Skip to content
W
GoBD: n/a §203 StGB-compliant

Payment Run Agent

From the AP open-item file to a released payment file: rail selection across US, UK and EU schemes runs deterministically, every payee is OFAC- and AML-cleared, and each release carries a SOX 404 four-eyes record.

Cross-jurisdictional disbursement pipeline: US ACH NACHA, Fedwire, RTP, FedNow, UK BACS, CHAPS, FPS, EU SEPA SCT Inst, ISO 20022 PAIN.001, SOX 404 four-eyes.

Analyse your process

A selection from over 5,000 projects in 25 years of software development

Airbus Volkswagen Shell Renault Evonik Vattenfall Philips KPMG

One deterministic payment pipeline that screens every payee, picks the right rail, and never lets generative AI touch a release decision.

The Agent screens every payee against the OFAC, UK and EU sanctions lists with fuzzy-match transliteration, runs BSA and EU AML monitoring rules deterministically, validates IBAN, ABA and UK sort-code formats with Confirmation of Payee where available, selects the right rail across the US, UK and EU schemes, generates ISO 20022 PAIN.001 messages, and enforces SOX 404 segregation of duties with a four-eyes release. No generative AI sits in any payment-release, sanctions-clearance or AML decision.

Outcome: Deterministic pre-release screening cuts OFAC and AML strict-liability exposure, quantifiable four-eyes evidence closes the SOX 404 disbursement material-weakness gap, and SEPA SCT Inst readiness lands ahead of the mandatory-send deadline of 9 October 2025. Payment-run preparation drops from 4-8 hours to 30-60 minutes for 500-2,000 invoices, and from 2-3 days to 4-8 hours for payment factories above 10,000 invoices. Early-payment-discount capture rises from a typical 50-65% to 88-95%.

94% Rules Engine
0% AI Agent
6% Human

Sixteen deterministic steps carry a payment from open item to reconciled confirmation:

An OFAC sanctions violation averages a USD 1.5M penalty, a SOX 404 disbursement material weakness erodes 4-7% of share price, and SEPA SCT Inst send becomes mandatory on 9 October 2025

Cross-border disbursement at a multinational does not run on one payment rail - it runs on nine in parallel. A US-listed parent with European subsidiaries and UK operations releases payments through ACH (NACHA Operating Rules) for batched US supplier payments, Fedwire (Federal Reserve Regulation J) for US high-value over the USD 1M Same-Day ACH cap, RTP (The Clearing House) and FedNow (Federal Reserve, launched July 2023) for US instant payments, BACS (Pay.UK Standard 18) for batched UK supplier payments, CHAPS (Bank of England RTGS) for UK same-day high-value, Faster Payments (Pay.UK FPS) for UK instant under GBP 1M, SEPA Credit Transfer (EPC scheme) for batched euro-denominated payments, and SEPA Instant Credit Transfer (Regulation 2024/886, mandatory receive 9 January 2025 and mandatory send 9 October 2025) for euro-denominated instant. Cross-border non-EU continues on SWIFT MT103 transitioning to ISO 20022 MX (PACS.008) by 22 November 2025 under the coordinated central-bank cutover. Layer over this the OFAC strict-liability sanctions regime, which averages a USD 1.5M penalty per violation, the BSA and EU AML monitoring rules, and the SOX 404 internal-controls regime with its PCAOB AS 2201 design and operating-effectiveness testing, and the payment run becomes a coordination problem that no single AP clerk can run consistently at weekly or daily velocity.

An OFAC violation, a SOX 404 material weakness, and the SEPA SCT Inst deadline each carry seven-figure consequences

OFAC operates under strict liability. Civil penalties under IEEPA 50 USC 1705 do not require intent - the fact of the prohibited transaction is sufficient for liability. The current per-violation average penalty is approximately USD 1.5M, with cumulative annual OFAC enforcement actions exceeding USD 1.5B in 2024 across all sanctions programs. UK enforcement under the Sanctions and Anti-Money Laundering Act 2018 (administered by OFSI) and EU enforcement under Regulation 2580/2001 plus national criminal-code implementations operate on similar principles. The exposure compounds when an enforcement action also triggers SOX 404 material-weakness disclosure - a sanctions breach that bypassed disbursement controls is, by definition, a controls failure - producing the typical 4-7% share-price erosion in the trading week following the 10-K filing. For a Russell-3000 mid-cap with USD 800M market cap, a 5% impact equals USD 40M of shareholder value destroyed by a payment-release that an automated screening engine plus four-eyes log would have prevented.

The SEPA SCT Inst mandate adds a third deadline-driven exposure. Regulation 2024/886 imposes mandatory receive of SCT Inst from 9 January 2025 and mandatory send from 9 October 2025 on every euro-area Payment Service Provider offering SCT. National competent authorities under Article 5d enforce against non-compliant PSPs with administrative penalties. Corporates that depend on non-compliant banking partners face operational disruption when partner banks lose the ability to send instant payments. The Agent’s deterministic rail selection embeds the SCT Inst default into the payment policy - euro-denominated payments under EUR 100,000 default to SCT Inst from 9 October 2025 onward, with documented fallback only where the receiving bank explicitly does not support Inst (now rare).

