Even the smallest financial institutions (FIs) are sophisticated and complex. They offer a wide variety of services to customers, from savings and checking accounts to loans to portfolio management and financial advice. As the number of services offered or customers served scales up, it becomes ever more critical to have systematic, standard operating procedures in place. SOPs have been called a “gray area” in terms of trade secret protection, but at the very least they are the backbone of an organization’s policies and procedures.

Cybersecurity rigor keeps critical documentation secure, especially when using technology to access, store, or maintain SOPs and other critical internal documentation. But with the explosive rise of AI comes a variety of new security and public domain risks that financial institutions need to consider in technology choices. 

To maintain the security of critical internal documentation like SOPs, financial institutions need to look very closely at the cybersecurity practices that their AI partners follow. Finding AI solutions that are purpose-built for financial institutions not only keeps security practices top of mind, but they build their solutions with these challenges at the forefront.

Consider Posh AI’s Knowledge Assistant product. Knowledge Assistant provides employees at financial institutions with quick and efficient access to information thanks to generative AI. The solution ingests a company’s internal documents, like SOPs, to build the internal search bases that quickly serve answers to customer questions, cutting search time by 93 percent. Because Posh’s solutions are purpose-built for community banks, credit unions, and other financial institutions, we performed a thorough risk assessment to determine the most secure AI platform to partner with. 

This risk assessment led us to Open AI’s enterprise model, which has a zero data retention (ZDR) policy, ensuring that customer data is not stored or viewed by human eyes at Open AI. Open AI doesn’t offer ZDR to just anyone, and Posh had to undergo an application and approval process. The enterprise model is not trained with business data and encrypts all data at rest and in transit. The combination of Open AI’s enterprise model and Posh’s approach to security provides significant security benefits to its customers, including:

• No humans at Open AI ever see company data when it’s uploaded into Knowledge Assistant
• Storage only happens in the Posh environment, not with Open AI
• Additional security measures, such as requiring authentication with enforced MFA or SSO to access the Knowledge Assistant
• Role-based access control (RBAC) enables varying levels of access to ensure that only the right people have access to files, file uploads, and manage the knowledge base

Posh’s combination of RBAC, encryption standards, redaction of PII, security standards, and other risk and threat mitigation controls ensures we protect, secure, and encrypt customer information. It maintains comprehensive compliance, including SOC 2 Type II, GLBA Self-Assessment, and CSA Star Level 1 and 2. To learn more about Posh’s security methods, visit posh.ai/trust. To learn more about Open AI’s enterprise security, visit openai.com/enterprise-privacy. To see how Posh prioritizes security for all our banking partners, read our blog.