Compliance Layer 2.0
1. Document Purpose and Structure
Purpose
The Unique AG, a Swiss technology (SaaS) provider, is developing and advancing GPT-technology for the Financial Services Industry. Our flagship product “Unique FinanceGPT” is a tailored solution for the financial industry that aims to increase productivity by automating manual workload through AI and ChatGPT solutions.
Generative artificial intelligence (GenAI), like GPT models, has experienced swift progress, and its capacity to revolutionize various industries has generated a mixture of enthusiasm and concern. For example, Accenture’s 2023 Technology Vision report asserts that the impact of large language models (LLMs), the basis of GenAI’s output, on businesses is not a matter of “if” but “how.” They also highlight the transformative potential of these foundational models in reshaping human-AI interactions.
At Unique, our foremost objective is to build and execute the most secure GPT-based solutions for the financial services industry (FSI) and emerge as a leading partner for GPT-driven use cases in this sector. Ensuring the security of sensitive data entrusted to us by our financial services customers (mainly banks and insurances) is our leading commitment. Therefore, we prioritize the security and resiliency of our IT systems, applications, and business processes. We foster a highly secure IT setup and adhere to the principle of data minimization, incorporating the most robust compliance setup in the industry.
This proactive approach enables us to reduce any potential misuse of credentials, securely store and manage client data, adhere to highest privileged access standards, and respond swiftly to emerging threats. Our system is designed to provide exceptional resistance to data exfiltration, and we recognize that security has to be integrated across the company within the development life cycle, IT operations, and business processes.
Unique closely partners with Microsoft to offer GenAI solutions in a secured and controlled environment: when working with Unique and using Microsoft Azure OpenAI Services, users are using an enterprise and private instance of OpenAI’s GPT model packaged and hosted by Microsoft Switzerland (prompts and answered are not shared with OpenAI nor Microsoft; to be precise: Microsoft processes the data but never stores the data). Unique is also able to integrate other type of LLMs, e.g. self-trained open-source models like Mistral. We also offer different deployment options like cloud-based solutions hosted by Unique or the bank or on-prem deployments are also possible.
This paper outlines the most important measures and processes that are in place to safeguard our customers’ valuable information. Collectively, we refer to these measures and processes as the Unique Compliance Layer.
In addition to this document, we encourage you to review our public documentation (Security, Compliance & Data Protection and our Technical and Organizational Measures (Data Processing Addendum (unique.ch)).
Unique is also dedicated to a comprehensive AI Governance program that aligns with its clients' values and regulatory compliance while also meeting high integrity standards. We employ a variety of strategies for AI Governance, including automated benchmarking for quality and correctness checks, the implementation of principles and operationalisation encompassing processes, procedures, policies, and regulations, and risk mitigation for GenAI. Further information can be found in our public documentation (AI Governance . These measures detail the security attributes, procedures, and safeguards relevant to our cloud services. They also encompass customizable options for customers, all of which adhere to established industry best practices for information security.
Structure
The document starts with describing the challenges when working with GPT-based technology in the FSI space where the reader is guided along the path of data processing and storage, prompt review and legal setup when working with GPT-based technology. Following this, we explain the 7 key pillars of the Unique Compliance Layer in detail.
Unique services are already ISO 27001, ISO 9001 and SOC2 Type 1 certified. In addition, Unique completed a report on FINMA Outsourcing Circular 2018/3 certified by an independent auditor to show compliance with the Swiss Financial Service Regulator. Unique is in the process of acquiring SOC 2/ ISAE 3000 Type 2 by the end of 2024.
2. Challenges When Working with GPT-Technology in FSI
Although GPT-technology offers numerous advantages, it’s important to recognize that banks and other regulated financial services face significant hurdles due to stringent industry regulations. Presently, financial services encounter challenges stemming from the absence of specific regulations, as well as concerns regarding data privacy and confidentiality. These factors collectively pose difficulties in incorporating client identifying data (CID) or proprietary knowledge into the LLMs and other models.
AI models, including GenAI, are exposed to existing risks like bias, lack of transparency, and potential misuse. But GenAI also adds further risks, such as model confabulations and unclear data inputs. As GenAI models continue to advance, several challenges arise when financial institutions, such as banks and insurance companies, seek to leverage ChatGPT and similar tools and technologies.
