AI for Treasury & Financial Controlling — Subfunction Implementation Guide (2026)

The CFO-level guide to AI for finance teams and the broader AI applications in finance landscape stop at the function boundary. Treasury and financial controlling sit one level deeper. They are the two finance subfunctions where the work is the most rule-heavy, the most audit-heavy, and the most regulator-heavy — and they are where most AI deployments either compound into an audit-ready capability or quietly create exposure no one has measured yet.

This guide is a subfunction-level companion. It assumes you have already read the CFO-level material and you are now asking specific questions: which treasury workflows are agent-ready, which controlling workflows are agent-ready, what stays human, and which signals belong in the audit trail by default. We address each in turn, then describe how Knowlee's orchestration substrate fits below the existing treasury and consolidation stack — without claiming to be a turnkey treasury app, because we are not building one.

TL;DR

  • Treasury and controlling are not "broad finance" — they are governed by their own regulatory overlays (DORA, SOX, IFRS, payment regulations) on top of the EU AI Act, and the audit-trail expectations are higher than for FP&A or AP/AR.
  • Five treasury workflows are agent-ready today: cash forecasting, FX exposure monitoring, intercompany netting, real-time payment fraud detection, and liquidity scenario analysis. Hedging, counterparty approvals, and regulatory filings stay human.
  • Five controlling workflows are agent-ready: close-cycle acceleration, variance analysis, management report drafting, budget vs actual narrative generation, and cost-driver attribution. Accounting policy judgment, GAAP/IFRS interpretation, and board reporting sign-off stay human.
  • The non-negotiable: every treasury action and every controlling output that touches a journal entry, a payment instruction, or a regulatory submission must be audit-trailed with risk classification, data category, human approver, and timestamp.
  • Knowlee is the orchestration substrate, not the treasury app. The treasury management system, the consolidation tool, and the ERP remain. The agent layer reads from them, writes back through them, and produces the cross-system audit trail that regulators increasingly expect.

Why Treasury and Controlling Are Different from Broad Finance Automation

CFO-level AI implementation guides treat finance as a single function. That works at the level of buying decisions and governance scaffolding. It breaks down at the level of subfunction implementation, because treasury and controlling carry compliance overlays that broader finance subfunctions do not.

Regulatory overlay. Treasury intersects with payment regulation (PSD2/PSD3 in the EU, national instant-payment schemes), market-abuse regulation when trading instruments are involved, and DORA's ICT and third-party risk requirements when bank connectivity, treasury management systems, or SaaS platforms are in scope. Controlling intersects with SOX 404 internal-controls assertions for any group with US-listed parents or subsidiaries, IFRS and local-GAAP requirements for financial statement preparation, and statutory audit requirements that demand traceable working papers. The EU AI Act sits on top of both, applying its Article 26 deployer obligations to every AI system that touches these workflows.

Audit-trail expectations are higher. A variance commentary that supports an internal management discussion can survive on a lighter audit trail. A journal entry, a payment instruction, an FX hedge ratio, or a board-reported figure cannot. Treasury and controlling outputs end up in financial statements, regulatory filings, and the audit working papers that external auditors test under SOX, ISA, or local equivalents. Every AI-touched element in that chain needs to be reconstructible.

Error cost asymmetry. A wrong AP/AR exception is a recoverable operational error. A wrong intercompany elimination, a wrong hedge ratio applied to a real exposure, or a wrong cost allocation flowing into a regulated cost report compounds in ways that are not always visible until the next close. The implication is not that AI does not belong here — it does — but that the governance scaffold has to be in place before, not after, the agent goes live.

Regulator expectation. DORA Article 28-39 ICT third-party requirements, the AI Act Article 26 deployer obligations, SOX 302/404 internal control certifications, and statutory audit Article 34 (where applicable) all expect that any system materially involved in financial information is documented, monitored, and auditable. An AI agent that reconciles intercompany balances or drafts a management report is materially involved in financial information by definition.

For the broader regulatory framing, see AI Act financial services compliance and the agentic workflow enterprise guide.

