We have now been in enough sign-off conversations with finance leaders to see the same shape of meeting repeat itself. Engineering walks in with a deck about the agent. Finance listens politely. Then finance asks three questions, in roughly this order. They are never the questions engineering came prepared to answer.
The first question is always some version of "what is the most this thing can spend if everything goes wrong?" Not a probability. Not an expected value. A worst case the operator can name and stand behind. If the answer involves the words "depends" or "we have alerts" or "we're confident the prompt", the meeting effectively ends there. The CFO is not equipped to take "depends" back to the audit committee.
The second question is "if it does the wrong thing, can you prove what authority it had at the moment it acted?" This is the audit question disguised as a safety question. The honest answer requires that the authority was declared somewhere durable, that the action was attempted under that declaration, and that both facts are recoverable from a single source weeks or months later. Most agent stacks today have these facts spread across logs, prompts, and IAM policies that have since changed.
The third question is "who turns it off, and how fast?" Specifically: when the wrong thing happens — the agent issues a refund it should not have, or terminates a resource it should not have — what is the operational path back to a safe state, and how long does it take? "We page the on-call" is acceptable for a low-blast-radius agent. It is not acceptable for one that can move money or change production state.
Notice what is not on this list. Model accuracy. Hallucination rates. Benchmark scores. Those numbers belong in a research conversation. They do not appear in the sign-off meeting because they do not answer the question the CFO is being held responsible for, which is "what is the worst that can happen, and how do you prove I authorized only what I authorized?"
This is most of why we frame the product as bounded authority instead of model safety. Bounded authority is what answers those three questions. Model safety is what engineering brings to the meeting and finance does not buy.