Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Next »

1. Document Purpose and Structure

Purpose

The Unique AG, a Swiss technology (SaaS) provider, is developing and advancing GPT-technology for the Financial Services Industry. Our flagship product “Unique FinanceGPT” is a tailored solution for the financial industry that aims to increase productivity by automating manual workload through AI and ChatGPT solutions.

Generative artificial intelligence (GenAI), like GPT models, has experienced swift progress, and its capacity to revolutionize various industries has generated a mixture of enthusiasm and concern. For example, Accenture’s 2023 Technology Vision report asserts that the impact of large language models (LLMs), the basis of GenAI’s output, on businesses is not a matter of “if” but “how.” They also highlight the transformative potential of these foundational models in reshaping human-AI interactions.

At Unique, our foremost objective is to build and execute the most secure GPT-based solutions for the financial services industry (FSI) and emerge as a leading partner for GPT-driven use cases in this sector. Ensuring the security of sensitive data entrusted to us by our financial services customers (mainly banks and insurances) is our leading commitment. Therefore, we prioritize the security and resiliency of our IT systems, applications, and business processes. We foster a highly secure IT setup and adhere to the principle of data minimization, incorporating the most robust compliance setup in the industry.

This proactive approach enables us to reduce any potential misuse of credentials, securely store and manage client data, adhere to highest privileged access standards, and respond swiftly to emerging threats. Our system is designed to provide exceptional resistance to data exfiltration, and we recognize that security has to be integrated across the company within the development life cycle, IT operations, and business processes.

Unique closely partners with Microsoft to offer GenAI solutions in a secured and controlled environment: when working with Unique and using Microsoft Azure OpenAI Services, users are using an enterprise and private instance of OpenAI’s GPT model packaged and hosted by Microsoft Switzerland (prompts and answered are not shared with OpenAI nor Microsoft; to be precise: Microsoft processes the data but never stores the data). Unique is also able to integrate other type of LLMs, e.g. self-trained open-source models like Mistral. We also offer different deployment options like cloud-based solutions hosted by Unique or the bank or on-prem deployments are also possible.

This paper outlines the most important measures and processes that are in place to safeguard our customers’ valuable information. Collectively, we refer to these measures and processes as the Unique Compliance Layer.

In addition to this document, we encourage you to review our public documentation (https://unique-ch.atlassian.net/wiki/spaces/PUB/pages/445612410/Security+Compliance+Data+Protection) and our Technical and Organizational Measures (Data Processing Addendum (unique.ch)).

Unique is also dedicated to a comprehensive AI Governance program that aligns with its clients' values and regulatory compliance while also meeting high integrity standards. We employ a variety of strategies for AI Governance, including automated benchmarking for quality and correctness checks, the implementation of principles and operationalisation encompassing processes, procedures, policies, and regulations, and risk mitigation for GenAI. Further information can be found in our public documentation (https://unique-ch.atlassian.net/wiki/spaces/PUB/pages/512360474/AI+Governance). . These measures detail the security attributes, procedures, and safeguards relevant to our cloud services. They also encompass customizable options for customers, all of which adhere to established industry best practices for information security.

Structure

The document starts with describing the challenges when working with GPT-based technology in the FSI space where the reader is guided along the path of data processing and storage, prompt review and legal setup when working with GPT-based technology. Following this, we explain the 7 key pillars of the Unique Compliance Layer in detail.

Unique services are already ISO 27001, ISO 9001 and SOC2 Type 1 certified. In addition, Unique completed a report on FINMA Outsourcing Circular 2018/3 certified by an independent auditor to show compliance with the Swiss Financial Service Regulator. Unique is in the process of acquiring SOC 2/ ISAE 3000 Type 2 by the end of 2024.

2. Challenges When Working with GPT-Technology in FSI

Although GPT-technology offers numerous advantages, it’s important to recognize that banks and other regulated financial services face significant hurdles due to stringent industry regulations. Presently, financial services encounter challenges stemming from the absence of specific regulations, as well as concerns regarding data privacy and confidentiality. These factors collectively pose difficulties in incorporating client identifying data (CID) or proprietary knowledge into the LLMs and other models.

