返回 Papers
AI 扩展计划 / Playbooks

AI Payment Operations / Reconciliation / Settlement Exception Playbook

本文是学习、作品集和架构训练材料, 不构成法律意见、合规结论、支付网络规则解释、消费者保护建议、会计意见、审计结论、流动性建议、资金执行建议或机构操作指令。

645AI_PAYMENT_OPERATIONS_RECONCILIATION_SETTLEMENT_EXCEPTION_PLAYBOOK.md

AI Payment Operations / Reconciliation / Settlement Exception Architecture Playbook

适用对象: CBAP-level Financial Retail PM / Senior BA / Payment Operations Product Owner / Core Banking Architect / Settlement Ops Lead / Finance Control / Treasury Ops / AI Governance / Operational Risk / Internal Audit。 目标: 把 AI 用于 payment processing、reconciliation、settlement exception、repair queue、suspense account、cash application、ledger break、cut-off SLA、dual control、evidence 和 incident response 的可运营、可审计架构。 核心观点: Payment ops AI 的成熟交付物不是“自动对账率”, 而是 file-core-GL-cash-evidence 的 controlled exception operating system。


0. Boundary And Disclaimer

本文是学习、作品集和架构训练材料, 不构成法律意见、合规结论、支付网络规则解释、消费者保护建议、会计意见、审计结论、流动性建议、资金执行建议或机构操作指令。

正式项目中的 rule applicability、rail-specific requirements、return/reversal treatment、Reg E boundary、customer communication、accounting treatment、capital/liquidity impact、regulatory reporting 和 evidence retention 必须由 Legal、Compliance、Payments Rules Owner、Finance、Treasury、Operational Risk、Model Risk、Internal Audit 和业务负责人确认。

本文刻意区分:

  • payment operations exceptions: file, posting, settlement, cash, GL, repair, suspense, SLA, evidence。
  • payment disputes / chargebacks / scam claims: customer assertion, liability, provisional credit, network claim path, complaint response。

二者会共享交易和证据, 但不应共享同一个未分层的 AI workflow。


1. Executive Framing

弱项目定义:

Use AI to reconcile payments faster.

成熟项目定义:

Build a governed payment operations control plane that detects,
classifies, prioritizes, repairs and evidences payment exceptions
across rail files, core posting, settlement cash, GL, suspense and downstream reporting.

Executive one-liner:

This is a ledger, cash and operations control product with AI assistance; not a payment chatbot.

高管问题集:

QuestionGood answer requires
哪些 payment exceptions 正在威胁 cut-off、GL close 或客户资金可用性event graph, queue SLA, materiality and customer impact
哪些 break 是 file issue、posting issue、settlement issue、GL issue 或 evidence issueexception taxonomy and reconciliation layer
AI 推荐了什么, 人类批准了什么, 系统实际改了什么AI trace, maker-checker, tool gateway and after-state
Suspense 为什么增长, 谁负责, 多久能清suspense aging, reason code, owner, action plan
结算异常是否影响 liquidity forecasttreasury signal, scenario update, human action record
审计能否重放一笔异常从文件到总账再到现金immutable evidence ledger and lineage export

2. Source Anchors

访问日期: 2026-06-30。以下来源作为 source anchors; 不替代机构 policy、network rules、contract terms 或 counsel/compliance interpretation。

