Build or Buy AP Automation? What Mid-Market Finance Teams Need to Know

A developer recently demonstrated something that’s been getting attention across finance and IT circles. Using an AI agent, a low-code platform, a Xero API connection, and a batch of invoice PDFs, they built a system that extracts data, suggests GL codes, and pushes transactions into the accounting system – in an afternoon.

It’s a fair question to ask: if the tooling is that accessible, why buy a platform at all? Large language models can read invoices. Low-code platforms can orchestrate workflows. API connectors exist for every major accounting system. For a sole trader processing fifty invoices a month, a DIY agent might genuinely be the right call.

But for a mid-market business with 100 staff, multiple entities, a proper chart of accounts, delegation-of-authority frameworks, GST obligations, and an auditor who asks hard questions, the calculus is completely different. The demo looks the same. The production reality doesn’t.

Key Takeaways

• DIY AP agents can work for small businesses with simple structures, but the gap between a working demo and a production-grade finance system is vast.
• The real question isn’t “can we build it?” – it’s “can we govern it?” Governance includes audit trails, business rules, delegation frameworks, compliance controls, and data retention.
• In-house AI projects accumulate governance debt: hidden compliance gaps that compound over time and surface during audits, not during demos.
• A governed SaaS platform gives you the speed of AI with the controls finance demands, without rebuilding the compliance infrastructure from scratch.

The Demo vs. the Reality

The typical “build your own AP agent” tutorial follows a predictable arc: ingest invoices, extract key fields using an LLM or OCR model, suggest a GL code, and post to the accounting system. The guides are well-written, the architectures are sound, and the demos work. That’s the problem – demos are designed to work.

Most tutorials demonstrate extraction and coding against a clean dataset with a handful of suppliers and a simple chart of accounts. They don’t show what happens when:

• The chart of accounts has 400 codes across five entities, each with different cost centre structures and tax treatments.
• A supplier changes their bank account, and the system needs to flag it for verification before any payment is released.
• An invoice arrives for a new expense category that doesn’t map to any existing supplier default, and needs to be routed to a human, not auto-coded by a model that guesses.
• The CFO changes the delegation of authority, and approval routing needs to be updated immediately across all entities, not after someone remembers to retrain the model.
• The auditor asks to see the decision trail for every invoice processed in the last financial year – which rule or model determined the GL code, who approved it, and why.

None of these is an edge case. They’re the everyday reality of mid-market AP. And none of them is solved by a smarter model. They’re solved by governance infrastructure.

Where DIY Works – and Where It Doesn’t

Building a custom AI agent for AP is a legitimate approach in the right context. The question is whether your context is appropriate.

DIY can work when:

• Volume is low. Fewer than 100 invoices a month. Errors are catchable manually.
• Structure is simple. Single entity, single accounting file, a chart of accounts under 50 codes.
• Compliance obligations are minimal. No multi-entity tax complexity, no statutory audit trail obligations.
• A developer is available who can maintain the agent, handle API changes, monitor for drift, and rebuild when the LLM provider updates their model.
• The stakes are low. If a GL code is wrong, someone catches it during bank reconciliation, and it’s a five-minute fix, not a reporting integrity issue.

DIY breaks down when:

• Volume crosses the threshold where manual review of every AI output becomes impractical – typically somewhere above 500 invoices a month.
• Multi-entity structures exist. Different entities require different GL mappings, approval hierarchies, and tax treatments. A single model doesn’t know which entity it’s processing for unless you build and maintain that logic.
• Delegation frameworks are real. Who can approve what, up to what value, for which cost centre? These rules change when people change roles. In a governed platform, that’s a config change. In a DIY agent, it’s a code change.
• You need to prove compliance. GST accuracy, BAS reporting, ATO audit readiness, and data retention for statutory periods. A platform ships with this. A DIY agent ships without it.
• eInvoicing is coming. With B2G mandates already in effect in Australia and B2B adoption accelerating toward 2026 deadlines, Peppol connectivity and access point integration represent a separate infrastructure project on top of the agent.

Governance Debt: The Hidden Cost of Building Without Controls

Governance debt is the accumulated compliance risk that accrues when a system automates invoice processing but not the controls around it, no auditable decision trails, no enforcement of delegation, no fraud checks, and no data retention policy. Like technical debt in software engineering, it doesn’t announce itself. It compounds quietly until an audit forces the reckoning.

The agent works fine in week one. By month three, it’s processed thousands of transactions without anyone checking whether the GL coding has drifted, whether the approval routing still reflects the current org chart, or whether the tax treatment on intercompany invoices is correct. The outputs look reasonable. That’s what makes them dangerous.

Governance debt compounds in predictable ways:

• Model drift goes undetected. The LLM or ML model that coded invoices accurately in testing starts producing subtle errors as it encounters more edge cases. Without automated monitoring and exception reporting, the errors accumulate in the ledger.
• Compliance gaps surface during audit. When the auditor asks, “Show me the decision trail for invoice 4721,” and the answer is “the AI decided,” that’s a finding, not an answer.
• Fraud controls are afterthoughts. The ACCC reported over $227 million in losses from payment redirection scams in Australia in a single year. A DIY agent typically won’t check whether a supplier’s bank account has changed, whether an invoice is a duplicate, or whether the ABN matches the entity name – these binary checks need to run on every transaction.
• Maintenance burden escalates. LLM providers update models. API schemas change. Xero and MYOB release new versions. The developer who built the agent moves on. Each change is manageable in isolation; together, they create a system nobody fully understands, and everyone is nervous about changing.

