Corporate treasury is becoming a real-time control system powered by AI— a nervous system for the enterprise that senses, predicts, decides, executes, and audits at any scale, from a single transaction to the global financial system. The technology is arriving fast., while the governance is still under construction. Here's what happens next — and who's accountable when the agents act.

I. The Transaction

It is 6:47 a.m. in London, and the treasury of a mid-cap industrial manufacturer has already made 11 decisions.

Overnight, an agentic workflow detected that a key supplier shifted its invoicing currency — a small change buried in a payment file that, left unaddressed, would have created a $2.3 million foreign exchange (FX) mismatch over the quarter. The system reclassified the exposure, proposed a 90-day rolling hedge, priced it against three counterparty quotes sourced through an Application Programming Interface (API), and queued the trade for human approval. By the time the London treasurer opens their laptop, the exception is waiting: a two-sentence summary, a confidence interval, an audit trail, and a single button labeled Approve / Override / Escalate.

They approve. Elapsed decision time: nine seconds.

But then a second banner slides across her screen: "Invoice anomaly: synthetically generated document pattern. Hold payment? Requires approval." The system has already assembled the evidence — the invoice, the purchase order, a matched receipt, prior counterparty behavior, and an explanation panel showing why the model flagged this as unusual. They can see every step the agent took, every data source touched, every rule consulted, every confidence threshold crossed. That audit trail is the only reason anyone is comfortable pausing a seven-figure payment.

Three floors up in the same office, the Chief Financial Officer (CFO) is staring at a different screen. A digital twin of the company's entire balance sheet — a real-time simulation fed by banking APIs, Enterprise Resource Planning (ERP) ledgers, and market data — is flashing amber. The twin has run 4,000 Monte Carlo scenarios, a mathematical technique used to model the probability of different outcomes in complex systems, overnight, and in 12% of them the company breaches a debt covenant within 60 days. The AI recommends drawing down a revolving credit facility. The CFO pauses. The model's working-capital assumptions look stale. They flag the scenario for the weekly risk committee.

The treasurer's nine-second approval was possible because the hedge fell within pre-authorized policy bands. The CFO's hesitation was warranted because the twin's recommendation sat outside them. The line between the two — between what the machine can do alone and what it must not — is the defining design problem of the next decade in corporate finance.

Beneath both decisions is the same architecture. Think of treasury not as a team in a room but as a cyber-physical system for money. APIs are the sensors: they ingest balances, transactions, and market signals continuously. Payment rails and FX engines are the actuators: they route, schedule, net, and execute. And the audit log is neither an afterthought nor a compliance checkbox — it is the product. Every action ships with a reasoning trace: sources, rules, confidence, and a replay button for audit or regulators.

The nine-second approval was not the product of intelligence alone. It was the product of a control loop — sense, predict, decide, execute, audit — operating at transaction speed. The question is what happens when that loop operates at every scale of the enterprise — and beyond it.

II. The Function

Zoom out from a single transaction to the treasury department itself. What changes when every decision runs through a control loop?

The transformation arrives in three interlocking waves — not sequential phases but accumulating capabilities, each dependent on the one before.

The first wave is visibility. Treasury's oldest problem is not decision quality — it's input latency. Cash positions arrive late, sliced across portals and files, reconciled by hand. Forecasts compensate for uncertainty by being conservative. Liquidity is protected by holding more cash than necessary. The fix is brutally unglamorous: APIs replace portal downloads, bank balances and ledger entries flow into a single normalized model, and visibility stops being episodic and becomes continuous. Real-time reporting and dashboards now rank as the top technology priority for treasurers over the next 12 to 24 months.1 But achieving a real-time consolidated cash position for a multinational with 200 bank accounts in 40 countries is an engineering problem on par with building a logistics-tracking system. Visibility sounds like table stakes. It is not.

The second wave is prediction. Once you can see cash, the forecast becomes a living thing — not a monthly number but a cone of possibilities that narrows as execution data arrives. Models update as transactions clear, receivables slip, or payment timing shifts. Companies that have adopted AI-enabled forecasting report 20–30% improvements in forecast accuracy; for a company managing billions, the difference between a 15% and a 5% forecasting error is hundreds of millions in suboptimal working capital.2 But here is the hidden dependency: forecast accuracy and trust collapse unless anomalies are addressed first. Bad data poisons prediction. That is why reconciliation, validation, and anomaly detection are being repositioned as preventive controls, not clean-up functions. The winning interfaces of this wave are explain panels, not charts.

One bank built an AI tool that analyzes historical transaction data and risk factors to forecast settlement failures before they happen.3 Rather than reacting after a trade fails to settle, the bank contacts clients and implements corrective measures proactively — shifting from reactive failure management to predictive failure prevention.

