AI 扩展计划 / Playbooks

AI Conduct Risk / Suitability / Sales Guardrails Playbook

监管适用边界:

712 行AI_CONDUCT_RISK_SUITABILITY_SALES_GUARDRAILS_PLAYBOOK.md

AI Conduct Risk / Suitability / Sales Guardrails Architecture Playbook

面向对象: AI Product Architect / Retail Banking PM / Wealth PM / Insurance Product Owner / Senior BA / Compliance Technology Lead / Conduct Risk Owner。使用场景: 客户-facing AI、员工 assist AI、RM copilot、branch banker copilot、insurance sales support、collections next-best-action、complaint response assistant、product recommendation engine。核心产出: 一套可落地的 conduct-risk control plane, 覆盖 forbidden claims、approved copy、suitability gates、eligibility gates、disclosure、escalation、evidence、surveillance、complaints 和 remediation。

Source Anchors

Source	Link	用途
SEC Regulation Best Interest	https://www.sec.gov/regulation-best-interest	参考 Reg BI、Form CRS、broker-dealer 和 investment adviser standards of conduct 资料
FINRA Rule 2111 Suitability	https://www.finra.org/rules-guidance/rulebooks/finra-rules/2111	参考 reasonable-basis、customer-specific、quantitative suitability 的规则思想
FINRA Regulation Best Interest	https://www.finra.org/rules-guidance/key-topics/regulation-best-interest	参考 FINRA 对 Reg BI、Form CRS、检查、guidance、member tools 的汇总
CFPB Circulars / Guidance Index	https://www.consumerfinance.gov/compliance/circulars/	参考 CFPB guidance、circulars、bulletins、consumer protection expectations
NIST AI RMF	https://www.nist.gov/itl/ai-risk-management-framework	参考 Govern、Map、Measure、Manage 的 AI 风险管理结构
监管适用边界:

Not all banks are broker-dealers.
Not every deposit、credit、insurance、servicing、collections 或 customer support flow 受 SEC Reg BI 或 FINRA suitability 规则直接约束。
Broker-dealer、RIA、bank、insurance carrier、agent、card issuer、lender、servicer 的具体义务不同。
但 suitability 和 conduct-risk 概念对任何 customer-impacting financial recommendation / offer / sales-assist AI 都有架构价值。
本 playbook 不是法律意见, 而是 PM / BA / Architect 把 conduct obligations 转成产品和系统控制的设计模板。一句话:

Customer-impacting AI in finance must be governed as conduct-controlled decision support, not as a persuasive chatbot.

1. Executive Framing

AI conduct guardrails 的目标不是让 AI 永远拒答, 而是让金融机构可以安全扩大 AI 辅助销售、服务和建议能力。通用 AI trust 关注: 告知客户这是 AI、输出有引用、不确定时转人工、避免过度信任。 Conduct risk 进一步追问:

AI 是否让客户购买了不合适产品?
AI 是否暗示保证收益、资格、批准或无风险?
AI 是否帮助员工绕过许可、披露、冲突和投诉流程?
AI 是否在脆弱客户、投诉、hardship 或催收压力下继续推动销售?
机构是否能证明当时为什么允许这句话、这个 offer、这个 ranking 或这个 next best action? Product principle:

growth ambition
  + customer outcome obligation
  + conduct control architecture
  + evidence and surveillance
  = scalable responsible AI sales assist

Trust UX	Conduct Risk Architecture
校准用户信任	控制推荐、承诺、诱导、升级
关注解释和引用	关注 suitability、eligibility、conflict、disclosure
多是界面和文案	是 policy、workflow、evidence、surveillance 架构
出错后道歉或转人工	投诉、补救、根因、remediation、control update
Core principles:

AI 不应成为未经授权的 sales representative、advisor、collector 或 complaint handler。
Recommendation、offer、ranking、next best action 和 script 都要纳入 conduct scope。
资格和适当性由可审计 policy engine 判断, 不能交给 LLM 自行发挥。
Approved copy 是可版本化产品资产, 不是知识库里的一段文本。
Forbidden claims 必须 block 或 escalate。
Disclosure 要在正确时点、语境和粒度出现。
Vulnerable customer signal 要降低销售强度, 提高解释、暂停、人工和支持。
Evidence 要能重建每一次 customer-impacting recommendation。
Surveillance 要连接销售结果、客户反馈、投诉、人工 override 和 remediation。

2. Conduct Risk Taxonomy

2.1 Risk Families

Risk family	定义	AI 触发方式
Misleading representation	误导、遗漏、夸大、保证、暗示	生成不准确产品说明或收益暗示
Unsuitable recommendation	推荐不符合目标、风险、期限、财务能力	推荐或排序没有足够客户画像
Ineligible offer	客户不符合硬性资格条件	个性化 offer 未经过资格校验
Advice boundary breach	超出 AI、员工或渠道允许的建议边界	客服 AI 给具体投资、税务、法律建议
Conflict-driven behavior	推荐受佣金、quota、campaign、库存影响	AI 排序偏向机构利益
Vulnerability exploitation	对弱势客户施加压力或误导	催收、销售、续约、退保场景过度推动
Complaint mishandling	投诉未识别、未记录、未升级、回复不当	AI 把 complaint 当普通问答
Collections harm	催收话术不当、承诺错误、hardship 忽略	Next-best-action 过度施压
Evidence deficiency	不能证明规则、依据、话术和审批	缺日志、缺版本、缺 policy reason
Remediation failure	发现伤害后未纠正、补偿或更新控制	投诉和 surveillance 没有闭环