The CFO doesn’t see governance debt in the demo. They see it six months later, when something goes wrong, and there’s no trail to follow.

What a Governed Platform Provides That a DIY Agent Doesn’t

The difference between a DIY AP agent and a governed SaaS platform isn’t the AI – it’s the infrastructure around it. The AI component (extraction) is roughly equivalent. Everything else is where the gap opens:

Capability — DIY AI Agent — Governed Platform

Invoice data extraction — LLM/OCR – comparable accuracy — AI extraction – comparable accuracy

GL coding — AI-inferred – drifts, hallucinates — Configurable rules – deterministic, auditable

Approval routing — Build and maintain manually — Pre-configured, updates on config change

Delegation of authority — Hardcoded – requires code change to update — Policy-driven – config change, instant

Fraud / duplicate checks — Not included – requires custom build — Built-in binary checks on every transaction

AP audit trail — Not included – requires custom logging — Every decision logged, traceable, retrievable

GST / BAS compliance — Not included – build or accept the risk — Enforced by configurable tax rules

eInvoicing / Peppol — Separate infrastructure project — Native dual-format ingestion (PDF + Peppol)

Multi-entity support — Build per entity – multiplied maintenance — Separate entity accounts, shared workflow

Data retention — Not included – build or accept the risk — Statutory retention as standard

Maintenance — Internal – every API/LLM update is your problem — Vendor-managed – updates included

Before You Build or Buy: 5 Governance Capabilities Your AP System Needs

Regardless of whether you build a custom agent or buy a platform, these governance capabilities are non-negotiable for mid-market finance:

• Auditable decision trails. Every GL code, every approval, every exception – who decided, what rule applied, and when. If the auditor can’t trace it, it didn’t happen.
• Delegation of authority enforcement. Approval routing that reflects your current org chart and updates when roles change, not when someone remembers to change the code.
• Fraud and duplicate prevention. Binary checks on every transaction: bank account verification, ABN matching, duplicate detection. These run before payment, not after.
• Multi-entity compliance. Each entity’s GST obligations, tax treatments, and reporting requirements enforced independently within a shared framework.
• eInvoicing readiness. Peppol connectivity, structured data exchange, and access point integration – built in, not bolted on as a separate project.

The Right Question for Mid-Market Finance Teams

The question isn’t “can we build an AP agent?” You almost certainly can. The tooling is good and getting better.

The question is: “Should we spend our engineering capacity building and maintaining AP governance infrastructure – or should we buy a platform that already has it and focus our internal resources on the problems only we can solve?”

For a five-person startup, the answer might genuinely be build. The stakes are low, the structure is simple, and the CFO is probably also the person reconciling the bank account.

For a 200-person business with three entities, a financial controller, an external auditor, GST obligations across multiple jurisdictions, and an eInvoicing mandate on the horizon, the answer is almost always buy. Not because the AI is better – it may or may not be – but because the governance infrastructure that makes AP safe for a mid-market business would take years to build and maintain, and it’s table stakes in a governed platform.

That’s the real cost comparison. Not the model’s cost versus the subscription’s cost. The cost of building and maintaining every rule, every audit trail, every compliance control, every delegation framework, every tax table, every eInvoicing connection – versus having it provided, maintained, and updated as part of a platform subscription.

Build the Agent or Buy the Platform – But Don’t Skip the Governance

AI in accounts payable is real, and it’s getting better. If you’re a small business and you want to build an agent that reads invoices and pushes data into Xero, you’ll probably get something working. But the ATO benchmarks paper invoice processing at around $30 per invoice and PDF processing at $27 – and the cost savings from automation evaporate quickly if governance failures create audit exposure, reconciliation rework, or fraud loss.

For mid-market and enterprise finance teams, the lesson from twenty years of AP automation is this: processing speed was never the hard problem. Governance was. The businesses that automate successfully are the ones that set the rails first – business rules, delegation frameworks, compliance controls – then apply AI where it earns its place.

Whether you build or buy, don’t skip the governance. And if you’re going to buy, make sure the platform was built around it – not bolted on after the fact.

The question isn’t “can we build it?” It’s “can we govern it?”

Acume’s AP platform combines machine learning for invoice data extraction with configurable business rules for GL coding, supplier validation, approval routing, and fraud prevention. Built for ANZ mid-market finance teams, with Australian tax, audit, eInvoicing, and multi-entity requirements as standard.

→ See how Acume’s governance-first AP automation works in practice [Link to AP solution page]

→ Read: AI in AP – Why Guardrails Matter More Than Hype [Link to AI Guardrails piece]

→ Getting ready for eInvoicing? Here’s what mid-market businesses need to know [Link to eInvoicing hub]

Frequently Asked Questions