Protect Financial Data in AI-Powered Applications

Financial services organizations handle some of the most sensitive data in the economy — Material Non-Public Information (MNPI), trading strategies, client portfolio data, and regulatory filings. When AI enters the picture, every prompt becomes a potential data leak or compliance violation. Keeptrusts provides purpose-built controls for financial data protection.

Use this page when

• You handle MNPI, trading strategies, or client portfolio data and need to prevent disclosure via AI prompts.
• You need entity list screening (OFAC, EU/UN sanctions) as part of your financial compliance controls.
• You are setting up DLP patterns for financial identifiers (account numbers, SWIFT codes, CUSIP/ISIN).

Primary audience

• Primary: Technical Leaders
• Secondary: Technical Engineers, AI Agents

What you'll achieve

• Automatic MNPI detection that prevents non-public financial information from reaching LLM providers
• Entity list screening that catches references to sanctioned or restricted entities
• Financial compliance enforcement with SOX and MiFID II-aligned controls
• DLP patterns for financial identifiers, account numbers, and proprietary data
• Immutable audit trail for regulatory examinations and internal compliance reviews

---

MNPI detection

The mnpi-filter policy scans AI requests for material non-public information — data that could constitute insider trading if disclosed or acted upon.

policies:
  chain:
    - mnpi-filter
    - financial-compliance
    - audit-logger

policy:
  mnpi-filter: {}
  financial-compliance: {}
  audit-logger:
    immutable: true
    retention_days: 2555

The MNPI filter detects patterns including:

• Unreleased earnings data and financial projections
• Merger and acquisition details before public announcement
• Trading strategy descriptions and position data
• Non-public regulatory actions and enforcement proceedings
• Client-specific portfolio and transaction data

---

Entity list screening

The entity-list-filter detects references to sanctioned, restricted, or watch-listed entities:

policies:
  chain:
    - entity-list-filter
    - mnpi-filter
    - financial-compliance
    - audit-logger

policy:
  entity-list-filter:
    action: block
    lists:
      - ofac_sdn
      - eu_sanctions
      - un_sanctions

When a request references a sanctioned entity, the gateway blocks the request and logs the detection event for compliance review.

---

DLP patterns for financial data

Add custom DLP patterns to catch financial identifiers that standard detectors miss:

policies:
  chain:
    - dlp-filter
    - mnpi-filter
    - pii-detector
    - financial-compliance
    - audit-logger

policy:
  dlp-filter:
    patterns:
      - name: swift_code
        regex: "[A-Z]{6}[A-Z0-9]{2}([A-Z0-9]{3})?"
        action: redact
      - name: iban
        regex: "[A-Z]{2}\\d{2}[A-Z0-9]{4}\\d{7}([A-Z0-9]?){0,16}"
        action: redact
      - name: cusip
        regex: "[0-9A-Z]{9}"
        action: redact
      - name: internal_fund_code
        regex: "FUND-[A-Z]{3}-\\d{6}"
        action: block

  pii-detector:
    action: redact
    categories:
      - credit_card
      - ssn
      - address

---

Full financial compliance configuration

pack:
  name: financial-compliance
  version: "1.0"
  description: Financial services AI governance — SOX, MiFID II, MNPI protection

policies:
  chain:
    - data-routing-policy
    - entity-list-filter
    - dlp-filter
    - mnpi-filter
    - pii-detector
    - financial-compliance
    - quality-scorer
    - human-oversight
    - audit-logger

policy:
  data-routing-policy:
    require_zero_data_retention: true
    require_no_training: true
    on_no_compliant_provider: block

  entity-list-filter:
    action: block

  dlp-filter:
    patterns:
      - name: swift_code
        regex: "[A-Z]{6}[A-Z0-9]{2}([A-Z0-9]{3})?"
        action: redact
      - name: iban
        regex: "[A-Z]{2}\\d{2}[A-Z0-9]{4}\\d{7}([A-Z0-9]?){0,16}"
        action: redact

