Introduction
Hello Everyone, As we continue to push the boundaries of innovation in the financial services industry, it's crucial that we address the compliance challenges that come with adopting cutting-edge technologies like artificial intelligence (AI). At Fenergo, we understand the importance of leveraging the power of AI while ensuring the highest standards of data privacy, information security, ethics, intellectual property protection and regulatory compliance. Today, I want to share with you our robust AI compliance framework, designed as a collaborative effort by our Fen-X Engineering and Privacy & Risk team, aimed at proactively mitigating risks associated with AI adoption in our services. The AI Compliance framework provides a standard set of criteria that are embedded in the development of all AI features by default, as well as thorough assessments being completed by the Privacy & Risk team before launch.
Safeguarding Intellectual Property Rights
At Fenergo, safeguarding our clients' intellectual property (IP) rights is non-negotiable.
- Fenergo champions transparency by empowering clients with the autonomy to opt-in to AI features, placing them firmly in control of their data.
- We ensure data sent to AI services is minimised and only includes that which is necessary to operate a quality service
- The data processed by AI services is driven by the client using the features of the SaaS services.
- Fenergo ensures that authorised third parties providing AI services, enter an agreement that safeguards data from unauthorised processing.
Prioritizing Data Privacy
Privacy lies at the heart of our AI compliance ethos and is the cornerstone of our AI compliance framework. For example it requires that:
- We conduct extensive impact assessments for every AI innovation, embedding data privacy into the very fabric of our design principles.
- AI based features are only available on an opt-in basis.
- All requests to opt-in will require the client to be adequately informed and agree to the use of AI.
- Any data processed by AI services will be minimised, and only processed based on the instructions of the client.
- Where possible, data shared with and processed by AI services will be transient ensuring no client data is stored within the AI service.
- The processing occurs within the client’s dedicated tenant, ensuring data isn’t transferred internationally or used for purposes outside of the client’s instructions.
- Where applicable, AI-generated content will facilitate client-driven manual checks within the services.
- The AI services are reviewed by our Third-Party Risk Management team, with our clients informed of any additions or changes to third parties in advance.
Robust Data Security Measures
At Fenergo, security is paramount. Our AI compliance framework reflects our unwavering commitment to protecting our clients' sensitive information. It requires that:
- We encrypt data at rest and in transit using industry-standard algorithms and protocols.
- We apply strict enforcement of access to client data, with no employees or contractor access to client data by default. Additionally, the LLM itself will never have direct access to client data.
- We monitor and log activities and events for auditability and compliance.
- We only use AI services from authorised third parties (i.e. AWS) with comprehensive and documented reviews of all services in use.
- We operate industry-standard incident response, vulnerability management, and disaster recovery programs.
- By implementing robust security measures, we aim to maintain our clients' trust in our AI-powered solutions.
"Elementary, my dear client, data security is key"
Leveraging AWS Bedrock for Secure LLM Deployment
To alleviate concerns regarding security and data separation, we entrust AWS Bedrock with the responsibility of hosting our large language model (LLM). Our LLM, powered by AWS Bedrock, does not directly learn or train on any specific client implementation or tenant data. The LLM itself never has direct access to live client data. Instead, it drives actions based on our established technical guides, while taking into account the configured tenant settings. This allows our LLM to provide a tailored experience without exposing sensitive client information to the model.
Consistency Across Environments
Our commitment to consistency is unwavering. Whether in Production, Development, or UAT environments, our LLM guarantees uniform behavior, driven by corresponding tenant configurations. This steadfast approach ensures reliability and predictability across all deployment stages.
Effective Data Governance
In the realm of AI, effective data governance is crucial. Fenergo's clear delineation of roles and responsibilities ensures meticulous data integrity maintenance. Acknowledging the fallibility of AI-generated data, we design our AI-driven features to empower our clients, fostering greater control and understanding of their data processes. This includes implementing manual validation and correction mechanisms, supplemented by transparent disclaimers elucidating AI accuracy limitations, ensuring that our clients have a realistic understanding of the technology's capabilities.
Compliance with Global Regulations
As AI adoption grows, so does the regulatory landscape surrounding it. Fenergo stays ahead of the curve by actively analysing applicable AI laws and regulations across different countries. Our expert team maintains a comprehensive register of requirements and regularly updates our AI Compliance Framework ensuring compliance with local and international standards. We also work closely with our clients to develop a tailored approach that aligns with their specific compliance needs.
"We handle our data with care, no burning issues here"
In conclusion
Fenergo's unwavering commitment to compliance excellence is a testament to our dedication to empowering clients to harness the full potential of AI responsibly. Our comprehensive AI Compliance Framework, underpinned by data privacy, security, IP and regulatory adherence, instils confidence in our clients to embrace AI with certainty. By leveraging AWS Bedrock for secure LLM deployment, maintaining transparency, offering granular control, and staying attuned to the evolving regulatory environment, we enable our clients to unlock the transformative benefits of AI while minimizing risk. We treat the security and ethical governance of our AI systems as a top priority, ensuring client data privacy while allowing our LLM to operate effectively across deployment environments. Together, we can revolutionize the financial services industry through the power of AI, while upholding the highest standards of compliance and trust.
Warm regards,
Evangelos Liatsas
Director of Engineering