Skip to main content

Financial Compliance

The financial-compliance policy is an output-phase policy. It does two things:

  1. blocks when the response contains any configured blocked_patterns substring
  2. prepends disclaimer text when the response looks like financial advice

Configuration

pack:
name: financial-compliance
version: 1.0.0
enabled: true

policies:
chain:
- financial-compliance

policy:
financial-compliance:
blocked_patterns:
- you should buy
- you should sell
- guaranteed return
- strong buy
- strong sell
required_disclaimers:
- This is not financial advice.
- Consult a qualified financial advisor before making investment decisions.

Fields

FieldTypeDescriptionDefault
blocked_patternsstring[]Case-insensitive substrings that cause an immediate block when found in the output.[]
required_disclaimersstring[]Disclaimer lines joined with newlines and prepended when the response looks like advice.[]

Behavior notes

  • blocked_patterns are plain substring checks, not regex evaluation.
  • If required_disclaimers is empty and the response looks like advice, the default disclaimer is This is not financial advice.
  • The disclaimer is inserted at the start of the response, not appended at the end.
  • Disclaimer injection is driven by built-in advice heuristics such as buy , sell , you should invest, guaranteed returns, target price, strong buy, and strong sell.

Use Cases

Block strong recommendations

policy:
financial-compliance:
blocked_patterns:
- you should buy
- target price
- guaranteed return
required_disclaimers:
- This is not financial advice.

Disclaimer-only mode

policy:
financial-compliance:
required_disclaimers:
- This is not financial advice.
- Review any financial decisions with a licensed advisor.

How It Works

  1. After the upstream model returns a response, the policy lowercases the output text.
  2. If any entry in blocked_patterns is present as a substring, the response is blocked.
  3. Otherwise, the gateway checks its built-in financial-advice heuristics.
  4. If the response looks like advice and does not already start with the disclaimer text, the disclaimers are prepended to the output.

Best Practices

  • List every phrase you want blocked explicitly; regex syntax is treated literally here.
  • Use short, unambiguous disclaimer text because it is prepended verbatim.
  • Keep blocked_patterns narrow enough to avoid blocking generic educational content.
  • Pair with mnpi-filter or pii-detector when you also need disclosure or data-protection controls.

Next steps