Your Finance Agent Shipped With a Policy You Didn't Write

A company I work with turned on an AP agent in April. It reads invoices, matches them to a PO, and approves anything clean below a threshold so a human never has to look. Smooth for six weeks. Then a vendor billed them twice for the same $4,800 shipment, three days apart, and both invoices paid. Nobody approved the duplicate. Nobody saw it. The agent did exactly what it was configured to do, because the auto-approve ceiling was sitting at $5,000 where the vendor had left it.

That $5,000 wasn't a decision anyone at the company made. It was a default, tuned for a buyer fifty times their size, and it had quietly become their AP control.

The default is the policy until you change it

Every agentic finance tool ships with authorization limits. The dollar line under which the agent acts on its own, the exception types it handles versus the ones it escalates, how far it can go before a person has to sign. The vendor sets all of it to something reasonable-sounding out of the box, and most teams turn the thing on without touching a single value.

Here's what that means in practice. You spent years building approval rules: who can commit what, which spend needs a second set of eyes, where the line sits between routine and review. Then you bought a tool that came with its own version of those rules, and you let it overwrite yours by doing nothing. The setup wizard's defaults are now your spending policy. You just didn't write them.

A finance agent doesn't ask whether its limits match your business. It enforces whatever number it was handed. If that number came from the vendor, the vendor is setting your controls.

Write the no-go list before you turn it on

The useful discipline isn't deciding what to automate. Vendors push that question hard and it's the easy half. The real work is the opposite: deciding what the agent must never do alone, and writing it down before launch instead of after the duplicate clears.

Three lines do most of the work for a company under $20M. First, the dollar threshold where the agent stops and asks, set to your business and not the demo's. For most teams I see, that's a few hundred dollars on AP, not five thousand. Second, the actions that always route to a human regardless of amount: a new vendor's first payment, any change to bank details, anything to a related party. Third, the exceptions the agent is allowed to resolve on its own versus the ones it must escalate. A duplicate invoice belongs in the escalate column. So does a price that doesn't match the PO.

None of this takes a governance binder. It takes an afternoon and a willingness to open the settings the vendor hoped you'd skip. The teams that get burned aren't the ones who automated too much. They're the ones who never read the number they were automating against.

An agent will follow its limits perfectly. The only question is whose limits they are.