2.2 Risk Patterns

Pattern	示例	关键控制
Guaranteed outcome	"This fund will protect your retirement income."	forbidden guarantee phrase
Pre-approval implication	"You qualify for this credit line."	eligibility decision source
Hidden fees	未说明 annual fee、surrender charge、spread	approved disclosure library
Risk understatement	"Low risk" 描述复杂产品	product risk taxonomy
Channel mismatch	手机客服推荐需要 advisor 的产品	channel policy
License mismatch	非持牌员工获得证券建议脚本	employee role gate
Profile incompleteness	风险偏好或财务能力过期仍推荐	profile completeness gate
Quantitative over-trading	多次交易合起来过度	sequence surveillance
Campaign pressure	AI 为 campaign 推高某产品	conflict-aware ranking
Complaint deflection	"This is normal" 而不是开启 complaint case	complaint classifier

2.3 In-Scope AI

纳入 conduct scope: customer-facing banking assistant、wealth education assistant、insurance product explanation assistant、branch/RM/advisor copilot、call center agent assist、credit-card cross-sell recommender、deposit recommender、loan refinance recommender、collections next-best-action、complaint response draft generator、hardship support triage、fraud/dispute communication assistant。员工 assist 也要纳入, 因为员工可能复制 AI 话术、把 AI 排序当批准、或缺少识别 suitability 错误的能力。

2.4 Risk Tiering

Tier	场景	最低控制
Tier 0	内部知识检索, 不涉及客户或销售	grounding + basic audit
Tier 1	客户教育, 不个性化推荐	approved copy + forbidden claims
Tier 2	个性化比较或排序, 不直接成交	eligibility + disclosure + evidence
Tier 3	员工 next-best-action 或 sales script	role gate + suitability + human approval
Tier 4	客户-facing recommendation / offer	full conduct gate + surveillance + complaint linkage
Tier 5	regulated advice / complex product / vulnerable customer	licensed handoff + enhanced evidence + compliance review

3. Suitability And Eligibility Gates

3.1 Eligibility vs Suitability

Gate	问题	例子
Eligibility	客户是否满足硬性资格?	年龄、地区、账户类型、收入、信用、KYC、产品限制
Suitability	即使符合资格, 是否适合此客户和场景?	风险承受能力、目标、期限、流动性、经验、集中度
Advice boundary	谁可以说什么, 以什么形式说?	客服可教育, advisor 可建议, AI 只能辅助
Disclosure	客户必须知道什么?	费用、风险、冲突、替代方案、非保证、限制
一个客户可以 eligible 但 unsuitable。一个产品可以 suitable for discussion 但 not suitable for recommendation。

3.2 Customer Profile Data

Field	用途	Freshness rule
Customer objective	判断推荐目标匹配	高风险产品前必须确认
Risk tolerance	判断风险匹配	年度更新或重大事件后更新
Investment horizon	判断期限和锁定期	推荐前检查
Liquidity need	判断现金需求和退出限制	大额支出/退休/失业后重新确认
Financial ability	判断是否能承担成本或损失	推荐前检查
Knowledge/experience	判断复杂产品理解能力	复杂产品前检查
Vulnerability signals	触发降级、暂停、人工	实时或 case-level
Existing concentration	避免过度集中	推荐同类产品前检查
Complaint history	识别重复问题和 unresolved harm	互动前检查
Consent/preferences	控制营销、渠道和个性化	每次触达检查

3.3 Product Risk Metadata

Field	示例
Product category	deposit, credit, insurance, mutual fund, structured note
Complexity	low, medium, high
Principal risk	market, credit, liquidity, surrender, rate, operational
Liquidity	daily, limited, locked, penalty
Fees	annual, transaction, spread, surrender, origination
Required disclosures	fee, risk, conflict, insurance, non-FDIC, APR
Eligible channels	branch, advisor, digital, call center
Required role/license	banker, licensed advisor, insurance agent
Suitability constraints	risk tolerance, horizon, liquidity, concentration
Conflict metadata	commission, campaign, incentive, proprietary product
Approved / forbidden claims	allowed and blocked statements

3.4 Suitability Decision Model

input: customer_profile + product_metadata + scenario_context + channel + employee_role + ai_intent + proposed_claims
policy: profile_completeness + product_eligibility + customer_specific_fit + conflict_check + disclosure + advice_boundary + vulnerability_escalation
output: allow_education | allow_compare | allow_offer | require_more_info | require_disclosure | require_human_review | licensed_handoff | block