Part 1 — AI in Treasury

What Treasury Actually Does

Corporate treasury sits between the firm's balance sheet and the outside world. It manages cash positions, currency exposures, intercompany flows, banking relationships, debt servicing, and counterparty risk. In larger groups, it also runs the in-house bank, supervises payment factories, and owns the relationship with bank-connectivity providers (SWIFT, EBICS, regional schemes).

Most treasury teams are small relative to their scope — a handful of professionals managing flows that move billions across currencies and counterparties. That structural mismatch between team size and operational scope is why treasury is one of the higher-leverage AI deployment opportunities in the modern enterprise. Agents can absorb the data plumbing and pattern recognition; the treasurer keeps the judgment work and the regulator-facing accountability.

Five Treasury Use Cases Where AI Agents Deliver Today

1. Cash Forecasting

The classic treasury exercise. A weekly or daily rolling cash forecast across legal entities, currencies, and bank accounts, integrating known commitments (AP scheduled payments, AR collections, debt service, payroll, tax) with statistical forecasts of less predictable flows.

What the agent does. Pulls position data from bank feeds and the TMS, pulls scheduled cash items from the ERP (open invoices, debt schedule, tax calendar), applies historical seasonality and known business drivers to project the rolling forecast horizon, surfaces variance against the prior forecast cycle, and flags entities or accounts where the projection has drifted materially.

Signal sources. Bank feeds (BAI2, MT940, CAMT.053), TMS positions, ERP open-item ledgers, debt service schedules, payroll schedules, statutory payment calendars, historical cash-flow patterns by entity and currency.

Audit-trail expectations. Every forecast cycle records its input snapshot, the model assumptions applied, the resulting projection, and the variance against prior cycle. The treasurer who relies on the forecast for a hedging or borrowing decision must be able to reconstruct what the agent saw at the moment of decision.

2. FX Exposure Monitoring

Continuous monitoring of currency exposures against the policy framework. The agent does not decide whether to hedge — it surfaces what is exposed, what is hedged, and what the residual position looks like against the limits the treasurer has set.

What the agent does. Aggregates exposures across entities and currencies (operating exposure from AP/AR, balance-sheet exposure from intercompany loans and equity, anticipated exposure from forecast cash flows), maps current hedge instruments against the exposure pool, computes residual exposure by currency and tenor, and flags positions that breach policy thresholds.

Signal sources. ERP and sub-ledger balances, intercompany loan registers, FX hedge inventory in the TMS, market data feeds for spot and forward rates, the firm's hedging policy (the rule book the agent applies).

Audit-trail expectations. Each monitoring run records the exposure snapshot, the hedge inventory, the residual computation, and any threshold breaches. Decisions taken on the back of the report are recorded against that snapshot.

3. Intercompany Netting

Multi-entity groups settle intercompany flows on a periodic netting cycle. The agent assembles the netting matrix, identifies mismatches, and produces the net settlement instructions for the in-house bank or external payment provider.

What the agent does. Pulls open intercompany balances from each entity's sub-ledger, matches counterparties and currencies, identifies asymmetric balances (where one side reports a payable but the counterparty does not report a corresponding receivable), classifies mismatches by likely cause (timing, FX restatement, missing entry, dispute), produces the netting matrix, and drafts the settlement instructions for human approval.

Signal sources. Intercompany sub-ledgers from each entity's ERP, master data on entity hierarchy and approved intercompany relationships, FX rates for the netting date, the firm's intercompany policy.

Audit-trail expectations. Particularly important here, because intercompany eliminations land in the consolidated financial statements. Each cycle records the input balances, the matching logic applied, the mismatches surfaced, the resolution recommended, and the human approver who released the settlement.

4. Real-Time Payment Fraud Detection

Treasury and the payment factory share responsibility for detecting fraudulent or anomalous payment instructions before release. The agent applies anomaly detection on outbound payment streams in near real time, flagging instructions that deviate from established patterns for human review before release.