The third wave is autonomy. Not creativity — but policy-bounded execution. Think of a fly-by-wire aircraft: the pilot sets the course and the boundaries, and the system handles the continuous adjustments within them. Agents approve low-risk expenses and escalate edge cases. Orchestration layers route payments across providers and rails. Reconciliation engines auto-match and prepare journals. The progression is explicit: from insight to signal to recommendation to execution — but only where permissions, thresholds, and auditability are designed upfront. Autonomy is earned, not declared.

At the function level, the promise is that exception-only workflows become the dominant operating model — humans review what models disagree on, not what models have already resolved. The treasurer becomes an analyst and strategist, not a bookkeeper. But hold that thought. Because as systems get stricter and more cautious, humans may face floods of escalations that look "high risk" due to model uncertainty — pushing teams back to manual work or, worse, rubber-stamping. The exception-only dream has its own negation built in: exception overload. We'll return to this concept.

One more aspect changes at the function level that reshapes every conversation about treasury AI: by period-end, there may be nothing left to close — only explanations to review. Continuous reconciliation, running at all times, producing journals as it goes. The "monthly close" becomes an artifact of a batch-processing era that the control loop has already left behind.

III. The Firm

Zoom out again. What happens when the treasury control system intersects with the rest of the business — with the balance sheet, the supply chain, the board?

The most consequential idea at the firm level is the digital twin of liquidity: a simulated version of the company's entire cash ecosystem that stress-tests hundreds of scenarios — settlement delays, FX shocks, supplier concentration, acquisition timing — before policies are released to production. A flight simulator for your money. The CFO's amber screen in the introduction was running one. In 12% of 4,000 Monte Carlo scenarios, the company breached a covenant. The twin didn't tell them what to do. It told them what could happen — with probabilities, assumptions, and a replay button.

At this altitude, a second idea emerges that may matter more than any single technology: policy-compiled treasury. Treasury rules — approval thresholds, netting logic, payment holds, sweep triggers — written once as machine-readable code. Agents execute the compiled version and log every decision. This is "infrastructure as code" applied to financial governance: policies that can be versioned, tested, audited, and deployed like software. It is the mechanism that makes autonomy governable — and the reason "proof, not vibes, not confidence scores, proof" is not a slogan but an engineering requirement.

In April 2026, a fintech launched a solution embedding native digital-asset capabilities directly into an enterprise Treasury Management System (TMS).4 CFOs can now view, hold, and manage both fiat and digital liquidity — including stablecoins — within a single platform. This is visibility across asset classes, not just currencies — a preview of what "seeing the whole board" means when the board includes tokenized assets.

But here the firm hits a wall. And it is the same wall whether you are a fintech startup or a legacy TMS vendor. Fintechs may have the workflow surface and user adoption, but narrower treasury scope — cash management embedded in finance operations, not the full breadth of multi-entity risk and capital-markets workflows. Traditional TMS platforms have the functional catalogue, but slower control-loop execution because the ecosystem remains fragmented and manual. The constraint is not the software. It is that risk, liquidity, and exposure data is spread across ERPs, TMS platforms, bank portals, and business units — limiting what agentic AI can do responsibly without deep data unification.

And here is the idea at the firm level that is genuinely strange: agent-to-agent negotiation. A buyer's treasury agent and a supplier's treasury agent negotiate payment timing and discount terms autonomously, within policy bounds, optimizing working capital for both sides simultaneously. No current implementation exists. The prerequisites are daunting: standardized agent interfaces, policy interoperability, and enormous trust between counterparties. But the mechanism is technically motivated — and if policy-compiled treasury matures, the boundaries within which agents negotiate become auditable on both sides.

If this sounds like the future is moving fast, consider the counterfactual. Half of large global companies have not deployed AI in their treasury departments at all. Fewer than one in 10.5 The AI will be brilliant in the demo and useless in production — unless someone fixes the data layer first. Treasury doesn't fail fast. It fails expensively.

IV. The System

Zoom out once more. What happens when every firm's treasury is a control system — and they're all running on similar models, similar vendors, and similar logic?

New fragilities emerge that are categorically different from the risks of the previous era. The most novel is correlated agent failure. If many companies rely on similar models or orchestration logic, a shared misclassification can create herd behavior — mass payment holds, liquidity mis-estimation, or synchronized "safe" actions that aren't safe in aggregate. The Bank of England is already pursuing simulation methods to understand conditions under which AI agents could demonstrate herding and amplify stress scenarios.6 This is not a theoretical concern. It is the same mechanism that produced flash crashes in equities — exported to the plumbing of corporate cash.