3.5 Gate Outcomes

Outcome	Product behavior
Allow	Deliver response with evidence
Allow with disclosure	Show approved disclosure before CTA
Ask more	Ask structured questions, no recommendation
Compare only	Use neutral comparison table
Education only	Use generic approved content
Human review	Queue task with evidence
Licensed handoff	Warm transfer
Block	Refuse with safe explanation
Pause journey	Stop sales flow, route support

3.6 Decision Table Example

Customer signal	Product	AI action	Policy decision
Conservative, high liquidity need	Structured note	Recommend	Block
Profile stale	Annuity rider	Suggest purchase	Ask more + advisor review
New credit customer	Premium card	Explain benefits	Allow education
Delinquent and hardship words	Balance transfer	Cross-sell	Pause + hardship route
Complaint intent	Any product	Retention offer	Complaint workflow first
High concentration	Proprietary fund	Employee script	Human review + conflict disclosure

4. Approved Claims Library

4.1 Why It Is An Architecture Asset

Approved copy must be versioned, filtered by product/channel/role/region/risk, retrievable by policy, and replayable in audit. It is not enough to put a PDF into a vector database and ask the model to be careful.

4.2 Claim Types

Type	示例	控制
Product description	"This account offers online bill pay."	approved text only
Benefit claim	"May help organize cash flow."	approved + no guarantee
Risk claim	"Market value may fluctuate."	required for risk product
Fee claim	"Monthly fee is waived when..."	source-of-record
Eligibility claim	"Available to customers who meet..."	never infer final approval
Comparison claim	"Compared with product A..."	evidence + approved method
Promotional claim	"Limited-time offer..."	campaign approval + expiry
Advice boundary claim	"I can explain options, not provide investment advice."	mandatory in boundary cases

4.3 Approved Claim Record

claim_id: claim_mm_001
product_id: money_market_account
claim_type: benefit
approved_text: "This account may help customers earn interest while keeping funds accessible under the account terms."
required_disclosures: [rate_variable, fees_may_apply]
allowed_channels: [digital, branch, call_center]
allowed_roles: [banker, customer_service]
prohibited_contexts: [hardship_collection, unresolved_complaint]
effective_from: 2026-01-01
effective_to: 2026-12-31
owner: deposit_product_compliance
approval_id: legal_approval_2026_014

4.4 Forbidden Claims

Category	Forbidden pattern	Example
Guarantee	guaranteed, no risk, can't lose	"Guaranteed to protect principal"
Pre-approval	you qualify, you are approved	"You qualify for a higher credit line"
Best/superlative	best for you, highest return	"Best option for your retirement"
Pressure	must act now, last chance	"You should take this today"
Advice overreach	buy/sell/replace specific investment	"Sell fund A and buy fund B"
Conflict hiding	no mention of incentives	"Our preferred fund is ideal"
Misleading comparison	cherry-picked or unsupported	"Always cheaper than competitors"
Complaint suppression	normalizing harm	"There is nothing to complain about"
Collections threat	unauthorized threat	"We will take legal action tomorrow"

4.5 Copy Runtime Pattern

AI intent detected -> product/channel/role resolved -> approved copy service fetches allowed fragments -> LLM composes within allowed fragments -> post-generation scanner checks forbidden and unsupported claims -> evidence logs claim ids, copy version and output hash

5. Offer And Recommendation Guardrails

5.1 What Counts As Recommendation

AI recommendation includes ranking a product first、saying "this fits your needs"、generating a call script、prompting employee cross-sell、selecting customers for offer、optimizing for acceptance or revenue、implying preferred choice through comparison、using customer data to personalize a benefit claim。

5.2 Guardrail Stack

use case intake
  -> conduct tiering
  -> customer/profile data contract
  -> product metadata contract
  -> eligibility policy
  -> suitability policy
  -> conflict policy
  -> approved copy retrieval
  -> LLM generation with constraints
  -> post-generation scan
  -> human review / licensed handoff
  -> evidence ledger
  -> surveillance and complaint linkage

5.3 Ranking Controls

Control	Description
Objective declaration	ranking objective documented, e.g. customer fit before revenue
Feature restriction	exclude protected, sensitive or vulnerability-exploitative signals
Conflict metadata	campaign/commission/proprietary flags visible
Suitability filter	remove unsuitable products before ranking
Alternatives	show relevant alternatives when appropriate
Explanation	show reason codes, not persuasive manipulation
Outcome monitoring	compare conversion, complaints, cancellations, attrition

5.4 Cross-Sell Controls

Suppress sales offers in complaint, hardship, bereavement, fraud panic or collections distress unless directly helpful.
Do not optimize solely for product acceptance.
Do not use vulnerability signals to target sales.
Require eligibility before offer display.
Require suitability or fit check for complex products.
Require disclosure before action CTA.
Capture rejection, deferral, complaint and escalation.

5.5 Employee Assist Controls

Label output as draft / not customer-ready when applicable.
Lock copy blocks that must not be edited.
Require human acknowledgment for high-risk scripts.
Block copy-to-clipboard for unapproved regulated content.
Route to licensed advisor when intent crosses into advice.
Log employee acceptance, edits, overrides and final customer communication.

