Solutions
Financial Services — RAG that won't trip the audit perimeter.
Material Non-Public Information (MNPI) preserved. Sarbanes-Oxley (SOX) audit trail recorded. Every citation defensible.
Customer-file research, regulatory-filing drafting, internal compliance Q&A across the Sarbanes-Oxley (SOX) controls, and knowledge research over the firm's manuals — running inside your data center or customer-owned Virtual Private Cloud (VPC), under the access controls the compliance function already enforces.
The regime
Financial services organizations operate under Sarbanes-Oxley (SOX), the Gramm-Leach-Bliley Act (GLBA), the Payment Card Industry Data Security Standard (PCI DSS), Securities and Exchange Commission (SEC) reporting requirements, the Financial Industry Regulatory Authority (FINRA) rules, Office of the Comptroller of the Currency (OCC) and Federal Reserve guidance, and the state and international regulators that touch your customers. Material Non-Public Information (MNPI) is the bright line, and the standard third-party generative model Application Programming Interface (API) sits on the wrong side of it.
Citorum runs inside your environment — on-premises, in a customer-owned Virtual Private Cloud (VPC) on the hyperscaler your firm already audits, or as a Citorum-managed dedicated tenant with documented privileged-access controls. Retrievals are scoped by MNPI status, customer relationship, business unit, and reviewer role; prompts and responses are logged with the document identifiers and spans that grounded each claim; every answer carries a faithfulness score the compliance team can act on.
Workflows
Four workflows for financial services teams
Discovery & Research
Customer-file research across the firm's books, regulatory-bulletin search across Securities and Exchange Commission (SEC), Financial Industry Regulatory Authority (FINRA), Office of the Comptroller of the Currency (OCC), and Federal Reserve releases. Faceted filters on customer, jurisdiction, business unit, and date range — citations to the document span the analyst actually clicks through to draft from.
Compliance Q&A
Internal Sarbanes-Oxley (SOX) controls Q&A, regulatory-rule lookups, conflicts-and-Material-Non-Public-Information (MNPI) policy questions — with citations to the policy section that supports the answer. Adjudication labels flag ambiguous answers for a compliance officer or general-counsel review before they enter a client file.
Drafting & Summarization
Regulatory-filing drafts (10-K narrative sections, Suspicious Activity Report summaries, anti-money-laundering reports), customer-letter drafts grounded in the firm's playbooks, compliance-memo drafts from policy citations. The reviewer sees what was cited and which sections are safe to ship without rewrite.
Knowledge Q&A
Institutional knowledge across the firm's policies, procedures, product playbooks, prior matters, and trader-and-analyst guidance — without breaching the information-barrier walls the compliance function enforces. Faithfulness labels route uncertain answers to a knowledge-management reviewer.
What changes for financial services
The platform is the same; the configuration is desk-shaped.
Connectors target the document systems financial firms actually run: System of Record (SoR) document repositories (Salesforce Financial Services Cloud, internal Customer Relationship Management systems), regulatory bulletin feeds (Securities and Exchange Commission EDGAR, Financial Industry Regulatory Authority, Office of the Comptroller of the Currency, Federal Reserve), SharePoint policy and procedure libraries, network drives holding playbooks, and matter-scoped object storage. Material Non-Public Information (MNPI) tags ride with documents into the index; retrieval enforces MNPI walls so a sell-side analyst never sees an investment-banking client's deal documents.
Identity integrates with the firm's Identity Provider (IdP) so analyst, compliance officer, trader, and operations roles flow through unchanged. Access controls enforce the firm's information-barrier policies at retrieval time — an MNPI-walled retrieval scope is not a post-hoc redaction. The audit log records every retrieval, prompt, response, and faithfulness score with seven-year default retention, long enough to satisfy Sarbanes-Oxley (SOX) retention and most state regulators, configurable for the longer holds some jurisdictions impose.
Deployment is on-premises inside the firm's data center, in a customer-owned Virtual Private Cloud (VPC) on the hyperscaler your firm already audits (Amazon Web Services, Microsoft Azure, Google Cloud Platform, or Oracle Cloud Infrastructure), or as a Citorum-managed dedicated tenant. No documents, prompts, or model outputs cross the firm's perimeter in the default configuration.
Run a pilot on a single desk.
Most firms start with one business line and one document source. We scope, deploy, and have the desk running searches in weeks, not quarters.