Alexandr Chibilyaev on how AACFlow agents work with Russian banking infrastructure: payment reconciliation, invoice processing, cash flow monitoring, tax calculation — with enterprise-grade security for financial data.
Finance operations are the last frontier of manual business processes. While marketing runs on autopilot and sales pipelines are hyper-automated, accounting departments still download bank statements as Excel files, manually match payments to invoices, and copy-paste data between 1C and their banking portal at 11 PM on the last day of the quarter.
This isn't because the tools don't exist. It's because the tools don't talk to each other. And building integrations between Sber Business, CloudPayments, 1C, Diadoc, and the FNS tax service requires months of development work that most companies can't justify.
AACFlow changes that. With 15+ banking and finance connectors, AACFlow agents connect your financial infrastructure end-to-end. Your bank account. Your payment gateway. Your accounting system. Your document exchange. Your tax service. One agent, orchestrating all of them.
Here's the financial infrastructure that AACFlow agents can work with today:
Bank Accounts & Statements: Sber Business, T-Bank Business, Alfa-Bank, VTB Business, Tochka Bank, ModulBank, PSB Bank, Raiffeisen Russia, Sovcombank, Gazprombank. Your agent can fetch transaction histories, check balances, and — where API support allows — initiate payments. All through a unified connector interface.
Payment Gateways: CloudPayments, YooKassa, Robokassa, Paykeeper, Paymaster, Payselection, Platron, Uniteller, Moneta, Sber Acquiring. Your agent sees every payment that passes through your gateway — successful, failed, refunded, pending. Each payment has an ID, an amount, a timestamp, a status, and a payment method.
Accounting Systems: 1C (standard and Bitrix-integrated), Kontur.Accounting, Kontur.Buhgalteria, Kontur.Elba, MoeDelo (Моё Дело), Buhsoft, Finolog, PlanFact, Knopka, Nebo. Your agent can read invoices, create payment orders, update ledgers, and generate reports.
Document Exchange (EDI): Diadoc, Kontur.Diadoc, SBIS EDI, Synerdocs, Astral EDO, Takscom. Your agent receives formalized documents — invoices, acts, contracts — as they arrive, extracts structured data, and routes them to the right workflow.
Cash Register (Online OFD): ATOL Online, Orange Data, First OFD, OFD.ru, Platform OFD, Ferma OFD, CloudKassir, Evotor, Subtotal. Your agent monitors cash register data for retail operations and reconciles it against bank deposits.
This isn't a theoretical list. Every connector is in our registry. Every connector follows the same ConnectorConfig contract. Every connector can feed data into your agent's knowledge base and be called from workflow blocks.
The most universal finance problem: matching incoming payments to open invoices. A company receives hundreds of payments daily — from CloudPayments, from YooKassa, from direct bank transfers. Each payment needs to be matched to the correct invoice in 1C. Missed matches mean unreconciled revenue. Wrong matches mean accounting errors that compound over time.
A payment reconciliation agent in AACFlow solves this:
1
Schedule Trigger(every hour)
2
├── Fetch today's payments from CloudPayments
3
├── Fetch today's payments from YooKassa
4
├── Fetch today's bank statement from Sber Business
5
├── Fetch open invoices from 1C
6
├── LLMBlock: match payments to invoices
7
│ Input: list of payments + list of invoices
8
│ Logic: match by amount, counterparty name, payment purpose
9
│ Output: matched pairs with confidence scores
10
├── Condition: confidence >95%?
11
│ ├── Yes → Mark as reconciled in 1C
12
│ └── No → Flag for manual review, send to Slack
13
└── Generate reconciliation report → save to Google Sheets
The LLM block is the key. It handles the fuzzy matching that rule-based systems fail at. "Payment from ООО 'Ромашка' for 15,000 ₽ with purpose 'Оплата по счету №245 от 12.05.2026'" — the agent extracts the invoice number, matches the amount, verifies the counterparty, and marks it reconciled. A rules engine would fail on the slightly different company name format. The LLM handles it naturally.
