Trust Center

Security, Privacy & Governance.

Built for regulated financial operations: strong access controls, audit-ready evidence capture, and flexible deployment options for procurement and compliance needs.

Security Architecture

Data Residency

Deploy on your private cloud, on-premise, or our dedicated VPCs. You choose where your data lives.

Immutable Audit

Every action—from rule creation to break resolution—is logged in a WORM (Write Once, Read Many) ledger for compliance.

Zero Trust RBAC

Granular role-based access control. Row-level security ensures users only see what they are explicitly authorized to access.

Compliance Ready

FopsAI is designed to meet the rigorous standards of global financial institutions. We are currently undergoing SOC2 Type II certification.

SOC2 Type II (In Progress)

GDPR Compliant

ISO 27001 Aligned

SOC2

AES-256

99.9% SLA

WORM

Explainable Decisions (Glass Box)

In regulated environments, “the computer said so” is not enough. FopsAI is designed to capture evidence and reasoning so teams can operate with confidence and auditability.

Read AI Transparency Request a Trust Review

Audit Evidence

✓ Who did what, and when

✓ Inputs, outputs, and key parameters

✓ Approvals for high-impact actions

Human-in-the-Loop

✓ Review thresholds and maker-checker patterns

✓ Policy guardrails and tool allow-lists

✓ Cost ceilings and budget controls

AI Transparency

How we approach AI in regulated operations

We focus on governance: clear controls, evidence capture, and privacy-first design. Exact configurations vary by deployment and customer requirements.

Models

✓ Provider-agnostic model access (per-tenant)

✓ Policy guardrails (allow-lists, budgets, safety controls)

✓ Tool schemas and prompts designed for auditability

Data Flow

✓ Residency controls (where data is processed)

✓ Optional masking/redaction before AI calls

✓ No customer data used for training without explicit agreement

Controls

✓ Human-in-the-loop for low-confidence/high-impact actions

✓ Approvals, audit logs, and access governance

✓ Safety limits (budgets, step limits, allow-listed tools)

Privacy

✓ Tenant isolation and least-privilege access

✓ Data handling aligned to procurement expectations

✓ Deployment options for stricter requirements

Built for Global Regulatory Expectations

We don’t claim “one-click compliance”. We focus on the capabilities regulators and internal risk teams consistently expect: controls, evidence, access governance, retention, and operational resilience.

UK

• Client asset & reconciliation controls (e.g., FCA CASS)

• Operational resilience expectations

• Strong audit and evidence capture

EU

• Derivatives reconciliation expectations (e.g., EMIR)

• Data protection (GDPR)

• Emerging AI governance requirements

US

• Controls and auditability for regulated operations

• Vendor risk & third-party governance

• Model risk management expectations for AI usage