Identity stays inside
Names, full IBANs, tax IDs, emails or sensitive internal references can stay in your environment or in a private layer.
Use case 03 · Finance and control
AI bank reconciliation without exposing personal data
AI can help you match payments in, payments out, invoices and bank transactions without seeing credentials, full IBANs or unnecessary personal data. The key is to work with minimal, normalized and pseudonymized data.
Data minimizationTokens instead of identityHuman review
The big idea
Reconciling doesn't mean showing your whole bank account to an AI.
To reconcile, the model usually doesn't need to see who you are, your full IBAN, bank credentials or original documents. It needs patterns: dates, amounts, partial references, the likely link to invoices and business rules. That lets you separate the sensitive data from the useful reasoning.
The AI works with signals
Amount, date, currency, partial reference, third-party hash, transaction type and status are enough to propose matches.
Doubtful cases get reviewed
The AI doesn't have to close everything automatically. It can leave exceptions tidy for a person.
Secure data flowPrivate zone Safe zone for AI Decision zone
Three zones: private, minimized and supervised.
The right design isn't "upload the bank to the AI". It's building a pipeline where sensitive data is filtered before it ever reaches the agent.
Full data under your control
Bank, ERP or accounting
Statements, invoices, payments in, payments out and internal rules.
Statements, invoices, payments in, payments out and internal rules.
Private extractor
Reads the source without handing credentials to the model.
Reads the source without handing credentials to the model.
Normalizer
Turns different formats into one common table.
Turns different formats into one common table.
Minimal, pseudonymized data
Minimization
Fields that add nothing to reconciliation are removed.
Fields that add nothing to reconciliation are removed.
Tokenization
"Juan Perez / ES12..." becomes "CLI_8F21".
"Juan Perez / ES12..." becomes "CLI_8F21".
AI Agent
Proposes matches, spots patterns and explains exceptions.
Proposes matches, spots patterns and explains exceptions.
Reviewable, traceable result
Reconciliation engine
Applies rules: exact, likely, doubtful or rejected.
Applies rules: exact, likely, doubtful or rejected.
Human supervisor
Approves exceptions and adjusts criteria.
Approves exceptions and adjusts criteria.
Audit log
It's clear what was proposed, why and who approved it.
It's clear what was proposed, why and who approved it.
Visual example
Before the AI there's a cleaning layer.
This is the difference between an insecure approach and a well-designed one: you don't query the model with the full statement; you hand it a useful, reduced version with no direct identity.
Original private data
Account holderMaria Lopez Garcia
IBANES12 2100 0418 4502...
DescriptionPayment invoice F-184 Maria L.
Internal emailmaria@...
Amount840.00 USD
Date2026-05-12
Data the agent can see
Third partyCLI_8F21
AccountBANK_ACC_02
ReferenceF-184
Channeltransfer
Amount840.00 USD
Date2026-05-12
What the AI sees
The AI doesn't need identity; it needs structure.
Shouldn't see
Bank credentials or direct access to the bank.
Full IBANs when they're not needed for the task.
Tax IDs, addresses, personal emails or phone numbers.
Full original statements without filtering.
Attached documents with irrelevant data.
Can see
Date, amount, currency and transaction type.
Partial reference for an invoice, remittance or order.
Third-party token: customer/supplier with no real name.
Accounting category or applicable rule.
Status: exact, likely, doubtful or pending.
Exact match
Same amount, same reference and a compatible date. The system can propose automatic reconciliation if your rules allow it.
Likely match
Same amount but an incomplete reference, a grouped payment or a shifted date. The AI explains why it thinks it fits.
Tidy exception
Bank fee, refund, duplicate payment, split invoice or a few-cents difference. It arrives for review with a hypothesis, not as chaos.
match_score = amount + date + partial reference + third-party token + rules
real identity = not needed to compute the proposal
real identity = not needed to compute the proposal
What the agent does
Less searching, more deciding.
Proposes matches
Links transactions to invoices, direct debits, remittances or orders using secure signals.
Spots anomalies
Finds duplicates, partial amounts, unexpected fees, refunds and transactions with no invoice.
Explains the reason
It doesn't just flag "likely": it shows which data matches and which data is missing to close it.
Prepares the review
Sorts exceptions by impact, urgency and confidence so a person can review fast.
Governance and control
Secure doesn't mean magic. It means designed with limits.
Security comes from a concrete architecture: minimal permissions, zone separation, logs, human review and clear rules about what can be automated and what can't.
Minimal permissions
The agent doesn't need to operate accounts or move money. To reconcile, controlled read access or exported files is usually enough.
Traceability
Every proposal keeps the signals used, the confidence level and the final decision. If someone asks "why", there's an answer.
A human at the close
The obvious cases can be automated if you want. The doubtful ones stay in a review queue with a clear explanation.
Before
Statements, spreadsheets and invoices all open at once.
Sensitive data floating around in screenshots and attachments.
Hours hunting for references and similar payments.
Exceptions mixed in with normal transactions.
After
Bank data minimized before it reaches the AI.
Reconciliation proposals with an explanation.
Exceptions grouped by reason and priority.
Human review focused only on what matters.
Frequently asked questions
What people ask
Do I have to give the AI access to my bank?
No. The AI doesn't need to see your bank: it works with signals (amount, date, currency, partial reference, transaction type). Credentials and full data stay under your control.
What data does the AI NOT see?
Bank credentials, unnecessary full IBANs, tax IDs, addresses, personal emails or phone numbers, and the original unfiltered statements.
How is personal data protected?
With an upfront cleaning layer: minimization and pseudonymization. For example, a name like Maria Lopez can become a reference such as CLI_8F21. The AI receives structure, not identity.
What happens with the doubtful cases?
Not everything is closed automatically: exceptions are kept organized and traceable so a person can review them.
Next step
See pricing and create my AgentStart with a small, secure reconciliation.
A first case can be simple: a bank export, invoices from one period, clear rules and human review. hablo can turn it into a measurable workflow without exposing more data than necessary.