What modern expense control should actually look like

The reality behind the illusion of control

Every finance leader has wondered whether the expense controls that look tight in policy documents are actually working in practice.

Usually, the response to this risk is additive, resulting in more approval layers, stricter documentation requirements, and heavier manual reviews. But our recent study suggests that this instinct is driving a dangerous control paradox: the tighter and more restrictive an expense process becomes, the worse the financial outcomes in both directions.

Knowing the system is broken is the easy part. The harder question for finance leaders is what modern financial control should actually look like in practice.

Why detection is becoming an arms race

The natural response to more sophisticated fraud is more sophisticated detection. AI-powered anomaly flagging, automated receipt verification, cross-referencing claims against transaction records. These are real improvements, and they matter.

The problem is that detection alone doesn't change behavior. The research makes this plain: awareness of a control does not reliably produce compliance. When a process is painful enough and the perceived risk feels manageable, people adapt their behavior around the process instead.

And the detection side of this problem is getting harder, not easier.

As finance teams invest in more sophisticated verification tools, generative AI is producing increasingly realistic receipts, invoices, and supporting documents. What starts as a detection breakthrough quickly becomes a reactive cycle as fraud patterns evolve, models adapt, and the process repeats. For finance leaders, that means fraud prevention risks becoming an endless verification race that gets more expensive and more complex with every iteration.

The issue is not whether AI detection tools have value. They do. But as long as receipt images remain the primary source of truth, fraud prevention will always be reactive. The stronger move is reducing dependence on manually submitted documents altogether, so the question of whether a receipt is real becomes less central than whether the underlying transaction is verified.

Why receipt-based workflows are fundamentally broken

Most expense systems are built around a simple assumption: employees incur a cost, keep the receipt, and submit it later. The receipt is the evidence. The verification, matching, and approval all flow from that.

It's an assumption that made sense when receipts were physical and hard to replicate. It no longer does.

Today, the same consumer AI tools available to anyone can produce a convincing receipt image in seconds. Manual visual verification can't reliably distinguish real from fake at scale. And even setting fraud aside, the workflow itself creates problems. Receipts get lost. Hotels don't always send invoices automatically. Employees traveling across multiple time zones submit documentation days or weeks after the fact, from memory, and under pressure to get back to their real work.

The result is a system where the primary source of truth is also the weakest link. Finance teams are making control decisions based on documentation that is incomplete, delayed, and increasingly easy to manipulate.

Patching that system with better detection tools helps at the margins. It doesn't fix the architecture.

To solve the control paradox, finance teams need to stop auditing documents and start controlling money.

What embedded control looks like in practice

The alternative to receipt-dependent verification isn't fewer controls. It's controls that are embedded earlier in the process, closer to where money actually moves.

There are a few capabilities that define that shift.

Shift the source of truth from the employee to the network

Corporate cards connected to the payment network generate a verified record of every purchase  the moment it happens, before a receipt is submitted, and before anyone has had the opportunity to reconstruct or modify anything. When the transaction itself is the primary data point, the receipt becomes supporting evidence rather than the only evidence. That changes where the control actually sits.

Enforce boundaries at the point of decision, not after the fact

By the time a claim reaches a finance team for review, the money has already moved. Spend controls built into corporate card infrastructure, including category restrictions, per-transaction limits, and automatic flagging of out-of-policy purchases, enforce the rules at the moment they matter. Non-compliant spend doesn't get reviewed and rejected; it simply doesn't get through.

Eliminate the data gaps that incentivise fraud

When transaction data already exists in the system, there are fewer gaps for fraudulent documentation to exploit. Automated matching cross-references card transactions against submitted receipts and booking records, applying the same standard consistently across every claim. The gap that fraudulent documentation is designed to exploit largely disappears.

Treat user experience as a core compliance tool

Forty-two percent of employees in our research said they had absorbed legitimate work expenses rather than go through the reimbursement process. That's not a compliance win. It's a visibility problem.

When submission is slow, manual, or difficult to complete on the go, employees delay claims, avoid smaller expenses, or work around the process entirely. Finance teams end up with incomplete spend data and less visibility into what the business is actually spending.

Modern financial control depends as much on usability as policy enforcement. Mobile-first workflows, fewer manual steps, and automatic data capture don't just improve the employee experience — they improve compliance and data quality too.

How Perk approaches embedded control

This isn't a theoretical framework. Designing for default compliance is the exact blueprint we used to build Perk. 

The starting point is moving control closer to where money actually moves. Instead of relying on employees to reconstruct purchases later through receipts and manual claims, Perk Card captures verified transaction data directly from the Visa network at the point of payment. That gives finance teams an independent source of truth before any expense is submitted.

From there, controls are embedded into the workflow itself. Spend policies can be enforced at the card level through category restrictions, transaction limits, and approval rules, while automated matching handles reconciliation between transactions, receipts, and booking data in the background.

The employee experience matters too. When expense submission takes a few taps from a phone instead of a lengthy reimbursement process, people actually use the system consistently, which gives finance teams a more complete and accurate picture of spend.

The goal isn't to create more friction via more review layers. It's to make compliant behavior the easiest path by default.

The architecture question

For most finance teams, the response to expense fraud has been additive: more documentation requirements, more approval layers, more detection tooling on top of existing processes. The architecture underneath has stayed largely the same.

That architecture was built for a slower, simpler environment. One where receipts were physical, AI-generated fakes weren't a realistic risk, and the gap between policy and practice was primarily a question of individual honesty rather than systemic design.

That environment no longer exists. And the question finance leaders are increasingly facing isn't whether their controls are strict enough. It's whether the system underneath those controls is still fit for purpose.

The goal isn’t tighter oversight.

It’s control architectures that make compliant behavior the default.

See how Perk helps finance teams build controls at the source

Find out how Find out how