Data storage by OpenAI or comparable GPT services
Data processing and access by OpenAI or comparable GPT services
Prompt review and data storage for training purposes of LLMs
Regulatory compliance, e.g. not in line with GDPR when data is sent to a US-based API/ LLM
Unclear legal framework regarding DPA, privacy statement and Terms of Service
No citations available to check for factual correctness
Outdated information as OpenAI model is trained with data only until 2021
Training data, in the context of GenAI models, amplifies concerns related to privacy, confidentiality, and copyright.
Risks associated with LLMs (see for example list of risks by OWASP: https://owasp.org/www-project-top-10-for-large-language-model-applications/)
Unique FinanceGPT offers a secure and regulatory-compliant approach to effectively leverage GPT-driven use cases. In the forthcoming sections, you will discover in-depth insights into Unique’s innovative approach to constructing an advanced compliance framework that encompasses data protection, IT, and cybersecurity considerations.
3. How Unique Protects Client Data: Introduction to the Compliance Layer
In the given context, the compliance layer refers to a set of principles, processes, and control structures established by Unique to comply with legal, regulatory, and internal requirements for our financial services customers. It is a mechanism that protects the organization from compliance breaches and ensures that it adheres to generally accepted market standards and codes of conduct and data protection principles, in Switzerland and Europe.
The compliance layer includes measures such as data minimization, encryption/anonymization/pseudonymization of data, classification of data, access control, and responsible prompting. It also involves leveraging banks’ compliance models and obtaining informed consent. By implementing Unique’s compliance layer for FinanceGPT, FSI can strengthen the security of applications, increase protection against potential threats, and ensure compliance with Swiss data protection laws and GDPR.
3.1 Enterprise setup via Microsoft Azure OpenAI API
No Model Training
Neither Unique nor Microsoft use any client data for training purposes of AI or any other neural network models.
Unique uses the pre-trained base models provided by Microsoft and does not train any models on data provided by the customer. Unique uses RAG technology to give context to the model when prompting.
Deployment Models
Different deployment models are available:
SaaS on Unique cloud
Separate single tenant on Unique cloud (data storage and processing physically separated from other customers)
Deployment on customer Azure tenant (data storage and processing on your own cloud environment)
On premises
Clients can choose from the most appropriate deployment model and incorporate their security and data protection requirements. Depending on the deployment, various security and data protection options can be chosen and customized to account for client needs (see https://unique-ch.atlassian.net/wiki/spaces/~6246b27ef3824d006a593faa/pages/edit-v2/715849812#5.-Feature-overview).
FSI Amendments
We also have in place recommended FSI amendments for our contracts with Microsoft. In detail:
M453 – FINMA. This is the financial service amendment (FSA) and Jurisdiction-specific companion amendment (Switzerland) including FINMA requirements like audit rights.
M744 – bank secrecy. This includes professional secrecy and industry-specific terms regarding banking secrecy.
M329 – CH data protection. This is the amendment for Switzerland regarding Microsoft products and services Data Protection Addendum
For other countries (e.g. Germany), Unique also has respective amendments with Microsoft in place (e.g. German Data Protection Amendment).
No data storage by Azure OpenAI services and opt-out of human review process
Unique has an agreement with Microsoft to opt out of the logging and human review process in Azure OpenAI service for its clients (details can be found here: Azure OpenAI Service abuse monitoring - Azure OpenAI ). This option is available for highly sensitive industries like FSI, and in this case no data (prompts or responses) is stored by Microsoft Azure OpenAI services.
Opt-out of human review process is not available on the Saas on Unique cloud deployment model. In this case prompts and responses are stored by Microsoft for human review for 30 days.
Content filtering
Unique uses content filtering (https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/content-filter) on prompts to prevent the output of harmful content on all OpenAI model deployments.
Activating this filter enhances compliance and safeguards users from the documented risk categories.
