The Autonomous Finance Operations · Domain Suite · 08[cite: 11]
Compliance as architecture. Not as a checklist.
Every regulatory obligation satisfied by a specific architectural component[cite: 11]. GDPR is not a privacy notice — it is CMEK, VPC-SC, and europe-west3 residency[cite: 11]. EU AI Act is not a policy — it is SHAP written to BigQuery before the HITL checkpoint is created[cite: 11]. Each obligation below is documented with the design decision that satisfies it and the evidence a regulator can query[cite: 11].
The EU AI Act does not classify systems uniformly — it classifies by use case and consequence[cite: 11]. Each Autonomous Finance agent has been individually assessed against Annex III (High Risk) criteria[cite: 11]. The classification is not aspirational — it is justified by specific architectural constraints that structurally prevent the agent from meeting the High Risk threshold[cite: 11].
Annex III High Risk requires AI to make or materially influence decisions affecting legal rights or access to essential services[cite: 11]. The IC agent flags anomalies — it cannot post corrections to SAP without an explicit Group Controller approval (HITL-IC-01, ADR-AF-01)[cite: 11]. The decision is the human's[cite: 11]. Annex III Art. 6(2) exclusion applies: the system outputs a ranked anomaly list with SHAP attribution and does not autonomously act on financial accounts[cite: 11]. ClaraVis entities are classified under NACE Rev. 2 Section C (Manufacturing — medical and dental instruments) — the IC agent is not within critical infrastructure under Annex III point 2[cite: 11]. Limited Risk applies: the system interacts with humans in a consequential context, triggering Art. 52 explanation obligations — satisfied by SHAP written to BigQuery before HITL creation[cite: 11].
✓ Art. 13 — SHAP to BigQuery before HITL-IC-01 created[cite: 11] ✓ Art. 14 — SAP write structurally blocked without hitl_id[cite: 11] ✓ Art. 52 — Explanation surfaced in Group Controller queue[cite: 11] ✓ Annex III exclusion — Art. 6(2): no autonomous act on financial accounts[cite: 11]
Annex III point 5(b) classifies AI for credit assessment or creditworthiness evaluation of natural persons as High Risk — the Treasury agent operates exclusively on legal entity cash positions and group FX exposure, not on individual creditworthiness[cite: 11]. Annex III point 2 (critical infrastructure) does not apply: the agent produces a 7-day cash forecast and hedge recommendation for group treasury, not for critical national financial infrastructure[cite: 11]. The agent cannot execute a bank instruction or intercompany sweep without Treasury Manager approval (HITL-TR-01)[cite: 11]. The hedge recommendation is not the hedge execution[cite: 11]. The execution gate (HITL) is structural, not conditional — it cannot be bypassed by a confidence threshold or configuration flag[cite: 11]. Art. 6(2) exclusion applies[cite: 11].
✓ Art. 13 — Forecast confidence interval + SHAP shown before HITL[cite: 11] ✓ Art. 14 — Bank instruction API requires hitl_id parameter[cite: 11] ✓ Art. 52 — Recommendation framed as recommendation, not decision[cite: 11] ✓ Annex III pt. 5(b) — No natural person creditworthiness involved[cite: 11]
Minimal Risk · No obligation[cite: 11]
AP Exception Agent
Classification only · all exceptions human-approved[cite: 11]
The AP Exception Agent classifies invoices into one of five exception types[cite: 11]. It does not reject invoices, does not make payment decisions, and does not interact with suppliers[cite: 11]. Every non-APPROVED classification routes to HITL-AP-01 for the AP Lead[cite: 11]. The APPROVED class (auto-routed invoices) only fires at confidence > 0.92 — below that threshold, all invoices reach a human regardless[cite: 11]. The agent is a classifier and sorter, not a decision-maker[cite: 11]. Minimal Risk applies[cite: 11]. No EU AI Act obligation is triggered — though SHAP is still written for every exception classification as a quality and audit practice[cite: 11].
✓ No autonomous payment decision — HITL for all exceptions[cite: 11] ✓ SHAP written voluntarily — exceeds Minimal Risk obligations[cite: 11] ✓ Override rate monitored as drift signal (Page 09 MLOps)[cite: 11]
Shared EU AI Act obligations — all three agents[cite: 11]
Art. 13 transparency + Art. 14 human oversight · satisfied by architecture, not policy[cite: 11]
Art. 13 — SHAP written BEFORE HITL (immutable, not retrospective)[cite: 11]
Art. 14 — Human reviews explanation, makes decision[cite: 11]
Write guard — structurally unreachable without hitl_id[cite: 11]
§8.2 GDPR — Arts. 5 & 25 · Privacy by Design
GDPR compliance in the Autonomous Finance is architectural, not procedural[cite: 11]. The system processes financial transactions between legal entities — not individuals[cite: 11]. Feature vectors are entity-level aggregates[cite: 11]. Where individual-adjacent data appears (AP — supplier invoice decisions), explanation rights are satisfied by SHAP queryable from BigQuery[cite: 11]. All storage is europe-west3, CMEK-encrypted, within VPC-SC perimeter[cite: 11].