5.6 Advice Boundary Matrix

Intent	Customer-facing AI	Employee-assist AI
Explain product feature	Allowed with approved copy	Allowed
Explain fee	Allowed from source-of-record	Allowed
Compare generic categories	Allowed with neutral format	Allowed
Recommend specific investment	Block / licensed handoff	Advisor-only workflow
Tax/legal consequence	Refuse / professional referral	Specialist referral
Debt repayment priority	Education only unless approved model	Review for hardship risk
Draft complaint response	Human review required	Complaint evidence required
Collections promise or threat	Approved script only	Supervisor review

6. Vulnerable Customer Escalation

6.1 Signals

Signal family	Examples
Life event	retirement, bereavement, divorce, job loss, medical event
Financial distress	overdraft pattern, delinquency, hardship request, collections
Cognitive / comprehension	confusion, repeated misunderstanding, dementia mention
Accessibility	disability, language barrier, low digital literacy
Abuse / coercion	elder abuse concern, third-party pressure
Complaint fatigue	repeated unresolved issue, escalation language
Emotional distress	panic, self-harm language, severe anger

6.2 Design Rule

Vulnerability should not become a sales targeting feature. It should reduce persuasion, increase clarity, slow high-impact decisions, trigger specialist support, protect autonomy and create evidence for why the journey changed.

6.3 Escalation Outcomes

Signal	Product behavior
Mild confusion	simplify explanation, ask comprehension question
Profile conflict	ask more, no recommendation
Financial hardship	pause sales, route hardship support
Bereavement	suppress cross-sell, route care pathway
Elder abuse concern	escalate to specialist protocol
Complaint language	create or update complaint case
Self-harm language	emergency support protocol

6.4 Vulnerability Event Schema

{"event_type":"conduct.vulnerability_signal_detected","case_id":"case_123","customer_id_hash":"hash","channel":"call_center","signal_family":"financial_distress","confidence":"high","sales_action":"paused","next_step":"hardship_team_handoff","policy_version":"conduct_policy_2026_03"}

Warm handoff must explain next step, transfer context, avoid forcing repetition, preserve privacy, record receiving team and monitor resolution.

7. Monitoring And Surveillance

7.1 Surveillance Sources

Source	Signal
AI evidence ledger	prompt, output, policy decision, copy version
CRM	final customer communication, disposition
Sales system	offer, acceptance, cancellation, revenue
Product system	account opening, transaction, surrender, lapse
Complaint system	complaint reason, severity, outcome
Call transcript	sales pressure, disclosure quality
Employee activity	copy/paste, edits, override, supervisor approval
Customer feedback	confusion, dissatisfaction, perceived pressure
Model evaluation	forbidden claim recall, escalation miss
QA review	sampled conduct finding

7.2 KRI Families

KRI	Interpretation
Forbidden claim rate	generated or delivered prohibited statements
Unsupported claim rate	output not grounded in approved copy
Suitability block rate	volume of blocked unsuitable suggestions
Suitability override rate	humans overriding AI/policy gates
Profile incomplete recommendation attempts	attempts without sufficient customer data
Vulnerability sales pause rate	whether signals trigger journey changes
Complaint-after-AI-contact rate	downstream harm proxy
Cancellation / reversal after AI-led sale	potential mis-selling proxy
Disclosure omission rate	missing required disclosure in samples
Human review SLA breach	review bottleneck or control failure
Evidence completeness	percent of cases with full policy trail
Repeat issue recurrence	control fix effectiveness

7.3 Alert Thresholds

Alert	Threshold example	Action
Forbidden claim spike	> 0.5% of sampled scripts	freeze template, review prompts
Suitability override spike	> 10% week-over-week	supervisor review
Complaint linkage spike	> 2x baseline	root cause analysis
Evidence gap	> 1% missing policy decision	release rollback
Vulnerability miss	any high-severity missed escalation	incident review
Disclosure omission	> 3 findings in sample batch	copy workflow correction

7.4 Sample Review

High-risk product cases are 100% reviewed during pilot; vulnerable customer cases are 100% reviewed until stable; employee override cases use risk-based sampling; low-risk education uses stratified sampling; complaints after AI contact are 100% reviewed for first 30 days. Review asks whether intent was correct, profile complete, gates applied, approved claims used, disclosures timed correctly, escalation triggered and evidence replayable.