Three other system-level risks compound the picture. Real-time systems must fail safely; silent degradation is worse than downtime. A treasury control system that silently processes bad data for hours causes more damage than one that stops and says so. As agents gain power over money movement, fraud mutates: attackers target agent inputs — synthetic invoices, poisoned records, compromised payee data. And third-party risk multiplies: as treasury stacks rely on orchestration layers, AI tools and bank APIs, a single vendor's failure can affect multiple processes at once. The operational resilience, controls, and incident response now span more parties than ever.

A model trained on three years of stable interest rates will behave badly in a rate shock. A reconciliation model optimized for one ERP configuration will hallucinate matches after a system migration. Model risk is the quiet killer of agentic treasury — because the systems that act on forecasts inherit every error in those forecasts, and those errors propagate instantly across connected systems before correction is possible.

At the system level, the craziest ideas are also the most necessary. Cross-enterprise stress testing is an example: regulators run industry-wide simulations using anonymized, federated data to detect correlated AI behavior before it triggers a real crisis. Privacy-preserving collaborative forecasting is another: multiple corporations train shared cash-forecasting models on their combined data without any party seeing the other's raw numbers — forecast accuracy that no single company could achieve alone, with cryptographic guarantees of confidentiality. Or Self-healing liquidity buffers: systems that detect their own forecast degradation in real time, automatically widen buffers, and alert humans only when buffers approach policy floors. Each of these ideas is speculative. Each is technically motivated. And each exists because the system-level risks demand system-level responses.

V. The Social Contract

The widest zoom is not technical. It is institutional.

Here is the question that continues to appear: when an agent moves $340 million at 3 a.m. and something goes wrong, who is accountable? The treasurer who set the policy? The vendor who built the model? The board that approved the automation? The regulator who permitted it?

The sharpest insight is also the most uncomfortable: accountability and control are not the same thing. A treasurer can be accountable for a system they cannot fully understand. A board can approve an automation framework without grasping the statistical assumptions embedded in the forecast model. In February 2026, the U.S. Treasury released both an AI Lexicon and the Financial Services AI Risk Management Framework.7

The emerging answer — imperfect but directional — is a layered accountability model: the builder is responsible for the system's capability envelope, the risk function is responsible for the policy constraints, the senior manager is responsible for the governance framework that connects them, and the agent itself is accountable to its audit log — every decision documented, every rationale explainable, every override traceable. Bank platforms are enforcing approvals and maintaining audit logos for API- or agent-initiated actions. The controls exist. The legal and regulatory frameworks are catching up.

This is a new social contract for money movement. It requires treasurers who think like systems designers, boards that understand confidence intervals, and regulators that can audit algorithms, not just ledgers.

VI. Back to the Transaction

Return to the nine-second approval.

Now you can see what was beneath it. Not just an algorithm and a policy band — but a data layer that took years to unify, a prediction engine that narrows its cone of uncertainty with every new signal, a governance framework compiled into machine-readable rules, a dependency chain spanning multiple vendors and jurisdictions, a systemic context in which correlated behavior could amplify risk, and a social contract still being written about who bears accountability when the machine acts within bounds and the world moves in an unlikely direction.

The thesis is this: the future of treasury is not a chatbot. It is not a dashboard. It is a control system — and the competitive advantage belongs to organizations that integrate all five stages (sense, predict, decide, execute, audit) into a single, governed, auditable system before their competitors do.

The winners won't be the firms with the most AI. They'll be the ones with the most governable AI.

For treasurers: start with visibility. You cannot predict what you cannot see, and you cannot automate what you cannot predict. Build the policy frameworks now — before the agentic systems arrive — that define what the machine may do alone, what it must escalate, and how every action is logged. For builders: the winning architecture is the full control loop with governance woven into every layer. Explainability is not a feature. It is the product.

The treasury of 2032 is not a room full of people moving money. It is a nervous system — sensing, adapting, acting, and constantly asking itself: Am I still within bounds?

The humans are still there. They're just asking better questions.

Sidebar: The Treasury Stack in 2032

Sense Layer (Data & Connectivity): Real-time bank balance and transaction ingestion through APIs, replacing portals and batch files. ERP/TMS connectors with normalized data models. Multi-asset data ingestion: fiat, digital assets, stablecoins, tokenized instruments.

Predict Layer (Intelligence): Continuous machine learning (ML)-driven cash forecasting with Monte Carlo scenario generation. Anomaly detection for payment flows, counterparty behavior, and reconciliation exceptions. Digital twin of the full cash ecosystem for real-time scenario simulation. Natural language processing (NLP)-powered signal extraction from news, filings, and regulatory updates.

Decide & Execute Layer (Actuators): Agentic workflows for reconciliation, exception handling, and payment execution within policy bounds. Payments orchestration with ML-optimized routing across rails, providers, and currencies. Pre-transaction policy enforcement blocking out-of-policy actions before execution.