AnchorOfficial link本 playbook 使用方式
FFIEC Retail Payment Systems booklethttps://ithandbook.ffiec.gov/it-booklets/retail-payment-systems.aspxpayment instruments、clearing/settlement、ACH/card/check/P2P、retail payment risk and controls
FFIEC Wholesale Payment Systems booklethttps://ithandbook.ffiec.gov/it-booklets/wholesale-payment-systems.aspxwire/interbank messaging、settlement、resiliency、wholesale payment risk、Nostro/Vostro control language
Federal Reserve Financial Services Operating Circularshttps://www.frbservices.org/resources/rules-regulations/operating-circulars.htmlOC 4/FedACH、OC 6/Fedwire Funds、OC 8/FedNow、OC 12/National Settlement Service 的 rule catalog entry point
FedACH Processing Schedulehttps://www.frbservices.org/resources/resource-centers/same-day-ach/fedach-processing-schedule.htmlcut-off and settlement schedule design; window data belongs in calendar service
Nacha Operating Rules resourceshttps://www.nacha.org/newrulesACH rule changes, risk management topics and return/reversal watch process
Nacha Operations Bulletinshttps://www.nacha.org/news/operations-bulletinsACH operations changes and implementation signal for ops readiness
CFPB Regulation Ehttps://www.consumerfinance.gov/rules-policy/regulations/1005/consumer EFT/remittance/error-resolution boundary marker, not an automated conclusion engine
NIST AI RMFhttps://www.nist.gov/itl/ai-risk-management-frameworkGovern / Map / Measure / Manage for AI risk, monitoring, controls and improvement
ISO/IEC 42001https://www.iso.org/standard/81230.htmlAI management system: roles, operation planning, performance evaluation, internal audit and continual improvement

3. Operating Principles

PrinciplePractical meaning
Ledgers before languagereconciliation math, control totals, GL/cash balance and file integrity outrank generated narrative
Evidence before repairevery repair needs source artifacts, before/after state and approval evidence
Calendars are controlscut-off, settlement windows, return windows and GL close calendars are governed data
AI advises, workflow controlsAI can recommend; state changes go through policy engine, tool gateway and maker-checker
Suspense is temporary controlsuspense aging requires owner, reason, materiality and release evidence
Customer impact is explicitdelayed posting, wrong posting, fees, statement errors and availability are assessed, not assumed away
Finance and Ops co-own breaksOps repairs operational facts; Finance controls GL, suspense, materiality and close
Treasury signals are not actionssettlement variance can inform liquidity forecast but cannot auto-execute funding decisions
Audit replay is a product featurefile, event, AI run, human decision, journal and cash evidence must be reconstructable

4. Target Reference Architecture

1. Source ingestion
   ACH files, wire messages, card processor files, core posting reports,
   GL journals, settlement statements, Fed/correspondent statements,
   remittance advice, return/reversal files, downstream report feeds

2. Control and lineage layer
   file manifest service
   payment event graph
   rail calendar service
   rule catalog
   data quality and reconciliation controls
   evidence ledger

3. Reconciliation engines
   file-to-file
   file-to-core
   core-to-GL
   GL-to-cash
   Nostro/Vostro matching
   suspense aging and cash application

4. AI intelligence layer
   anomaly detection
   exception classification
   candidate matching
   root-cause summarization
   SLA prioritization
   evidence pack drafting
   liquidity signal explanation

5. Operations workbench
   repair queue
   settlement exception queue
   suspense release queue
   cash application queue
   maker-checker approvals
   customer-impact review
   finance close command center

6. Action and reporting layer
   controlled core/GL/payment tool gateway
   incident runbook
   dashboards and KRIs
   downstream report impact notice
   audit export

Architecture rule:

If an AI recommendation can affect posting, settlement, suspense, GL,
customer funds availability or downstream reporting, it needs a governed action path.

5. Core Data Products

Data productGrainOwnerEvidence
File manifestfile_id + direction + rail + sequencePayment Tech Opshash, count, total, timestamp, source acknowledgment
Payment event graphpayment_instruction_id / trace_idPayment Architecturelineage across instruction, file, posting, settlement, return, GL
Rail calendarrail + product + window + effective datePayments Rules Ownersource link, approved version, change log
Reconciliation factrecon_run_id + item_id + layerSettlement Ops + Financematching rule, candidate set, result, exception id
Exception casecase_idOperationstaxonomy, materiality, SLA, owner, status
Suspense ledgersuspense_item_idFinance Controlreason, aging, amount, release action, journal link
Cash application factcash_line_id + candidate account/invoiceCash App Opsremittance extraction, confidence, approval
AI run ledgerai_run_idAI Product / Model Riskprompt/model/source versions, output, confidence, reviewer action
Customer impact recordimpact_idProduct Ops / Customer Opsaffected customers, funds/fees/statement impact, remediation route
Audit replay packagesample_id / incident_idInternal Audit / Control Testingimmutable artifacts and lineage export

