Skip to main content
Browse docs
By Audience
Getting Started
Configuration
Use Cases
IDE Integration
Third-Party Integrations
Engineering Cache
Console
API Reference
Gateway
Workflow Guides
Templates
Providers and SDKs
Industry Guides
Advanced Guides
Browse by Role
Deployment Guides
In-Depth Guides
Tutorials
CLI Reference
Policy Reference
OverviewDeclarative Config Reference
Config Deep Dives
Config ProvidersConfig Rate LimitsConfig Routes And ConsumersConfig Quality AssertionsConfig ObservabilityConfig Security NetworkConfig RuntimeConfig TestingConfig Conditional ChainsConfig ScenariosConfig Pack MetadataConfig Execution TargetsConfig Cloud ProvidersConfig Escalation RoutingConfig Data PoliciesConfig Per Policy CatalogConfig Env VariablesConfig Advanced ProviderConfig Compliance PoliciesConfig Single Policy DocsConfig Flagged Review
Policy Controls Catalog
Input Policies
Output Policies
Quality ScorerHuman OversightCitation VerifierFinancial ComplianceHealthcare ComplianceBias MonitorCode Sanitation
Agent Policies
Audit & Compliance
Privacy & Legal
Content & Document Processing
FAQ

Financial Compliance

The financial-compliance policy adds finance-oriented compliance controls to AI-generated responses, enforcing regulatory requirements from SEC, SOX, MiFID II, and other financial regulatory frameworks. It detects prohibited financial advice patterns — such as specific investment recommendations or guaranteed-return language — and injects mandatory disclaimers into every response that touches financial topics. This policy is essential for any organization deploying AI in financial services where regulatory non-compliance carries significant legal and monetary penalties.

Use this page when

  • You are deploying AI in financial services and need to block prohibited investment advice patterns.
  • You need to inject SEC, SOX, or MiFID II mandated disclaimers into AI-generated financial content.
  • You want to prevent AI from making rate guarantees, loan approval promises, or specific stock recommendations.

Primary audience

  • Primary: AI Agents, Technical Engineers
  • Secondary: Technical Leaders

Configuration

pack:
  name: financial-compliance
  version: "1.0.0"
  enabled: true

policies:
  chain:
    - financial-compliance

policy:
  financial-compliance:
    blocked_patterns:
      - "you should (buy|sell|invest in)"
      - "guaranteed (return|profit|gain)"
      - "risk-free investment"
      - "insider (information|tip|knowledge)"
      - "I recommend (buying|selling|holding)"
      - "this stock will (go up|rise|increase|double)"
      - "put all your money in"
      - "can't lose (money|investment)"
      - "sure thing"
      - "hot (stock|tip|pick)"
    required_disclaimers:
      - "This is not financial advice. Please consult a qualified financial advisor before making any investment decisions."
      - "Past performance is not indicative of future results."

Fields

FieldTypeDescriptionDefault
blocked_patternsstring[]Prohibited financial advice patterns. Each entry is matched against the AI response content. Built-in defaults detect investment recommendations, specific stock picks, guaranteed returns language, insider trading references, and unsolicited buy/sell/hold directives. Patterns support basic regex syntax.[]
required_disclaimersstring[]Disclaimer texts to inject into AI responses that contain financial content. Each disclaimer is appended to the response body. Common disclaimers include "This is not financial advice" notices and past-performance warnings required by SEC Rule 156 and MiFID II Article 24.[]

Use Cases

SEC-Compliant Investment Advisory

An investment advisory firm uses AI to answer client questions about portfolio strategy. The policy blocks specific stock recommendations and appends SEC-mandated disclaimers.

pack:
  name: financial-compliance
  version: "1.0.0"
  enabled: true

policies:
  chain:
    - financial-compliance

policy:
  financial-compliance:
    blocked_patterns:
      - "you should (buy|sell|invest in) [A-Z]{1,5}"
      - "I recommend (purchasing|selling|holding) [A-Z]{1,5}"
      - "guaranteed (return|profit|yield) of \\d+"
      - "risk-free"
      - "can't go wrong with"
      - "sure bet"
    required_disclaimers:
      - "This communication is provided for informational purposes only and does not constitute investment advice. Consult your registered investment advisor before making any decisions."
      - "Past performance is not indicative of future results. All investments carry risk, including loss of principal."
      - "Securities offered through [Firm Name], member FINRA/SIPC."