The international payment pipeline runs 16 deterministic steps - not 8

Domestic single-rail payment runs can be modelled in 8 steps. International multi-rail payment runs cannot. The Agent splits the pipeline into 16 steps because every payment-line decision requires checking the destination corridor (US versus UK versus EU versus cross-border non-EU), the rail selection across the nine US, UK and EU schemes, the amount-and-urgency thresholds (NACHA Same-Day USD 1M cap, Fedwire over that, RTP USD 10M cap, FedNow USD 10M cap, CHAPS over GBP 1M, SEPA SCT Inst EUR 100,000 cap), the sanctions screening against the OFAC, UK, EU and UN lists with fuzzy transliteration, the AML transaction-monitoring rules under the BSA, UK MLR 2017 and EU AML frameworks, the format validation of IBANs, ABA routing numbers and UK sort codes with Confirmation of Payee where available, the SOX 404 segregation-of-duties between initiator and releaser, the PSD2 Strong Customer Authentication challenge for online release, the WORM-archive retention class (PCAOB AS 1215 at 7 years for issuer audits, FinCEN BSA and OFAC at 5 years, UK MLR 2017 and EU AMLD 2024 at 5 years), and the IFRS 9 Para 3.3.1 versus ASC 405-20 derecognition trigger.

A concrete scenario: a SEC-listed mid-cap with USD 800M revenue, EU operations across Germany, France and the Netherlands alongside the UK, and weekly payment-run cycles with 1,200 supplier payments across USD, GBP and EUR. On a typical run, the Agent identifies 1,200 due open-items, screens them against the OFAC, UK, EU and UN sanctions lists producing 4 fuzzy-match positives for AML-officer review (3 cleared as transliteration false-positives, 1 confirmed and blocked with SAR filing), runs AML transaction monitoring producing 2 structuring-pattern alerts (both cleared), validates 1,200 payee records across IBAN, ABA and sort-code formats with 6 format errors flagged for vendor correction, selects 480 ACH, 18 Fedwire, 2 RTP, 320 BACS, 8 CHAPS, 12 FPS, 320 SEPA SCT Inst, 36 SEPA SCT, and 8 SWIFT MT103 transitioning to PACS.008, generates 9 ISO 20022 PAIN.001 batches alongside the NACHA, BACS Standard 18 and CHAPS messages, runs duplicate-payment detection finding 0 duplicates against 90-day history, verifies liquidity across 4 debtor accounts in 3 currencies, enforces segregation of duties with 2 different releasers per debtor account, captures four-eyes release with PSD2 SCA challenges, transmits via SWIFT FIN, EBICS and SFTP-with-PGP per bank contract, captures bank ACK on all submissions within 30 minutes, and reconciles next-day BAI2, CAMT.053 and MT940 confirmations - 1,196 matched, 4 returned by beneficiary banks and routed to AP for re-issuance.

In the Decision Layer, 14 of the 16 steps are rule-based (R), 0 are LLM-suggestion (A), and 1 is human (H) for four-eyes release approval. The remaining step (sanctions match disposition) routes deterministically to the AML officer for human investigation when a fuzzy-match flag triggers - the Agent never silently clears a sanctions match. Every other step - duplicate detection, format validation, rail selection, liquidity check, SCA challenge, transmission, reconciliation - is a deterministic application of accounting standard, scheme rule, or compliance regulation.

Sanctions and AML clearance is the regulatory linchpin

Big-4 audits and FinCEN and OFAC examinations focus heavily on the sanctions and AML clearance evidence chain. The Agent operates against the union of the OFAC lists (the SDN List, the Sectoral Sanctions Identifications List and the Foreign Sanctions Evaders List), the UK FCO Consolidated Sanctions List, the EU Restrictive Measures List, and the UN Security Council Consolidated List - all updated daily from the source authorities. Fuzzy-matching covers exact name match plus transliteration variants (Cyrillic-to-Latin, Arabic-to-Latin, Chinese pinyin), abbreviation variants, and corporate-structure variants (subsidiary identification through ultimate-beneficial-owner registries where available). False-positives are managed under a documented investigation procedure - the AML officer reviews the match evidence, performs Customer Due Diligence and Enhanced Due Diligence under UK MLR 2017 Reg 28-35 and BSA 31 CFR 1020.220, and clears only with documented rationale. False-negatives are the strict-liability exposure - hence the cross-list union and the daily list pull.

AML transaction monitoring runs against patterns in vendor, amount, corridor, frequency and timing. Structuring (multiple sub-threshold payments to evade BSA CTR USD 10,000 reporting), unusual-volume thresholds versus the 90-day vendor baseline, high-risk corridor flags (FATF grey-list and black-list jurisdictions plus internal corporate risk-rating), and timing-cluster patterns all trigger alerts that route to the AML officer for a SAR or SAR-equivalent decision under BSA 31 CFR 1020.320, UK MLR 2017 Reg 28 and EU AMLD 2024. The Agent’s Decision Log captures every alert with the rule that triggered it and the officer’s disposition - producing the FinCEN-inspection-ready evidence chain that compliance officers spent decades assembling manually.