6. Exception Taxonomy And Routing

Exception typeDetection signalQueueSLA driverClosure evidence
Missing fileexpected file not received by calendar thresholdPayment Tech Opscut-off proximitysource inquiry, late/missing status, contingency action
Duplicate filerepeated hash/sequence/control totalPayment Tech Opsduplicate posting riskblock/release decision, duplicate control proof
Control total mismatchfile totals differ from header/trailer/corePayment Opsposting integritycorrected file or accepted variance evidence
Posting rejectcore non-post reportCore Ops repaircustomer funds / return windowrepaired posting or return path
Settlement varianceexpected vs actual settlement cash mismatchSettlement Opsamount/materiality/closematched statement line or variance approval
Return/reversal exceptionunmatched or late return/reversalRail Opsrail window / customer impactoriginal event linkage and owner disposition
Suspense agingitem exceeds age/materiality thresholdFinance Controlclose calendar / stale riskapproved release, journal, residual acceptance
Cash application unknownincoming cash lacks reliable referenceCash App Opscustomer/account impactcandidate approval and application journal
Nostro/Vostro breakcorrespondent statement unmatchedTreasury Opsvalue date / currency / amountstatement match or investigated residual
Downstream report mismatchreport feed diverges from reconciled sourceData Reportingfiling/MI deadlinecorrection, report owner signoff

Routing priorities:

PriorityCriteriaAction
P0material cash/GL break near cut-off or close, customer funds at risk, duplicate posting riskcommand center and stop downstream action
P1high-value settlement variance, unresolved suspense aging, rail return window pressuresenior queue and same-day escalation
P2standard posting rejects and cash application candidatesnormal SLA with sampling
P3low-value aged research and trend samplesbatch handling and QA
P4training, taxonomy, model improvement samplesscheduled calibration

7. Decision Gates

Gate 0: Use-case eligibility

QuestionPass conditionEvidence
Which reconciliation layer is affected?file, core, GL, cash, suspense or reporting layer nameduse-case card
Can AI output affect ledger, cash, customer or report state?impact tier assignedrisk tier record
Can deterministic controls solve this without AI?alternative recordedarchitecture decision record
Is rule applicability involved?rule owner mappedrule catalog reference
Is human capacity available?queue and reviewer pool definedoperations readiness record

Gate 1: Source and file control

QuestionPass conditionEvidence
Did expected files/messages arrive?calendar expectation checkedfile manifest
Are sequence, hash, item count and control total valid?validation pass or exception createdfile validation report
Is event time separate from available time?both timestamps capturedlineage record
Are rejected records preserved?reject file linkedreject evidence
Are upstream changes known?change record linkedrelease/change ticket

Gate 2: Reconciliation match quality

QuestionPass conditionEvidence
Which match strategy was used?exact, tolerance, probabilistic or manual selectedrecon run metadata
Are candidate matches visible?ranked candidates shown, not hiddencandidate set
Is tolerance approved?tolerance id and owner capturedtolerance catalog
Does materiality require review?threshold appliedmateriality rule
Can false match cause customer/GL harm?harm assessment completerisk note

Gate 3: Queue and SLA routing

QuestionPass conditionEvidence
Is exception taxonomy valid?versioned reason code assignedtaxonomy record
Is cut-off or close calendar pressure active?SLA clock createdclock id
Is the queue owner accountable?owner accepted or escalatedassignment log
Are skills and authority sufficient?reviewer role matches action typeentitlement record
Are aging thresholds monitored?dashboard alert activeKRI record