What the agent does. Scores each outbound payment instruction against learned patterns (counterparty history, amount distribution, currency usage, timing, originating user, beneficiary bank country), surfaces anomalies that exceed defined thresholds, and either holds the payment for human review or routes it to a higher approval level depending on the score.

Signal sources. Outbound payment streams from the TMS or payment factory, historical payment patterns by counterparty and originator, sanctioned-counterparty lists, a feed of recent fraud patterns observed in the industry, internal allow-lists and block-lists.

Audit-trail expectations. This is the highest-stakes treasury workflow for audit purposes. Every flagged payment must record the score, the features that contributed to the score, the human reviewer, and the disposition. Every released payment must record that the score was below threshold or that a named human cleared it. Regulators investigating a fraud loss will reconstruct this chain in detail.

5. Liquidity Scenario Analysis

What happens to the group's cash position if a major customer pays 30 days late? If a credit facility is drawn earlier than planned? If FX moves five percent against the home currency? Liquidity scenario analysis answers questions like these on demand and on a recurring basis.

What the agent does. Takes the base-case forecast, applies a defined set of stress scenarios (customer payment delay, FX shock, facility drawdown, refinancing failure, counterparty default), produces the resulting cash trajectory, identifies the points at which the projected position breaches headroom thresholds, and surfaces the actions that would restore headroom.

Signal sources. Base-case cash forecast, debt covenant triggers, available facility headroom, FX sensitivities, historical scenario library, the firm's liquidity policy.

Audit-trail expectations. Scenario runs are versioned. The treasurer and CFO need to reconstruct exactly which scenario set was reviewed at a specific board or committee meeting, and which actions were authorized in response.

What Stays Human in Treasury

Hedging decisions. The agent surfaces exposure and residual position. The treasurer decides what to hedge, in what proportion, with what instrument, at what tenor. This is not a technology limitation — it is a fiduciary and policy boundary. Hedging decisions encode judgment about the firm's risk appetite that no agent has been authorized to make.

Counterparty approvals. New banking counterparties, new derivative counterparties, and new payment beneficiaries pass through human approval. The agent can prepare the due diligence file; the credit committee or treasurer makes the call.

Regulatory filings. Bank regulatory submissions (where the firm is itself a regulated entity), tax regulatory filings related to treasury transactions, and statutory disclosures about treasury risk (in the financial statements or management commentary) are signed off by named humans, not agents.

Material policy exceptions. When a flagged anomaly or a breached threshold requires a deliberate policy exception, the exception is granted by a human with documented authority, not by the agent that surfaced the issue.

Treasury Governance — What Audit Trail Means in Practice

DORA, the AI Act, and bank supervisors all converge on a similar expectation: any system that materially affects financial flows is operated under documented governance with reconstructible logs. For an AI agent operating in treasury, that means each run emits, at minimum:

  • The input snapshot the agent saw (bank balances, exposures, payment streams).
  • The logic or model version applied.
  • The output produced (forecast, exposure report, netting instruction, payment score, scenario result).
  • The human reviewer or approver, with timestamp, where the workflow requires one.
  • The risk classification, data category, and oversight requirement metadata that the Article 26 deployer evidence pack requires.

This is not a feature on top of the agent. It is the agent's runtime contract. The audit trail is produced because the agent cannot run without producing it. That is the architectural difference between substrate-grade and bolted-on governance.

Part 2 — AI in Financial Controlling

What Financial Controlling Actually Does

Financial controlling owns the integrity of the numbers. It runs the close cycle, prepares the statutory and management reporting, manages the chart of accounts, owns the budget-versus-actual analysis, allocates costs across business units, and produces the working papers that external auditors test. In larger groups, controlling also owns the consolidation, the management reporting framework, and a meaningful portion of the SOX 404 internal-controls evidence.

Controlling is more rule-bounded than FP&A. Where FP&A produces forward-looking analyses with appropriate uncertainty disclosure, controlling produces backward-looking statements with much tighter accuracy and traceability constraints. The audit-trail requirement is not optional — every figure must be supportable by source data and a documented derivation path.

