AI agents for financial services

Governed AI for advice, trading, and the back office — with a receipt for every examiner.

Wealth, retirement-planning, trading, and operations agents that run under supervision-grade oversight — across US and Canadian rules. Every recommendation, retirement analysis, order, and fee adjustment carries a tamper-evident receipt, so the question is never 'can you prove this happened?', it's already answered.

Aligned with FINRA · SEC · SOC 2 · ISO 27001 · EU AI Act

Control Tower
pause all disable tool export report kill switch armed
Fraud Triage$0.018 · 1.2sExecuted
Payout Approver$0.041 · pendingHold
Return Reviewer$0.009 · 0.8sExecuted
KYC Screenermodel not allowedBlocked
trust-ledger ▸ 1,284,902 actions recorded today
The regulatory pressure

In finance, the AI has to survive a supervisor's review.

Recommendations must be suitable, communications must be supervised and retained, and best-execution and recordkeeping obligations don't pause for automation. An ungoverned agent that drafts advice, moves money, or talks to a client is a supervision gap waiting to be cited. Cortex turns each obligation into a fail-closed gate and seals the outcome into a record your examiner can verify on their own laptop.

FINRA · supervision & recordkeepingSEC · suitability / Reg BISOC 2ISO 27001EU AI Act · high-riskNIST AI RMF
Regulatory pressure
FINRA · supervision & recordkeepingSEC · suitability / Reg BISOC 2ISO 27001EU AI Act · high-riskNIST AI RMF
Typed objectsClient · Account · Recommendation · Order · Communication
Restrictedssn / account_numberlocked
frameworks ▸ encoded as policy · gated · sealed
Use cases

Agents for the whole advisory desk — every action gated and recorded.

Each maps the work to typed ontology objects, runs under an oversight mode tuned to its risk, and seals every outcome into the Trust Ledger. The wealth-planning agents reason over your own simulations — they explain and cite, they don't decide.

Advice & next-best-action
  • Drafts suitable recommendations grounded to the client profile and account data — with restricted fields like SSN locked at the property level so they never reach the model.
  • Ontology permissions
Retirement & tax-efficiency planning
  • Explains a client's tax-efficient retirement and Roth/RRSP conversion picture in plain language — grounded on your own Monte-Carlo simulations, aware of US (Social Security, RMD, IRMAA) and Canadian (OAS, RRSP→RRIF) rules, with every figure traceable to its source.
  • Grounded reasoning
Concentrated-position risk
  • Turns an outsized single-stock holding into a plain-language risk narrative and a tax-aware diversification plan — surfacing the assumptions it made, rather than hiding them, for the advisor to confirm.
  • Ontology permissions
Compliance pre-screen
  • Pre-screens advisor-facing content against jurisdiction disclosure rules (US Reg BI / Form CRS, CA CRM2 / KYC) and flags gaps before anything reaches a client — a fail-closed signal, never an approval.
  • Oversight modes
Supervision & comms review
  • Triages client communications for sentiment, complaints, and disclosure gaps, escalating flagged items to a human reviewer rather than auto-clearing them.
  • Oversight modes
Trade & order assist
  • Proposes orders as dry-run → propose → approve → execute actions; anything above the desk's threshold pends for human approval before it touches the book.
  • Action Fabric
Fee & billing reconciliation
  • Reconciles advisory fees and flags exceptions, with hard 30-day budget caps that block a runaway batch at 100% spend rather than burning the budget.
  • Cost governance
Reporting & disclosures
  • Assembles client reports and regulatory filings where every figure cites its source record and lands in a 10-hop lineage chain from analyst to outcome.
  • Trust Ledger
Supervision-grade by construction

The same gate that suits a recommendation also holds a trade for approval.

A suitability check and an order threshold are the same fail-closed gate with different policy. Because the runtime is shared, your supervisory procedures, your audit trail, and your kill switch are identical across every desk you deploy.