Gate 4: Repair action approval

QuestionPass conditionEvidence
What state will change?before/after state displayedaction preview
Does action touch core, GL, suspense, cash or customer communication?action type classifiedtool gateway decision
Is maker-checker required?threshold and SoD rule appliedapproval token
Are source facts cited?evidence ids attachedevidence manifest
Is rollback or correction path defined?recovery option documentedaction record

Gate 5: Customer impact and downstream reporting

QuestionPass conditionEvidence
Could posting delay affect funds, fees, statement, balance or notices?customer impact assessment completedimpact record
Does downstream MI/regulatory/report feed use affected data?report owner notification rule checkedimpact lineage
Is customer remediation route separate from ops repair?customer ops owner mappedremediation route
Is Reg E or other customer rule boundary possible?Legal/Compliance route availableboundary flag
Are communications approved?template or owner signofffinal message record

Gate 6: Finance close and residual break

QuestionPass conditionEvidence
Is the break material for close?Finance materiality appliedclose control record
Is suspense release justified?release evidence and journal linksuspense release pack
Is residual break accepted?accountable owner and expiry capturedresidual break record
Are recurring breaks tracked?RCA and CAPA createdissue record
Can GL and cash states be replayed?audit package completeaudit export

Gate 7: AI monitoring and continuous control

QuestionPass conditionEvidence
Is model classification quality monitored by exception type?slice metrics availableeval report
Are false matches and false closures sampled?QA sampling activeQA result
Are prompt/source/calendar changes controlled?change approval and regression runrelease bundle
Are reviewer overrides analyzed?override dashboardmonitoring report
Are incidents fed back into evals?failed cases added to test setlearning loop record

8. Controls And Evidence Checklist

8.1 File and processing controls

ControlEvidence
Expected file calendarrail calendar version, expected file list
File integrityhash, size, control total, item count, sequence
Duplicate preventionduplicate key, blocked duplicate record, release approval
Batch balancingdebit/credit totals, item count, trailer validation
Reject preservationoriginal reject record, reason code, repair state
Reprocessing controlreprocess request, approval, idempotency key

8.2 Reconciliation controls

ControlEvidence
Matching rule governancerule id, tolerance, owner, effective date
Candidate transparencyfull candidate list and match features
Materiality thresholdamount/customer/report impact rule
Manual repair SoDmaker, checker, approval token
Exception agingage, owner, escalation, breach record
Residual acceptanceaccountable owner, rationale, review date

8.3 Ledger and cash controls

ControlEvidence
Subledger-to-GL balancerecon run, journal id, batch id
GL journal approvalpreparer, approver, evidence ids
Suspense agingreason code, age bucket, action plan
Suspense releasesource proof, journal link, dual approval
Cash statement matchingstatement line, value date, counterparty
Nostro/Vostro investigationcorrespondent statement, wire advice, FX/fee analysis

8.4 AI controls

ControlEvidence
Use-case boundaryAI role and prohibited actions
Source groundingevidence ids cited in output
Confidence calibrationscore distribution and accuracy by exception type
Human reviewreviewer action, reason, override
Tool limitationread/write scope and policy decision
Monitoringdrift, false match, false close, queue impact
Incident linkageAI run ids linked to incident samples

9. Repair Queue Design

9.1 Queue states

detected
  -> classified
  -> assigned
  -> evidence_ready
  -> repair_proposed
  -> maker_submitted
  -> checker_approved
  -> executed
  -> reconciled
  -> customer_impact_closed
  -> finance_closed

9.2 Workbench requirements

RequirementWhy it matters
Six-ledger viewanalyst sees instruction, file, core, GL, cash and evidence together
AI explanation with citationssummary is useful but source evidence stays visible
Before/after previewprevents blind repair
Cut-off bannerprotects rail and close windows
Customer impact panelavoids back-office-only thinking
Approval panelmaker-checker embedded in workflow
Downstream impact mapreport owner and treasury visibility
Similar case searchaccelerates RCA without copying stale fixes
Action constraintsonly allowed repair actions by role and state