Cross-rail finality and derecognition timing prevents reconciliation drift

Payment finality varies sharply by rail and matters for both operational recovery and accounting derecognition under IFRS 9 Para 3.3.1, with ASC 405-20 as the US GAAP equivalent. ACH supports returns up to 60 days for consumer R10 unauthorised-debit and up to 2 banking days for most return reasons. Fedwire is final and irrevocable on confirmation. RTP and FedNow are final and irrevocable on confirmation per The Clearing House and Federal Reserve scheme rules. SEPA SCT supports R-transactions for up to 5 business days. SEPA SCT Inst is final and irrevocable on confirmation. CHAPS is final on confirmation. BACS supports recall under limited conditions for up to 2 working days. The Agent records expected-finality at release time and posts derecognition only on confirmed payment under IFRS 9 (and ASC 405-20 in US GAAP) - never on file initiation. Returns within the same accounting period reverse cleanly. Returns crossing period-end flag for IAS 8 or ASC 250 evaluation by the Journal Entry Agent for prior-period error-correction analysis.

Integration ecosystem: SAP S/4HANA F110, Oracle Fusion Payments, Workday Settle Payment, plus payment-factory platforms

The Agent integrates natively with the major international ERPs: SAP S/4HANA brings the F110 Automatic Payment Run together with Bank Communication Management and Multi-Bank Connectivity (MBC); Oracle Fusion Cloud Financials combines Payments, Cash Management and iPayment for ISO 20022 message generation; Workday Financial Management pairs the Settle Payment business process with Bank Account integration and secondary-ledger postings; Microsoft Dynamics 365 Finance uses the Vendor payment journal with Electronic reporting (ER) for ISO 20022 PAIN.001; Oracle NetSuite runs SuitePayments across the Vendor Bills and Bill Payment workflows; and Sage Intacct AP Payment Services covers US ACH and check with multi-entity disbursement. For payment-factory architecture, Kyriba treasury management combines a bank-connectivity hub with sanctions screening and a payment workflow; FIS Quantum, GTreasury and ION Treasury cover corporate treasury; and Bottomline PTX (Payments Transaction Exchange) adds integrated Cyber-Crime detection. Bank connectivity per relevant rails runs through SWIFT FIN with the MX migration via SWIFT direct connectivity or a Service Bureau (Bottomline, Broadridge, AccessPay), Federal Reserve FedLine for Fedwire and FedNow, a NACHA-certified ODFI for ACH, a BACS-approved Service User for the UK, EBICS with T-version and H006 keys for German and EU corporate banking, or a bank-direct API (US Open Banking through FDX, EU and UK Open Banking through PSD2 XS2A). Audit-evidence integration covers Deloitte ASM, PwC Halo, EY Helix and KPMG Clara via standardised payment-run export formats with PCAOB AS 1215-compliant metadata. WORM-archive integration covers Amazon S3 Object Lock, Azure Blob Immutable Storage and Google Cloud Storage Bucket Lock with retention-class tagging per PCAOB AS 1215 (7 years for issuer audits), SEC Rule 17a-4 (6 years for broker-dealers), FinCEN BSA and OFAC (5 years), and UK MLR 2017 and EU AMLD 2024 (5 years) - all generated as deterministic templates with audit-trail metadata for SOX 404 evidence packs and PCAOB substantive testing.

Micro-Decision Table

Who decides in this agent?

16 decision steps, split by decider

94%(15/16)
Rules Engine
deterministic
0%(0/16)
AI Agent
model-based with confidence
6%(1/16)
Human
explicitly assigned
Human
Rules Engine
AI Agent
Each row is a decision. Expand to see the decision record and whether it can be challenged.
Identify due open-item population Which open AP items reach payment due-date within the configured payment-run window (typically next 5-10 business days)? Rules Engine Vendor

Selection by due-date and payment-block status from AP sub-ledger; SOX 404 ICFR cut-off control requires deterministic selection criteria, no manual ad-hoc additions outside the approved payment policy

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Challengeable by: Vendor

Apply OFAC sanctions screening on every payee Does the payee match an entry on the OFAC SDN List, Sectoral Sanctions Identifications List, UK FCO Consolidated Sanctions List, or EU Restrictive Measures List? Rules Engine Auditor

OFAC strict-liability under IEEPA 50 USC 1705 (civil penalty averaging USD 1.5M per violation, with cumulative 2024 enforcement above USD 100M), alongside the parallel UK and EU sanctions regimes. Deterministic match against the current lists with fuzzy-matching for transliteration variants; any positive match blocks the payment line and routes it to the AML officer

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Challengeable by: Auditor

Apply AML transaction-monitoring rules Does the payment trigger a structuring pattern, unusual-volume threshold or high-risk corridor flag under the BSA and the equivalent UK and EU AML rules? Rules Engine Auditor

BSA thresholds apply (a CTR for cash over USD 10,000 under 31 CFR 1010.311, a SAR for transactions of USD 5,000 or more suspected of illegal activity under 31 CFR 1020.320), with UK MLR 2017 Reg 28 ongoing monitoring on top. A deterministic rule-set scores vendor, amount, corridor and frequency; positive flags route to the AML officer for a SAR or SAR-equivalent decision

