Every treasury has two policies: the one the board approved and the one that executes at 4:50 p.m. under deadline. Writing policy as executable code — and letting agents move value inside it — makes them the same document for the first time.
Every treasury has two policies. There is the written one — approved by the board, formatted beautifully, specifying counterparty limits, concentration rules, and authorization matrices. And there is the operating one: what actually happens at 4:50 p.m. when a subsidiary needs funding, the approver is on a plane, and the payment window closes in ten minutes. The distance between those two policies is the treasury function's true risk profile, and no document review will ever find it.
The pattern is universal because the constraint is structural. Written policy is enforced by people, and people under time pressure route around friction: the approval moves to a chat message, the limit check becomes a mental one, the exception becomes the process. Nobody involved is careless — they are operating a control design that assumed conditions calmer than the ones that matter. The audit trail, when it is requested later, is reconstructed from messages and memory.
Treasury-as-code inverts the relationship between the document and the system. The policy is written once — as configuration, not prose: target cash ranges per entity and currency; counterparty and instrument limits; rail preferences and cut-off logic; maker-checker requirements by amount tier; escalation triggers for the events that demand a human. Execution then happens inside the policy: an agent that sweeps, funds, and rebalances cannot exceed a limit for the same reason a calculator cannot misremember arithmetic — the constraint is the medium, not a reference document.
The instruments for this have been maturing for a decade. Modern treasury platforms, API-native banking, and real-time balance visibility solved the information problem; what they left in human hands was the execution loop — and with it the discretion, the delay, and the chat-based approval. The autonomous layer closes that loop. Movements within policy execute straight through, each one emitting its authorization record at the moment of execution. Movements outside policy do not slow down for a human; they were never possible without one.
The second half of treasury-as-code is anticipatory. Cash forecasting in most organizations remains a weekly spreadsheet ceremony — entity submissions of uneven quality, manually consolidated, stale by the time they are read. Yet the inputs for a genuinely useful forecast already stream through the enterprise: receivables aging and collection behavior, payables runs, payroll calendars, settlement obligations, seasonality, and the funding patterns of every prior period. A standing model over that data does not merely predict the position; it converts treasury from reactive to anticipatory — funding gaps surfaced days early, surplus deployed rather than idled, working-capital levers such as dynamic discounting and supply-chain finance triggered by forecast rather than by crisis.
Corporate treasury has quietly inherited a market-infrastructure problem. Instant payment rails now move real money in seconds around the clock; banking crises are settled (or not) over weekends; and a cash position that was “fine at this morning’s sweep” is a statement about history, not about now. The daily cash position — treasury’s oldest artifact — is becoming what the end-of-day price already is on a trading desk: a convention, useful for reporting, useless for operating. The operating question is intraday: what is the position now, across every account and currency, and what does policy say to do about it now?
No treasury team can staff that question with people; the clock does not permit it. It can only be staffed with standing machinery: continuous position assembly from bank APIs, a forecast that updates as flows land rather than when the analyst refreshes the workbook, and policy — concentration limits, counterparty caps, funding preferences — expressed executably so that the routine response (sweep, fund, invest, hedge within envelope) happens on the clock of the event, not the clock of the office. The treasurer’s attention moves to where it was always meant to be: the exceptions, the counterparties, and the strategy.
Payment controls are where treasuries feel safest and are frequently weakest. Maker-checker sounds robust until you watch it operate at volume: the second pair of eyes, confronted with a hundred-line payment run at 4:55 p.m., checks formatting and moves on. Meanwhile the fraud that actually lands — the changed vendor IBAN, the urgent “CFO” instruction, the beneficiary added last Tuesday — sails through precisely because it is individually plausible and the checker has no context to know otherwise. Volume defeats vigilance; it always has.