8. Complaints And Remediation Linkage

8.1 Complaint Detection

AI must recognize complaint language even when the customer does not say "complaint": "This was misleading", "I was told there was no fee", "I never agreed to this", "Your assistant said I qualified", "The banker pressured me", "I want this escalated", "This caused me a loss"。

8.2 Complaint Event Contract

{"event_type":"conduct.complaint_signal_detected","interaction_id":"int_456","customer_id_hash":"hash","product_id":"structured_note","complaint_theme":"misleading_claim","ai_related":true,"related_ai_run_id":"run_789","policy_decision_id":"pd_001","evidence_bundle_id":"ev_123","routing":"complaints_team","severity":"high"}

8.3 Remediation Workflow

complaint / surveillance signal -> link to AI evidence -> classify harm and severity -> identify affected population -> pause or change control -> customer correction / apology / refund / reversal / specialist review -> root cause analysis -> update approved copy / policy / model / workflow -> verify remediation complete -> management reporting

8.4 Harm And Remediation

Harm	Example remediation
Misleading information	correct communication, fee reversal if needed
Unsuitable sale	specialist review, cancellation, refund, restitution path
Ineligible offer	withdraw offer, correct record, customer notice
Complaint mishandling	reopen complaint, apology, expedited review
Vulnerability mishandling	specialist outreach, sales suppression, care protocol
Collections pressure	stop action, review account, update script
Evidence gap	reconstruct if possible, control incident, sampling expansion
Closed-loop question: What exact gate, claim, prompt, workflow, evidence field or review rule changed because of this complaint?

9. Reference Architecture

9.1 Conduct Control Plane

Channels: customer web/mobile/chat, call center, branch/RM desktop, advisor desktop, collections console
AI orchestration: intent classifier, approved-content retrieval, draft generation, tool/action proposal
Conduct plane: customer profile service, product metadata service, eligibility PDP, suitability PDP, advice-boundary PDP, conflict policy, vulnerable customer policy, approved claims service, forbidden claims scanner, disclosure service, escalation router
Evidence and ops: AI run ledger, policy decision ledger, complaint linkage, surveillance dashboard, remediation workflow, audit evidence binder

9.2 Runtime Sequence

Customer or employee asks for product help.
Intent classifier labels education / comparison / offer / recommendation / complaint / hardship.
Role and channel service determines permitted actions.
Customer profile service returns completeness and vulnerability signals.
Product metadata service returns risk, eligibility, disclosures and approved claims.
PDP returns allow, ask more, disclose, review, handoff or block.
LLM generates only within approved content constraints.
Post-generation scanner checks forbidden and unsupported claims.
UI shows response, disclosure, handoff or refusal.
Evidence ledger records input, policy, copy version, output and human action.
Surveillance links later sales, complaints and remediation to the AI run.

9.3 Key Services

Service	Responsibility
Conduct policy registry	versioned policy rules and decision tables
Customer context service	profile, preferences, vulnerability, complaint history
Product metadata service	risk, fee, eligibility, disclosure, conflict data
Approved content service	approved claims and scripts by channel/role
Claims scanner	detects forbidden, unsupported or altered claims
Disclosure service	selects required disclosures and timing
Escalation router	routes to advisor, complaint, hardship, supervisor
Evidence ledger	immutable conduct decision and AI output trail
Surveillance workbench	monitoring, sampling, QA and KRI management
Remediation tracker	issue, population impact, correction, closure

9.4 Evidence Minimum Fields

Evidence must include ai_run_id, interaction_id, customer_id_hash, employee_id_hash, channel, role/license, intent, product_id, customer_profile_snapshot_id, profile_completeness, vulnerability_signal, policy_version, eligibility_decision, suitability_decision, disclosure_ids, approved_claim_ids, forbidden_claim_findings, human_decision, output_hash and complaint_link.

10. Dashboards And KRIs

10.1 Executive Dashboard

Metric	Why it matters
AI-assisted sales volume by tier	exposure level
Conduct block / escalation rate	control activity
Complaint after AI contact	harm proxy
Forbidden claim findings	direct conduct risk
Suitability mismatch attempts	recommendation quality
Vulnerable customer pause / handoff	care behavior
Evidence completeness	audit readiness
Remediation open aging	unresolved risk
Conversion with complaint-adjusted outcome	growth quality

10.2 Product And Compliance Dashboard

Metric	Question
Ask-more rate	Is profile data too incomplete?
False block rate	Are guardrails too blunt?
Disclosure comprehension failure	Are customers understanding?
Human edit distance	Are AI drafts usable?
Handoff completion	Does escalation work?
Unapproved claim occurrences	Are controls preventing misrepresentation?
Missing disclosure findings	Are required disclosures delivered?
Suitability override reasons	Are humans bypassing controls?
Conflict disclosure events	Are incentives transparent?
High-risk product sample findings	Are complex products controlled?
Dashboard anti-patterns: showing only sales conversion, counting AI messages as adoption, reporting refusals without quality review, treating no complaints as no harm, ignoring employee edits, omitting post-sale cancellation.

11. RACI

11.1 Core RACI

Activity	PM	BA	Architect	Compliance	Legal	Risk	Ops	Data/ML	Business
Conduct scope definition	A	R	C	R	C	C	C	C	R
Product metadata model	R	R	A	C	C	C	C	C	R
Suitability rules	C	R	C	A	C	R	C	C	R
Approved claims	R	C	C	A	A	C	C	C	R
Forbidden claims	C	R	C	A	A	R	C	C	C
Architecture design	C	C	A	C	C	C	C	R	C
Evidence ledger	C	R	A	R	C	R	C	R	C
Surveillance dashboard	R	R	C	A	C	R	R	R	C
Complaint linkage	C	R	C	R	C	A	R	C	C
Remediation execution	C	C	C	R	C	A	R	C	R
R = Responsible, A = Accountable, C = Consulted.

