Intercompany · Treasury · AP Exceptions
Three agents. One governed intelligence layer.
Above the ERP, not instead of it.
The Autonomous Finance deploys three specialised AI agents — for intercompany reconciliation, treasury visibility, and AP exception triage — each operating within a single, auditable governance framework running on Google Cloud.
This is not an ERP replacement. It is the intelligence layer that sits above your ERP: reading, reasoning, and acting within the boundaries your finance controllers set. Every decision is logged, every threshold is configurable, and every output can be challenged by a human in the loop.
Built as a domain suite within The Autonomous Enterprise platform, it shares the same data governance spine, identity fabric, and audit ledger — meaning finance controls are co-ordinated, not siloed.
Mid-market European industrial groups with multi-entity SAP environments face three compounding operational failures at month-end: reconciliation drag, treasury blindness, and AP exception backlog. These are not process failures — they are structural consequences of ERP architectures designed for transaction recording, not cross-entity intelligence.
The transactional infrastructure is mature. SAP, Oracle, and their ecosystem partners have solved the ledger problem. Finance teams are not short of data — they are short of a reasoning layer that can act on it across entity boundaries, in real time, within a compliance envelope regulators will accept.
No production-grade, compliance-native agent layer currently exists for this stack. The gap is architectural, not tooling.
| Architectural Claim | GCP Service(s) | Layer | Rationale |
|---|---|---|---|
| Agent model serving + inference | Vertex AI · Model Garden | L03 | Managed inference endpoints with autoscaling; supports custom PyTorch/TF models alongside foundation models |
| MLOps pipeline + experiment tracking | Vertex AI Pipelines · Experiments · Model Registry | L03 | Kubeflow-compatible; model cards and lineage tracking satisfy EU AI Act conformance documentation requirements |
| Event bus / inter-agent messaging | Pub/Sub · Cloud Tasks · Eventarc | L02 | Durable, ordered delivery with dead-letter queues; Eventarc triggers audit hooks on every agent action |
| SAP + banking API connectivity | Apigee API Gateway · Cloud Endpoints | L04 | Managed OData / BAPI proxying to SAP; OAuth 2.0 + mTLS enforced at gateway; rate limiting per client entity |
| Immutable audit ledger | BigQuery · Cloud Spanner · Cloud Logging | L04 | Spanner for strongly-consistent transactional log; BQ for analytics and regulatory query interface; Log Buckets with CMEK |
| EU data residency + sovereignty | Assured Workloads · VPC Service Controls | L04 | Assured Workloads enforces EU-only data location at org policy level — not application logic. VPC-SC creates a data exfiltration perimeter |
| Zero-trust access + service mesh | BeyondCorp Enterprise · Cloud Armor · Traffic Director | L01–L04 | IAP for controller UI; Cloud Armor for L7 DDoS + WAF; Traffic Director for xDS-based service mesh across agents |
| Feature store + structured data | Vertex AI Feature Store · BigQuery ML | L03 | Online/offline feature serving for entity-graph features; BQML for in-warehouse anomaly detection inference at scale |
The EU AI Act's Annex III, point 5(b), classifies AI systems used to evaluate the creditworthiness of natural persons as high-risk. For finance agents operating in B2B multi-entity environments, this classification applies where agent outputs influence credit terms, payment prioritisation, or financial decisions affecting counterparties who are natural persons — including sole traders and personal guarantors common in mid-market supply chains.
This project is designed to satisfy the Annex III threshold across all deployment configurations — including those where the regulatory boundary is ambiguous. When the Act's obligations entered force, CFOs paused AI adoption not out of indifference but because no vendor could demonstrate conformance without months of external legal review.
GDPR Articles 5 and 25 — data minimisation and privacy-by-design — are enforced at the infrastructure layer via VPC Service Controls and Assured Workloads org policies, not application-level checks. CSRD Scope 3 financed-emissions traceability is a native output of the intercompany settlement flow. OECD transfer-pricing arm's-length documentation is generated as a structured artefact per settlement — not a quarterly manual exercise.
Compliance is not the afterthought. It is the reason the architecture looks the way it does — and the reason a CFO's legal team can complete review in days, not months.
| Regulation | Requirement | Architectural Control | Layer Responsible |
|---|---|---|---|
| EU AI Act · Annex III 5(b) | Human oversight, transparency, conformity assessment for high-risk AI | HITL checkpoints per agent action type; model cards generated by Vertex AI Pipelines; conformity log in BigQuery | L02 · L03 · L04 |
| GDPR · Art. 5 / 25 | Data minimisation, purpose limitation, privacy-by-design | VPC Service Controls data perimeter; Assured Workloads EU org policy; attribute-based access via IAM conditions; no PII in model training pipeline | L04 |
| CSRD · Scope 3 | Financed emissions traceability for reporting entities | Intercompany agent emits settlement events with entity-level emissions attribution; native GreenOps hook to AE platform dashboard | L02 · L03 |
| OECD Transfer Pricing | Arm's-length principle documentation per intercompany transaction | Structured TP artefact generated per settlement; stored in Spanner with immutable timestamp; exportable to CbCR format | L02 · L04 |
| PIPEDA | Canadian data residency and consent for personal information | Assured Workloads North America policy for CA-entity data; separate Pub/Sub topics with jurisdiction tag; consent metadata in Spanner | L04 |
| IFRS | Consistent intercompany elimination and FX translation methodology | Reconciliation agent enforces IFRS-10 elimination rules as policy constraints; FX translation uses ECB reference rates via scheduled Cloud Function | L02 |
This page — domain context, four-layer architecture, GCP service mapping, compliance architecture, and the problem statement.
Current PageArchitecture, entity-graph reasoning, mismatch classification model, and IFRS-10 elimination policy constraints.
→ Page 03Real-time cash positioning, FX exposure monitoring, uncertainty-quantified liquidity forecasting on Vertex AI.
→ Page 04Priority scoring model, root-cause classification, automated resolution routing, and supplier-impact scoring.
→ Page 05EU AI Act Annex III conformity framework, GDPR Art. 25 controls, CSRD Scope 3 emission hooks — structural, not retrofit.
→ Page 06Apigee SAP connectors, SWIFT gpi integration, VPC Service Controls data perimeter, and Spanner audit ledger design.
→ Page 07Vertex AI Pipelines topology, Feature Store design, drift detection strategy, and model card generation for regulatory inspection.
→ Page 08Confidence threshold policy, escalation routing via Cloud Tasks, override UX, and audit annotation flows in BigQuery.
→ Page 09Shared data governance spine, GreenOps hook, identity fabric via BeyondCorp, and strategy dashboard feeds from the AE platform.
→ Page 10Phased GCP deployment playbook, entity onboarding sequence via Terraform, go-live readiness criteria, and production governance model.
→