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Challengeable by: Auditor

Verify payee bank account validity Are the payee bank details valid format (US ABA routing 9-digit + check digit, UK 6-digit sort code + 8-digit account, IBAN with country-specific length and ISO 7064 mod-97 check) and active? Rules Engine Vendor

Deterministic format validation per ISO 13616 (IBAN), Federal Reserve E-Payments Routing Directory (ABA routing numbers), UK ISCD (Industry Sorting Code Directory); Confirmation of Payee (CoP) lookup for UK Faster Payments where supported; reduces returned-debit fraud (BEC business email compromise USD 50B FBI IC3 cumulative loss 2013-2023)

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Challengeable by: Vendor

Select payment rail by amount, urgency and corridor ACH (NACHA Same-Day or Standard 2-day), Fedwire, RTP, FedNow (US); BACS, CHAPS, Faster Payments (UK); SEPA SCT, SEPA SCT Inst (EU); SWIFT MT103 cross-border? Rules Engine Auditor

Rule-based logic on corridor and amount: USD high-value above the USD 1M Same-Day ACH limit routes to Fedwire (T+0); urgent UK payments above GBP 1M typically go on CHAPS (BoE settlement, T+0); EU domestic and cross-border payments under EUR 100,000 default to SEPA SCT Inst from the 9 January 2025 mandatory-receive date under Regulation 2024/886; cross-border non-EU stays on SWIFT MT103, transitioning to ISO 20022 by November 2025 under the coordinated ECB and Federal Reserve migration

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Challengeable by: Auditor

Optimise early-payment-discount capture Is early payment within the discount window financially worthwhile against opportunity cost (current short-term rate or revolving credit cost)? Rules Engine

Deterministic NPV calculation: discount-rate annualised (e.g., 2/10 net 30 = approx. 36.5% APR) versus marginal cost of cash; for cash-rich entities discount capture is automatic; for cash-constrained entities cash forecast feed determines the cut-off; SOX 404 documented policy required for the threshold

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Group payments into batches per format + bank Which open items are bundled into one ISO 20022 PAIN.001 message per debtor account, scheme and value-date? Rules Engine

ISO 20022 message structure builds one PaymentInformation block per scheme, debtor account and value-date; SEPA SCT Inst is limited to a single payment per message under EPC scheme rules; ACH is batched per ODFI relationship; grouping is deterministic against the bank, scheme, currency and value-date constraints

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Generate ISO 20022 PAIN.001 or scheme-specific file Is the output file format-compliant with the receiving bank's expected version (PAIN.001.001.09, NACHA file format ACH 1.4, BACS Standard 18, CHAPS SWIFT MT103)? Rules Engine

Deterministic format generation per the ISO 20022 schema, the NACHA Operating Rules file specifications, the BACS Standard 18 record format and the CHAPS SWIFT MT103 format, with the MT messages transitioning to MX by the November 2025 SWIFT global migration deadline under the coordinated ECB and Federal Reserve cutover; format validation before release prevents bank rejection

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Run duplicate-payment detection Has any line item already been paid in a prior payment run, or does the same vendor, invoice number and amount appear elsewhere in the current run? Rules Engine

Deterministic match against payment history on vendor ID, invoice number, amount and date, with a cross-check against the current run for duplicates on the same vendor and amount; this SOX 404 detective control matters because duplicate payments are a recurring Big-4 audit finding and the post-payment recovery rate is only 60-75% per IOFM benchmarks

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Verify liquidity coverage per debtor account Does each debtor account have sufficient available balance plus committed credit-line headroom to cover the assigned batch? Rules Engine

Deterministic balance check via Open Banking PSD2 XS2A in the EU and UK, FDX or a direct bank API in the US, or an end-of-day BAI2 or CAMT.053 statement feed; this SOX 404 control prevents non-sufficient-funds (NSF) returns and overdraft penalty fees, and a flagged shortfall splits or defers the payment run per the priority policy

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Verify SOX 404 segregation-of-duties on initiator vs releaser Is the payment-run initiator excluded from the release-approver pool, and does the releaser have signing authority for this account and amount under the approval matrix? Rules Engine

This is a SOX 404 ICFR key control on disbursements, tested for both design and operating effectiveness under PCAOB AS 2201; the Agent enforces a deterministic role-based access matrix in the ERP (SAP S/4HANA roles with the F110 and FBZP authority objects, Oracle Fusion job roles, Workday security groups), because a segregation-of-duties violation on payment release is a frequently-cited material weakness

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Apply Strong Customer Authentication for online release Does the releaser pass the SCA two-factor challenge (knowledge + possession or possession + inherence) per PSD2 RTS where applicable? Rules Engine

The challenge follows EU PSD2 Regulation 2018/389 RTS Article 4 on SCA elements, implemented in the UK through the PSR 2017; a corporate exemption is available under Article 17 for corporate payments via dedicated payment systems, but most issuing banks still require SCA at release, so the challenge is applied deterministically per bank, scheme and amount threshold

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Capture four-eyes release with timestamped sign-off Has a second authorised releaser approved the payment file with documented review scope (vendor list reviewed, total amount confirmed, sanctions and AML clearance verified)? Human Auditor

This rests on the SOX 404 ICFR principle within the COSO 2013 framework, with auditor reperformance under PCAOB AS 2201; the releaser must document the scope of review rather than just the dollar amount, capturing explicit verification that sanctions screening and AML monitoring were performed and cleared; the Big-4 audit tools (Helix, ASM, Halo, Clara) extract release-event data for substantive testing

Decision Record

Decider ID and role
Decision rationale
Timestamp and context

Challengeable: Yes - via manager, works council, or formal objection process.

