Get a Demo

Vortalis for Financial services

AI-assisted financial advice (advisory)

The trust layer for AI agents drafting and delivering financial advice to retail and professional clients.

AI-assisted advice operations move faster than a certified adviser can review them. The advisory sub-vertical pack codifies the actions an agent may take on a client account, gates the customer-facing advice and recommendation deliveries behind certified-adviser approval, and signs every decision into an audit chain an external auditor can verify offline. FCA SM&CR senior-manager attribution flows through the principal-chain on every governed action.

Regulators covered

Which frameworks the financial services pack maps to today.

Framework
Jurisdiction
Coverage
Notes
FCA SM&CR
vortalis_proxy/compliance/fca_smcr.py
tests/conformance/regulators/fca_smcr/
UK
Full
SUP 18 senior-manager attribution, COCON Conduct Rules 1-5 and SC1-SC4, SYSC 24-25 management arrangements, and DEPP enforcement evidence.
MiFID II (Articles 24 and 25)
vortalis_proxy/compliance/frameworks.py
EU and UK
Full
Suitability assessment under Article 24, order-handling and record-keeping under Article 25. Polished Phase 1 to wire audit-chain primitives into the controls where the platform supplies the evidence.
SEC Investment Advisers Act § 206
vortalis_proxy/compliance/sec_ai_conduct.py
tests/conformance/regulators/sec_ai_conduct/
US (Federal)
Full
Anti-fraud and fiduciary duty under § 206; 17 CFR § 275.206(4)-7 compliance programme rule; 2024 SEC AI-washing risk alerts. The 2023 Predictive Data Analytics rulemaking proposal is PROPOSED and tagged accordingly.
FINRA Rule 3110
vortalis_proxy/compliance/finra.py
tests/conformance/regulators/finra/
US (SRO)
Full
Supervisory obligation. Supervisor-to-agent binding flows through principalChain; require_human approvals and kill-switch activations surface as supervisory intervention points.
SOC 2
vortalis_proxy/compliance/frameworks.py
Global
Partial
CC6 access controls, CC8 change management, and PI1 processing integrity wired to platform primitives (RBAC, AdminAuditLog, IAT signing, per-tenant Merkle chain).

Adapter coverage

Upstream services Vortalis adapts for this vertical.

  • Bloomberg adapterShipping

    vortalis_proxy/services/bloomberg.py. Adapter as code; the operator holds the counterparty certification.

Action vocabulary

The policy template for this vertical.

Actions allowed

8

Each action gated by policy at the hot path.

Anticipated require_human actions

  • advice.delivered
  • recommendation.delivered

Rate-limit posture

100 advice.drafted per 24-hour rolling window; 50 advice.delivered per 24-hour rolling window; 50 recommendation.delivered per 24-hour rolling window. Defensible for a single-adviser engagement; multi-adviser tenants raise after agreement with the head of advice.

Template path: policies/sectors/financial-services/advisory-template.yaml

Integration brief

The implementation guide your engineers read first.

Available

docs/governance/integration-briefs/financial-services-advisory.md

Honest limits

What this sector pack does not do.

Vortalis does not generate the advice; AI agents do.

The policy template gates eight actions including advice.drafted, advice.delivered, and suitability.assessed. It does not write the advice, choose the product, or substitute for the certified adviser's judgement. Advice quality, factual accuracy, and the firm's product authorisation remain the operator's responsibility. Vortalis records what the agent did and when; it does not grade what the agent advised.

The SM&CR senior-manager-attribution chain depends on operator tenant configuration.

Vortalis enforces the chain at the audit-write boundary; the assignment of which senior manager is responsible for which AI agent lives in Tenant.config. The operator threads the senior-manager-to-agent map at provisioning time; without that map, the principalChain still records the delegation context but cannot bind it to a named senior manager.

Suitability assessment volume and content are operator-supplied.

The Vortalis chain records a suitability.assessed action with the agent's inputs and the resulting risk profile; the policy engine confirms suitability.assessed precedes any recommendation. The substantive judgement on whether the suitability inputs are sufficient under MiFID II Articles 24 and 25 lives in the firm's compliance manual, not in Vortalis.

The SEC AI rulemaking landscape is in flux; the evidence pack distinguishes published rules from anticipated rules.

Investment Advisers Act § 206 and 17 CFR § 275.206(4)-7 are published rules in force. The 2024 SEC risk alerts on AI-washing are published interpretive guidance under existing anti-fraud authority. The 2023 Predictive Data Analytics rulemaking proposal is PROPOSED and may differ materially from any final rule. Controls in the SEC AI conduct pack are tagged by source.

The general-purpose honest limits sit at /security/limitations; this list is specific to the financial services pack.

Bring Vortalis to your financial services agents.

Read the integration brief if you would rather start with the engineering detail. Talk to us first if you would rather start with a conversation about your threat model.

Read the integration briefTalk to an engineer