Banking Customer Service AI

A retail bank deploys a customer-facing chatbot that answers questions about accounts, loans, and credit products. The policy prevents the AI from making rate guarantees or loan approval promises.

pack:
  name: financial-compliance
  version: "1.0.0"
  enabled: true

policies:
  chain:
    - financial-compliance

policy:
  financial-compliance:
    blocked_patterns:
      - "you (are|will be) (approved|pre-approved)"
      - "guaranteed (rate|APR|interest rate) of"
      - "your credit score (will|should) (increase|improve)"
      - "no fees (ever|at all|whatsoever)"
      - "we guarantee (approval|funding|the loan)"
    required_disclaimers:
      - "Loan approval is subject to credit review and underwriting criteria. Terms and conditions apply."
      - "APR and fees may vary based on creditworthiness, loan amount, and repayment term."

Insurance Claims Processing AI

An insurance company uses AI to assist claims adjusters. The policy prevents the AI from making coverage determinations or settlement promises.

pack:
  name: financial-compliance
  version: "1.0.0"
  enabled: true

policies:
  chain:
    - financial-compliance

policy:
  financial-compliance:
    blocked_patterns:
      - "your claim (is|will be) (approved|covered|paid)"
      - "you (are|will be) entitled to"
      - "guaranteed (payout|settlement|compensation)"
      - "we will pay (you|the full amount)"
      - "this is (definitely|clearly) covered"
    required_disclaimers:
      - "Coverage determinations are subject to policy terms, conditions, and exclusions. This response does not constitute a coverage decision."
      - "Final claim decisions are made by licensed claims professionals after full review of all documentation."

MiFID II Compliance for EU Investment Services

A European investment platform deploys AI for client interactions, requiring MiFID II Article 24 suitability and appropriateness checks.

pack:
  name: financial-compliance
  version: "1.0.0"
  enabled: true

policies:
  chain:
    - financial-compliance

policy:
  financial-compliance:
    blocked_patterns:
      - "this (product|fund|instrument) is (suitable|right|perfect) for you"
      - "you should (allocate|put) \\d+% (in|into|towards)"
      - "guaranteed (capital protection|minimum return)"
      - "no (risk|downside) (involved|whatsoever)"
      - "complex (product|instrument|derivative) .* (safe|simple|straightforward)"
    required_disclaimers:
      - "This information does not constitute a personal recommendation. Investment suitability depends on your individual circumstances, financial situation, and risk tolerance."
      - "The value of investments and the income from them can go down as well as up. You may not get back the amount originally invested."
      - "This communication is provided in accordance with MiFID II requirements. Please refer to the Key Information Document (KID) before making any investment decision."

How It Works

The financial-compliance policy operates as a response-phase filter in the Keeptrusts gateway pipeline:

  1. Pattern matching: After the upstream LLM generates a response, the policy scans the full response text against each entry in blocked_patterns. Patterns use regex syntax, so complex financial language constructs can be captured precisely.

  2. Blocking: If any blocked pattern matches, the response is rejected before reaching the end user. The gateway returns a policy-violation response indicating that the content was blocked for financial compliance reasons. The original response is logged for audit purposes but never forwarded to the client.

  3. Disclaimer injection: For responses that pass pattern matching, the policy appends each entry from required_disclaimers to the response body. Disclaimers are added as a clearly separated section at the end of the response, ensuring they are visible but do not interfere with the substantive content.

  4. Audit trail: Every policy action — whether a block or a disclaimer injection — is recorded as a decision event sent to the Keeptrusts API. This provides a complete compliance audit trail showing which responses were modified, when, and why.