Five Controlling Use Cases Where AI Agents Deliver Today

1. Close-Cycle Acceleration

The monthly close runs through a defined sequence: cut-offs, accruals, intercompany matching, currency translation, consolidation, reconciliation, reviews, and sign-offs. Most of these steps are rule-heavy and time-pressured.

What the agent does. Identifies missing cut-offs by cross-referencing PO and goods-received data against booked accruals, drafts proposed accrual entries for human review, flags reconciliations where the balance has not been cleared on schedule, surfaces journals that look anomalous against historical patterns, and produces a real-time close-progress dashboard the controller can act on.

Signal sources. ERP transaction data, sub-ledgers (AR, AP, inventory, fixed assets), prior-period closing balances, intercompany matching results, the close calendar.

Audit-trail expectations. Each agent-proposed entry is clearly marked as AI-prepared, retains the supporting data references, and is posted only after human approval. The reviewer's identity and timestamp are recorded against the journal in the ERP audit trail.

2. Variance Analysis Automation

Comparing actuals against budget, prior period, and forecast at the line-item level, classifying variances by likely cause, and producing the first draft of the commentary the controller uses in management reporting.

What the agent does. Computes line-item variance (volume, price, mix, FX, timing), retrieves contextual signals from operational systems (sales activity, headcount changes, capex commissioning, marketing spend, contractual escalators), proposes a candidate explanation per material variance, and drafts the variance commentary in the firm's reporting style.

Signal sources. GL transaction data, budget and forecast versions, operational system signals (CRM, HRIS, asset register, project ledgers), prior-period commentary as style reference.

Audit-trail expectations. Each piece of the agent-drafted commentary cites the data behind it. The controller can drill from a sentence in the commentary to the GL transactions or operational signals that support the explanation. Final commentary is human-reviewed and human-signed.

3. Management Report Drafting

The monthly or quarterly management report — the document the executive team and audit committee read — is one of the most leveraged opportunities for agent assistance and one of the most rigorous in oversight requirements.

What the agent does. Drafts the narrative sections of the management report from the variance analysis, the close metrics, and the underlying operational signals, applying the firm's house style and preserving the structural conventions of prior reports. The draft is clearly marked as AI-prepared and preserves the citation trail to source data.

Signal sources. Variance analysis outputs, KPI dashboards, prior period reports as style and structural reference, operational commentary inputs from business units.

Audit-trail expectations. Every claim in the final report is traceable to a source. The reviewer record shows what changed between draft and final. The CFO or controller who signs the report is named and the sign-off is timestamped.

4. Budget vs Actual Narrative Generation

Closely related to variance analysis but expressed at the planning layer. The agent produces the BvA narrative for each cost center or business unit owner, with the right operational context attached, so the budget owner can review and respond efficiently.

What the agent does. Per cost center, computes BvA at line item, retrieves relevant operational drivers, drafts a narrative that the budget owner can edit, sends the draft into the controlling workflow, and tracks budget owners' responses against the close calendar.

Signal sources. GL data by cost center, budget version, operational drivers per business unit, prior period BvA narratives.

Audit-trail expectations. The agent-drafted narrative and the budget owner's edited version are both preserved. The controller can see what the agent proposed, what the budget owner changed, and the rationale captured in the workflow.

5. Cost-Driver Attribution

Allocating shared costs to business units, products, channels, or customer segments based on driver data — and explaining the resulting allocation to the recipients of the cost.

What the agent does. Applies the documented allocation methodology to the period's shared costs, surfaces driver values per recipient, computes the allocation, drafts a per-recipient explanation showing the driver inputs and the resulting cost, and flags allocations whose result deviates materially from prior periods or the recipient's plan.

Signal sources. Shared cost pools (IT, facilities, central functions, corporate overheads), driver values (FTE counts, square meters, transaction volumes, revenue), the documented allocation methodology, prior period allocations.

