Built for bank vendor review.
Compl.AI processes some of the most sensitive data a bank holds — client identities, screening results, investigation notes. This page states plainly how that data is protected. It is written for compliance officers, CISOs and vendor-risk teams.
Swiss data residency, enforced in code
Production AI inference runs on AWS infrastructure in the Zurich region (eu-central-2). This is not only a contractual commitment: the production configuration refuses to start if the AI provider or region is anything other than Swiss-resident infrastructure. A deployment that would move inference outside Switzerland fails before it serves a single request.
production guard — if llm.region != "CH": raise ResidencyViolation()
Audit trail — append-only by construction
Every screening decision writes to an append-only audit trail with hash-linked integrity, designed around FINMA AMLA Art. 7 documentation duties. Audit records cannot be deleted or rewritten — database-level triggers block it. Evidence snapshots (source data as it existed at decision time) and full AI prompt/response logs are preserved, so every verdict can be replayed and defended years later.
Access control
- Role-based access control (admin / privileged / officer) on every endpoint.
- Row-level security at the database layer.
- Maker-checker approval workflow on screening actions and match annotations.
- API access via scoped keys or short-lived signed tokens with key rotation.
Platform hardening
- Encryption in transit (TLS) and at rest (256-bit).
- Outbound-request allow-listing (SSRF guard) — the platform cannot be induced to call internal infrastructure.
- Prompt-injection sanitisation on every field that reaches an AI model.
- Rate limiting, security headers, containers running as non-root users.
- A failed data source is surfaced as incomplete coverage — never silently reported as a clean result.
Honest coverage
A screening verdict is only as good as the sources behind it. If a sanctions list or registry could not be reached, Compl.AI marks the result incomplete and says which source failed. Absence of matches is never presented as clearance over a coverage gap.
Vendor documentation
Security documentation, subprocessor lists and completed vendor-risk questionnaires are available on request under NDA. Write to contact@complai.ch.