Financial anomaly detection: catch costly errors early
A deterministic needs-attention feed that flags duplicate payments, outliers, missing docs and flagged counterparties — ranked for a human.
"AI bookkeeping" gets used loosely. To know whether to rely on it, you need to see what actually happens between a bank transaction landing in your account and a journal entry appearing in your books — and where, precisely, a human steps in. This is that walk-through: the real pipeline, step by step, with no magic in it.
The short version: agents do the volume work — reading documents, proposing entries, matching transactions, flagging gaps — and a person stays in command of every action that carries accountability. Here is how each stage works.
The pipeline in one lineIngest the data, read the documents, propose the entries with a confidence score, match and reconcile, auto-post what is clean and escalate what is not, close the period under approval, and log every step with evidence.
1. Data ingestion
Nothing happens until the data arrives, and it has to arrive without manual export-import cycles. There are two streams.
- Transactions. Bank and acquirer feeds connect through an API where one exists, with statement import (CSV, MT940, bank PDF) as the fallback. Transactions land continuously, not once a month.
- Documents. Invoices, acts, receipts and contracts come in by email-in (a dedicated inbox address counterparties or staff can forward to), direct upload, or a connected document store. The system treats a forwarded supplier invoice as a first-class input, not an attachment to be filed later.
2. Document intelligence
A raw document is not data yet. The next stage reads it. OCR lifts text off scans and photos; a parsing layer then interprets the structure — distinguishing an invoice from an act from a receipt, and locating the fields that matter rather than dumping a wall of text.
From each document the agent extracts the operational facts a bookkeeper would look for: the counterparty and its tax identifiers, the amount and currency, the VAT component and rate, the document and due dates, the line items, and the contract or order it refers to. Those become structured fields attached to the document, ready to be reconciled against a transaction.
3. Classification
With the facts extracted, the agent proposes how to record the event: which account it belongs to and the full journal entry, debit and credit. It uses the counterparty history, the document type, your chart of accounts and any rules you have already set.
Crucially, every proposal carries a confidence score. A recurring SaaS subscription from a known vendor with a matching invoice scores high. A first-time counterparty with an ambiguous description and no document scores low. The score is not decoration — it decides what happens next.
4. Matching and reconciliation
A classified entry is still incomplete until it is tied to evidence. The agent links each transaction to its supporting document and reconciles the two: does the bank amount match the invoice, net of fees and partial payments. In the process it does the checking a careful bookkeeper does at month-end, continuously instead:
- Duplicate detection. The same invoice forwarded twice, or a double-charged payment, is flagged rather than booked twice.
- Missing-document detection. A payment with no matching invoice, or an invoice with no payment, is surfaced as an open item so nothing sits unsupported in the ledger.
- Partial and split matches. One payment covering several invoices, or one invoice paid in instalments, is reconciled correctly instead of forced into a one-to-one match.
5. The confidence threshold
This is the mechanism that makes automation safe. You set a threshold. Items where the agent is confident and the match is clean cross it and auto-post to the ledger. Items below it do not execute — they route to a human review queue, with the document, the proposed entry and the reason for hesitation attached.
The result is that the routine 80 percent flows through without anyone touching it, while attention concentrates on the genuinely uncertain remainder. You are not reviewing everything; you are reviewing what is worth reviewing. The same threshold model is how the wider autonomous finance department keeps every agent in bounds.
6. The human in the loop
The review queue is where a person stays in control without doing data entry. For each escalated item, the reviewer can:
- Approve the proposed entry as-is, posting it to the ledger.
- Edit the account or any field when the agent's classification is close but not right.
- Create a rule from the correction, so the same counterparty or pattern is handled automatically next time — the system learns from a decision rather than repeating the question.
- Split a transaction across several accounts or cost centres when one payment covers mixed expenses.
- Ask the agent "why" — get the reasoning, the source document and the comparable history behind a proposal before deciding.
7. Period closing
Closing a period is more than posting day-to-day transactions, and it is treated accordingly. The agents prepare the closing entries that normally consume an accountant's month-end: accruals for costs incurred but not yet invoiced, depreciation schedules for fixed assets, and FX revaluation of foreign-currency balances. These are proposed with their workings, not applied silently. Closing the period is a deliberate, approved act — never something an agent does on its own.
8. The audit trail
Every step above leaves a record. Each action — an extraction, a classification, an auto-post, a human edit, an approval — is written to an immutable, append-only log: who or which agent acted, when, what changed, what confidence the proposal carried, which document was used as evidence, and who signed off. When an auditor, bank or investor asks how a number came to be, the answer is a traceable chain, not a recollection.
Where humans stay in control
Automation has hard boundaries, and they are by design rather than by configuration accident. Some actions never auto-execute, regardless of how confident an agent is:
- Tax submission. Returns are calculated and validated by the agent, but filing to the authority requires a human signature.
- Payments. No money leaves an account on an agent's decision. Outbound payments are prepared and queued; a person releases them.
- Payroll release. Salaries, leave and payroll taxes are computed and the run is prepared, but releasing it is a human act.
- Period closing. Locking a period and committing its closing entries always needs sign-off.
These boundaries are what let you defend the setup to an auditor or a board: the machine handles volume and speed; the human keeps authority over anything irreversible.
Can you trust a machine with the books?
It is the right question, and the answer is not "trust the model." Trust is engineered from four things working together: a confidence score on every proposal, so uncertainty is visible rather than hidden; evidence by default, so every figure links back to its source document; an immutable audit log, so every action is reconstructable; and hard human boundaries, so the highest-stakes actions cannot happen without a person. The machine earns the routine work by making the non-routine work easy to supervise.
Underneath all of it sits the security model — per-tenant isolation and encryption so your numbers stay yours. We cover that in zero-trust for financial data, and you can see the agents that run this pipeline on the agents page or the full picture on the product.
AI bookkeeping is not a black box that posts your books for you. It is a transparent pipeline that does the repetitive work, shows its reasoning, and stops for a human at every point that carries accountability. If that is the model you want for your finance function, talk to us.