Audit-trail expectations. Methodology version, driver snapshot, computation, and recipient acknowledgment all live in the run record. This is foundational for SOX 404 evidence in groups where shared cost allocation is a material in-scope process.

What Stays Human in Controlling

Accounting policy judgment. Choice of revenue recognition pattern for a non-standard contract, treatment of a complex business combination, IFRS-vs-local-GAAP timing differences, capitalization-versus-expense decisions on borderline cases — these are accounting policy judgments that sit with the controller, the technical accounting function, and the audit committee, never with the agent.

GAAP/IFRS interpretation. Application of new or amended standards (IFRS 9, IFRS 15, IFRS 16, IFRS 17, ASC 606, ASC 842, and equivalents) to the firm's specific transactions. Interpretation is signed off by qualified humans, not generated by agents.

Board reporting sign-off. Whatever the agent drafts, the management report, the audit committee pack, and the board pack are signed off by named humans (controller, CFO, audit committee chair). The signature is the accountability anchor that no AI Act-compliant deployment will allow an agent to substitute.

Statutory financial statement assertions. Sign-offs on statutory financial statements, going-concern assessments, internal-controls effectiveness assertions, and any disclosure that carries individual personal liability for officers or directors stay with the named humans.

Controlling Governance — Audit-Trail Implications under SOX, IFRS, and the AI Act

The expectation across SOX 404, statutory audit standards (ISA 315, ISA 330, ISA 600 for groups), and the AI Act converges on the same operational requirement: every AI-touched journal, allocation, narrative, and reported figure must be traceable to source data, the logic that produced it, and the human who approved it. Auditors testing internal controls over financial reporting now routinely ask which steps of the close cycle involve AI, what the AI does, what controls operate over the AI's output, and what evidence exists that those controls are operating effectively.

A controlling agent without this evidence is not a productivity asset — it is a control deficiency waiting to be flagged in the next audit. A controlling agent with it is a leveraged extension of the controller's office, with a paper trail tighter than the manual baseline.

Anti-Patterns Worth Naming

Some failure modes recur across treasury and controlling AI deployments. Each is worth refusing as a default, regardless of who is selling the architecture.

Fully automated payment release. No agent should release a payment without a named human approval gate, regardless of the score, the counterparty history, or the apparent confidence of the model. The fraud loss case where the agent cleared the payment because nobody had set the threshold low enough is the case the regulator will spend the most time on.

AI-drafted board reports without CFO review. No board report leaves the office under the CFO's name unless the CFO has reviewed it. The agent compresses preparation time. It does not substitute for the review.

Ignoring close-cycle anomaly flags. An agent flagging an anomaly that the controller dismisses without investigation produces a false sense of control coverage. Either the flag threshold is wrong (calibrate it) or the dismissal is wrong (investigate it). Silent dismissal of agent flags is the architecture of an unaddressed control deficiency.

No audit trail on AI-touched journal entries. Journal entries that bypass the audit trail because they came from "the AI tool" rather than the ERP audit log are not auditable, are not SOX-compliant, and are not safe under any combination of statutory audit and AI Act obligations. Every AI-produced journal lands in the ERP audit log with the AI marker, the source data references, and the human approver.

Hedging on agent output without policy alignment. An agent that surfaces FX exposure is informational. An agent that recommends hedge ratios is informational. A hedge executed because "the agent said so" without policy validation is a fiduciary failure waiting to surface in the first significant adverse market move.

How Knowlee's Orchestration Layer Fits

Knowlee is not a treasury management system, not a consolidation tool, not an FP&A platform, and not a controlling suite. The treasury management system, the consolidation tool, the ERP, and the planning platform stay in place. Knowlee operates as the orchestration substrate below them — the agent runtime that reads from the existing stack, writes back through documented integration paths, and emits the cross-system audit trail that none of those tools can produce on their own because each one only sees its own slice of the workflow.

The pattern that recurs in regulated finance deployments: agents are defined as type: "session" jobs in a workflow registry, each with a declared risk level, declared data categories, declared human-oversight required, and a defined output destination. Every run emits the approver and approval timestamp metadata where oversight is required. The audit trail is the default behavior of running an agent, not a downstream reporting exercise. See AI orchestration glossary and agentic workflow enterprise guide for the architectural pattern.

