Agentic Finance: When Your Ledger Starts Making Decisions

The first wave of finance AI was a co-pilot. It summarised variances, drafted commentary, and answered natural-language questions about the trial balance. The CFO stayed in the driver seat. The second wave, which is arriving now in production environments, is agentic. An agent does not suggest a journal entry, it posts one. It does not flag a duplicate vendor invoice, it blocks the payment, opens a ticket, emails the supplier, and updates the AP aging report. The unit of work shifts from a recommendation a human reviews to a transaction the system executes within a defined policy envelope.

This is not a marketing distinction. The architecture is different. Co-pilots sit beside the ERP and read. Agents sit inside the workflow and write. They hold credentials, call APIs, and create immutable records. The controls model that worked for the read-only co-pilot, light governance, occasional spot checks, breaks immediately when the system is writing to the general ledger at three in the morning without a human in the loop.

We have spent the last nine months auditing agentic deployments inside finance teams ranging from a sixty-person SaaS company to a multi-entity industrial group. The technology works. The governance, almost universally, does not. This piece is a field guide to what we have observed and the operating model that holds up under audit scrutiny.

Tier 1, the reconciliation agent, matches bank statement lines to ledger entries, resolves the ninety percent of cases that are deterministic, and queues the rest for human review. Risk is low because the agent is fundamentally reading and pattern matching. Most teams are already running this in production whether they call it an agent or not.

Tier 2, the close orchestration agent, runs the month-end close as a directed workflow. It triggers accruals based on prior period patterns, posts standard journal entries, runs intercompany eliminations, and flags variances above a threshold. This is where the policy layer starts to matter. An agent that can post a hundred-thousand-dollar accrual without review needs a written policy, a maker-checker workflow for material amounts, and an audit log that survives an SOX review.

Tier 3, the treasury agent, sweeps cash across entities, executes FX hedges within pre-approved corridors, places short-duration deposits to optimise yield, and rebalances against a target liquidity profile. This is the first tier where a misconfigured agent can move real money in the wrong direction in seconds. The control model has to be designed by someone who has actually managed treasury risk, not a vendor implementation consultant.

Tier 4, the procurement and AP agent, negotiates payment terms with vendors, approves invoices against POs, and releases payment runs. This is the highest risk tier and the one with the biggest economic prize. A well-governed AP agent saves a mid-market company roughly two FTE per hundred million of spend and captures one to two percent of additional early-pay discounts. A badly governed one wires money to a fraudulent supplier.

Every vendor pitching agentic finance shows a demo of the agent executing a task. Almost none of them show the policy layer, which is the part that determines whether the deployment survives contact with reality. The policy layer answers four questions for every agent action: what is the agent allowed to do, what triggers a human review, what is the maximum exposure per transaction and per day, and what is the escalation path when the agent is uncertain.

The policy is not a setting on a dashboard. It is a versioned document, written in plain language, signed off by the CFO and the audit committee, and translated into machine-enforceable rules inside the agent runtime. When the policy changes, the version is logged, the change is approved through a defined process, and the new version is the one the agent is operating under. This is the same discipline that applies to trading risk limits in a bank, and the same discipline that finance teams have not historically been asked to maintain.

We have started writing the policy layer before we write any agent code. The artefact is typically twelve to twenty pages. It is the single most valuable document in the deployment because it forces the finance leadership to make explicit decisions about autonomy that were previously implicit and inconsistent. Most teams discover during this exercise that they cannot articulate the current human-only policy, which is itself a finding.

An auditor twelve months from now will ask a question that did not exist in the prior decade of finance: prove to me, transaction by transaction, that every agent action was within policy, was triggered by a legitimate input, and was reversible if necessary. The general ledger does not answer that question. The audit log does, but only if it was designed for the purpose from day one.

A defensible agent audit log captures, for every action: the policy version in effect, the inputs the agent observed, the reasoning trace that led to the decision, the action taken, the system response, and the human reviewer if escalation was triggered. This is roughly five to ten times the volume of a conventional ERP audit log. The storage cost is trivial, the schema design is not. We see teams who skip this design step having to rebuild it during their first audit, which is a multi-month project under time pressure.

The deeper point is that the audit log is becoming a primary record, not a secondary one. When an agent posts a journal entry, the journal entry is the artefact in the GL, but the audit log is the artefact that proves the journal entry should exist. External auditors and regulators are already starting to ask for the audit log directly. Designing it as a first-class system, with retention, immutability, and queryability, is now a finance leadership responsibility, not an IT one.

Three roles will compress dramatically inside two years in any finance organisation that adopts agentic systems seriously. The reconciler, whose work is almost entirely deterministic, is the first. The journal entry preparer, whose work is template-driven and rule-based, is the second. The intercompany matcher, who exists primarily because legacy ERPs make intercompany painful, is the third. We are not predicting full elimination. We are predicting that the headcount required to run these functions drops by sixty to eighty percent in a well-implemented environment.

Three new roles emerge in their place. The agent supervisor, who monitors agent performance, investigates exceptions, and is the human in the loop for material actions. The policy engineer, who owns the policy layer, runs the change control process, and translates business intent into machine-enforceable rules. The exception steward, who handles the long tail of cases the agent cannot resolve and uses those cases as training data for the next iteration.

The compensation profile of the new roles is different. They sit higher in the org, command higher salaries, and require a hybrid of accounting judgment and technical fluency that almost no current accounting graduate has. The first practical step for any finance leader is to identify the two or three people on the current team who could grow into the agent supervisor role and start investing in them now. The market for these people in twenty-four months will be punishing.

Boards have been slow to engage with agentic finance because the topic sounds technical and the vendor pitches sound speculative. The reality is that agents are already executing transactions inside many of the companies on the board agenda. The question for the board is not whether to adopt, it is whether the adoption that is already happening is governed.

The single question we recommend boards ask this quarter: which finance decisions in our company are currently being made by software without a human in the loop, what is the policy that governs those decisions, and who signed off on that policy. In roughly eighty percent of the boards we have advised, the answer to the first part of the question is longer than management expected, the answer to the second part is incomplete, and the answer to the third part is nobody. That gap is the audit finding waiting to happen.

The work to close the gap is not exotic. Write the policy, version it, get sign-off, instrument the audit log, define the escalation paths, train the supervisor role, and run a quarterly review of agent performance against policy. None of this requires waiting for the next wave of AI. All of it can be done in the next ninety days. The companies that do this work now will run agentic finance as a strategic advantage. The companies that do not will run it as a liability.