Three things are true at once in mid-2026:
- 67% of US CFOs name agentic AI workflow automation their #1 finance-tech priority (CFO Dive Q1 2026 benchmark).
- 60% of CFOs are increasing finance-function AI investment 10%+; 88% rank productivity top-3 (Gartner February 2026).
- Gartner (May 2026): "CFOs must stop mistaking finance AI deployment for value creation." Realized value is lagging adoption.
The gap between deployment and value is not model quality, latency, or prompt engineering. It's that the policy chokepoint — the part the audit committee actually reads — has been treated as a vendor moat. closegate is that part, open-sourced.
The decision matrix
You have three paths. They look like this:
| Path | What you buy | Year-1 cost | Audit defensibility |
|---|---|---|---|
| Build | Internal engineering team writes the policy gate, audit log, HITL inbox, eval harness | $200K–$600K (2 engineers, 6 months) | Strong if you have AI-controls expertise in-house. Most teams don't. |
| Buy (commercial) | BlackLine / FloQast / Numeric / Vic.ai — SaaS with closed policy gate | $40K–$500K/yr seat licensing | Strong on paper. Closed source means your auditor takes vendor's word for it. |
| Adopt (closegate) | OSS reference architecture, self-hosted, your policy.yaml, your audit log | $16K one-time + ~$12K/yr compute | Strongest. Your auditor, your CISO, and your architect read the same source-of-truth. |
Year-one TCO comparison
For a 50-person SaaS finance team running an AI close-cycle pilot:
| Cost line | BlackLine (entry tier) | FloQast | Numeric | closegate |
|---|---|---|---|---|
| License / subscription | $80K–$150K | $40K–$90K | $35K–$80K | $0 |
| Implementation services | $60K–$150K | $30K–$80K | $25K–$60K | $16K (in-house eng) |
| Compute / API (annual) | included | included | included | ~$12K (Anthropic midpoint) |
| SOC 2 Type 2 evidence prep | vendor RCA gets you part way | vendor RCA | vendor RCA | included (audit-evidence-export) |
| Year-1 total | $140K–$300K | $70K–$170K | $60K–$140K | $28K |
| Ongoing (year 2+) | $80K–$150K/yr | $40K–$90K/yr | $35K–$80K/yr | ~$12K/yr |
Run the ROI calculator with your team's actual inputs. Conservative model — assumptions sourced from published vendor benchmarks (Numeric, FloQast, Vic.ai), not from marketing material.
What you should ask before you adopt anything
Questions for any vendor (including us):
- Can my external auditor read the policy gate code? If no, your audit committee depends on the vendor's pinky-promise.
- Where is the audit log stored, and who has UPDATE/DELETE rights? If it's vendor-controlled, an insider at the vendor has a path you can't enforce.
- Is SoD enforced at the prompt or server-side? Prompt-level enforcement loses to any jailbroken LLM session. Server-side is the only defensible answer.
- If we leave the vendor, can we export the audit log in a format our next vendor (or our SQL) can read? Often the answer is "yes, in CSV" — meaning you lose the verbatim policy clause attribution that made the original audit defensible.
- What does the vendor's RCA look like when an agent confirms an above-materiality match overnight? Ask for a sample RCA from a real incident. If they can't share one, you'll be writing it yourself in front of your audit committee.
The this-week action list
If this framing fits, here's what you actually do:
- Run the ROI calculator with your team's numbers. /roi. Takes 90 seconds. The output is suitable for a board pre-read.
- Read the comparison vs your shortlisted vendor. /compare. We won't try to sell you closegate if the SaaS option fits your shape — the 14-row table makes the trade-offs explicit.
- Send your controller the for-finance-teams page. /for-finance-teams. It's the plain-English version with the workflow walkthrough and the pilot shape.
- Get the auditor one-pager in front of your external auditor. /for-auditors. Five-minute read. It's the controls-mapping narrative.
- Open a conversation. Two design-partner slots open this quarter. The conversation alone is worth it — we'll tell you straight if closegate isn't the right fit. /contact.
What you get as a design partner
- Direct line to the maintainer. Monthly 30-min sync. Friday office hours.
- Co-design influence on the v1.0 surface — your jurisdictional shape gets first-class support in the next minor release.
- A reference implementation your auditor, CISO, and AI architect can all read from the same git commit.
- Zero seat licensing — forever. Pay for self-hosted compute only. The framework stays free under Apache-2.0.
- Case study collaboration (anonymized fine) once the pilot graduates to a production close cycle.