What this means for treasury and controlling specifically: the substrate gives the operator the components to specialize the agent layer to the firm's specific TMS, consolidation tool, ERP, payment factory, and policy framework. It does not replace those tools and does not pretend to be a turnkey treasury or controlling app. The specialization work is real work — and it is the work that makes the resulting deployment both effective and defensible.

For the deeper compliance frame, see AI for treasury glossary and AI for financial controlling glossary.

Frequently Asked Questions

Is AI in treasury high-risk under the EU AI Act?

For most corporate treasury use cases, no. Cash forecasting, FX exposure monitoring, intercompany netting, payment fraud detection, and liquidity scenario analysis are decision-support workflows where the human treasurer retains the decision-making role. The Annex III high-risk classification is generally not triggered. Article 26 deployer obligations apply regardless — risk classification, human oversight, monitoring, and audit trail are required for every AI system used. Where a treasury workflow becomes part of a credit-decision chain affecting natural persons, the analysis changes.

Does DORA apply to a corporate treasury AI deployment?

DORA applies to financial entities operating in the EU. If your firm is a regulated financial entity, DORA Article 28-39 third-party requirements apply directly to any AI vendor used in critical or important functions, including treasury. If your firm is a non-financial corporate, DORA does not apply directly, but your banking counterparties may impose DORA-adjacent requirements on you through their own third-party risk management frameworks. The treasury team is often the first place those requirements land in a non-financial corporate.

How does AI in financial controlling interact with SOX 404?

If your firm files with the SEC or is part of a group that does, SOX 404 internal-controls assertions apply to the close cycle and the financial statement preparation process. AI agents in the close cycle become part of the in-scope process. The control activities that govern the AI's output — review of agent-prepared journals, reconciliation of agent-produced reports, sign-off on agent-drafted commentaries — become in-scope controls. They must be designed, operated, and tested. The audit trail the agent produces is the evidence the testers will ask for.

Can an AI agent produce statutory financial statements?

It can produce drafts. It cannot produce final, signed statutory financial statements. Statutory financial statements carry personal liability for the officers signing them. The signatures are not delegable to an AI system. The architecture that works is: agents prepare and analyze; controllers review and adjust; the named officer signs. The audit trail records the contribution of each layer.

What treasury data should never enter an AI agent's context?

Banking credentials, payment-system credentials, signing keys, and full account number sequences for the firm's bank accounts should not pass through the agent's context. The agent operates against pre-authorized integrations (the TMS, the bank-connectivity layer, the ERP) that hold those credentials and expose only the operations the agent is authorized to invoke. A correctly designed integration removes the credentials from the agent runtime entirely. Anything else is a security architecture failure regardless of how careful the prompt design is.

How long should treasury and controlling AI run logs be retained?

The retention horizon is the longer of (a) the firm's document retention policy, (b) the statutory audit retention requirement applicable in each jurisdiction (typically seven to ten years for financial records in EU jurisdictions), (c) the regulatory retention requirement under DORA or the AI Act (which the AI Act sets at six months minimum for high-risk systems and longer for traceability obligations, applied as a floor, not a ceiling), and (d) the litigation hold period applicable to any open matter. In practice, treat ten years as a working assumption and verify against your specific jurisdictional and contractual obligations.

Where to Go from Here

The CFO-level AI implementation guide (AI for finance teams) gives you the function-level architecture. The pillar guide (AI applications in finance) gives you the eight-application landscape. This subfunction guide gives you the operational specifics for treasury and controlling — where the most regulated finance work happens and where the audit-trail expectations are the highest.

Related reading:

Treasury and controlling are not the easiest places to deploy AI — they are among the most demanding. They are also the places where a correctly built deployment compounds the longest, because the audit trail you build for the first agent becomes the substrate for every subsequent one. The work is real. The leverage is durable.