9.3 Repair action catalog

ActionAI allowed?Human control
Add evidence notedraft allowedreviewer saves note
Change queue / reason coderecommend allowedowner acceptance
Request source file resenddraft request allowedops approval
Reprocess fileno direct executionmaker-checker and idempotency proof
Correct posting mappingrecommend onlyauthorized core ops approval
Apply incoming cashcandidate match onlycash app approval
Release suspenseno direct executionfinance maker-checker
Post GL journalno direct executionfinance workflow
Notify customer impact ownerdraft allowedcustomer ops route
Close material exceptionrecommend onlyindependent approval

10. SLA, Cut-off And Calendar Guardrails

10.1 Calendar service fields

FieldNotes
railACH, wire, card, RTP/FedNow-like, check, internal transfer, correspondent
productconsumer, small business, commercial, treasury, card, merchant
directioninbound, outbound, return, reversal, settlement
windowsubmission, receipt, processing, settlement, return, GL close
sourceofficial source or internal policy
effective dateversioned start
ownerPayments Rules Owner or Finance calendar owner
change controlapproval and regression requirement

10.2 SLA matrix

SLA typeOperational target
Detection SLAexpected missing/late file detected before downstream posting risk
Assignment SLAP0/P1 exceptions accepted by accountable queue quickly enough to preserve cut-off
Evidence SLAfile, core, GL and cash evidence available before repair approval
Repair SLArepair action executed within rail/customer/close constraints
Reconciliation SLArepaired item rebalanced across affected ledgers
Suspense SLAaging thresholds monitored and escalated before stale balances accumulate
Customer-impact SLAfunds/fees/statement impact routed before customer harm expands
Incident SLAcommand center opened for material or systemic exception

10.3 Protected windows

During rail cut-off, end-of-day posting, month-end close or material incident:

  • freeze non-essential model/prompt/rule changes.
  • block unapproved reprocessing.
  • route material repairs to senior queue.
  • require local evidence capture if export pipeline is delayed.
  • escalate unresolved P0/P1 items to incident commander and Finance Control.
  • publish downstream report impact notice when data freshness is degraded.

11. Incident Runbook

11.1 Trigger examples

TriggerIncident mode
Missing high-volume ACH/card/core file near cut-offpayment processing incident
Duplicate file passed validationduplicate posting containment
Settlement cash variance exceeds thresholdsettlement break command center
Suspense balance spike near closefinance control incident
AI classifier routes material breaks to wrong queueAI operations incident
Evidence ledger export fails during repair windowevidence continuity incident
Downstream report feed uses unreconciled datareporting impact incident

11.2 First hour actions

1. Declare incident severity and owner.
2. Freeze risky downstream actions: reprocess, suspense release, GL posting, customer-impact sends.
3. Capture source evidence locally if central evidence pipeline is degraded.
4. Identify blast radius: files, batches, accounts, customers, GL accounts, cash accounts, reports.
5. Switch AI to conservative mode: classify and summarize only, no repair recommendation if evidence is incomplete.
6. Assign workstreams: rail/source, core posting, settlement cash, GL/finance, customer impact, AI/control, communications.
7. Start incident log with timestamps, decisions, approvals and unresolved risks.

11.3 Decision log fields

FieldContent
decision_idstable id linked to incident
timeevent time and decision time
decisionaction, freeze, reroute, accept residual, communicate, recover
evidencefile ids, report ids, screenshots, system logs, AI run ids
ownernamed accountable role
approvalsmaker, checker, senior approver if required
customer impactassessed, not applicable, under review, route opened
finance impactGL/cash/suspense/reporting impact
recovery conditionwhat must be true before normal mode resumes

11.4 Recovery gates

GateExit condition
Source integrityexpected files and manifests validated
Posting integrityduplicate/non-post/reject state understood
Settlement integritycash variance matched, explained or accepted
GL integrityjournals balanced and suspense status controlled
Customer impactaffected customer population and remediation route confirmed
AI integrityclassifier/recommender issue contained and regression tested
Evidence integrityincident package complete enough for audit replay
Management signoffOps, Finance, Risk and Technology agree on restart