GDPR data architecture — europe-west3 perimeter[cite: 11]
Data flow · residency · minimisation · CMEK · VPC-SC · no personal data in inference path[cite: 11]
Art. 5(1)(c) — Data minimisation: entity aggregates only, no personal data in feature vectors[cite: 11]
Art. 25 — Privacy by design: CMEK, europe-west3, Feature Store lineage[cite: 11]
Art. 22 — Right to explanation: applies to AP agent only (supplier-adjacent data)[cite: 11]
Art. 5(1)(b) · Purpose Limitation[cite: 11]
Financial data processed only for its stated purpose[cite: 11]
IC entries are processed for reconciliation only[cite: 11]. Treasury data is processed for cash positioning only[cite: 11]. Invoice data is processed for AP exception routing only[cite: 11]. No cross-purpose reuse[cite: 11]. Documented in data processing register (DPA with each entity)[cite: 11].
Evidence: BigQuery IAM dataset-level permissions · one dataset per use case · no cross-dataset query grants[cite: 11]
Art. 5(1)(c) · Data Minimisation[cite: 11]
Feature vectors contain no personal identifiers[cite: 11]
IC features: entity_pair_id · amount · currency · posting_timing_delta · period[cite: 11]. No individual names, employee IDs, or authoriser details enter any feature vector[cite: 11]. These fields are in the raw SAP record — they are dropped at the feature engineering step[cite: 11].
Evidence: Feature Store feature group schema — fields listed · no PII fields included[cite: 11]
Art. 25 · Privacy by Design & Default[cite: 11]
CMEK + VPC-SC + europe-west3 = privacy by architecture[cite: 11]
All storage (Firestore HITL state · BigQuery audit · Feature Store) is CMEK-encrypted with customer-managed keys in Cloud KMS, europe-west3[cite: 11]. VPC-SC perimeter prevents any data from leaving the GCP boundary for inference or processing[cite: 11]. Workload Identity Federation — no long-lived credentials[cite: 11].
Evidence: Terraform VPC-SC perimeter config · Cloud KMS key ring europe-west3 · WIF service account bindings[cite: 11]
Art. 22 · Automated Decision-Making[cite: 11]
Right to explanation — AP agent only · IC and Treasury not in scope[cite: 11]
Art. 22 applies to automated decisions affecting natural persons[cite: 11]. The IC Reconciliation and Treasury agents process transactions between legal entities — legal entities hold no Art. 22 rights (GDPR Recital 14)[cite: 11]. Art. 22 is therefore not triggered for those two agents[cite: 11]. The AP Exception Agent is the sole agent where supplier-adjacent data appears[cite: 11]. Any supplier whose invoice was classified as an exception can request the SHAP explanation[cite: 11]. The explanation is written to BigQuery before the HITL checkpoint is created — immutable and immediately available[cite: 11].
Evidence: BigQuery ae_audit.shap_explanations · queryable by invoice_id · written before hitl_id exists · AP agent only[cite: 11]
Immutability vs. Art. 17 (Right to Erasure) — Design Note: Audit records in ae_audit.shap_explanations and ae_audit.transfer_pricing contain no direct personal identifiers[cite: 11]. The invoice_id field is a transactional reference to a legal entity transaction — it does not identify a natural person within the meaning of GDPR Art. 4(1) and Recital 26[cite: 11]. The supplier company holds no Art. 17 erasure right[cite: 11]. Individual contact data (authoriser names, email addresses) is excluded from all feature vectors and audit records by design at the feature engineering step[cite: 11]. The immutability guarantee required for OECD BEPS Action 13 and IFRS audit trails therefore does not conflict with Art. 17 obligations[cite: 11].
§8.3 CSRD Data Pipeline
The CSRD requires ClaraVis to report sustainability-linked financial KPIs from 2025 onwards under ESRS standards[cite: 11]. The Autonomous Finance Operations is not a CSRD tool — but it produces the financial data architecture that makes CSRD reporting auditable at the transaction level[cite: 11]. IC pricing governance and FX risk management data are disclosed under ESRS G1 (Business Conduct — tax transparency, transfer pricing governance, payment practices) — not as Scope 3 GHG emissions[cite: 11]. The Treasury agent's FX and IC flow data feeds ae_finance.csrd_feed in BigQuery[cite: 11]. GreenOps (M-06) schedules the monthly export[cite: 11]. Final iXBRL tagging for the ESRS digital taxonomy is applied downstream by the ClaraVis Group finance system[cite: 11].
