The Buy vs Build debate is over

This week Amazon invested $13bn into OpenAI rising to as much as $50bn over 5 years. They have already invested $8bn in Anthropic, for a stake that's now worth $60bn. That is $58bn in cash invested into AI labs, before a single datacentre is built.

This is not venture capital. This is sovereign-scale capital allocation. And it ends a debate that some in treasury technology were still having.

Can a TMS vendor build its own frontier LLM? No. The buy versus build debate is over. The cost of entry is categorically out of reach for any treasury software provider.

The companies building frontier models are Microsoft, Google, Meta, Amazon and OpenAI. Every one of them has committed north of $100bn when infrastructure, talent and strategic investment are combined. No TMS vendor is writing cheques like this. No treasury fintech is close.

So who's model is it really?

Every TMS vendor with an AI product is, without exception, dependent on someone else's model. The question is which one, and what data sharing practices and contractual arrangements do they have.

Some will license directly from OpenAI or Anthropic. Some will access multiple models through Azure or AWS. And some will deploy open source models on premise to maintain control over their environment.

That last option is entirely valid. But look under the hood. It will be Llama. Or DeepSeek. Or Grok. A variant of an open source model that still requires updates in the same way as Open AI or Anthropic.

Llama cost Meta hundreds of billions to develop and so it's not possible for a TMS provider to build an LLM from scratch. These models provide more independence but that is not the same as a model that they themselves have developed. Ultimately the creators of Llama etc have a broad audience and so they aren't specifically considering TMS customers when they update their models in the way that a TMS provider would doing a software update.

The update problem — and why it matters more in treasury

LLMs will normally behave in a certain way most of the time, but not every time. And when a model updates, that behaviour shifts. A prompt that worked perfectly last month may produce different outputs today. It may not work at all.

No one yet fully understands or can map all the changes that occur in a model when parameters are changed and that is an issue.

Your TMS today runs deterministic processes. These deliver the same outputs from the same code every time.

If something changes, you test it. You verify it. You know what it will do. AI is different.

Who is responsible when an updated model produces a wrong cash position? What is your vendor's process for testing behavioural changes before pushing updates live? How are you notified when the underlying model changes?

These are not hypothetical questions. They are operational risk questions. And in treasury, where accuracy has to be 100%, they need answers.

Concentration risk — a problem treasurers already understand

Treasurers already understand concentration risk. Diversifying banking relationships is standard practice precisely because reliance on a single counterparty creates fragility.

Single-model dependency is the same risk. It just does not have a policy yet.

If your TMS connects to one model and that model updates significantly, your workflows are exposed. If the provider changes their terms, pricing or data handling practices, your options are limited. If the model is deprecated, you have no fallback.

We are already seeing political elements to the selection of LLM provider, with Anthropic being removed by the US government as they do not want Claude to be used by the Pentagon.

Chinese handset providers such as Huawei have been blacklisted by many organisations, we could see similar with the use of tools like Deep Seek.

Multi-model access is the answer - and it mirrors the logic treasurers already apply elsewhere.

If the latest OpenAI update behaves unexpectedly, or goes down for a period, you switch to Claude. If Llama changes, you have Mistral or a Microsoft model as a fallback. Your prompts are tested across multiple models. Your treasury workflows are not hostage to a single provider's release cycle.

I believe multi-model access is the strategy we will see the best TMS vendors adopt. Not as a marketing feature. As a risk management discipline.

AI does not remove vendor risk. It increases it.

There is a common assumption that AI is just another feature inside your TMS. It is not. Every model connection is a data connection to a third party that your vendor did not build and does not fully control.

SOC 1 and SOC 2 covers your TMS. It does not cover what happens to your data when it leaves for the model. That is a new risk layer, and it sits outside the assurance framework most treasury teams are currently relying on.

The model provider's priorities are not your priorities. They are building for their largest customers, their own products, their own roadmap. When they update a model, they are not thinking about your cash forecasting workflow.

Understanding and managing model and AI counterparty risk is critical for vendors and for treasury teams to understand.

The questions you should be asking your TMS vendor now

When evaluating AI capability in your TMS, the right question is not whether they have AI. They all do. The right questions are:

- Which models do you connect to - one or many?

- What data is transmitted to the model provider, and in what form?

- Is data encrypted before it leaves your environment?

- What contractual protections exist with the model provider around data use and retention?

- What is your model update policy, and how do you test for behavioural changes before pushing updates live?

- How are customers notified when the underlying model changes?

- Who is responsible when an updated model produces an incorrect output?

- Is your organisation comfortable with treasury data touching that provider's infrastructure?

Most vendors do not have complete answers to these questions yet, and the use of generative AI in many systems is at a very early stage, but getting these right is crucial for security and operational resilience.

It is a reason to ask the questions early and push for proper governance frameworks before you are dependent on the answers.

What good looks like

The TMS vendors who win the next five years will not be the ones who avoid generative AI. They will be the ones who allow AI to provide maximum value in a safe, sustainable and repeatable framework.

That means multi-model access. Clear data governance. Tested update processes. Transparent third-party relationships. And the humility to acknowledge that the model is rented — and to build resilience around that fact.

The race to build LLMs is over for treasury vendors.

The race to govern them well has just begun.

Your Treasury helps corporate treasury teams navigate AI adoption with confidence. If you would like to discuss AI governance frameworks for your treasury function, get in touch at www.yourtreasury.ai