Challengeable by: Auditor

Transmit file to bank with channel encryption and acknowledgement Is the file transmitted via secure channel (SWIFT FIN, EBICS, SFTP with PGP, or bank-direct API) with delivery acknowledgement captured? Rules Engine

Channel selection is deterministic per the bank and scheme contract; SWIFT FIN messages are hashed and signed under the SWIFT Customer Security Programme (CSP) Customer Security Controls Framework v2026; EBICS uses T-version and H006 keys for German and EU corporate banking; legacy bank channels use SFTP with PGP; the bank ACK or NAK is captured into an immutable audit log

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Reconcile bank confirmation against initiated file Did all initiated payments confirm in the next-day or intra-day bank statement (BAI2, MT940, CAMT.053) at the expected amount + value-date? Rules Engine Auditor

Deterministic match between the PAIN.001 EndToEndIdentification and the bank-side TransactionReference in the CAMT.053, MT940 or BAI2 entry; mismatches flag for treasury investigation, whether rejected at scheme level, returned by the beneficiary bank or repaired manually at the correspondent; derecognition under IFRS 9 Para 3.3.1, mirrored by ASC 405-20 in US GAAP, happens only on actual extinguishment and not on file initiation

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Challengeable by: Auditor

Generate audit-ready disbursement evidence packet Bundle the payment file, sanctions and AML screening evidence, four-eyes release log, bank confirmation and reconciliation match into one immutable evidence object? Rules Engine

Retention spans several regimes: PCAOB AS 1215 (Audit Documentation) requires 7 years for issuer audits, SEC Rule 17a-4 requires 6 years for broker-dealers, FinCEN BSA Reg 31 CFR 1010.430 requires 5 years for AML records, OFAC Reg 31 CFR 501.601 requires 5 years for sanctions records, and UK MLR 2017 Reg 40 requires 5 years; the packet is WORM-archived for SOX inspection and regulator subpoena

Decision Record

Rule ID and version number
Input data that triggered the rule
Calculation result and applied formula

Challengeable: Yes - rule application verifiable. Objection possible for incorrect data or wrong rule version.

Decision Record and Right to Challenge

Every decision this agent makes or prepares is documented in a complete decision record. Affected parties (employees, suppliers, auditors) can review, understand, and challenge every individual decision.

Which rule in which version was applied?
What data was the decision based on?
Who (human, rules engine, or AI) decided - and why?
How can the affected person file an objection?
How the Decision Layer enforces this architecturally →

Does this agent fit your process?

We analyse your specific finance process and show how this agent fits into your system landscape. 30 minutes, no preparation needed.

Analyse your process

Governance Notes

GoBD: n/a §203 StGB-compliant

Of the 16 steps, 14 are deterministic, none use an LLM suggestion, and one is a human four-eyes release approval. The process is not high-risk under the EU AI Act: the Annex III enumeration covers credit-scoring (Item 5(b)), not payment release. Under SOX 404 every payment release is in scope as part of the disbursement controls cycle, and the Agent's Decision Log provides PCAOB AS 2201-testable evidence on the design and operating effectiveness of both the preventive controls (segregation of duties, sanctions screening, AML monitoring, format validation, liquidity check, four-eyes release) and the detective controls (duplicate-payment detection, bank-confirmation reconciliation). No LLM stage touches a release decision; sanctions clearance, AML monitoring, rail selection, format generation and release approval are all deterministic or human.

Retention spans several regimes. PCAOB AS 1215 mandates 7 years for issuer audits, FinCEN BSA and OFAC each require 5 years for AML and sanctions records, and UK MLR 2017 and EU AMLD 2024 require 5 years. The Agent applies the most stringent rule globally (7 years for issuer audits, escalating to 10 years where an entity carries an EU VAT registration) and tags each entry with its retention class. Personal data in payment narratives (payee names, bank details, vendor identifiers) is processed under the legal-obligation basis of UK and EU GDPR Art. 6(1)(c) and applicable US sectoral rules. OFAC false-positives follow a documented investigation procedure: the Agent flags but never unilaterally clears, and every AML-officer override is documented individually for FinCEN inspection.