Audit Layer (Proof): Immutable, query-able audit logs of every agent decision and approval. Linked evidence: source documents, reconciliations, variance explanations. Policy-as-code frameworks encoding treasury rules as machine-readable constraints on every agentic action.

Governance & Resilience Layer (Guardrails): Continuous model risk monitoring: drift detection, adversarial testing, behavioral safeguards. Layered accountability: builder to risk function to senior manager to audit log. Regulatory alignment across US, UK, and EU frameworks. Privacy-preserving ML infrastructure (federated learning, secure Model Context Protocol, or MPC) enabling collaborative model training without raw data exposure. Human-in-the-loop exception escalation with senior manager override authority and full decision logging.

References

1.

BNP Paribas, October 2025. EACT Survey: managing the continuum of change. Accessed June 2026.

2.

The Global Treasurer, July 2025. From Manual to Intelligent Treasury with AI and ML. Accessed June 2026.

3.

Securities Finance Times, February 2021. BNY Mellon tackles settlement failures with Google Cloud. Accessed June 2026.

5.

Bloomberg, February 2026. Corporate Treasuries Are Slow to Adopt AI, Survey Finds. Accessed June 2026.

6.

UK Parliament, April 2026. Bank of England and FCA commit to action on AI following warnings from MPs. Accessed June 2026.

7.

U.S. Department of Treasury, February 2026. Treasury Releases Two New Resources to Guide AI Use in the Financial Sector. Accessed June 2026.

Disclaimers:

J.P. Morgan, JPMorganChase, Chase, Chase Merchant Services, and Chase Payment Solutions are marketing names for certain businesses of JPMorganChase and its subsidiaries worldwide (collectively, “JPMorganChase”). Products or services may be marketed and/or provided by commercial banks such as JPMorgan Chase Bank, N.A., securities or other non-banking affiliates or other JPMorganChase entities.  JPMorganChase contact persons may be employees or officers of any of the foregoing entities and the terms “J.P. Morgan”, “JPMorganChase”, “Chase”, “Chase Merchant Services” and “Chase Payment Solutions” if and as used herein include as applicable all such employees or officers and/or entities irrespective of marketing name(s) used.  Nothing in this material is a solicitation by JPMorganChase of any product or service which would be unlawful under applicable laws or regulations.

In preparing this material, we have relied upon and assumed, without independent verification, the accuracy and completeness of all information available from public sources or which was provided to us or which was otherwise reviewed by us.  This material is for discussion purposes only and is incomplete without reference to any other applicable briefings provided by JPMorganChase.  Neither this material nor any of its contents may be disclosed or used for any other purpose without the prior written consent of JPMorganChase.

This material is not intended to provide legal, tax, investment, accounting, financial, business, real estate, technology or other advice, and should not be used for or relied upon for these purposes. The views, opinions, estimates and strategies expressed in this material are those of the respective individual contributors, authors or speakers, and may differ from those of JPMorganChase, or its employees and affiliates. Any market and/or economic commentary in this material in no way constitutes JPMorganChase research and should not be treated as such. Further, the views expressed in this content may differ from those contained in JPMorganChase  research reports. The content in this material has been obtained from sources deemed to be reliable, but JPMorganChase makes no representation or warranty as to its accuracy or completeness. In no event shall JPMorganChase nor any of its directors, officers, employees or agents be liable for any use of, for any decision made or action taken in reliance upon, or for any inaccuracies or errors in or omissions from, this material.

The information in this document may be based upon management forecasts supplied to us and reflects prevailing conditions and our views as of this date, all of which are accordingly subject to change.  JPMorganChase’s opinions and estimates constitute J.P. Morgan’s judgment and should be regarded as indicative, preliminary and for illustrative purposes only. 

Not all products and services are available in all geographic areas. Eligibility for particular products and services is subject to final determination by JPMorganChase and/or its affiliates.  This material does not constitute a commitment by any JPMorganChase entity to extend or arrange credit or to provide any other products or services and JPMorganChase reserves the right to withdraw at any time. All products and services are subject to applicable laws, regulations, and applicable approvals and notifications.

Any mentions of third-party trademarks, brand names, products and services are for referential purposes only and any mention thereof is not meant to imply any sponsorship, endorsement, or affiliation.

Notwithstanding anything to the contrary, the statements in this material are not intended to be legally binding.  Any products, services, terms or other matters described herein (other than in respect of confidentiality) are subject to, and superseded by, the terms of separate legally binding documentation and/or are subject to change without notice.

JPMorgan Chase Bank, N.A. Member FDIC. Deposits held in non-U.S. branches are not FDIC insured. Non-deposit products are not FDIC insured.

JPMorgan Chase Bank, N.A., organized under the laws of U.S.A. with limited liability.

© 2026 JPMorgan Chase & Co. All Rights Reserved.