Skip to main content
Browse docs
By Audience
Getting Started
Configuration
Use Cases
IDE Integration
Third-Party Integrations
Engineering Cache
Console
API Reference
Gateway
Workflow Guides
Templates
Providers and SDKs
Industry Guides
Advanced Guides
Browse by Role
Deployment Guides
In-Depth Guides
Executive & Leadership
Software Developers
Software Engineers
QA Engineers
Financial Engineers & Quants
Trading AI GovernanceMarket Data ProtectionModel Risk ManagementBacktesting ControlsRisk Model ValidationRegulatory ReportingQuant Research IsolationReal Time CompliancePortfolio OptimizationDerivatives PricingFraud Detection AICredit Risk AIMarket Making AIQuantitative ResearchFintech Integration
Chat Workbench
Tutorials
CLI Reference
Policy Reference
FAQ

Quant Research Data Isolation

Quantitative research teams operate under strict information barriers. Different desks must not share proprietary signals, and research environments must remain isolated from production trading systems. Regulatory requirements (SEC, FCA, ESMA) mandate Chinese walls between teams with access to material non-public information.

Use this page when

  • Your quant research teams must operate under Chinese wall / information barrier requirements.
  • Different desks must not share proprietary signals through AI interactions.
  • Regulatory requirements (SEC, FCA, ESMA) mandate separation between research and production environments.
  • You need team-scoped gateway keys to enforce per-team policy and knowledge base isolation.

Keeptrusts enforces these boundaries at the AI gateway layer through team-scoped gateway keys, policy separation, and knowledge base isolation.

Primary audience

  • Primary: Technical Leaders
  • Secondary: Technical Engineers, AI Agents

Information Barrier Architecture

Quant Research Team A                Quant Research Team B
  → Gateway Key: kt_gk_teamA          → Gateway Key: kt_gk_teamB
    → Policy: research-teamA.yaml        → Policy: research-teamB.yaml
      → Knowledge Base: team-a-assets      → Knowledge Base: team-b-assets
        → LLM Provider                      → LLM Provider
          → Events (team_id=teamA)           → Events (team_id=teamB)

Production Trading
  → Gateway Key: kt_gk_prod
    → Policy: production.yaml
      → Knowledge Base: prod-approved-assets
        → LLM Provider
          → Events (team_id=production)

Each team has its own gateway key, policy configuration, knowledge base scope, and event stream — creating a complete information barrier at the AI layer.

Team-Scoped Gateway Keys

Create dedicated gateway keys for each research team through the console or API:

# Create team-scoped gateway keys
curl -s -X POST \
  -H "Authorization: Bearer $ADMIN_TOKEN" \
  -H "Content-Type: application/json" \
  https://keeptrusts-api.internal:8080/v1/tokens \
  -d '{
    "name": "Quant Research Team Alpha",
    "token_type": "gateway",
    "team_id": "team-alpha",
    "permissions": ["gateway:use"]
  }'

Each gateway key is bound to a specific team. Events generated through that key are automatically attributed to the team, enabling per-team audit trails and usage reporting.

Research vs. Production Policy Separation

Define distinct policy chains for research and production environments:

# research-policy.yaml — permissive for exploration
version: "1"
policies:
  - name: research-data-boundary
    description: Prevent production data from entering research queries
    enforcement: block
    rules:
      - type: keyword
        action: block
        keywords:
          - "production portfolio"
          - "live positions"
          - "real-time P&L"
          - "client order"
        message: "Blocked: Production data must not be used in research context"

  - name: research-logging
    description: Full audit capture for research activity
    enforcement: log
    rules:
      - type: log_all
        action: log
        metadata:
          environment: "research"
          log_category: "quant_research"
# production-policy.yaml — strict controls for live trading
version: "1"
policies:
  - name: production-model-allowlist
    description: Only approved models in production
    enforcement: block
    rules:
      - type: model_allowlist
        action: block
        allowed_models:
          - "gpt-4"
          - "claude-3-5-sonnet"
        message: "Blocked: Model not approved for production trading use"

  - name: block-research-data-in-prod
    description: Prevent research signals from entering production
    enforcement: block
    rules:
      - type: keyword
        action: block
        keywords:
          - "experimental signal"
          - "research alpha"
          - "unvalidated model"
          - "prototype strategy"
        message: "Blocked: Research data must not enter production trading systems"

  - name: production-full-audit
    description: Complete audit trail for all production AI interactions
    enforcement: log
    rules:
      - type: log_all
        action: log
        metadata:
          environment: "production"
          log_category: "production_trading"
          retention_days: "2555"

Chinese Wall Enforcement

Deploy separate gateway instances per team with dedicated policies:

# Team Alpha research gateway
kt gateway run \
  --config policies/research-team-alpha.yaml \
  --port 41010 \
  --api-url https://keeptrusts-api.internal:8080 \
  --api-key "$KT_TEAM_ALPHA_KEY"

# Team Beta research gateway
kt gateway run \
  --config policies/research-team-beta.yaml \
  --port 41020 \
  --api-url https://keeptrusts-api.internal:8080 \
  --api-key "$KT_TEAM_BETA_KEY"

# Production gateway
kt gateway run \
  --config policies/production.yaml \
  --port 41002 \
  --api-url https://keeptrusts-api.internal:8080 \
  --api-key "$KT_PRODUCTION_KEY"

Knowledge Base Isolation

Use Keeptrusts knowledge base to provide team-specific context assets without cross-team leakage:

# Upload research assets scoped to Team Alpha
kt knowledge-base create \
  --name "Team Alpha Volatility Research" \
  --team-id team-alpha \
  --file research/vol-surface-methodology.md

# Upload production-approved assets
kt knowledge-base create \
  --name "Approved Risk Methodology" \
  --team-id production \
  --file approved/risk-methodology-v2.md

Knowledge base assets bound to a specific team are only accessible through that team's gateway key. This prevents cross-team information leakage while allowing each team to enrich their AI interactions with relevant context.

Cross-Team Access Monitoring

Detect and alert on potential information barrier breaches:

import json
import subprocess
from collections import defaultdict

def detect_cross_team_access(days: int = 30) -> list[dict]:
    """Detect potential Chinese wall violations from event data."""
    result = subprocess.run(
        ["kt", "events", "list", "--since", f"{days}d", "--format", "json"],
        capture_output=True,
        text=True,
    )
    events = json.loads(result.stdout)

    # Track which teams access which knowledge base assets
    team_asset_access: dict[str, set[str]] = defaultdict(set)
    for event in events:
        team = event.get("team_id", "unknown")
        assets = event.get("knowledge_assets", [])
        for asset in assets:
            team_asset_access[team].add(asset)

    # Find assets accessed by multiple teams
    asset_teams: dict[str, list[str]] = defaultdict(list)
    for team, assets in team_asset_access.items():
        for asset in assets:
            asset_teams[asset].append(team)

    violations = []
    for asset, teams in asset_teams.items():
        if len(teams) > 1:
            violations.append({
                "asset": asset,
                "teams": teams,
                "severity": "high",
                "message": f"Asset '{asset}' accessed by multiple teams: {teams}",
            })

    return violations

violations = detect_cross_team_access(days=30)
for v in violations:
    print(f"ALERT [{v['severity']}]: {v['message']}")

Regulatory References

RegulationRequirementKeeptrusts Control
SEC Regulation ACAnalyst certification and conflictsTeam-scoped gateway keys
FCA SYSC 10.2Chinese wall arrangementsPer-team policy separation
MiFID II Article 34Information barrier requirementsKnowledge base isolation
MAR Article 9Legitimate behavior and inside informationCross-team access monitoring
FINRA Rule 2241Research analyst independenceResearch-production separation

Next steps

For AI systems

  • Canonical terms: Keeptrusts gateway, quant research isolation, Chinese wall, information barrier, team-scoped gateway keys, knowledge base isolation, research-production separation.
  • Key config/commands: POST /v1/tokens with team_id to create team-scoped gateway keys; per-team policy YAML configs (research-teamA.yaml, research-teamB.yaml); kt knowledge-base create with team-scoped assets; cross-team access monitoring via event stream.
  • Best next pages: Protecting Market Data in AI Pipelines, Governing AI in Trading Systems, Real-Time Trading Compliance.

For engineers

  • Prerequisites: Admin API token for gateway key creation; separate policy YAML per team; knowledge base assets scoped by team.
  • Create team-scoped gateway keys via API (POST /v1/tokens with team_id), then deploy per-team policy configs that block cross-desk data patterns.
  • Validate with: attempt to access Team B’s knowledge base assets using Team A’s gateway key — should receive 403; run detect_cross_team_access() monitoring script to check for leakage.
  • Production gateway uses a separate key (kt_gk_prod) with production.yaml that only permits approved-for-production assets.

For leaders

  • Addresses SEC Regulation AC, FCA SYSC 10.2, MiFID II Article 34, and FINRA Rule 2241 information barrier requirements.
  • Prevents proprietary signal contamination between desks that could result in regulatory enforcement or competitive disadvantage.
  • Each team’s AI usage is fully isolated: separate gateway keys, policies, knowledge bases, and event streams.
  • Unified audit visibility in the console enables compliance officers to monitor all teams without breaking barriers.