Unique follows Microsoft’s Responsible AI Principles:
Privacy & Security: AI systems should be secure and respect privacy
Inclusiveness: AI systems should empower everyone and engage people
Accountability: People should be accountable for AI systems
Transparency: AI systems should be understandable
Fairness: AI systems should treat people fairly
Reliability & Safety: AI systems should perform reliably and safely
More information can be found here: https://www.microsoft.com/en-us/ai/responsible-ai
Model Retirement and PTU Services
Unique also wants to provide the latest innovation to its clients. As part of this strategy, Unique has wants to transition to newer models as offered by Microsoft Inc., in line with its commitment to service improvement and technological advancement. Models are subject to scheduled retirement dates as determined by Microsoft, which routinely retires older models to introduce newer versions. In the event of a model switch, Unique will make every reasonable effort that the replacement will occur within the same designated region (e.g., Switzerland) to maintain regional consistency.
In the event that certain versions of GPT models are no longer offered in the designated region (e.g. Switzerland) by Microsoft as a Pay-As-You-Go (PAYG) service, the SaaS provider reserves the right to deliver GPT services via its own Provisioned Throughput Units (PTUs) powered platform.
3.2 Data hosting location is Switzerland (or any other location the client may chose)
Microsoft Azure Open AI services are available in Switzerland, Europe and other countries (more information can be found here https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/models#gpt-4-and-gpt-4-turbo-model-availability ).
All client data (including CID) is stored and hosted in Switzerland (Microsoft cloud in Switzerland north) or any other location offered by Microsoft and chosen by the client (details agreed during contractual discussions).
We also performed a Transfer Impact Assessment according to the method of D. Rosenthal (leading Tech Lawyer in Switzerland). Results can be shared upon request.
3.3 DLP (Data Leakage Prevention)
Unique provides a powerful API designed to seamlessly integrate with customers existing Data Leakage Prevention (DLP) program. This integration enables monitoring and protection of sensitive information, specifically focusing on client identifying data (CID) and personal identifying data (PII).
Key Features:
Seamless Integration: Unique’s API connects directly with clients’ current DLP solution, enhancing its capabilities without the need for additional DLP software.
Monitoring: Continuously track and check for the insertion of CID and PII, ensuring any potential data leaks are detected and addressed promptly.
Enhanced Protection: Strengthen clients’ data protection measures by leveraging existing DLP system to guard against the unauthorized dissemination of sensitive information.
For more details please check Data Leakage Prevention (DLP).
3.4 Restricted access to data
We have built an access concept including processes and controls to ensure users can only see what they are authorized to see, and support personell and administrators of Unique can only have temporary access to the separated tenant of a customer. Access to the environment is fully auditable via an audit log.
Unique’s restricted access concept involves the following customizable parts:
SSO using SAML or OIDC
Privileged access management (PAM), privileged identity management (PIM) with temporary access to data only, no permanent roles
Key management (by Unique or BYOK)
Encryption of data in transit and at rest (using HSM-backed key)
Audit logs
Enforced 2FA with strong password policy
Terms and Conditions for end-users
Regular threat-modeling workshops and continuous Bug Bounty Program.
3.5 Privacy by design and default
Privacy by design and default are fundamental principles for Unique, guiding our commitment to protecting client data. From the inception of our software solutions, during software development and also for UI/UX design, we prioritize the integration of robust privacy measures, ensuring that data protection is built in our products and services. This approach not only complies with Swiss and European data protection regulations but also fosters trust among our clients. By default, our systems are configured to prioritize user privacy, granting individuals control over their data while minimizing the need for additional user intervention.
We further place high importance on responsible AI and our AI-generated content is protected in several ways:
Content Protection through AI-Generated Watermarks: Employ AI-generated watermarks to safeguard content integrity.
End-User Terms and Conditions (T&Cs): Provide comprehensive Terms and Conditions for end-users, ensuring legal clarity.
Client and Employee Training: Deliver training programs for both clients and employees to enhance security awareness and competence.
Awareness Campaigns and Security Knowledge Sharing: Execute awareness campaigns and promote the sharing of security insights and best practices.
AI Policy Implementation: Enforce a robust AI policy to govern responsible AI use within the organization.
Adherence to OWASP Responsible AI Framework: Comply with the OWASP Responsible AI framework, ensuring ethical and secure AI practices.
