Sub-verticals
Three calling-side shapes; one shared platform.
AI-assisted financial advice (advisory)
Client-profile maintenance, MiFID II suitability assessment, AI-drafted advice and product recommendations, and the delivery of advice to retail and professional clients. The advice.delivered and recommendation.delivered action classes are gated behind a certified human in the loop.
AI-executed trades (trade execution)
Order proposal, pre-trade risk validation, order submission to execution venues, execution-report ingestion, and position lifecycle management. The order.submitted action above a tenant-configured notional threshold and position.modified above a size threshold are gated behind a head-of-trading approval.
Passive fraud detection and case management (fraud monitoring)
Transaction flagging and clearing, fraud-case lifecycle management, customer flagging for enhanced monitoring, customer suspension on confirmed incidents, and transaction reversal. The customer.suspended and transaction.reversed action classes are gated behind a certified human investigator.
Adapter coverage
Upstream services Vortalis adapts for this sector.
- FIX protocolShipping
vortalis_proxy/services/fix_protocol.py
Order and execution messaging. Adapter as code; the operator holds the counterparty certification.
- SWIFT ISO 20022Shipping
vortalis_proxy/services/swift_iso20022.py
Payments and securities messaging in the ISO 20022 standard.
- SWIFT MT and ISO 15022Shipping
vortalis_proxy/services/swift_mt.py
Legacy MT and ISO 15022 messaging for the operator's existing flows.
- BloombergShipping
vortalis_proxy/services/bloomberg.py
Market-data and analytics adapter. Operator-side credentials drive the calls.
- GenesisShipping
vortalis_proxy/services/genesis.py
Application-platform adapter for the operator's Genesis-hosted services.
- TaskizeShipping
vortalis_proxy/services/taskize.py
Inter-firm resolution and exception-handling workflow adapter.
- SymphonyShipping
vortalis_proxy/services/symphony.py
Secure messaging and collaboration adapter for financial workflows.
Regulators covered
Which frameworks the financial-services pack maps to.
The per-sub-vertical pages below carry the full coverage table. The headline mapping: FCA SM&CR, MiFID II, DORA, FINRA, the SEC AI conduct pack, and the EU AI Act cross-reference for high-risk AI in credit scoring.
- FCA SM&CR
vortalis_proxy/compliance/fca_smcr.py
tests/conformance/regulators/fca_smcr/ - SEC AI conduct
vortalis_proxy/compliance/sec_ai_conduct.py
tests/conformance/regulators/sec_ai_conduct/ - FINRA
vortalis_proxy/compliance/finra.py
tests/conformance/regulators/finra/ - MiFID II
vortalis_proxy/compliance/frameworks.py - DORA
vortalis_proxy/compliance/frameworks.py - SOC 2
vortalis_proxy/compliance/frameworks.py - CSDR and SDR
vortalis_proxy/compliance/csdr_sdr.py
Settlement-discipline evidence pack. Cash penalties under CSDR Article 7(2) are mapped as in force; mandatory buy-in under Article 7(3) to 7(7) is mapped as dormant, because under CSDR as amended by Regulation (EU) 2023/2845 it applies only once the European Commission adopts an implementing act. See the honest limits below.
Honest limits
What this sector pack does not do.
Vortalis does not execute trades, settle transactions, or move funds; it governs AI-agent decisions about those actions.
The policy templates gate the actions an AI agent may take. The actual venue submission, the actual customer-portal delivery, the actual core-banking suspension all happen in the operator's existing infrastructure. The audit chain records the agent's decision and the upstream outcome; it does not move money.
Counterparty certification with Bloomberg, FIX networks, SWIFT, exchange APIs, and broker-dealer integrations is the operator's responsibility.
Vortalis ships financial adapters as code (FIX, SWIFT ISO 20022, SWIFT MT and ISO 15022, Bloomberg, Genesis, Taskize, and Symphony), not as counterparty-certified production integrations. Production certification with each venue, network, and counterparty sits with the operator. The Vortalis adapters provide a starting shape; conformance against the counterparty's certification programme is the operator's track.