  • Suitability and disclosure encoded as Policy-as-Code — not left to prompt phrasing
  • Orders above the desk threshold route to human approval before execution
  • Client PII (SSN, account number) locked at property level — redacted before the model
  • Every recommendation and order sealed into a hash-chained, examiner-ready record
Control Tower
pause all disable tool export report kill switch armed
Fraud Triage$0.018 · 1.2sExecuted
Payout Approver$0.041 · pendingHold
Return Reviewer$0.009 · 0.8sExecuted
KYC Screenermodel not allowedBlocked
trust-ledger ▸ 1,284,902 actions recorded today
Prove it — don't just claim it

The verdicts a supervisor will see.

These are the literal runtime responses — not slideware. Challenge the agent and it fails closed, on the record.

runtime · verdicts
Large ordersize over desk thresholdHOLD · approval
PII readagent requests client.ssn403 redacted
Batch overspendprojected > 30-day cap402 budget
Suitable advicegrounded · cited · approved200 sealed
fail-closed ▸ challenge it and it denies, on the record
  1. 01

    Model the domain

    Map the work to typed ontology objects — Client, Account, Recommendation, Order, Communication — with restricted fields like ssn / account_number locked at the property level.

  2. 02

    Encode the rules

    Translate the obligations above into Policy-as-Code and Action Fabric approvals — the gates fail closed, returning a precise code, not a guess.

  3. 03

    Prove the outcome

    Every run lands in a hash-chained Trust Ledger with signed receipts and 10-hop provenance — a record you can hand the regulator.

10-hopProvenance on every recommendation
100Live-verified run quality score
5 modesOversight settings per desk
256Chained SHA-256 sealing every record
Security & compliance

One security review your supervisors and your CISO both sign off.

The gates, RBAC, DLP, agent detection & response, and multi-tenant isolation are shared across every desk — so your team maps once, to the obligations finance already reports against. Aligned with, never claiming certification you don't hold.

FINRA · recordkeepingSEC · Reg BISOC 2 · auditISO 27001 · integrityEU AI Act · loggingNIST AI RMF · Measure
FAQ

AI agents for financial services — questions, answered.

How does Cortex keep AI recommendations suitable and supervised?

Suitability and disclosure rules are encoded as Policy-as-Code and enforced at runtime, not left to prompt phrasing. Communications and recommendations route through oversight modes — suggest-only or approval-gated by desk — and every outcome is sealed into a tamper-evident record an examiner can verify.

Can an AI agent place trades on its own?

Only within the policy you set. Orders run through the Action Fabric as dry-run → propose → approve → execute steps; anything above the desk's threshold pends for a human approver before it touches the book, and break-glass overrides require an audited reason.

How is client PII protected from the model?

Restricted properties such as SSN and account number are locked at the ontology property level (deny-by-default once governed) and redacted before any object reaches the model — so sensitive fields never enter the prompt.

What does Cortex give a FINRA or SEC examiner?

A hash-chained Trust Ledger with signed receipts and a 10-hop provenance graph for any decision. The examiner can verify a receipt offline and see the chain break visibly if anything was altered.

Does Cortex give retirement or tax advice on its own?

No. The planning agents produce grounded, cited explainers over your own simulations — a tax-efficiency picture, a Roth/RRSP comparison, a concentration-risk narrative — and pre-screen content for disclosure gaps. The recommendation and the approval stay with the advisor; every figure is traceable and every run is sealed.

Does it handle both US and Canadian retirement rules?

Yes — the wealth agents are jurisdiction-aware. US flows reason about Social Security timing, Roth conversions, RMDs, and IRMAA; Canadian flows reason about OAS clawback and RRSP→RRIF conversion. Jurisdiction is set per run, so one deployment serves cross-border desks.

More industries

One governed runtime, every regulated vertical.

The controls are the same — the obligations they satisfy differ. Explore another vertical, or see the full set.

Show your examiner the receipt before they ask.

Tell us your desks and your supervisors — we'll show you the ontology, the oversight modes, and the sealed records Cortex enforces for financial services.