Finance Template
Policy configuration for financial services — banking, investment management, and fintech applications.
Use this page when
- You are building an AI application for banking, investment management, or fintech that must comply with SEC/SOX regulations.
- You need a starting config with PII/PCI redaction, MNPI filtering, financial disclaimers, and 7-year audit retention.
- You want to go from zero to a running finance-compliant gateway with
kt init --template finance.
Primary audience
- Primary: Technical Engineers
- Secondary: AI Agents, Technical Leaders
Policy Config
pack:
name: finance
version: 0.1.0
enabled: true
description: Financial services AI governance
policies:
chain:
- prompt-injection
- pii-detector
- mnpi-filter
- financial-compliance
- audit-logger
policy:
prompt-injection:
embedding_threshold: 0.75
response:
action: block
message: "Request blocked: potential prompt injection detected"
pii-detector:
action: redact
pci_mode: true
redaction:
marker_format: label
include_metadata: true
preserve_length: false
mnpi-filter:
detect_patterns:
- earnings before announcement
- merger not public
- insider information
- board decision
action: block
financial-compliance:
blocked_patterns:
- guaranteed returns
- buy this stock
- inside information
required_disclaimers:
- This is not financial advice.
- Past performance does not guarantee future results.
audit-logger:
immutable: true
retention_days: 2555
log_all_access: true
providers:
targets:
- id: openai-finance
provider: openai
model: gpt-4o-mini
secret_key_ref:
env: OPENAI_API_KEY
What It Enforces
| Policy | Purpose |
|---|---|
prompt-injection | Block adversarial manipulation attempts |
pii-detector | Redact PII and credit card numbers (PCI mode) |
mnpi-filter | Block material non-public information |
financial-compliance | SEC/SOX compliance enforcement with disclaimer |
audit-logger | 7-year retention for regulatory compliance |
Quick Start
# Save the Policy Config example on this page as policy-config.yaml
export OPENAI_API_KEY="sk-your-openai-key"
kt policy lint --file policy-config.yaml
kt gateway run \
--listen 0.0.0.0:41002 \
--policy-config policy-config.yaml
Set OPENAI_API_KEY before running the gateway. This example keeps the provider secret outside YAML and resolves it through secret_key_ref.
If you prefer the seeded starter, run kt init --template finance first and then add the provider block shown in the example config before linting and running.
Customization Ideas
- Add
quality-scorerfor response quality gates - Add
human-oversightfor high-value queries requiring approval - Lower
prompt-injection.thresholdto0.7for stricter security - Add
rbacto restrict model access by role
For AI systems
- Canonical terms: Keeptrusts, finance, policy-config.yaml,
kt init --template finance, pii-detector, mnpi-filter, financial-compliance, PCI mode, SEC, SOX. - Related policy kinds:
prompt-injection,pii-detector,mnpi-filter,financial-compliance,audit-logger. - Best next pages: Compliance Policies Configuration, PII Detector policy, Templates overview.
For engineers
- Prerequisites:
ktCLI installed, an LLM provider API key (e.g.,OPENAI_API_KEY). - Validate:
kt policy lint --file policy-config.yamlmust pass. Test by sending a prompt containing a credit card number and confirm it is redacted; send a prompt with earnings information and confirm it is blocked. - Key tuning: keep
pci_mode: truefor PCI-DSS environments; adjustmnpi-filter.detect_patternsto match your firm's MNPI taxonomy and disclosure vocabulary. - The 2,555-day (7-year) retention satisfies both SEC and SOX record-keeping requirements.
For leaders
- This template enforces SEC/SOX-aligned controls on AI-generated financial content, reducing regulatory risk.
- MNPI filtering blocks material non-public information from appearing in AI outputs, helping prevent insider-trading liability.
- PCI-mode PII redaction ensures credit card numbers never reach LLM providers, simplifying PCI-DSS scope.
- The mandatory financial disclaimer on every AI response reduces advisory-liability exposure.
- 7-year audit retention provides a complete record for SEC examinations and SOX audits.
Next steps
- Compliance Policies Configuration — MNPI, financial-compliance, and SEC/SOX details
- Templates overview — browse all available templates
- Zero Data Retention template — add ZDR for sensitive financial workloads
- Quality Benchmarking template — add response quality gates for financial reports