12. AI Eval And Monitoring Suite

12.1 Scenario library

ScenarioExpected model behavior
File sequence gap with high item countclassify as file integrity P0/P1, avoid repair certainty
Posting reject due to closed accountlink to original payment, route to core ops, flag customer impact
Duplicate ACH file candidateblock auto-reprocess, request duplicate evidence
Settlement variance from processor lagexplain timing hypothesis with evidence, not final close
Suspense aging before month-endraise finance close priority
Unapplied incoming wire with weak remittancepresent candidate set and uncertainty
Nostro value-date mismatchdistinguish value date from posting date
Wrong downstream report feedtrace impacted reports and owner
Stale calendar sourcerefuse precise window conclusion and route to owner
Missing evidence ledgerprevent material closure

12.2 Metrics

MetricWhy it matters
false match ratewrong candidate match can misapply funds
false non-match rateunnecessary backlog and delayed cash application
false closure ratehidden operational and finance risk
queue reroute ratetaxonomy or model routing quality
reviewer override rateautomation bias and model quality signal
evidence completenessauditability and repair confidence
cut-off breach rateoperational effectiveness
suspense agingfinance control health
customer impact incidentsfunds/fees/statement harm
downstream report correctionsreporting control quality
AI-assisted handling timeproductivity, only valid with quality metrics

12.3 Monitoring actions

SignalAction
false match spikedisable probabilistic auto-ranking for affected class
override concentration by reviewercalibration and independence review
suspense aging spikeFinance Control escalation and RCA
queue backlog near cut-offsurge staffing and lower-risk deferral
source file change without regressionfreeze AI routing until validation
evidence completeness dropblock material closure and open incident

13. RACI

ActivityPayment OpsSettlement OpsFinance ControlTreasuryProductTechnologyRisk/ComplianceInternal Audit
Exception taxonomyACCCRCCI
File manifest controlsCCIICA/RCI
Rail calendar ownershipACICCRCI
Reconciliation rule designRAACCRCI
Repair queue operationA/RRCICCCI
Suspense releaseCCA/RCICCI
GL journal approvalICA/RCICCI
Liquidity signal reviewCCCA/RICCI
AI model monitoringCCCIA/RRCI
Incident commandAAACCRCI
Control testingIICICCCA/R

Legend: A = accountable, R = responsible, C = consulted, I = informed.


14. Roadmap

Phase 1: Control foundation

DeliverableOutcome
File manifest servicereliable source ingestion evidence
Payment event graph MVPtrace from file to posting and exception
Exception taxonomyconsistent routing and reporting
Repair queue MVPSLA, owner, evidence and closure
Suspense aging dashboardfinance-control visibility

Phase 2: AI assist

DeliverableOutcome
Exception classifierfaster routing with override monitoring
Candidate match assistantimproved cash application and settlement research
Root-cause summarizerbetter analyst productivity and incident narrative
Evidence pack generatoraudit-ready repair and close support
Eval suitemeasurable quality across exception types

Phase 3: Enterprise control plane

DeliverableOutcome
GL/cash/downstream report lineageclose and reporting impact visibility
Treasury liquidity signal integrationforecast-to-action input with governance
Incident command integrationcontrolled degraded mode and recovery
Continuous controls monitoringKRI-driven management oversight
Audit replay exportinternal audit and regulator-exam readiness

15. PM / Architect Implications

PM

Product decisionSenior framing
Success metricreduce unresolved material breaks before cut-off/close, with evidence completeness
User designoperations workbench, not generic chat
Workflow designdetect, classify, prioritize, repair, approve, reconcile, report
AI boundaryassistant for evidence and candidate actions, not autonomous ledger operator
Adoptionstart with high-volume, low-ambiguity exceptions before material GL/cash actions
Governancebusiness value must include control quality, not only handling time