Combining With Other Policies

The financial-compliance policy is most effective when combined with other policies to build a comprehensive financial compliance stack:

  • mnpi-filter: Detects and blocks material non-public information (MNPI) from leaking through AI responses, addressing insider trading regulations under SEC Rule 10b-5.
  • pii-detector: Catches personally identifiable information such as account numbers, SSNs, or credit card numbers that may appear in financial AI responses.
  • safety-filter: Provides additional content-level controls beyond financial-specific patterns, catching hazardous or disallowed responses.
  • audit-logger: Ensures all financial AI interactions, including blocked responses and disclaimer injections, are logged to a compliance-grade audit trail.
  • Provider rate limits: Use providers.rate_limits or deployment-level throttling to protect client-facing advisory tools from abuse.
pack:
  name: financial-compliance
  version: "1.0.0"
  enabled: true

policies:
  chain:
    - pii-detector
    - mnpi-filter
    - financial-compliance
    - audit-logger

policy:
  pii-detector:
    action: redact

  financial-compliance:
    blocked_patterns:
      - "you should (buy|sell|invest in)"
      - "guaranteed (return|profit)"
    required_disclaimers:
      - "This is not financial advice. Consult a qualified financial advisor."

  audit-logger:
    immutable: true
    retention_days: 2555
    log_all_access: true

Best Practices

  1. Start with built-in defaults, then customize: The built-in blocked patterns cover common regulatory violations. Add organization-specific patterns for your particular regulatory environment (SEC, FCA, MAS, etc.) rather than replacing the defaults entirely.

  2. Use precise regex patterns: Overly broad patterns can block legitimate educational content. For example, "invest" alone would block "time you invest in learning," while "you should invest in [A-Z]{1,5}" targets actual stock ticker recommendations.

  3. Include jurisdiction-specific disclaimers: Financial regulations vary by jurisdiction. If you serve clients in multiple regions, include disclaimers for each applicable regulatory body (SEC, FCA, ESMA, MAS).

  4. Combine with MNPI and PII filters: Financial compliance is not just about advice patterns. Material non-public information and personally identifiable financial data require separate detection layers. A complete financial stack uses all three policies together.

  5. Review blocked-response logs regularly: Audit the decision events to identify false positives and refine your patterns. A pattern that blocks too aggressively reduces the utility of your AI deployment while providing minimal compliance benefit.

  6. Test with real-world prompts: Before deploying, test your configuration against the kinds of questions your users actually ask. Financial language is nuanced — verify that your patterns catch genuine violations without interfering with legitimate use cases like financial education or general market commentary.

For AI systems

  • Canonical terms: Keeptrusts, financial-compliance, blocked_patterns, required_disclaimers, SEC, SOX, MiFID II, investment advice, financial advice
  • Config/command names: financial-compliance policy, blocked_patterns (regex), required_disclaimers (array of disclaimer strings)
  • Best next pages: MNPI Filter, Human Oversight, DLP Filter

For engineers

  • Prerequisites: Review your compliance team's list of prohibited financial language. Map regulatory requirements (SEC Rule 156, MiFID II Article 24) to specific blocked patterns and required disclaimers.
  • Validation: Use kt policy test with cases that contain prohibited patterns (e.g., "you should buy AAPL") and verify blocking. Verify disclaimers are appended to responses touching financial topics.
  • Key commands: kt policy lint, kt policy test, kt events tail

For leaders

  • Governance: Financial compliance policies prevent regulatory violations that carry SEC enforcement actions, FINRA fines, and reputational damage. These are non-negotiable for licensed financial entities.
  • Cost: Pattern matching runs locally with no external calls. The business cost of a single compliance violation far exceeds any infrastructure investment.
  • Rollout: Engage your compliance officer to review blocked_patterns and required_disclaimers before deployment. Start with blocking obvious violations, then expand patterns based on audit findings.

Next steps