Foreign key to ae_audit.hitl_events — auditor traceability[cite: 11]
csrd_category
STRING
System
ESRS topic code — G1 (Business Conduct) for IC governance and FX risk management data[cite: 11]
written_at
TIMESTAMP
System
Immutable record timestamp — CMEK-encrypted[cite: 11]
-- CSRD ESRS G1 governance export · ae_finance.csrd_feed · monthly · all ClaraVis entities[cite: 11]-- FIX: DATE_TRUNC uses explicit timezone 'Europe/Berlin' to avoid UTC date boundary ambiguity[cite: 11]SELECT
reporting_period,
entity_id,
SUM(ic_flow_eur) AS total_ic_flows_eur,
SUM(fx_hedge_notional_eur) AS total_fx_hedged_eur,
COUNT(DISTINCT hitl_approval_id) AS human_approved_decisions,
csrd_category,
CURRENT_TIMESTAMP() AS export_generated_at
FROM`ae_finance.csrd_feed`WHERE-- Explicit timezone prevents UTC vs CET boundary errors on month-end transactions[cite: 11]
reporting_period = DATE_TRUNC(
DATE_SUB(CURRENT_DATE('Europe/Berlin'), INTERVAL 1 MONTH),
MONTH
)
AND hitl_approval_id IS NOT NULL-- only human-approved transactions in CSRD report[cite: 11]GROUP BY reporting_period, entity_id, csrd_category
ORDER BY entity_id, csrd_category;
§8.4 SOX / SEC · US Subsidiary Governance
SOX §802 and SEC Rule 17a-4 apply to ClaraVis's US subsidiary — established 36 months ago as the FDA registration holder, integrated into the group IC reconciliation flow[cite: 11]. SOX requires defined retention and access-control discipline for financial records; SEC 17a-4 mandates non-erasable, non-rewritable storage for the retention period[cite: 11]. The architectural response is dataset separation, not field-level tagging — the SEC auditor can verify compliance from the BigQuery IAM policy without inspecting query logs[cite: 11]. Cross-border transfer to the EU group system is governed by the intercompany services agreement and is documented in the Data Processing Agreement as necessary for the performance of intercompany reconciliation services — satisfying the contractual necessity basis under the group's data governance policy[cite: 11]. An internal controls assessment was completed per SOX §404 guidance at integration[cite: 11].
SOX/SEC Cross-Border Transfer Basis: US financial data transferred to the ClaraVis Group EU system for IC reconciliation is governed under the group's intercompany Data Processing Agreement and the SOX §404 internal controls framework (accountability for third-party transfers)[cite: 11]. The basis is contractual necessity — for the performance of a contract between ClaraVis North America Inc. and ClaraVis GmbH[cite: 11]. This basis is documented in the Data Processing Agreement (DPA-US-EU-2024-03)[cite: 11]. IAM dataset separation (ae_finance_us) is the technical control — it does not itself constitute the legal basis for transfer[cite: 11]. An internal controls assessment was completed per SOX §404 and SEC 17a-4(f) record-integrity guidance (2023)[cite: 11]. Cross-purpose use for EU model training is architecturally blocked as shown below[cite: 11].
US Entity[cite: 11]
ClaraVis North America Inc.[cite: 11]
IC transactions · AP invoices · SOX/SEC oversight matrix applied natively[cite: 11].
→
Enforced Dataset Isolation[cite: 11]
ae_finance_us[cite: 11]
BigQuery dataset storage. US isolation retention policy and SEC 17a-4 IAM safeguards active[cite: 11].
OECD BEPS Action 13 requires contemporaneous documentation of intercompany pricing — not just the price, but the basis for it, the agreement it references, and evidence that a human reviewed it[cite: 11]. The IC Reconciliation Agent generates this record automatically at every transaction[cite: 11]. Tax counsel can query the full documentation trail from BigQuery without involving the data engineering team[cite: 11].
-- Full TP documentation trail for OECD BEPS Action 13 audit · ClaraVis Group[cite: 11]-- FIX: CURRENT_DATE uses explicit timezone 'Europe/Berlin' to avoid UTC date boundary issues[cite: 11]SELECT
tp.entity_pair,
tp.transaction_id,
tp.amount_eur,
tp.transfer_price_rate,
tp.agreement_reference,
tp.anomaly_score,
h.decision AS hitl_decision,
h.approver_id,
h.ts AS decision_timestamp,
s.top_feature_1, s.shap_value_1 -- Why the agent flagged this transaction[cite: 11]FROM`ae_audit.transfer_pricing` tp
JOIN`ae_audit.hitl_events` h ON h.hitl_id = tp.hitl_approval
LEFT JOIN`ae_audit.shap_explanations` s ON s.transaction_id = tp.transaction_id
WHERE
tp.entity_pair LIKE'%DE%'-- filter by entity pair for audit scope[cite: 11]ANDDATE_TRUNC(
TIMESTAMP_TRUNC(tp.written_at, DAY, 'Europe/Berlin'),
YEAR
) = DATE_TRUNC(CURRENT_DATE('Europe/Berlin'), YEAR)
ORDER BY tp.written_at DESC;