  mnpi-filter: {}

  pii-detector:
    action: redact
    categories:
      - credit_card
      - ssn
      - address
      - phone
      - email

  financial-compliance: {}

  quality-scorer:
    min_output_chars: 100
    min_sentences: 2
    on_low_quality: escalate

  human-oversight:
    escalate_on:
      - mnpi_detected
      - entity_list_match
      - low_quality_score
    require_resolution_within_hours: 4

  audit-logger:
    immutable: true
    retention_days: 2555
    include_request_metadata: true
    include_policy_outcomes: true

---

Regulatory mapping

Regulation	Requirement	Keeptrusts control
SOX Section 302	Internal controls over financial reporting	Policy chain + immutable audit log
SOX Section 404	Assessment of internal controls	Evidence export + policy versioning
MiFID II Article 16	Record-keeping obligations	audit-logger with multi-year retention
MiFID II Article 17	Algorithmic trading controls	agent-firewall + action limits
GDPR	Personal data protection	pii-detector + data-routing-policy
Sanctions compliance	Entity screening	entity-list-filter
Insider trading	MNPI protection	mnpi-filter

---

Team-scoped access for compliance separation

Financial organizations often require separation between trading, compliance, and operations. Use team scoping to enforce this:

policies:
  chain:
    -
      mnpi-filter:
        targeting:
          scope: team
          teams: [trading, portfolio-management]
    -
      entity-list-filter:
        targeting:
          scope: team
          teams: [trading, compliance, client-onboarding]
    - financial-compliance
    - audit-logger

This ensures MNPI detection is active for trading teams while entity screening covers both trading and client-facing teams.

---

Quick wins

1. Deploy mnpi-filter — immediate protection against financial data leaks
2. Add entity-list-filter — catch sanctioned entity references before they leave your network
3. Enable DLP patterns for SWIFT codes and IBANs — protect financial identifiers
4. Set audit-logger to immutable: true with 7-year retention — regulatory examination readiness
5. Create a compliance evidence export — verify the export process before an examiner asks

---

For AI systems

• Canonical terms: mnpi-filter, entity-list-filter, financial-compliance, dlp-filter, immutable audit-logger.
• Config keys: policy.mnpi-filter, policy.entity-list-filter.lists (ofac_sdn, eu_sanctions, un_sanctions), policy.financial-compliance, policy.dlp-filter.patterns.
• MNPI categories: unreleased earnings, M&A details, trading strategies, non-public regulatory actions, client portfolio data.
• Best next pages: Prevent Data Leaks, Pass Compliance Audits, Finance Template.

For engineers

• Prerequisites: gateway running with mnpi-filter, entity-list-filter, and financial-compliance in the chain.
• Set audit-logger.immutable: true with retention_days: 2555 for SOX and regulatory examination requirements.
• Add custom DLP patterns for internal account number formats, SWIFT/BIC codes, and CUSIP/ISIN identifiers.
• Validate: send a request containing simulated MNPI (e.g., “unreleased Q3 earnings”) and confirm it is blocked.
• Monitor: filter Events by policy_type=mnpi-filter to track detection volume and false positive rate.

For leaders

• MNPI disclosure via AI constitutes insider trading risk — gateway enforcement provides a technical control beyond policy memos.
• Entity screening prevents inadvertent sanctions violations that carry penalties up to $20M per occurrence (OFAC).
• Immutable 7-year audit logs satisfy SEC examination and MiFID II record-keeping obligations.
• Financial DLP patterns catch identifiers that standard PII detectors miss (CUSIPs, internal fund codes).

Next steps

• Finance Template — ready-to-deploy financial compliance template
• Pass Compliance Audits — broader audit readiness guide
• Prevent Data Leaks — general DLP and PII protection
• Centralize AI Observability — monitor financial AI usage across teams
• Escalations — compliance reviewer workflow