Process Documentation Contribution

For each payment-run cycle the Agent records the cycle ID, value-date, currency and scheme; the full open-item population with its selection criteria and payment-block exclusions; the sanctions screening evidence per payee, including the list versions, match scores and investigation outcomes; the AML monitoring rule outputs with any threshold breaches and the AML-officer disposition; the payee bank-detail validation results (IBAN and ABA check digits, sort-code lookup, Confirmation of Payee where available); the rail-selection logic with the amount, urgency and corridor that drove it; the ISO 20022 PAIN.001 file content with its schema-validation result; the duplicate-payment detection results; the liquidity coverage check per debtor account; the segregation-of-duties verification with a matrix snapshot; the PSD2 SCA challenge result where applicable; the four-eyes release log with timestamp, reviewer, scope of review and a reconfirmation of sanctions and AML clearance; the transmission channel with SWIFT FIN signing or EBICS authentication and the bank acknowledgement; and the bank-statement reconciliation match. The resulting audit trail supports PCAOB AS 1215 and AS 2201 substantive testing, FinCEN BSA inspection, OFAC compliance reviews, FCA and HMRC AML supervision, ECB and national-authority PSD2 inspection, and data extraction by the Big-4 proprietary tools (Deloitte ASM, PwC Halo, EY Helix, KPMG Clara).

Assessment

Agent Readiness 84-91%
Governance Complexity 34-41%
Economic Impact 78-85%
Lighthouse Effect 28-35%
Implementation Complexity 38-45%
Transaction Volume Weekly

Prerequisites

  • ERP with AP open-item management and ISO 20022 PAIN.001 generation: SAP S/4HANA with F110 and Bank Communication Management, Oracle Fusion Cloud Payments, Workday Settle Payment, Microsoft Dynamics 365 Finance with ER, NetSuite SuitePayments, or Sage Intacct
  • Treasury platform or payment factory with multi-bank connectivity: Kyriba, FIS Quantum, GTreasury, ION Treasury, or Bottomline PTX with bank connectivity across ISO 20022, SWIFT FIN and EBICS
  • Sanctions and AML screening engine with daily list updates from OFAC, UK FCO, EU Restrictive Measures, UN Security Council Consolidated List: Bottomline Cyber-Crime, Refinitiv World-Check, Dow Jones Risk Centre, LexisNexis Bridger, or in-house with daily list pull
  • Bank connectivity per relevant rails: SWIFT FIN with the MX migration (corporate or via service bureau), Federal Reserve FedLine for Fedwire and FedNow, NACHA-certified ODFI for ACH, BACS-approved Service User for UK, EBICS for EU corporate banking, or bank direct API
  • A WORM-compliant archive that satisfies the longest applicable retention rule (7 years for PCAOB AS 1215 issuer audits, 5 years for FinCEN BSA, OFAC and EU AML records): Amazon S3 Object Lock, Azure Blob Immutable Storage or Google Cloud Storage Bucket Lock
  • A SOX 404 disbursement controls matrix with documented design and operating-effectiveness testing, audit-committee-approved approval thresholds, and a PCAOB AS 2201 testing protocol

Infrastructure Contribution

The Payment Run Agent is the disbursement-release node of the AP-to-pay pipeline. It feeds the Bank Reconciliation Agent with the full PAIN.001-to-bank-confirmation chain, the Cash Forecasting Agent with the confirmed disbursement schedule and value-dates, the Treasury Reporting Agent with multi-currency disbursement totals, and the SOX-Compliance Agent with PCAOB AS 2201-testable controls evidence. It consumes the approved open-item file from the Invoice Approval Agent, validated bank details and sanctions-screening status from the Vendor Master Data Agent, available liquidity per debtor account from the Cash Forecasting Agent, the current sanctions lists from the Sanctions Screening Engine, and monitoring rules from the AML Monitoring Engine. It also feeds the Journal Entry Agent the derecognition postings under IFRS 9 Para 3.3.1 (and ASC 405-20 in US GAAP) on confirmed payment, together with FX revaluation entries on cross-currency disbursements.

What this assessment contains: 9 slides for your leadership team

Personalised with your numbers. Generated in 2 minutes directly in your browser. No upload, no login.

  1. 1

    Title slide - Process name, decision points, automation potential

  2. 2

    Executive summary - FTE freed, cost per transaction before/after, break-even date, cost of waiting

  3. 3

    Current state - Transaction volume, error costs, growth scenario with FTE comparison

  4. 4

    Solution architecture - Human - rules engine - AI agent with specific decision points

  5. 5

    Governance - EU AI Act, GoBD/statutory, audit trail - with traffic light status

  6. 6

    Risk analysis - 5 risks with likelihood, impact and mitigation

  7. 7

    Roadmap - 3-phase plan with concrete calendar dates and Go/No-Go

  8. 8

    Business case - 3-scenario comparison (do nothing/hire/automate) plus 3×3 sensitivity matrix

  9. 9

    Discussion proposal - Concrete next steps with timeline and responsibilities

Includes: 3-scenario comparison

Do nothing vs. new hire vs. automation - with your salary level, your error rate and your growth plan. The one slide your CFO wants to see first.

