For CFOs & Finance Teams
AI agents can make commitments your organisation didn't authorise. Agent OS is the spending control for AI.
You already control financial commitments: spending limits, dual-authorisation on wire transfers, procurement thresholds, SOX controls on journal entries. AI agents are now making commitments your existing controls don't reach. Policy Gateway closes that gap.
Risk/cost model · Policy Gateway vs. one incident
Uncontrolled AI incident cost (typical)
£250k–2M
AI velocity preserved (low-risk flow)
~95%
Policy evaluation latency overhead
<50ms
Same model as controls you already fund
Corporate card limits · Wire transfer dual-auth · Procurement thresholds · SOX journal entry controls
Financial control model
Proportional control. Not blanket overhead.
Spending limit logic applied to AI
Low-risk actions flow automatically — same as a small purchase within card limit. High-risk actions require named authorisation — same as a commitment above procurement threshold. Your limits, your rules.
95% of actions: zero overhead
Routine AI tasks — drafting, research, summarising, scheduling — pass the gateway and execute in under 50ms with no human involvement. You pay zero friction cost on the vast majority of agent activity.
Material actions: named sign-off
Vendor commitments, external communications, financial data actions, production changes — whatever you define as material requires a named person to approve. Same governance model as counter-signing a contract.
General ledger equivalent for AI
Every AI action produces a record as durable as a general ledger entry. Approved, blocked, or auto-approved — who, what, when, outcome. Internal audit can query it the same way they'd query a transaction log.
Insurance documentation
Cyber insurers are increasingly requiring documented AI governance controls as a condition of coverage. Policy Gateway produces that documentation. The audit trail answers the underwriter's question directly.
Board-level AI exposure answer
When the board asks "what is our AI exposure?" — you have a quantified answer: N actions last quarter, X% auto-approved, Y% human-reviewed, Z% blocked. Structured data, not a policy statement.
CFO questions
What CFOs ask us.
01
"What is our exposure if an AI agent makes an unauthorised commitment?" — Depends on your industry and agent scope, but regulatory fines, remediation costs, and reputational damage from a single incident typically run £250k–2M. One incident pays for years of control.
02
"Does this affect our cyber insurance premium?" — Insurers are beginning to require documented AI governance controls as a condition of coverage. Policy Gateway is that documentation. We can provide the specific evidence format your underwriter needs.
03
"Can I quantify the risk reduction?" — Yes. Track action volume, risk classification distribution, and block rate over time. The audit trail gives you the numerator and denominator for your AI risk exposure calculation every quarter.
04
"Does this slow down the 95% of routine AI tasks?" — No. Low-risk actions are evaluated and auto-approved in under 50ms. No human involvement, no queue, no friction. The overhead is proportional to actual risk — not applied uniformly.
05
"Who defines the materiality threshold?" — Your finance and risk function. You set the boundary — any AI action touching a vendor commitment above £X requires human sign-off. Same logic as your procurement approval matrix, same governance ownership.
06
"What does internal audit see?" — A queryable structured log of every AI agent action: intent, risk classification, approval identity and timestamp, outcome. The same information density as a transaction log — organised the same way.
Financial case review
Build the business case with us.
A structured conversation to quantify your AI exposure, map Policy Gateway to your existing control framework, and build the financial justification for your board.
No pricing conversation. A risk/cost analysis of your specific AI deployment.