Architecture
Decision Records.
Six binding decisions — each encoding a constraint that shaped the system's structure[cite: 13]. Written at design time, stored in version control, referenced by every agent that touches financial data[cite: 13]. Not post-hoc documentation[cite: 13]. The architecture is the argument[cite: 13].
SAP Write Requires Committed HITL
Approval Record ID as Mandatory Parameter
Every SAP BAPI or OData write that modifies the intercompany ledger must carry a committed approval record ID as a mandatory parameter[cite: 13]. The gate validates this ID against the HITL audit table in BigQuery before executing[cite: 13]. An absent, expired, or already-consumed ID causes the write to be rejected at the gate — no exception path exists[cite: 13]. The approval record is written to BigQuery and considered committed only after a named controller has approved the specific correction payload[cite: 13]. The record ID is single-use: a second write attempt with the same ID is rejected[cite: 13].
- No journal correction can reach SAP without a prior committed approval record — structurally enforced, not policy-enforced[cite: 13].
- The approval record ID creates a tamper-evident link between every SAP posting and its HITL audit trail entry[cite: 13].
- Replay protection via single-use IDs prevents duplicate posting from agent retries or infrastructure failures[cite: 13].
- Infrastructure failure between gate validation and SAP write confirmation requires a new HITL approval cycle — by design[cite: 13]. The connector distinguishes gate-passed vs. SAP-confirmed states; a gate-passed-but-SAP-failed write is routed to a dead-letter queue for manual resolution, not silently discarded[cite: 13].
- EU AI Act Art. 14 (human oversight) compliance is structural: the approval record is the evidence artifact for regulatory inspection[cite: 13].
- Adds one round-trip latency to the correction workflow[cite: 13]. Acceptable given the batch-processing nature of month-end reconciliation[cite: 13].
Isolation Forest + XGBoost Ensemble
for IC Anomaly Detection
Deploy an ensemble of Isolation Forest (unsupervised anomaly scoring — no labelled data required at initialisation) and XGBoost classifier (supervised refinement trained on HITL override labels as they accumulate)[cite: 13]. Scores are fused via a weighted combiner[cite: 13]. Any fused score above the 0.72 threshold triggers SHAP TreeExplainer — deterministic, not stochastic — which is applied to the XGBoost component only[cite: 13]. Isolation Forest anomaly scores are surfaced as raw input features to the XGBoost layer, not independently explained via SHAP[cite: 13]. The XGBoost SHAP output, which encodes the contribution of all features including the Isolation Forest score, constitutes the explanation payload stored in the HITL audit trail and presented to the controller[cite: 13]. This scoping ensures SHAP determinism is preserved and that the Art. 13 explanation reflects the decision-making component, not the unsupervised scoring layer where SHAP stability guarantees do not hold[cite: 13].
- SHAP TreeExplainer determinism satisfies EU AI Act Article 13 — SHAP is applied to the XGBoost component only[cite: 13]. Isolation Forest scores are input features to XGBoost, not independently explained[cite: 13]. The same input produces the same explanation on every run, independent of hardware[cite: 13].
- Isolation Forest component provides production-ready anomaly detection from day one without waiting for labelled data[cite: 13].
- XGBoost component improves over time as HITL override labels are fed back through the retraining pipeline[cite: 13].
- Ensemble fusion logic must be maintained — weight calibration reviewed quarterly or when override rate exceeds the drift threshold[cite: 13].
- SHAP computation adds ~40ms per inference above the 0.72 threshold[cite: 13]. Acceptable for IC reconciliation which is not a real-time workload[cite: 13].
LightGBM + Prophet Ensemble
for Cash Forecasting
Deploy a Prophet + LightGBM stacking ensemble[cite: 13]. Prophet handles calendar seasonality explicitly through its native regressor interface — payroll dates, quarter-end, public holiday calendars per jurisdiction are registered as regressors, not inferred from the time series[cite: 13]. LightGBM handles structural features: FX rates, IC sweep history, AP aging, credit line data[cite: 13]. A meta-learner trained on holdout data determines the MAPE-weighted blend ratio per forecast horizon[cite: 13]. Output is a 13-week rolling forecast with P10/P50/P90 uncertainty bands per entity and consolidated[cite: 13].
- LightGBM's quantile regression mode provides P10/P50/P90 forecast bands per entity and consolidated — the Treasury dashboard surfaces uncertainty range, not a point forecast, to avoid misleading CFO/Treasurer users[cite: 13].
- Prophet component handles calendar seasonality without bespoke feature engineering — calendar updates propagate through the regressor interface[cite: 13].
- LightGBM component captures non-linear structural feature interactions that Prophet's additive model cannot represent[cite: 13].
- Stacking blend requires a holdout evaluation set — 6 months held out from the 36-month history for meta-learner training[cite: 13].
- SHAP attribution via LightGBM's native TreeExplainer provides per-feature contribution at each forecast horizon — satisfies Art. 13 transparency for treasury decisions[cite: 13].
- Two model retraining schedules must be managed independently: Prophet quarterly (calendar drift), LightGBM monthly (structural signal drift)[cite: 13].
