step[cite: 11].
Evidence: Feature Store feature group schema — fields listed · no PII fields included[cite: 11]
Art. 25 · Privacy by Design & Default[cite: 11]
CMEK + VPC-SC + europe-west3 = privacy by architecture[cite: 11]
All storage (Firestore HITL state · BigQuery audit · Feature Store) is CMEK-encrypted with customer-managed keys in Cloud KMS, europe-west3[cite: 11]. VPC-SC perimeter prevents any data from leaving the GCP boundary for inference or processing[cite: 11]. Workload Identity Federation — no long-lived credentials[cite: 11].
Evidence: Terraform VPC-SC perimeter config · Cloud KMS key ring europe-west3 · WIF service account bindings[cite: 11]
Art. 22 · Automated Decision-Making[cite: 11]
Right to explanation — AP agent only · IC and Treasury not in scope[cite: 11]
Art. 22 applies to automated decisions affecting natural persons[cite: 11]. The IC Reconciliation and Treasury agents process transactions between legal entities — legal entities hold no Art. 22 rights (GDPR Recital 14)[cite: 11]. Art. 22 is therefore not triggered for those two agents[cite: 11]. The AP Exception Agent is the sole agent where supplier-adjacent data appears[cite: 11]. Any supplier whose invoice was classified as an exception can request the SHAP explanation[cite: 11]. The explanation is written to BigQuery before the HITL checkpoint is created — immutable and immediately available[cite: 11].
Evidence: BigQuery ae_audit.shap_explanations · queryable by invoice_id · written before hitl_id exists · AP agent only[cite: 11]

§8.3 CSRD Data Pipeline

The CSRD requires ClaraVis to report sustainability-linked financial KPIs from 2025 onwards under ESRS standards[cite: 11]. The Autonomous Finance Operations is not a CSRD tool — but it produces the financial data architecture that makes CSRD reporting auditable at the transaction level[cite: 11]. IC pricing governance and FX risk management data are disclosed under ESRS G1 (Business Conduct — tax transparency, transfer pricing governance, payment practices) — not as Scope 3 GHG emissions[cite: 11]. The Treasury agent's FX and IC flow data feeds ae_finance.csrd_feed in BigQuery[cite: 11]. GreenOps (M-06) schedules the monthly export[cite: 11]. Final iXBRL tagging for the ESRS digital taxonomy is applied downstream by the ClaraVis Group finance system[cite: 11].

CSRD data pipeline — Autonomous Finance → GreenOps → ESRS G1 export[cite: 11]
Financial flows · FX exposure · IC transactions → ESRS G1 governance KPIs · monthly BigQuery export · GreenOps-scheduled[cite: 11]
Treasury Agent FX positions · hedges IC Recon Agent IC flows · TP rates ae_finance .csrd_feed BigQuery · CMEK append-only GreenOps M-06 Schedules monthly CSRD export job 4h load buffer ESRS G1 EXPORT CSV · for iXBRL tagging G1 governance KPIs transaction-level audit SUSTAIN. REPORTING ClaraVis ESRS-aligned Append-only · every agent write Carbon-aware scheduling ESRS G1 · governance KPIs
ColumnTypeSource agentCSRD / ESRS relevance
reporting_periodDATESystemMonth of financial activity[cite: 11]
entity_idSTRINGIC / Treasury agentClaraVis legal entity — DE / US / NL / CH[cite: 11]
ic_flow_eurNUMERICIC Recon AgentIntercompany financial flows — ESRS G1-1 tax transparency & transfer pricing governance[cite: 11]
fx_hedge_notional_eurNUMERICTreasury AgentHedged FX exposure — ESRS G1-4 payment practices & financial risk governance disclosure[cite: 11]
fx_hedge_instrumentSTRINGTreasury AgentForward / option / swap — instrument type for ESRS G1 financial risk governance[cite: 11]
tp_rate_appliedNUMERICIC Recon AgentTransfer pricing rate — OECD BEPS Action 13 cross-reference · ESRS G1-1[cite: 11]
hitl_approval_idSTRINGHITL State ManagerForeign key to ae_audit.hitl_events — auditor traceability[cite: 11]
csrd_categorySTRINGSystemESRS topic code — G1 (Business Conduct) for IC governance and FX risk management data[cite: 11]
written_atTIMESTAMPSystemImmutable record timestamp — CMEK-encrypted[cite: 11]
-- CSRD ESRS G1 governance export · ae_finance.csrd_feed · monthly · all ClaraVis entities[cite: 11] -- FIX: DATE_TRUNC uses explicit timezone 'Europe/Berlin' to avoid UTC date boundary ambiguity[cite: 11] SELECT reporting_period, entity_id, SUM(ic_flow_eur) AS total_ic_flows_eur, SUM(fx_hedge_notional_eur) AS total_fx_hedged_eur, COUNT(DISTINCT hitl_approval_id) AS human_approved_decisions, csrd_category, CURRENT_TIMESTAMP() AS export_generated_at FROM `ae_finance.csrd_feed` WHERE -- Explicit timezone prevents UTC vs CET boundary errors on month-end transactions[cite: 11] reporting_period = DATE_TRUNC( DATE_SUB(CURRENT_DATE('Europe/Berlin'), INTERVAL 1 MONTH), MONTH ) AND hitl_approval_id IS NOT NULL -- only human-approved transactions in CSRD report[cite: 11] GROUP BY reporting_period, entity_id, csrd_category ORDER BY entity_id, csrd_category;