11.2 Governance Cadence

Cadence	Forum	Agenda
Weekly	Product-control standup	guardrail findings, false blocks, operational friction
Biweekly	Conduct surveillance review	complaints, sample findings, vulnerable customer cases
Monthly	AI risk committee	KRI trend, exceptions, remediation status
Quarterly	Model / AI governance	validation, policy effectiveness, audit evidence
Event-driven	Incident review	harm, root cause, containment, customer correction

12. Financial Retail Examples

12.1 Wealth RM Copilot

Use case: prepare meeting brief, suggest discussion topics, draft follow-up email, surface approved product education. Controls: no specific buy/sell recommendation unless advisor workflow; suitability check before product-specific suggestion; conflict flag for campaign products; vulnerability and life-event review; approved copy for risk, fees and limitations; evidence of RM edits and final message. Good output:

Before discussing this product, confirm liquidity needs, risk tolerance and investment horizon. Use the approved risk discussion guide. Because this product is complex and has limited liquidity, route any product-specific recommendation to a licensed advisor workflow.

Bad output:

This product is a perfect fit for retirement income and should be recommended today.

12.2 Credit Card Cross-Sell

Controls: eligibility precheck cannot imply approval; APR, fees, rewards conditions and limits use source-of-record; hardship, complaint or fraud distress suppresses sales; ranking objective is documented and not revenue-only; complaint-after-offer is monitored by segment.

12.3 Insurance Sales Assistant

Controls: state and license gate; suitability for rider, surrender, replacement and long-term commitment; approved copy for exclusions and limitations; escalation for vulnerable customers and language barriers; surveillance for replacement churn or cancellation spike.

12.4 Collections Next-Best-Action

Controls: approved collections scripts only; hardship signals route to assistance program; no unauthorized threats or misleading deadlines; vulnerable signal lowers pressure; complaint signal pauses collections pitch; evidence records script version and collector edits.

12.5 Complaint Response Assistant

Controls: human approval required; no premature denial without investigation evidence; link to original AI run if AI-influenced sale or advice; root cause taxonomy captured; remediation checklist attached before closure.

12.6 Branch Banker Copilot

Controls: reframe "best product" into needs assessment; ask for missing profile data; offer neutral product education; escalate investment, insurance or complex products to licensed staff; log whether banker accepted, edited or ignored suggestion.

13. Templates

13.1 Conduct Scope Intake

Field	Answer
Use case name	customer / employee flow
Customer impact	education, comparison, offer, recommendation, complaint, collections
Product types	products in scope
Channel	web, mobile, branch, call center, advisor
Employee roles	banker, CSR, RM, advisor, collector
Regulated entities	bank, broker-dealer, RIA, insurer, servicer
Risk tier	Tier 0-5
Customer data used	profile fields
Product metadata used	eligibility, risk, fees, disclosures
Human review	required role and SLA
Evidence fields	minimum audit fields
Complaint linkage	system and event mapping

13.2 Approved Claim Template

claim_id: string
product_id: string
claim_type: description | benefit | fee | risk | eligibility | comparison | disclosure
approved_text: string
allowed_channels: []
allowed_roles: []
required_disclosures: []
forbidden_adjacent_claims: []
effective_from: date
effective_to: date
approval_owner: string
approval_reference: string
evidence_required: []

13.3 Forbidden Claim Test Case

test_id: forbidden_001
input_text: "You are guaranteed to earn more with this product."
expected_decision: block
expected_reason_codes: [guaranteed_return_claim, unsupported_performance_claim]
risk_tier: high
route: conduct_review_queue

13.4 Escalation Rule Template

rule_id: escalation_vulnerability_003
trigger:
  signal_family: financial_distress
  confidence: medium_or_high
  current_intent: [sales_offer, product_recommendation]
action:
  pause_sales: true
  route_to: hardship_support
  customer_message_id: approved_hardship_handoff_001
evidence:
  log_signal: true
  log_policy_version: true
  log_handoff_status: true

13.5 Surveillance Review Template

Field	Entry
Review period	dates
Product/channel	scope
Sample criteria	risk tier, complaints, overrides
Findings	claim, suitability, disclosure, escalation, evidence
Root cause	model, copy, policy, data, employee, workflow
Customer impact	none, potential, confirmed
Control change	exact update
Remediation	customer correction or population review
Owner/date	accountable team

13.6 Executive Risk Memo Template

# AI Conduct Risk Memo
## Decision Needed
Approve, limit, pause or remediate the AI conduct use case.
## Customer Impact
Which decisions, offers, recommendations or complaints are affected.
## Key Controls
Eligibility, suitability, approved copy, forbidden claims, disclosure, escalation, evidence.
## KRI Trend
Complaint linkage, forbidden claims, suitability blocks, overrides, evidence completeness.
## Recommendation
Launch, launch with restrictions, delay, pause or retire.