Show calculation methodology

Hourly rate: Annual salary (your input) × 1.3 employer burden ÷ 1,720 annual work hours

Savings: Transactions × 12 × automation rate × minutes/transaction × hourly rate × economic factor

Quality ROI: Error reduction × transactions × 12 × EUR 260/error (APQC Open Standards Benchmarking)

FTE: Saved hours ÷ 1,720 annual work hours

Break-Even: Benchmark investment ÷ monthly combined savings (efficiency + quality)

New hire: Annual salary × 1.3 + EUR 12,000 recruiting per FTE

All data stays in your browser. Nothing is transmitted to any server.

Payment Run Agent

Initial assessment for your leadership team

A thorough initial assessment in 2 minutes - with your numbers, your risk profile and industry benchmarks. No vendor logo, no sales pitch.

All data stays in your browser. Nothing is transmitted.

Related Agents

Account Coding Agent

GL account, cost centre, tax code - automatically coded, with confidence score.

D K
Readiness: 82-89%
Economic: 76-83%
Governance: 26-33%
Micro-Decisions: 10
Daily

Credit Note / Reversal Agent

Correctly distinguish credit notes and reversals for tax purposes, assign, post the offsetting entry.

D W
Readiness: 84-91%
Economic: 68-75%
Governance: 26-33%
Micro-Decisions: 8
Weekly

Invoice Approval Agent

Route invoices per approval matrix, check budgets, automate escalations.

W
Readiness: 78-85%
Economic: 71-78%
Governance: 28-35%
Micro-Decisions: 8
Daily

Frequently Asked Questions

ACH versus Fedwire versus RTP versus FedNow - how does the Agent select among the four US payment rails?

The four rails serve different combinations of amount, urgency, finality, and operating hours. ACH (Automated Clearing House under NACHA Operating Rules) is the workhorse for batched recurring payments at low cost - Standard ACH settles in 1-2 business days, Same-Day ACH settles in same-day windows but caps at USD 1M per transaction. Fedwire (Federal Reserve Wire Funds Service under Regulation J) is the high-value real-time gross-settlement system - same-day finality with no upper limit, used for treasury transfers, real estate closings, payroll wires, and high-value supplier payments above the Same-Day ACH threshold; pricing is per-transaction (typically USD 5-25 corporate cost) versus ACH which is sub-dollar per transaction. RTP (Real-Time Payments under The Clearing House) and FedNow (Federal Reserve instant payments service launched July 2023) are the two real-time rails for consumer and corporate use - 24/7/365 instant settlement with finality at confirmation, currently capped at USD 10M per transaction for FedNow and USD 10M for RTP; both use ISO 20022 messaging natively. The Agent applies a deterministic rule-set: amounts under USD 1M default to Same-Day ACH where T+0 is acceptable; amounts over USD 1M default to Fedwire; urgent payments outside ACH operating hours route to FedNow or RTP based on bank participation; recurring batched payments default to Standard ACH. The selection is logged with the rule that triggered it for SOX 404 evidence.

SEPA SCT Inst became mandatory in 2025 - what does this mean for EU payment runs?

EU Regulation 2024/886, the SEPA Instant Credit Transfer Regulation, imposes a phased mandate on Payment Service Providers (PSPs) operating in the euro area. From 9 January 2025, all euro-area PSPs offering SEPA Credit Transfer (SCT) must also offer SEPA Instant Credit Transfer (SCT Inst) for receiving payments. From 9 October 2025, the same PSPs must also offer SCT Inst for sending payments. SCT Inst settles in under 10 seconds, 24/7/365, with finality at confirmation and a per-transaction limit raised from EUR 100,000 to EUR 100,000 still as the EPC scheme limit (some PSPs offer higher under bilateral agreements). Pricing must be no higher than equivalent SCT (Regulation 2024/886 Article 5b) - this prevents PSPs from charging premium for instant. Compliance enforcement is by national competent authorities under Article 5d. The Agent supports SCT Inst as the default for euro-denominated payments under EUR 100,000 from 9 October 2025 onward, falling back to SCT only where the receiving bank does not yet support Inst (rare since 9 January 2025) or where the corporate prefers batched processing for a specific corridor. Multinationals with EU operations have effectively been forced to upgrade their payment factories during 2024-2025 to comply, and the Agent's deterministic rail selection embeds the regulation directly into the payment policy.

ISO 20022 PAIN.001 migration completes November 2025 - what does the SWIFT MT cutover require?

SWIFT and the major central banks (Federal Reserve, ECB, Bank of England) coordinated the global migration from SWIFT MT messaging to ISO 20022 MX messaging on a multi-year timeline ending 22 November 2025. After this date, SWIFT MT messages for cross-border payments (MT103 single customer credit transfer, MT202 financial institution transfer) are decommissioned in favour of ISO 20022 MX equivalents (PACS.008 customer credit transfer, PACS.009 financial institution credit transfer). ISO 20022 carries dramatically richer remittance data than the truncated MT103 free-text fields (formerly limited to 4 lines of 35 characters) - structured payee and payer addresses, structured remittance information (invoice references, tax categorisations), regulatory reporting fields, ultimate-debtor and ultimate-creditor identification. The Agent generates ISO 20022 PAIN.001 messages natively for customer-to-bank instruction (this is the corporate-side message); the bank converts to PACS.008 / PACS.009 for the interbank leg. Corporates that had not migrated their payment files by mid-2025 faced bank rejections from November 2025 onward. The Agent maintains backward compatibility for any specific banks still accepting MT103 in transition jurisdictions, but defaults to ISO 20022 PAIN.001.001.09 or later as the standard.