AI models, including GenAI, are exposed to existing risks like bias, lack of transparency, and potential misuse. But GenAI also adds further risks, such as model confabulations and unclear data inputs. As GenAI models continue to advance, several challenges arise when financial institutions, such as banks and insurance companies, seek to leverage ChatGPT and similar tools and technologies.

  • Data storage by OpenAI or comparable GPT services

  • Data processing and access by OpenAI or comparable GPT services

  • Prompt review and data storage for training purposes of LLMs

  • Regulatory compliance, e.g. not in line with GDPR when data is sent to a US-based API/ LLM

  • Unclear legal framework regarding DPA, privacy statement and Terms of Service

  • No citations available to check for factual correctness

  • Outdated information as OpenAI model is trained with data only until 2021

  • Training data, in the context of GenAI models, amplifies concerns related to privacy, confidentiality, and copyright.

  • Risks associated with LLMs (see for example list of risks by OWASP: https://owasp.org/www-project-top-10-for-large-language-model-applications/)

Unique FinanceGPT offers a secure and regulatory-compliant approach to effectively leverage GPT-driven use cases. In the forthcoming sections, you will discover in-depth insights into Unique’s innovative approach to constructing an advanced compliance framework that encompasses data protection, IT, and cybersecurity considerations.

3. How Unique Protects Client Data: Introduction to the Compliance Layer

In the given context, the compliance layer refers to a set of principles, processes, and control structures established by Unique to comply with legal, regulatory, and internal requirements for our financial services customers. It is a mechanism that protects the organization from compliance breaches and ensures that it adheres to generally accepted market standards and codes of conduct and data protection principles, in Switzerland and Europe.

The compliance layer includes measures such as data minimization, encryption/anonymization/pseudonymization of data, classification of data, access control, and responsible prompting. It also involves leveraging banks’ compliance models and obtaining informed consent. By implementing Unique’s compliance layer for FinanceGPT, FSI can strengthen the security of applications, increase protection against potential threats, and ensure compliance with Swiss data protection laws and GDPR.

image-20240820-063900.png

3.1 Enterprise setup via Microsoft Azure OpenAI API

No Model Training

Neither Unique nor Microsoft use any client data for training purposes of AI or any other neural network models.

Unique uses the pre-trained base models provided by Microsoft and does not train any models on data provided by the customer. Unique uses RAG technology to give context to the model when prompting.

Deployment Models

Different deployment models are available:

  1. SaaS on Unique cloud

  2. Separate single tenant on Unique cloud (data storage and processing physically separated from other customers)

  3. Deployment on customer Azure tenant (data storage and processing on your own cloud environment)

  4. On premises

Clients can choose from the most appropriate deployment model and incorporate their security and data protection requirements. Depending on the deployment, various security and data protection options can be chosen and customized to account for client needs (see https://unique-ch.atlassian.net/wiki/spaces/~6246b27ef3824d006a593faa/pages/edit-v2/715849812#5.-Feature-overview).

FSI Amendments

We also have in place recommended FSI amendments for our contracts with Microsoft. In detail:

  • M453 – FINMA. This is the financial service amendment (FSA) and Jurisdiction-specific companion amendment (Switzerland) including FINMA requirements like audit rights.

  • M744 – bank secrecy. This includes professional secrecy and industry-specific terms regarding banking secrecy.

  • M329 – CH data protection. This is the amendment for Switzerland regarding Microsoft products and services Data Protection Addendum

  • For other countries (e.g. Germany), Unique also has respective amendments with Microsoft in place (e.g. German Data Protection Amendment).

No data storage by Azure OpenAI services and opt-out of human review process

Unique has an agreement with Microsoft to opt out of the logging and human review process in Azure OpenAI service for its clients (details can be found here: https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/abuse-monitoring ). This option is available for highly sensitive industries like FSI, and in this case no data (prompts or responses) is stored by Microsoft Azure OpenAI services.

Opt-out of human review process is not available on the Saas on Unique cloud deployment model. In this case prompts and responses are stored by Microsoft for human review for 30 days.

Content filtering

Unique uses content filtering (https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/content-filter) on prompts to prevent the output of harmful content on all OpenAI model deployments.

Activating this filter enhances compliance and safeguards users from the documented risk categories.