Invoices arrive through Diadoc and email. Someone has to open each one, extract the key details, check it against the contract, approve it, and trigger payment. In a company processing 50+ invoices per month, this is a half-time job. In a company processing 500+, it's a department.
An invoice processing agent:
1
Webhook Trigger(newdocumentin Diadoc)
2
├── Extract structured data from the invoice
3
│ Connector: Diadoc → text extraction
4
├── LLMBlock: parse invoice fields
5
│ Extract: amount,VAT, counterparty, date, due date, items
6
├── Knowledge Base Search: look up the counterparty contract
7
│ Query:"contract with {counterparty} terms and limits"
8
├── LLMBlock: validate against contract
9
│ Check: amount within contract limit? items match scope?VAT correct?
10
├── Condition: all valid?
11
│ ├── Yes → Send for payment approval via Slack
12
│ │ → Upon approval → Execute payment via Sber Business
13
│ │ → Log payment in 1C
14
│ └── No → Flag discrepancies, notify finance manager
15
└── Log every step to audit trail
The agent doesn't just process the invoice. It validates it against the actual contract terms stored in the knowledge base. It checks VAT rates against the goods classification. It verifies the counterparty's tax status via FNS EGRUL. It's not a dumb pipeline — it's a finance analyst that works 24/7.
Cash flow is the heartbeat of a business. A CFO needs to know: what's our current balance across all accounts? What's coming in this week? What's going out? Are there any unusual transactions? Most companies answer these questions with a weekly Excel export from the banking portal and a lot of manual filtering.
A cash flow monitoring agent:
1
Schedule Trigger(every 3 hours, or real-time via webhooks)
2
├── Fetch balances from all connected bank accounts
3
│ Sber Business,T-Bank, Alfa-Bank, ModulBank
4
├── Fetch recent transactions from all accounts
5
├── Fetch expected payments from 1C(unpaid invoices)
6
├── Fetch expected receipts from 1C(unpaid customer invoices)
│ │ → If critical(balance < payroll) → SMS via devino_telecom
15
│ └── No → Log summary
16
└── Update dashboard in Google Sheets
The "unusual transaction detection" is where the agent adds value beyond a rules engine. An LLM can spot patterns: "This counterparty has never received a payment this large before." "This payment category spiked 3x compared to the monthly average." "This payment was made on a Saturday, which is unusual for this account." These are the patterns that a human analyst would notice — and the agent notices them every three hours, not once a week.
Tax compliance is the most stressful part of running a business. Deadlines are fixed. Penalties for mistakes are severe. And the process involves pulling data from multiple disconnected systems, calculating obligations, and submitting forms to the FNS.
A tax agent in AACFlow:
1
Schedule Trigger(monthly,5 days before deadline)
2
├── Fetch revenue data from 1C and payment gateways
3
├── Fetch expense data from 1C and bank statements
│ Simplified tax system(УСН) calculation if applicable
10
├── LLMBlock: generate tax report
11
│ Structured data for tax declaration forms
12
├── Knowledge Base Search: check for recent tax law changes
13
│ Query:"recent changes to VAT rates or thresholds 2026"
14
├── Condition: law changes detected?
15
│ ├── Yes → Flag for accountant review with specific changes
16
│ └── No → Proceed
17
├── Generate tax payment orders in Sber Business
18
└── Submit report via Kontur.Extern or FNS connector
The agent doesn't file taxes autonomously — that requires a certified accountant's approval. But it does 95% of the work: gathering data, performing calculations, generating prefilled forms, and flagging potential issues. The accountant's job shifts from "manually compile data from 6 systems" to "review and approve the agent's work." Hours saved. Errors prevented. Deadlines met.
Financial data is the most sensitive category of business data. A leaked bank statement or a compromised API key doesn't just cause embarrassment — it causes financial loss, regulatory penalties, and loss of customer trust. Our security architecture for financial connectors reflects this.