§8.4 SOX / SEC · US Subsidiary Governance

SOX §802 and SEC Rule 17a-4 apply to ClaraVis's US subsidiary — established 36 months ago as the FDA registration holder, integrated into the group IC reconciliation flow[cite: 11]. SOX requires defined retention and access-control discipline for financial records; SEC 17a-4 mandates non-erasable, non-rewritable storage for the retention period[cite: 11]. The architectural response is dataset separation, not field-level tagging — the SEC auditor can verify compliance from the BigQuery IAM policy without inspecting query logs[cite: 11]. Cross-border transfer to the EU group system is governed by the intercompany services agreement and is documented in the Data Processing Agreement as necessary for the performance of intercompany reconciliation services — satisfying the contractual necessity basis under the group's data governance policy[cite: 11]. An internal controls assessment was completed per SOX §404 guidance at integration[cite: 11].

US Entity[cite: 11]
ClaraVis North America Inc.[cite: 11]
IC transactions · AP invoices · SOX/SEC oversight matrix applied natively[cite: 11].
Enforced Dataset Isolation[cite: 11]
ae_finance_us[cite: 11]
BigQuery dataset storage. US isolation retention policy and SEC 17a-4 IAM safeguards active[cite: 11].
EU Scope Restrained[cite: 11]
EU Model Training Data[cite: 11]
ae_finance (EU only). Enforces complete purpose limitation bounds against cross-border contamination[cite: 11].

§8.5 Transfer Pricing · OECD BEPS Action 13

OECD BEPS Action 13 requires contemporaneous documentation of intercompany pricing — not just the price, but the basis for it, the agreement it references, and evidence that a human reviewed it[cite: 11]. The IC Reconciliation Agent generates this record automatically at every transaction[cite: 11]. Tax counsel can query the full documentation trail from BigQuery without involving the data engineering team[cite: 11].

entity_pair
ClaraVis GmbH (DE) → ClaraVis Benelux BV (NL)[cite: 11]
Action 13 ✓
transaction_id
ic_2026_03_de_nl_00891[cite: 11]
Traceable ✓
amount_eur
87400.00[cite: 11]
Documented ✓
transfer_price_rate
0.1842 (cost-plus 18.42% markup)[cite: 11]
Arm's length ✓
agreement_reference
ICA-2024-07 · Intercompany Services Agreement · signed 2024-07-01[cite: 11]
Contemporaneous ✓
anomaly_score
0.89 — flagged by IC Anomaly Detector · above 0.72 threshold[cite: 11]
ML evidence
hitl_approval
hitl-2026-03-ic-089 — APPROVED · Group Controller K. Bauer[cite: 11]
Human oversight ✓
approver_id
k.bauer@claravis-medical.example · Finance Controller · DE entity[cite: 11]
Auditor ID ✓
written_at
2026-03-16T14:23:07.441Z · immutable · CMEK-encrypted[cite: 11]
Append-only
-- Full TP documentation trail for OECD BEPS Action 13 audit · ClaraVis Group[cite: 11] -- FIX: CURRENT_DATE uses explicit timezone 'Europe/Berlin' to avoid UTC date boundary issues[cite: 11] SELECT tp.entity_pair, tp.transaction_id, tp.amount_eur, tp.transfer_price_rate, tp.agreement_reference, tp.anomaly_score, h.decision AS hitl_decision, h.approver_id, h.ts AS decision_timestamp, s.top_feature_1, s.shap_value_1 -- Why the agent flagged this transaction[cite: 11] FROM `ae_audit.transfer_pricing` tp JOIN `ae_audit.hitl_events` h ON h.hitl_id = tp.hitl_approval LEFT JOIN `ae_audit.shap_explanations` s ON s.transaction_id = tp.transaction_id WHERE tp.entity_pair LIKE '%DE%' -- filter by entity pair for audit scope[cite: 11] AND DATE_TRUNC( TIMESTAMP_TRUNC(tp.written_at, DAY, 'Europe/Berlin'), YEAR ) = DATE_TRUNC(CURRENT_DATE('Europe/Berlin'), YEAR) ORDER BY tp.written_at DESC;