3.6 Ensure accuracy of LLM output
Unique has built in a feedback loop (following the human-in-loop concept) in all Gen-AI based features. This is twofold:
Empowering User Control ("Human in the Loop"): Users have the option to modify AI-generated output, ensuring control and also adding a personalized touch.
Soliciting User Feedback on AI Output:
We encourage users to provide feedback on the AI-generated content to gauge its alignment with their expectations.
To maintain security, we caution users not to share any confidential information when providing feedback.
In addition, Unique offers benchmarking to enable the clients to test prompts and answers. By using the benchmarking feature, clients can on a large scale ensure a high quality (accuracy) of the output (answers) by automatically comparing answers to the ground truth and creating a score using LLMs and vector distance as well as detections of hallucinations to make sure data and model drift is detected early on.
Further details can be found at Benchmarking.
3.6 Risk Management of LLMs
Unique ensures continuous improvement of vulnerability management to maintain the integrity, availability, and confidentiality of large language models (LLMs). By regularly updating security protocols and addressing potential vulnerabilities (as guided by the https://owasp.org/www-project-top-10-for-large-language-model-applications/ ), Unique safeguards the performance and reliability of LLMs. This proactive approach minimizes risks and enhances the overall security posture.
More information can be found at OWASP Top 10 for LLM Applications.
4. Further information
Public Documentation: Public Documentation
Homepage: https://www.unique.ch
Whitepaper on Security and Data Protection (on request)
5. Feature overview
Overview of feature availability depending on deployment model
Feature | Multitenant | Single Tenant | Customer Tenant | On Premises |
---|---|---|---|---|
SSO | AVAILABLE | AVAILABLE | AVAILABLE | AVAILABLE |
End-User TOCs | AVAILABLE | AVAILABLE | AVAILABLE | AVAILABLE |
DLP integration | NOT AVAILABLE | AVAILABLE | AVAILABLE | AVAILABLE |
Benchmarking | AVAILABLE | AVAILABLE | AVAILABLE | AVAILABLE |
Enforced 2FA with strong password policy | AVAILABLE | AVAILABLE | NOT APPLICABLE | NOT APPLICABLE |
FSI Amendments | AVAILABLE | AVAILABLE | NOT APPLICABLE | NOT APPLICABLE |
Opt-Out for abuse monitoring | AVAILABLE | AVAILABLE | NOT APPLICABLE | NOT APPLICABLE |
Content filtering | AVAILABLE | AVAILABLE | AVAILABLE | NOT APPLICABLE |
Data hosting location | Switzerland north | All regions that support the models needed | All regions that support the models needed | NOT APPLICABLE |
Temporary access to data | NOT AVAILABLE | AVAILABLE | NOT APPLICABLE | NOT APPLICABLE |
Privileged Access Management (PAM) | NOT AVAILABLE | AVAILABLE | NOT APPLICABLE | NOT APPLICABLE |
Encryption key management (BYOK) | NOT AVAILABLE | AVAILABLE | AVAILABLE | NOT APPLICABLE |
HSM-backed encryption keys | NOT AVAILABLE | AVAILABLE | AVAILABLE | NOT APPLICABLE |
6. Disclaimer
The content contained herein is correct as of August 2024, and represents the status quo as of the time it was written. Unique’s data protection and security policies and systems may change going forward, as we continually improve standards for our customers.
7. Abbreviations
Abbreviation | Full Term |
CDO | Chief Data Officer |
CISO | Chief Information Security Officer |
CID | Client identifying data |
DPA | Data Processing Addendum |
DLP | Data Leakage Prevention |
FINMA | Swiss Financial Market Supervisory Authority |
FSI | Financial Services Clients |
GenAI | Generative Artificial Intelligence |
GDPR | General Data Protection Regulation |
ISO | International Standards Organization |
LLM | Large Language Model |
MS | Microsoft |
OWASP | Open Web Application Security Project |
SaaS | Software as a Service |
Authors | @Michael Dreher @Sina Wulfmeyer |
---|---|
Version | V 2.0 |
Last reviewed | Aug 30, 2024 |
© 2024 Unique AG. All rights reserved. Privacy Policy – Terms of Service