Encryption at rest. All API keys, access tokens, and credentials are encrypted with AES-256-GCM before storage. The encryption key is managed via environment variables, never hardcoded. Database backups are encrypted. Connection strings are encrypted. Even if an attacker gains access to the database, the credentials are unreadable.
Encryption in transit. All external API calls use TLS 1.3. No plain HTTP for financial connectors. Certificate validation is enforced. Man-in-the-middle attacks are blocked at the protocol level.
Never store raw credentials. When a user configures a Sber Business connector, they provide API credentials through the UI. Those credentials are encrypted immediately and stored in the encryptedApiKey column. They are never logged. They are never returned in API responses. They are never exposed in the visual editor. The raw value exists in server memory only during API calls.
BYOK (Bring Your Own Key) for bank APIs. AACFlow never holds your bank API keys in a shared credential pool. Every workspace brings its own keys. The keys are scoped to that workspace. No cross-workspace access. No shared credentials. Your Sber Business API key unlocks only your Sber Business account — not anyone else's.
Audit logs for every financial action. Every time an agent reads a bank statement, initiates a payment, or updates a 1C record, the action is logged with:
Timestamp
User ID (who configured the agent)
Workspace ID
Agent ID
Action type (read, write, execute)
Target system (Sber Business, CloudPayments, 1C)
Success/failure status
These logs are immutable. They cannot be modified or deleted. They're exportable for compliance audits. If an auditor asks "who authorized this payment of 500,000 ₽ on March 15th?" — the audit log answers definitively.
Least-privilege API access. We encourage users to create dedicated API keys with minimal permissions. A reconciliation agent only needs read access to the bank statement — it doesn't need payment initiation. A payment agent needs payment initiation but not account management. The principle of least privilege isn't enforced by AACFlow — it's enforced by the bank's API permission model. But our configuration UI makes it easy to configure and document.
For enterprise customers — banks themselves, large financial services companies, regulated industries — we offer additional compliance features:
Private cloud deployment. The entire AACFlow platform runs in your infrastructure. Your data never leaves your network. Your API keys never touch our servers. Your agents run in your VPC. We provide the Docker images and the deployment scripts via Coolify or direct Docker Compose. You control everything.
SSO and SCIM for financial teams. Finance departments are part of large organizations. They use corporate SSO (Okta, Azure AD). User lifecycle is managed via SCIM — when a finance employee leaves, their access to AACFlow is revoked automatically. No stale accounts with access to financial agents.
RBAC with financial role segregation. Not everyone with AACFlow access should see financial agents. We support role-based access where:
Finance Admin — can configure bank connectors, view all financial agents, approve payments
Finance Operator — can view financial dashboards and reports, cannot modify agent configurations
Finance Auditor — can view audit logs and reports, cannot execute agents
Role segregation prevents the "accountant who can also modify the reconciliation agent's logic" conflict of interest.
The connector feeds bank transactions into the knowledge base. Each transaction is a document with structured tags: amount, date, counterparty, type. The agent searches the knowledge base semantically ("show me all large outgoing payments to new counterparties") AND with structured filters (amount > 100,000, type = 'outgoing', date = 'last 7 days'). The hybrid search capability we built into PostgreSQL + pgvector makes this pattern natural.
Companies using AACFlow for financial automation report:
Payment reconciliation time: from 4-6 hours daily to 15 minutes of review
Invoice processing: from 2-3 days per invoice to under 5 minutes
Cash flow visibility: from weekly Excel snapshots to real-time dashboards
Tax preparation: from 2 weeks of manual data gathering to 1 day of agent-generated reports
Audit readiness: from "we'll need a few days to pull those records" to "here's the export"
The agent doesn't replace the finance team. It replaces the 80% of their time spent on data gathering, data entry, and mechanical matching. The remaining 20% — strategic analysis, exception handling, complex decisions — becomes their full focus. The finance team shifts from data processors to strategic analysts.
Financial automation is not a future vision. It's operational today on AACFlow. If your finance team is still downloading bank statements as Excel files and matching payments by hand, talk to us. We'll show you how an agent can take over the mechanical work so your team can focus on what actually requires human judgment.