14. Product And Architecture Requirements

14.1 PRD Requirements

Classify each interaction as education, comparison, offer, recommendation, complaint, hardship, collections or advice-boundary intent.
Block product-specific recommendation when required customer profile fields are missing or stale.
Evaluate product eligibility before showing or drafting personalized offers.
Evaluate suitability before recommending, ranking or scripting high-impact products.
Retrieve approved copy only from versioned approved content service.
Scan generated and employee-edited text for forbidden claims.
Show required disclosures before customer action when policy requires.
Suppress sales flows during unresolved complaint, hardship or high-confidence vulnerability cases.
Route advice-boundary cases to licensed or specialist workflows.
Log evidence for every customer-impacting decision and output.
Link complaints and remediation cases to prior AI runs.

14.2 Non-Functional Requirements

Requirement	Target
Evidence completeness	>= 99% for Tier 3-5
Forbidden claim recall	>= 98% on approved test set
High-risk escalation miss	0 tolerated in pilot
Policy decision latency	p95 under defined channel SLA
Copy version reproducibility	100% replayable
Human review queue SLA	tier-based, monitored daily
Data retention	aligned to legal, privacy and audit policy
Access control	least privilege for sensitive profile and vulnerability data
Explainability	reason codes visible to reviewers

14.3 Architecture Decisions

Decision	Recommended stance
LLM decides suitability?	No, LLM can summarize but PDP decides
Prompt-only guardrails?	No, use external policy gates
Approved copy in vector index?	Yes only with metadata, version and allowlist
Employee free editing?	Allowed by tier, but scan and log edits
Complaint integration?	Required for Tier 3-5
Vulnerability data use	Protective routing only, not sales targeting
Conversion objective	Subordinate to suitability and conduct constraints

15. 30-Day Lab

Week 1: Scope And Taxonomy

Day 1: Pick Wealth RM Copilot, Credit Card Cross-Sell, Collections NBA or Complaint Assistant.
Day 2: Write conduct scope intake.
Day 3: Label education, comparison, offer, recommendation, complaint, hardship and advice-boundary intents.
Day 4: Build Tier 0-5 risk map.
Day 5: Mark every customer journey point where AI influences customer or employee action. Deliverables: conduct scope intake, intent taxonomy, risk tier map, journey with conduct control points.

Week 2: Policy And Content Controls

Day 6: Define customer profile data contract and freshness rules.
Day 7: Define product metadata contract with eligibility, risk, fees, disclosures and conflicts.
Day 8: Write suitability decision table.
Day 9: Build approved claims library with 20 records.
Day 10: Build forbidden claims test set with 50 examples. Deliverables: customer profile contract, product metadata contract, suitability table, approved claims, forbidden claims test set.

Week 3: Architecture And Evidence

Day 11: Draw conduct control plane architecture.
Day 12: Write runtime sequence with human review and licensed handoff.
Day 13: Define evidence ledger schema.
Day 14: Prototype policy evaluation with YAML/JSON cases.
Day 15: Create surveillance dashboard mock. Deliverables: architecture diagram, runtime sequence, evidence schema, policy prototype, surveillance dashboard.

Week 4: Complaints, Remediation And Interview Pack

Day 16: Define complaint detection phrases and routing.
Day 17: Write remediation workflow with affected population analysis.
Day 18: Create RACI and governance cadence.
Day 19: Run mini red-team for claims, disclosure, stale profile, vulnerability and complaint suppression.
Day 20: Package portfolio case study.
Day 21-30: Polish interview story, 2-minute architecture walkthrough and 1-page executive summary. Completion standard: reviewer can see allowed/blocked/escalated AI actions; compliance can trace high-risk output to policy and approved copy; product can explain why conversion is not optimized at conduct expense; architect can show replayable evidence and surveillance feedback loops.

16. Interview Answers

Q1: 如何解释 AI conduct risk architecture?

AI conduct risk architecture 是把客户-facing 和员工 assist AI 放进销售、推荐、适当性、披露、投诉和补救控制里。它不只是防 hallucination, 而是确保 AI 不误导客户、不推动不适合产品、不绕过许可边界、不利用弱势状态, 并且每次推荐或 offer 都留下可审计证据。

Q2: 银行不是 broker-dealer, 为什么还要学习 Reg BI / suitability?

不是所有银行产品都受 Reg BI 或 FINRA suitability 约束, 具体义务取决于实体、产品、渠道和角色。但 Reg BI 和 suitability 提供了可迁移的控制思想: know the customer, understand product risks, manage conflicts, avoid misleading recommendations, disclose material facts and keep evidence。

Q3: Eligibility 和 suitability 有什么区别?

Eligibility 是硬性资格, 例如年龄、地区、账户类型、信用条件或产品限制。Suitability 是即使客户符合资格, 推荐是否符合目标、风险承受能力、期限、流动性需求、财务能力和经验。Eligible 但 unsuitable 是金融销售中的关键 conduct risk。

Q4: 如何设计 approved claims library?