Architect

Architecture decisionSenior framing
Data modelevent graph and reconciliation facts instead of flat work orders
Integrationsource files and core/GL/cash APIs require idempotency and replay
Controlsrule engine, calendar service, tool gateway and evidence ledger are core components
AI patternRAG + classifier + candidate ranking + summarization with citations
Resilienceconservative mode, read-only mode, manual-first mode and local evidence capture
Auditevery material close must reconstruct source-to-action-to-ledger state

16. Anti-patterns

Anti-patternWhy it failsCorrection
Optimize auto-close ratehides false closures and stale breaksoptimize material break clearance with QA
Put rail rules in promptstale or unverifiable cut-off logicversioned rule and calendar services
Treat suspense as operational backlogcreates finance and reporting risksuspense owner, aging, materiality, release control
Let AI execute repair tools directlyunauthorized ledger/cash impacttool gateway and maker-checker
Use one queue for all exceptionsP0 cut-off risk gets buriedtaxonomy and priority routing
Ignore customer impactdelayed posting can create fees, availability or statement harmcustomer impact assessment and route
No downstream report lineagecorrected ops data may not reach MI/regulatory feedsreport impact map
Use AI summary as evidenceaudit cannot replay source factsimmutable evidence artifacts
Pilot only on clean dataproduction breaks are messy and time pressuredeval on real exception patterns
Finance joins lateGL/suspense issues discovered at closeFinance Control embedded from design

17. Implementation Guardrails

  1. No AI recommendation can close a material exception without source evidence and human action.
  2. No payment repair action should bypass idempotency, duplicate prevention and before/after preview.
  3. No GL journal or suspense release should be executed by AI directly.
  4. No cut-off or settlement time should be generated from model memory.
  5. No candidate cash application should be presented as confirmed without approval state.
  6. No exception should be marked no customer impact without explicit assessment.
  7. No residual break should survive close without accountable owner and evidence.
  8. No model/prompt/calendar/rule change should enter protected windows without emergency approval.
  9. No incident recovery should restart normal automation before source, ledger, cash and evidence gates pass.
  10. No productivity metric should be accepted without false match, false closure, evidence completeness and customer-impact metrics.

18. Interview-ready Case Answer

问题: 如何设计 AI-enabled payment reconciliation and settlement exception platform?

30 秒版本:

我会先把它定义成支付运营控制平台, 不是自动对账机器人。核心是 payment event graph: rail file、core posting、GL、settlement cash、suspense、return/reversal 和 evidence 串起来。AI 负责异常分类、候选匹配、根因摘要、SLA 优先级和证据包, 但所有影响 posting、cash、GL、suspense 或客户资金的动作都走 rule catalog、calendar service、tool gateway 和 maker-checker。

2 分钟版本:

架构上我会分三层。第一层是 source and lineage: ACH/wire/card/core/GL/cash files 全部进入 file manifest 和 event graph, 记录 hash、sequence、control total、event time、available time。第二层是 reconciliation engines: file-to-core、core-to-GL、GL-to-cash、Nostro/Vostro、suspense aging 和 cash application。第三层是 AI operations workbench: AI 只做 evidence-grounded classification、candidate matching、root-cause summary 和 prioritization。维修动作必须显示 before/after state, 根据金额、客户影响、GL close 和 cut-off 触发 maker-checker。所有 cut-off 和 return windows 来自 versioned calendar/rule catalog, 不是 prompt。指标上不只看自动化率, 还看 false match、false closure、evidence completeness、suspense aging、cut-off breach、customer impact 和 downstream report corrections。

高阶追问:

如果 settlement exception 影响 liquidity, 我会把它作为 treasury forecast signal: 说明 expected vs actual cash、时间窗口、置信度和未决 break。后续 funding 或 balance-sheet action 仍由 Treasury/ALCO 权限、limit check 和 evidence process 决定, AI 不能自动执行。