Unique follows Microsoft’s Responsible AI Principles:

  1. Privacy & Security: AI systems should be secure and respect privacy

  2. Inclusiveness: AI systems should empower everyone and engage people

  3. Accountability: People should be accountable for AI systems

  4. Transparency: AI systems should be understandable

  5. Fairness: AI systems should treat people fairly

  6. Reliability & Safety: AI systems should perform reliably and safely

More information can be found here: https://www.microsoft.com/en-us/ai/responsible-ai

Model Retirement and PTU Services

Unique also wants to provide the latest innovation to its clients. As part of this strategy, Unique has wants to transition to newer models as offered by Microsoft Inc., in line with its commitment to service improvement and technological advancement. Models are subject to scheduled retirement dates as determined by Microsoft, which routinely retires older models to introduce newer versions. In the event of a model switch, Unique will make every reasonable effort that the replacement will occur within the same designated region (e.g., Switzerland) to maintain regional consistency.

In the event that certain versions of GPT models are no longer offered in the designated region (e.g. Switzerland) by Microsoft as a Pay-As-You-Go (PAYG) service, the SaaS provider reserves the right to deliver GPT services via its own Provisioned Throughput Units (PTUs) powered platform.

3.2 Data hosting location is Switzerland (or any other location the client may chose)

Microsoft Azure Open AI services are available in Switzerland, Europe and other countries (more information can be found here https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/models#gpt-4-and-gpt-4-turbo-model-availability ).

All client data (including CID) is stored and hosted in Switzerland (Microsoft cloud in Switzerland north) or any other location offered by Microsoft and chosen by the client (details agreed during contractual discussions).

The SaaS on Unique cloud deployment model does not offer choosing a different hosting location than Switzerland north.

We also performed a Transfer Impact Assessment according to the method of D. Rosenthal (leading Tech Lawyer in Switzerland). Results can be shared upon request.

3.3 DLP (Data Leakage Prevention)

Unique provides a powerful API designed to seamlessly integrate with customers existing Data Leakage Prevention (DLP) program. This integration enables monitoring and protection of sensitive information, specifically focusing on client identifying data (CID) and personal identifying data (PII).

Key Features:

  • Seamless Integration: Unique’s API connects directly with clients’ current DLP solution, enhancing its capabilities without the need for additional DLP software.

  • Monitoring: Continuously track and check for the insertion of CID and PII, ensuring any potential data leaks are detected and addressed promptly.

  • Enhanced Protection: Strengthen clients’ data protection measures by leveraging existing DLP system to guard against the unauthorized dissemination of sensitive information.

For more details please check Data Leakage Prevention (DLP).

3.4 Restricted access to data

We have built an access concept including processes and controls to ensure users can only see what they are authorized to see, and support personell and administrators of Unique can only have temporary access to the separated tenant of a customer. Access to the environment is fully auditable via an audit log.

Unique’s restricted access concept involves the following customizable parts:

  • SSO using SAML or OIDC

  • Privileged access management (PAM), privileged identity management (PIM) with temporary access to data only, no permanent roles

  • Key management (by Unique or BYOK)

  • Encryption of data in transit and at rest (using HSM-backed key)

  • Audit logs

  • Enforced 2FA with strong password policy

  • Terms and Conditions for end-users

  • Regular threat-modeling workshops and continuous Bug Bounty Program.

3.5 Privacy by design and default

Privacy by design and default are fundamental principles for Unique, guiding our commitment to protecting client data. From the inception of our software solutions, during software development and also for UI/UX design, we prioritize the integration of robust privacy measures, ensuring that data protection is built in our products and services. This approach not only complies with Swiss and European data protection regulations but also fosters trust among our clients. By default, our systems are configured to prioritize user privacy, granting individuals control over their data while minimizing the need for additional user intervention.

We further place high importance on responsible AI and our AI-generated content is protected in several ways:

  1. Content Protection through AI-Generated Watermarks: Employ AI-generated watermarks to safeguard content integrity.

  2. End-User Terms and Conditions (T&Cs): Provide comprehensive Terms and Conditions for end-users, ensuring legal clarity.

  3. Client and Employee Training: Deliver training programs for both clients and employees to enhance security awareness and competence.

  4. Awareness Campaigns and Security Knowledge Sharing: Execute awareness campaigns and promote the sharing of security insights and best practices.