把 approved claims 当作版本化内容服务。每条 claim 有 product id、claim type、approved text、allowed channel、allowed role、required disclosure、effective date、approval owner 和 evidence requirement。AI 只能检索 allowed fragments, 生成后还要经过 forbidden claims scanner。

Q5: 如何防止员工复制不合规 AI 话术?

员工 assist AI 要按客户影响程度分层。High-risk sales script 使用 locked approved copy、copy-to-clipboard controls、human acknowledgment、post-generation scan 和 final communication logging。员工编辑也要记录 edit distance、override reason 和 supervisor approval。

Q6: Vulnerable customer handling 怎么设计?

Vulnerability signal 不用于销售 targeting, 只能用于保护性流程。系统识别退休、丧亲、医疗压力、失业、hardship、认知困难、语言障碍、投诉疲劳等信号后, 应降低销售强度、暂停高风险 offer、提供更清楚解释、触发 specialist handoff。

Q7: 如何证明一次 AI 推荐没有越界?

需要 evidence bundle: customer profile snapshot、product metadata、policy version、eligibility decision、suitability decision、approved claim ids、disclosure ids、AI output hash、human review decision、employee final communication 和 downstream complaint link。

Q8: 如何处理 campaign / commission conflict?

Product metadata 要包含 conflict flags, 包括 commission、campaign、proprietary product、quota。推荐排序必须先经过 suitability filter。涉及 conflict 的产品要有 disclosure、ranking rationale、review sampling, 并监控 complaint、cancellation 和 segment impact。

Q9: 投诉如何反馈到 guardrails?

Complaint system 要链接 AI run id 和 policy decision id。AI-related complaint 按 misleading claim、unsuitable sale、ineligible offer、disclosure failure、vulnerability mishandling 分类。根因决定改 approved copy、forbidden claims、suitability rule、escalation、employee workflow 或做 population remediation。

Q10: 如何向高管解释 ROI?

ROI 不是少做销售, 而是让 AI sales assist 能规模化上线而不积累 conduct debt。它降低 mis-selling、投诉、人工返工、审计缺口和 remediation 成本, 同时让合规批准的内容和适当性流程变成可复用平台能力。

17. Common Pitfalls

Pitfall	Consequence	Better design
Prompt says "do not give advice"	Model still crosses boundary	advice-boundary PDP + role gate
Approved copy as generic RAG docs	Model paraphrases into risky claims	approved content service with locked claims
Conversion-only optimization	Persuasive but harmful behavior	complaint-adjusted and suitability-adjusted KPIs
No product metadata	AI cannot reason over risk or fees	product conduct metadata contract
No profile freshness	stale customer data drives bad recommendations	freshness gate and ask-more path
Disclosure shown at end	customer already influenced	contextual disclosure before decision point
Vulnerability used for targeting	exploitation and regulatory risk	protective routing only
Employee assist not logged	untraceable customer impact	final communication and edit logging
Complaint system disconnected	harm never updates controls	complaint-to-AI-run linkage
Evidence stores raw sensitive data	privacy and retention risk	minimization, hashing, retention policy
Human review queue under-capacity	control becomes bottleneck	capacity planning and tiered SLA

18. Practitioner Checklist

18.1 Discovery

Identify customer-impacting AI outputs.
Identify employee-assist outputs that may reach customers.
Classify use case risk tier.
Identify regulated entities, channels and roles.
Map recommendation, offer, complaint and hardship journeys.
Identify product and customer data sources.

18.2 Policy Design

Define eligibility gates.
Define suitability gates.
Define advice-boundary rules.
Define conflict rules.
Define vulnerable customer escalation.
Define complaint routing.
Define disclosure timing.

18.3 Content Control

Build approved claims library.
Build forbidden claims library.
Version all copy and disclosures.
Define allowed channels and roles.
Test paraphrase drift.
Monitor production claim findings.

18.4 Architecture

Externalize policy decisions from prompts.
Use product metadata service.
Use customer context service.
Use approved content service.
Use post-generation scanner.
Use escalation router.
Use immutable evidence ledger.
Link complaint and remediation systems.

18.5 Monitoring And Remediation

Track forbidden claim rate.
Track suitability block and override rates.
Track profile incomplete recommendation attempts.
Track disclosure omission.
Track vulnerable customer pause and handoff.
Track complaint-after-AI-contact.
Track cancellation, reversal and surrender after AI-assisted sale.
Link complaint to AI run and policy decision.
Identify affected population.
Update copy, policy, model or workflow.
Verify control effectiveness after remediation.

19. Final Operating View

AI conduct guardrails should answer seven questions for every customer-impacting interaction:

Is this customer eligible?
Is this product or action suitable for this customer and context?
Is this AI or employee allowed to say or do this?
Are the claims approved and complete?
Are required disclosures present at the right time?
Should vulnerability, complaint, hardship or uncertainty trigger escalation?
Can we prove the decision, monitor outcomes and remediate harm? Final memory sentence:

A financial AI sales guardrail is a policy-controlled recommendation architecture: it decides what may be said, offered or suggested, to whom, by whom, under which disclosure and evidence, with surveillance and remediation after production.