The executable-policy version inverts the design. Every payment is screened, pre-release, against the policy and the pattern: is the beneficiary new or changed, does the amount fit the vendor’s history, does the account match the master record, did the instruction arrive through a controlled channel? The routine ninety-something percent releases with a complete evidence record; the residual arrives at a human with the anomaly explained — not a line in a run, but a case with context. That human’s attention, spent on twelve real questions a day instead of twelve hundred formalities, is the strongest fraud control a treasury can own. The pattern — census screening, risk-routed judgment — is the same one The Auditor Will See You Now builds into a full control plane.
Every treasury policy states a minimum cash buffer, and every buffer is a confession: it is the price of not knowing your position between refreshes. The arithmetic is unforgiving and square-rooted — halve the interval, release only 29% of the buffer; but move from a once-a-day snapshot to a standing intraday position and the idle balance can shrink by two-thirds while confidence rises. That released cash is not a rounding error; at institutional scale it is a working-capital program hiding inside an operations upgrade. The second model prices it. Notice what the model does not require: a better forecast. It requires a faster mirror.
The same envelope logic extends to the treasury activity with the most codified policy and the least codified practice: FX hedging. Most hedging policies already read like specifications — hedge ratios by horizon, instruments permitted, counterparty limits, effectiveness thresholds — and are then executed through a monthly ritual of spreadsheets and dealer calls that drifts from the document in a dozen small, undocumented ways. Expressed executably, the policy becomes a standing program: exposures aggregated continuously from the forecast, hedge ratios maintained within bands, rebalancing proposed (or executed, within envelope) as exposures move, every trade carrying its policy citation into the hedge-accounting file. The treasurer’s judgment relocates to where the policy itself is decided — ratios, horizons, risk appetite — which was always the job description, minus the ritual.
None of this survives contact with a treasury whose bank connectivity is a nightly statement file. The standing position needs standing feeds — API-first bank channels, intraday camt streams where APIs lag, and a connectivity layer that treats each of the treasury’s dozens of banking relationships as a data source with an SLA rather than a PDF with a login. This is the least glamorous line in the program budget and the one that gates all the others; it is treasury’s version of the foundation argument made in The Foundation Eats the Roadmap. The good news: bank APIs have crossed from conference-slide to commodity in most major corridors, and the connectivity build is now measured in months, not roadmaps. The treasurers still waiting for “the banks to be ready” are, increasingly, the last ones waiting.
What remains for people is exactly what should: the counterparty event, the market dislocation, the payment that pattern analysis flags as anomalous, the strategic funding decision no policy anticipated. And when those moments arrive, they arrive prepared — the agent escalates with context assembled: the position, the policy clause at issue, the history, the options. The treasurer's judgment is spent on judgment, not on assembling the information required to exercise it.
The governance consequence is the quiet headline. A treasury run this way produces, as a by-product of operating, the artifact every auditor and regulator asks for and almost never receives cleanly: a complete, tamper-evident record of every movement, its authorization, and the policy that permitted it — generated at execution, not reconstructed after. The written policy and the operating policy become, for the first time, the same document.
Standing bank connectivity and a continuously assembled position are the prerequisites for everything else in this paper; run the buffer model with your own volatility and let the released cash fund the build.
Take the payment-release policy first — highest fraud stakes, clearest rules — and express it as versioned, testable logic the machines check pre-release.
Count items per checker-day against genuine minutes per review; if the arithmetic fails, treat the redesign as a control remediation, not an efficiency project.
The Lights Out Maturity Index: six questions, two minutes, no scales to interpret. Your anonymous result joins the inaugural Lights Out Finance Survey — the benchmark this publication reports on.
Take the Close & Controls PulseTake the Maturity Index Browse all papersFounder & Editor of Lights Out Finance. Big 4 partner in CFO Advisory & Finance Transformation with two decades across the Americas, EMEA, and APAC; DEng in AI (George Washington), MBA in Finance (Cornell), Master in Financial Engineering (Queen’s Smith); US CPA, CGMA, FRM, CQF, CTP, CDAA. Full profile →