Best-execution evidence is an audit-trail query; the determination of which venues qualify as best execution in a given jurisdiction is the operator's responsibility to encode in policy.
MiFID II Article 27 and FINRA Rule 5310 both require the firm to take all sufficient steps to obtain the best possible result for the client. The Vortalis audit chain records every order action with the venue, instrument, side, quantity, and price; an examiner can reconstruct the order trail. The list of venues that qualify as best execution, the weighting of price against speed and likelihood of execution, and the firm's periodic review schedule all live in the firm's written best-execution policy.
The SM&CR senior-manager-attribution chain depends on the operator's tenant configuration linking each agent to the responsible senior manager. Vortalis enforces the chain; the assignment lives in operator configuration.
The Vortalis audit chain captures the principal-chain on every governed action. When the operator threads the senior-manager-to-agent map into Tenant.config, every action surfaces with a named senior manager in the chain; FCA SM&CR enforcement reconstruction reads the chain by senior-manager id. The map itself is the operator's responsibility: Vortalis does not infer which senior manager is responsible for which AI agent.
The SEC AI rulemaking landscape is in flux. The evidence pack distinguishes published rules from anticipated rules; we do not invent SEC positions.
Investment Advisers Act § 206 and 17 CFR § 275.206(4)-7 are published rules in force. The 2024 SEC risk alerts on AI-washing are published interpretive guidance under existing anti-fraud authority. The 2023 Predictive Data Analytics rulemaking proposal is PROPOSED and may differ materially from any final rule. Controls in the SEC AI conduct pack are tagged by source so an external auditor can distinguish them.
The CSDR and SDR settlement-discipline pack maps the cash-penalty mechanism as in force and mandatory buy-in as dormant. It has not yet had external legal review.
Under CSDR as amended by Regulation (EU) 2023/2845 (CSDR Refit), the Article 7(2) cash-penalty mechanism remains in force, but mandatory buy-in under Article 7(3) to 7(7) is a measure of last resort that applies only if and when the European Commission adopts an implementing act activating it; no such act is in force, so the pack maps buy-in as dormant and makes no active buy-in claim. The pack is grounded in the published regulation text but has not yet been reviewed by external counsel. Vortalis does not operate a securities settlement system, does not calculate or collect penalties, and does not execute a buy-in; the settlement activity, the CSD authorisation, and the regulatory reporting are the operator's.
The general-purpose honest limits sit at /product/security-architecture; this list is specific to the financial-services pack.
Sample scenarios for illustration
How operators put the pack to work.
These are illustrative deployments, not customer references. No named customer testimonials appear here, because the first external engagements are still landing. Each scenario describes a plausible shape of a Vortalis deployment in this sector.
Illustration 1
A UK asset manager deploying an investment-advice agent on a market-data platform, governing MiFID II suitability and SM&CR attribution through Vortalis. The agent runs against a Vortalis-tokenised view of client profiles and produces a signed audit trail the FCA can verify offline.
Illustration 2
A broker-dealer running a trade-execution agent over a FIX connection, governing MiFID II best execution and FINRA Rule 5310 through Vortalis. Orders above the desk's notional threshold are gated behind a head-of-trading approval, and every order action is recorded with its venue, instrument, and price on the chain.
Illustration 3
A bank deploying a fraud-monitoring agent across its transaction stream, governing the FCA Financial Crime Guide and BSA/AML obligations through Vortalis. Customer suspension and transaction reversal stay behind a certified investigator, and each case decision is signed into an offline-verifiable audit trail.
Evidence-pack preview
Signed. Offline-verifiable.
A sample FCA SM&CR and MiFID II evidence pack, showing the structure of a signed, offline-verifiable pack. Signed. Offline-verifiable.
Download the sample financial-services evidence pack (PDF)Sample artefact. This is a placeholder evidence pack for layout and review; a real signed, offline-verifiable pack replaces it before launch.
Bring Vortalis to your financial-services agents.
Pick the sub-vertical above. Read the integration brief if you would rather start with the engineering detail. Talk to us first if you would rather start with a conversation about your threat model.