How does OFAC sanctions screening work and what is the strict-liability exposure?

OFAC (Office of Foreign Assets Control, US Treasury Department) administers and enforces US economic and trade sanctions under multiple statutory authorities (IEEPA 50 USC 1701, TWEA 50 USC 4301, Cuban Liberty Act, Iran Sanctions Act, etc.). The principal sanctions list is the SDN List (Specially Designated Nationals and Blocked Persons), supplemented by the Sectoral Sanctions Identifications List, the Foreign Sanctions Evaders List, the Non-SDN Iran Sanctions Act List, and others. OFAC operates strict-liability civil penalties under IEEPA 50 USC 1705 - intent is not required for liability, only the fact of the prohibited transaction. Civil penalties currently average approximately USD 1.5M per violation, with cumulative annual enforcement actions exceeding USD 100M in recent years (2024 enforcement totalled USD 1.5B+ across all OFAC programs). UK enforcement under the Sanctions and Anti-Money Laundering Act 2018 (administered by OFSI - Office of Financial Sanctions Implementation) and EU enforcement under Regulation 2580/2001 with national criminal-code implementations operate similarly. The Agent screens every payee at three points: vendor master-data onboarding (rejected if matched), payment-run selection (re-screened for any list updates since onboarding), and pre-release (final fuzzy-match including transliteration variants e.g., Cyrillic-to-Latin or Arabic-to-Latin transliterations that can produce score variations). Positive matches block the payment line and route to AML officer with full match evidence; the AML officer can clear false-positives only with documented investigation, never silently. False-negatives (missed matches) are the strict-liability exposure - hence the daily list updates and the cross-list union approach across the OFAC, UK FCO, EU and UN Security Council Consolidated lists.

What does SOX 404 require for disbursement controls - and why is this a PCAOB inspection focus?

SOX Section 404(a) requires management assertion on internal controls over financial reporting (ICFR), and 404(b) requires the external auditor to attest. The disbursement process is in scope as a significant process under PCAOB AS 2201 because (a) it directly affects cash and AP balances on the balance sheet, (b) it carries fraud risk through the payment-release authority, and (c) it interfaces with sanctions and AML compliance frameworks that, if breached, can produce material disclosable events. PCAOB inspection findings consistently cite disbursement-controls weaknesses among the more frequent SOX 404 deficiencies - particularly weakness in evidencing four-eyes release (a digital sign-off without documented review scope counts as an operating-effectiveness gap), weakness in segregation of duties between AP-clerk-as-initiator and treasury-as-releaser, and weakness in periodic recertification of approval matrix entries. The Agent's Decision Log captures the initiator, the releaser, the scope of review, the timestamp, the sanctions and AML clearance, the bank confirmation and the reconciliation match in a single immutable evidence packet, eliminating the entire pattern of inspection findings at source. Material-weakness disclosure on disbursement controls typically erodes 4-7% of share price in the trading week following the 10-K filing - for a Russell-3000 mid-cap with USD 800M market cap, a 5% impact equals USD 40M of shareholder value at risk.

How does the Agent handle returns, recalls, and reversal of payments after release?

Payment finality varies sharply by rail and matters for both accounting derecognition and operational recovery. ACH supports return codes (R01-R85 under NACHA Operating Rules) for up to 60 days for consumer accounts (R10 unauthorised debit) and up to 2 banking days for most return reasons; the originating company can also request reversal under limited conditions (duplicate, wrong amount, wrong date) within 5 banking days under NACHA Rule Article Two. Fedwire is final and irrevocable on confirmation - the only remedy is the Federal Reserve E-payments Return Process which requires receiving-bank cooperation and is discretionary. RTP and FedNow are final and irrevocable on confirmation per The Clearing House and Federal Reserve scheme rules - the only remedy is request-for-return-of-funds initiated by the sending bank, which the receiving bank may decline. SEPA SCT supports return through R-transactions for up to 5 business days (recall-of-payment) but only with sending-bank approval. SEPA SCT Inst is final and irrevocable on confirmation - same as RTP and FedNow. The Agent records expected-finality at release time and routes return-attempts to the appropriate process; under IFRS 9 Para 3.3.1 (and ASC 405-20 in US GAAP) the Agent posts derecognition only on confirmed payment, not on file initiation, so returns within the same accounting period reverse cleanly without restatement. For returns crossing period-end, the Agent flags for IAS 8 or ASC 250 evaluation by the Journal Entry Agent.

What Happens Next?

1

30 minutes

Initial call

We analyse your process and identify the optimal starting point.

2

1 week

Discover

Mapping your decision logic. Rule sets documented, Decision Layer designed.

3

3-4 weeks

Build

Production agent in your infrastructure. Governance, audit trail, cert-ready from day 1.

4

12-18 months

Self-sufficient

Full access to source code, prompts and rule versions. No vendor lock-in.

Implement This Agent?

We assess your finance process landscape and show how this agent fits your infrastructure.