Three Separate Cloud Run Services
over a Single Monolithic Agent
Deploy three separate Cloud Run services — one per agent domain — each with independent autoscaling configuration, independent HITL SLA, independent deployment pipeline, and independent failure boundary[cite: 13]. Services share the HITL service, SAP connector, and audit log as separately deployed infrastructure[cite: 13]. Pub/Sub topics route events to the correct agent service[cite: 13]. No cross-service dependencies at the application layer[cite: 13].
- AP agent scales to max=80 instances during invoice volume peaks without affecting IC or Treasury service capacity[cite: 13].
- A failure in any single agent service does not affect the other two — failure domain isolation is structural[cite: 13].
- Three independent deployment pipelines enable zero-downtime updates to any agent without coordinating with others[cite: 13].
- Three independent HITL SLAs can be negotiated with finance operations — AP may tolerate higher latency than Treasury[cite: 13].
- Shared infrastructure (HITL service, SAP connector, audit log) must be deployed and maintained independently — added operational surface, offset by the isolation benefit[cite: 13].
SOX/SEC Compliance via Dataset Separation
over Field-Level Tagging
Separate US entity data into a dedicated BigQuery dataset (af_us_soxsec) deployed in the us-central1 region[cite: 13]. Dataset-level IAM policy restricts access to the US-entity service account only and encodes purpose limitation as a dataset label[cite: 13]. An SEC auditor can verify retention policy from the dataset's configuration metadata and purpose limitation from the IAM policy — neither requires inspecting query logs[cite: 13]. Cross-dataset joins between af_us_soxsec and other datasets are blocked by IAM boundary — enforced structurally, not by application logic[cite: 13].
- SEC audit can be completed from the BigQuery console without querying production logs — retention policy and purpose limitation are verifiable from metadata[cite: 13].
- IAM boundary prevents cross-dataset joins — consolidated reporting that spans US and EU entities must be implemented via aggregated views in the global dataset, not raw joins[cite: 13].
- US entity ML training must use only the af_us_soxsec dataset — training on the global dataset with US data excluded via WHERE clause does not satisfy the structural separation requirement[cite: 13].
- Dataset provisioning script must be version-controlled and immutable — IAM policy changes require a PR review cycle to maintain audit trail[cite: 13].
- Under review pending legal confirmation that dataset-level separation satisfies external counsel's current interpretation of SEC Rule 17a-4 retention requirements[cite: 13].
ISO 20022 as the Single Standard
for Bank-to-Corporate Connectivity
Implement ISO 20022 Open Banking as the single bank connectivity standard[cite: 13]. All four banking relationships support ISO 20022 post-2025 (the EU mandated migration deadline)[cite: 13]. A single adapter handles camt.052 (intraday position), camt.053 (end-of-day statement), pain.001 (payment initiation), and pacs.008 (credit transfer)[cite: 13]. One integration pattern covers all four banks[cite: 13]. Message schema validation is enforced at the adapter layer before any data reaches the agent[cite: 13].
- Single ISO 20022 adapter covers all four banking relationships — one integration pattern to maintain, test, and version[cite: 13].
- ISO 20022 is the ECB-mandated standard for EU high-value and domestic payment messaging post-2025 (TARGET2/T2 migration) — regulatory longevity is assured for the EU banking relationships, unlike proprietary bank APIs subject to deprecation[cite: 13].
- Adding a fifth banking relationship (if ClaraVis expands) requires bank onboarding only — the adapter code is unchanged if the new bank supports ISO 20022[cite: 13].
- Message schema validation at the adapter layer provides a structural contract — malformed bank responses are rejected before reaching agent logic[cite: 13].
- ISO 20022 message parsing requires XML schema validation — a modest additional compute cost per message accepted relative to JSON REST APIs[cite: 13].
- JPMorgan Chase's ISO 20022 implementation uses the US Faster Payments-aligned profile — minor message field differences from the EU profile require adapter configuration per banking relationship, not code changes[cite: 13].
Regulatory encoding across all six ADRs: ADR-AF-01 encodes EU AI Act Art. 14 human oversight structurally via the SAP write gate[cite: 13]. ADR-AF-02 encodes Art. 13 transparency via SHAP determinism (scoped to the XGBoost component; see ADR for scope note)[cite: 13]. ADR-AF-03 satisfies Art. 13 for treasury decisions via LightGBM SHAP attribution with P10/P50/P90 forecast bands[cite: 13]. ADR-AF-04 enables independent HITL SLA management per agent domain — a prerequisite for Art. 14 compliance at scale[cite: 13]. ADR-AF-05 (Under Review) — SOX/SEC retention and purpose limitation encoding is the intended outcome pending written confirmation from US securities counsel; regulatory status is not yet finalised[cite: 13]. ADR-AF-06 ensures bank-to-corporate connectivity via ISO 20022, the mandated standard for EU high-value and domestic payment messaging post-2025 (ECB TARGET2/T2 migration)[cite: 13]. None of these decisions are retrofitted — each is a load-bearing constraint that shaped the architecture from first principles[cite: 13].