The word that makes CFOs most uncomfortable about agentic treasury is “autonomous.” It suggests a system acting without oversight, precisely what treasury governance exists to prevent. The concern is rational, and the best agentic treasury systems are designed around it rather than against it.
In its March 2026 guidance on agentic AI governance, McKinsey placed a principle at the centre of that conversation that every treasury leader should hold their vendors to: bounded autonomy.
The AI does not act freely. It operates within parameters you define, escalates what you tell it to escalate, and records everything it does. The goal is not maximum automation. It is maximum confidence in every action the system takes.
Bounded autonomy means an AI system operates within defined policy parameters, requires human approval above defined thresholds, and logs every action with its rationale. In treasury, that is not a limitation bolted on after the fact. It is the design.
Why “Autonomous” Is the Wrong Frame for Treasury AI
“Autonomous” triggers the wrong concern. It implies a system that decides on its own what to do with your cash, your counterparties, and your covenants, the opposite of what any treasury function is built to allow.
McKinsey’s reframe is useful precisely because it lowers the temperature: the goal was never full autonomy. It is bounded autonomy, where the AI works inside guardrails, escalates edge cases, and asks for confirmation before any action above a defined threshold.
For treasury, that distinction matters more than in almost any other function. The cost of an unexplained action is not an inconvenience, it is a control failure that an auditor, a lender, or a board will ask about.
Designing for bounds first is therefore not a brake on the technology. It is what makes the technology usable in a function where every movement of money has to be defensible.
What Bounded Autonomy Looks Like in Practice
Bounded autonomy is not a slogan; it is an architecture with distinct layers. Each one answers a specific question about what the agent may do and who stays accountable.
| Layer | What it does |
|---|---|
| 1. Policy rules | Define which actions the AI is permitted to consider. The CFO sets the universe of allowable moves; the agent cannot act outside it. |
| 2. Threshold gates | Set which action values auto-execute and which require human approval. Below the threshold, the agent acts; above it, the agent waits for a person. |
| 3. Escalation logic | Specify the conditions that route an exception to a human: unusual counterparties, off-pattern timing, or anything the policy flags as needing judgement. |
| 4. Audit trail | Log every action with its rationale, timestamp, and approval record, producing a complete and reconstructable account of what happened and why. |
Here is how those layers behave in a single, everyday decision. An idle-cash sweep of up to $500,000 into an approved money-market position is auto-executed within policy; it sits inside the rules and below the threshold, so the agent simply acts.
A transfer above $500,000 is routed to the CFO for one-click approval, because it crosses the threshold gate. And in either case, the action is logged in full, amount, rationale, timing, and approver, so the record exists before anyone thinks to ask for it.
How Trust Gets Built, Not Assumed
McKinsey’s prescription is sequential, not all-at-once: “design for trust first, speed second.” Start with bounded autonomy, keep humans accountable for high-impact decisions, and widen the bounds only once monitoring shows the system behaves predictably. Trust is earned through observed behaviour, not granted on day one.
In practice, the trajectory looks like this:
| Stage | How oversight evolves |
|---|---|
| Week 1 | The CFO reviews every proposed action. Bounds are deliberately tight while the team builds a track record. |
| Month 3 | The CFO adjusts thresholds based on demonstrated behaviour, widening latitude where the agent has proven reliable. |
| Month 6 | Routine actions auto-execute within policy, with periodic review rather than action-by-action approval. |
There is a counter-intuitive lesson in the data. Teams that begin with tighter bounds tend to expand to higher levels of automation faster, often within 60 days, than teams that start with wide latitude. Starting narrow builds the evidence base that justifies going broad. Starting broad invites the early incident that sends everyone back to manual review.
The Product Walkthrough: How Nilus Implements Bounded Autonomy
Bounded autonomy only counts if you can see it working. Here is how the four principles above show up in the product, step by step.
- Setting approval thresholds. During onboarding, the CFO configures what the agent may do by action type and by dollar value. This is where the policy rules and threshold gates are defined, in plain settings, not buried in configuration files.
- Seeing the AI’s reasoning. Every proposed action arrives with a plain-language explanation of why it is being recommended, what data informed it, and which policy it satisfies. No black-box recommendations.
- The one-click approval flow. For anything above a threshold, the CFO sees the recommendation, the rationale, and a clear confirmation that it complies with policy, then approves or declines in a single click.
- The audit log. Every action and every decision is captured in a searchable, exportable, auditor-readable record. When a lender or board asks what happened on a given date, the answer is one query away.
Why Governance Makes You Faster, Not Slower
It is tempting to read governance as friction, the thing that slows an ambitious automation programme down. The opposite is true. Organisations that start with governance tend to scale agentic AI faster, because demonstrable controls create institutional confidence. Boards approve expansion more readily when the controls are visible and the audit trail is complete.
Skipping governance carries the real risk. A single unexplained action can erode months of accumulated trust and stall an entire programme.
Bounded autonomy is what prevents that incident from ever happening, and a programme that never has the incident is a programme that keeps moving. The durable differentiator in agentic treasury will not be who deploys fastest. It will be who governs best.
Frequently Asked Questions
What is bounded autonomy in AI?
Bounded autonomy means an AI system operates within defined policy parameters, requires human approval above set thresholds, and logs every action with its rationale. It is autonomy with guardrails rather than autonomy without limits.
Does agentic treasury AI require human approval?
Yes, for any action above the thresholds you define. Routine, low-value actions inside policy can auto-execute, while higher-value or off-pattern actions are routed to a human for one-click approval.
How do you set approval thresholds for treasury AI?
Thresholds are configured by action type and dollar value during onboarding, and adjusted over time as the system’s track record gives you the confidence to widen or tighten the bounds.
See Bounded Autonomy in Action
See how Nilus’s bounded autonomy architecture works: configure your approval thresholds and watch a live action proposal in a 15-minute walkthrough.