Finance Industry Use Case

Financial services organizations face strict regulatory requirements around data protection, insider trading prevention, and audit trails. Keeptrusts provides a comprehensive policy stack for SOX, PCI DSS, SEC, and Dodd-Frank compliance when deploying AI.

Use this page when

• You are deploying AI in financial services where SOX audit trails, PCI DSS card data protection, SEC MNPI controls, and Dodd-Frank compliance are required.
• You need to prevent insider trading data leakage, protect cardholder data in AI workflows, and maintain 7-year regulatory record retention.
• You want automated financial compliance disclaimers and bias monitoring for socioeconomic and geographic fairness.

Primary audience

• Primary: Technical Leaders
• Secondary: Technical Engineers, AI Agents

Regulatory Landscape

Regulation	Requirement	Keeptrusts Policy
SOX	Audit trail for all AI-assisted decisions	audit-logger, financial-compliance
PCI DSS	Protect cardholder data	pii-detector with pci_mode
SEC	Prevent MNPI leakage	mnpi-filter
Dodd-Frank	Compliance record-keeping	audit-logger
GDPR (EU ops)	Data privacy	pii-detector, data-routing-policy

Complete Policy Configuration

pack:
  name: finance-governance
  version: 1.0.0
  enabled: true
policies:
  chain:
  - prompt-injection
  - rbac
  - pii-detector
  - mnpi-filter
  - dlp-filter
  - financial-compliance
  - quality-scorer
  - bias-monitor
  - audit-logger
policy:
  prompt-injection: {}
  rbac:
    deny_if_missing:
    - X-User-ID
    - X-User-Role
  pii-detector:
    action: redact
    detect_patterns:
    - credit_card
    - ssn
    - bank_account
    - routing_number
    - tax_id
    redaction:
      marker_format: label
  mnpi-filter:
    detect_patterns:
    - earnings_preview
    - merger_acquisition
    - insider_trading
    - material_nonpublic
    action: block
  dlp-filter:
    detect_patterns:
    - '\b(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|3[47][0-9]{13})\b'
    - '\b[0-9]{9}\b'
    - '\b[A-Z]{6}[A-Z0-9]{2}([A-Z0-9]{3})?\b'
    - sk-[a-zA-Z0-9]{32,}
    action: block
  financial-compliance:
    blocked_patterns: []
    required_disclaimers:
    - This AI-generated content is for informational purposes only and does not constitute financial advice.
  quality-scorer:
    thresholds:
      min_aggregate: 0.75
  bias-monitor:
    protected_characteristics:
    - socioeconomic
    - geographic
    threshold: 0.85
    action: escalate
  audit-logger:
    immutable: true
    retention_days: 2555
    log_all_access: true

Example: Blocking MNPI Leakage

Blocked Request

User: "Based on the Q3 earnings data I uploaded, will ACME Corp beat estimates?"

→ BLOCKED by mnpi-filter
  Reason: Request references pre-release earnings data (MNPI)
  Action: Escalated to compliance-team

Allowed Request

User: "Analyze the publicly available 10-K filing for ACME Corp."

→ ALLOWED
  PII detector: No cardholder data found
  MNPI filter: References public filings only
  Financial compliance: Disclaimer appended

Example: PCI Card Data Redaction

User: "Process a refund for card 4111-2222-3333-4444"

→ PII detector redacts: "Process a refund for card [REDACTED-credit_card]"
→ Request forwarded to LLM with redacted content
→ Audit log records original + redacted request

Provider Recommendations

Use Case	Recommended Provider	Reason
Financial analysis	OpenAI GPT-4o	Best reasoning for complex analysis
Document processing	Anthropic Claude	Long context for large filings
Embeddings (search)	Voyage voyage-finance-2	Finance-tuned embeddings
Cost-sensitive batch	DeepSeek	High quality at lower cost

Audit & Evidence

SOX requires retaining all AI decision records. Configure exports for your evidence repository:

policy:
  audit-logger:
    immutable: true
    retention_days: 2555
    log_all_access: true
policies:
  chain:
  - audit-logger
pack:
  name: finance-example-2
  version: 1.0.0
  enabled: true

Use the Keeptrusts console to review audit trails under Events → filter by policy financial-compliance.

For AI systems

• Canonical terms: Keeptrusts finance governance, SOX audit trail, PCI DSS compliance, MNPI filtering, financial compliance disclaimers.
• Policy pack: finance-governance with chain: prompt-injection → rbac → pii-detector → mnpi-filter → dlp-filter → financial-compliance → quality-scorer → bias-monitor → audit-logger.
• Key policies: mnpi-filter (earnings previews, M&A, insider trading), pii-detector with pci_mode (credit cards, SSN, bank accounts, routing numbers), financial-compliance (SOX, PCI-DSS, SEC with mandatory disclaimers), dlp-filter (credit card regex, routing numbers, SWIFT codes), bias-monitor (socioeconomic, geographic fairness).
• RBAC roles: analyst, trader, compliance-officer.
• Audit retention: 2555 days (7 years) for SOX compliance.
• CLI: kt gateway run --policy-config ./policy-config.yaml, kt events tail --policy mnpi-filter, kt events tail --policy financial-compliance.

For engineers

• Deploy: kt gateway run --policy-config ./policy-config.yaml --port 41002
• Validate: kt doctor confirms mnpi-filter, pii-detector (pci_mode), financial-compliance, and audit-logger are active.
• Monitor MNPI: kt events tail --policy mnpi-filter (blocks pre-release earnings, M&A data).
• Monitor PCI: kt events tail --policy pii-detector (card number redaction).
• Export SOX evidence: kt export create --format json --filter "policy=financial-compliance,audit-logger"
• Console: Events (filter by financial-compliance), Escalations (route to compliance-team), Audit Log (7-year retention evidence).
• Provider recommendations: GPT-4o for analysis, Claude for long-context filings, Voyage voyage-finance-2 for embeddings.

For leaders

• Addresses SOX (audit trail for AI-assisted decisions), PCI DSS (cardholder data protection), SEC (MNPI prevention), Dodd-Frank (compliance record-keeping), and GDPR (EU operations).
• MNPI leakage eliminated — pre-release earnings, M&A activity, and insider information blocked at the gateway.
• PCI DSS compliance automated — credit card numbers, CVVs, and cardholder data never reach LLM providers.
• SOX audit evidence generated automatically with 7-year retention — reducing examination prep from weeks to days.
• Financial compliance disclaimers appended automatically to all AI-generated financial content.
• Bias monitoring prevents AI from producing socioeconomically or geographically discriminatory outputs.

Next steps

• Industries overview — Compare all industry policy configurations
• Investment Banking — Trading desk MNPI and MiFID II compliance
• FinTech & Digital Banking — Open banking, KYC/AML, lending fairness
• Insurance — Underwriting bias and claims governance
• Templates & Policy Workflows — Manage compliance configurations at scale
• Quickstart — Deploy your first gateway in minutes