  5. AI Policy Implementation: Enforce a robust AI policy to govern responsible AI use within the organization.

  6. Adherence to OWASP Responsible AI Framework: Comply with the OWASP Responsible AI framework, ensuring ethical and secure AI practices.

3.6 Ensure accuracy of LLM output

Unique has built in a feedback loop (following the human-in-loop concept) in all Gen-AI based features. This is twofold:

  1. Empowering User Control ("Human in the Loop"): Users have the option to modify AI-generated output, ensuring control and also adding a personalized touch.

  2. Soliciting User Feedback on AI Output:

    1. We encourage users to provide feedback on the AI-generated content to gauge its alignment with their expectations.

    2. To maintain security, we caution users not to share any confidential information when providing feedback.

In addition, Unique offers benchmarking to enable the clients to test prompts and answers. By using the benchmarking feature, clients can on a large scale ensure a high quality (accuracy) of the output (answers) by automatically comparing answers to the ground truth and creating a score using LLMs and vector distance as well as detections of hallucinations to make sure data and model drift is detected early on.

Further details can be found at Benchmarking.

3.6 Risk Management of LLMs

Unique ensures continuous improvement of vulnerability management to maintain the integrity, availability, and confidentiality of large language models (LLMs). By regularly updating security protocols and addressing potential vulnerabilities (as guided by the https://owasp.org/www-project-top-10-for-large-language-model-applications/ ), Unique safeguards the performance and reliability of LLMs. This proactive approach minimizes risks and enhances the overall security posture.

More information can be found at OWASP Top 10 for LLM Applications.

4. Further information

5. Feature overview

Overview of feature availability depending on deployment model

Feature

Multitenant

Single Tenant

Customer Tenant

On Premises

SSO

AVAILABLE

AVAILABLE

AVAILABLE

AVAILABLE

End-User TOCs

AVAILABLE

AVAILABLE

AVAILABLE

AVAILABLE

DLP integration

NOT AVAILABLE

AVAILABLE

AVAILABLE

AVAILABLE

Benchmarking

AVAILABLE

AVAILABLE

AVAILABLE

AVAILABLE

Enforced 2FA with strong password policy

AVAILABLE

AVAILABLE

NOT APPLICABLE

NOT APPLICABLE

FSI Amendments

NOT AVAILABLE

AVAILABLE

NOT APPLICABLE

NOT APPLICABLE

Opt-Out for abuse monitoring

NOT AVAILABLE

AVAILABLE

NOT APPLICABLE

NOT APPLICABLE

Content filtering

AVAILABLE

AVAILABLE

AVAILABLE

NOT APPLICABLE

Data hosting location

Switzerland north

https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/models#standard-deployment-model-availability

All regions that support the models needed

https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/models#standard-deployment-model-availability

All regions that support the models needed

NOT APPLICABLE

Temporary access to data

NOT AVAILABLE

AVAILABLE

NOT APPLICABLE

NOT APPLICABLE

Privileged Access Management (PAM)

NOT AVAILABLE

AVAILABLE

NOT APPLICABLE

NOT APPLICABLE

Encryption key management (BYOK)

NOT AVAILABLE

AVAILABLE

AVAILABLE

NOT APPLICABLE

HSM-backed encryption keys

NOT AVAILABLE

AVAILABLE

AVAILABLE

NOT APPLICABLE

Features are not applicable on Customer Tenant or On Premises because Unique does not act as a data processor anymore in these deployment models, only as a software provider.

6. Disclaimer

The content contained herein is correct as of August 2024, and represents the status quo as of the time it was written. Unique’s data protection and security policies and systems may change going forward, as we continually improve standards for our customers.

7. Abbreviations 

Abbreviation 

Full Term 

CDO 

Chief Data Officer 

CISO 

Chief Information Security Officer 

CID 

Client identifying data 

DPA 

Data Processing Addendum 

DLP 

Data Leakage Prevention 

FINMA 

Swiss Financial Market Supervisory Authority 

FSI 

Financial Services Clients 

GenAI 

Generative Artificial Intelligence 

GDPR 

General Data Protection Regulation 

ISO 

International Standards Organization 

LLM 

Large Language Model 

MS 

Microsoft 

OWASP 

Open Web Application Security Project

SaaS 

Software as a Service 

Authors

Michael Dreher Sina Wulfmeyer

Version

V 2.0

Last reviewed

 

  • No labels