AI 底层逻辑 / 经典论文
AI Conduct Risk:适当性与销售护栏架构
重要 nuance:
219 行ai-foundations/papers/118-ai-conduct-risk-suitability-sales-guardrails-architecture.md
AI Conduct Risk / Suitability / Sales Guardrails Architecture 解读
面向对象: AI Product Architect / Platform PM / Wealth PM / Senior BA / Compliance Technology Lead / Conduct Risk Owner。 核心问题: 当 AI 影响推荐、报价、交叉销售、投诉回复、催收话术、财务建议边界或员工下一步行动时, 风险不只是 hallucination, 而是 customer conduct risk。 学习目标: 设计一套把 forbidden claims、approved copy、suitability gate、eligibility policy、disclosure、escalation、evidence、surveillance、complaint/remediation 串起来的 AI conduct control plane。
Source Anchors
| Source | Link | 用途 |
|---|---|---|
| SEC Regulation Best Interest | https://www.sec.gov/regulation-best-interest | 参考 broker-dealer 对零售投资者推荐的 best interest、disclosure、care、conflict、compliance 义务 |
| FINRA Rule 2111 Suitability | https://www.finra.org/rules-guidance/rulebooks/finra-rules/2111 | 参考 reasonable-basis、customer-specific、quantitative suitability 的控制思想 |
| FINRA Regulation Best Interest | https://www.finra.org/rules-guidance/key-topics/regulation-best-interest | 参考 FINRA 对 Reg BI、Form CRS、检查和 member readiness 的资源集合 |
| CFPB Circulars / Guidance Index | https://www.consumerfinance.gov/compliance/circulars/ | 参考 CFPB 对 consumer financial protection 的 circulars、bulletins、guidance 入口 |
| NIST AI RMF | https://www.nist.gov/itl/ai-risk-management-framework | 参考 Govern、Map、Measure、Manage 的 AI 风险治理结构 |
| 重要 nuance: |
Not all banks are broker-dealers. Reg BI and FINRA suitability rules do not automatically apply to every banking, insurance, credit-card, deposit or retail finance flow. But their conduct-risk concepts are highly reusable: know the customer context, know the product risk, control the recommendation, disclose limitations, manage conflicts, keep evidence and monitor outcomes.
Thesis
AI conduct risk architecture 是把"模型会不会乱说"升级为"机构是否可证明自己没有用 AI 误导客户、诱导不适当购买、隐藏冲突、扩大伤害或绕过人工责任"。 在财富、保险、银行和零售金融里, AI 可能参与:
- 推荐投资产品、储蓄产品、信用卡、贷款、保险 rider、再融资方案。
- 给 relationship manager、branch banker、agent 或 collector 生成 next best action。
- 解释产品费用、风险、资格、优惠、罚息、退保、赎回、锁定期。
- 处理投诉、争议、困难客户、老人或弱势客户。
- 判断何时升级给 licensed advisor、specialist、complaint team 或 hardship team。 所以核心架构不是一个 safety prompt, 而是一组可执行的 conduct gates:
customer context + product rules + approved claims + recommendation policy
-> conduct decision
-> allowed / disclose / ask more / escalate / refuse
-> evidence + monitoring + remediation
Why It Matters
客户面对的 AI 越自然, conduct 风险越隐蔽:
- 客户可能把 generic education 当成 personalized advice。
- 员工可能把 AI suggested pitch 当成合规批准的话术。
- 推荐可能 technically eligible, 但不适合客户目标、风险承受能力、流动性需求或财务能力。
- 交叉销售可能利用客户脆弱状态, 例如失业、丧亲、医疗压力、债务催收。
- 投诉回复可能过早 defensive, 没有承认 issue、保存证据或触发 remediation。
- approved disclosure 可能显示了, 但在错误时点、错误语境或不被理解。 Conduct risk 的难点是 outcome-based:
AI 没有说脏话 != AI 没有制造 conduct harm
AI 引用了政策 != 推荐适合客户
客户点击同意 != 机构可以忽略 vulnerability / conflict / complaint signal
Core Concepts
| Concept | 产品含义 | 架构控制 |
|---|---|---|
| Forbidden claim | AI 永远不能说的承诺、保证、收益暗示、资格保证 | claim classifier + deny policy + copy library |
| Approved copy | 法务/合规批准过的产品、费用、风险、披露话术 | versioned content service + retrieval allowlist |
| Eligibility gate | 客户是否满足硬性资格条件 | rules engine / PDP |
| Suitability gate | 推荐是否与客户目标、风险、期限、财务能力匹配 | profile completeness + scenario policy |
| Conflict gate | 推荐是否受佣金、库存、促销、quota 影响 | conflict metadata + disclosure + review |
| Advice boundary | 教育、引导、比较、推荐、个性化建议的边界 | intent classifier + role/license gate |
| Vulnerable escalation | 客户脆弱信号触发更谨慎流程 | signal detection + warm handoff |
| Conduct evidence | 推荐前后 context、policy decision、copy version、human approval | immutable evidence ledger |
| Surveillance | 持续监控销售、话术、投诉和 outcome | KRI dashboard + sample review |
Architecture Diagram
Customer / employee channel
-> intent and role classifier
-> customer profile completeness check
-> product eligibility engine
-> suitability and advice-boundary policy
-> approved claims / disclosure library
-> LLM response or employee suggestion
-> post-generation conduct scan
-> human escalation when needed
-> evidence ledger
-> surveillance, complaint linkage, remediation workflow
关键设计:
- 推荐控制必须在模型外部可执行, 不能只写进 prompt。
- 生成内容必须受 approved copy 和 forbidden claims 双向约束。
- suitability 是 profile completeness、product risk、customer objective、scenario、channel、employee role 的组合判断。
- evidence 必须记录"为什么允许", 也要记录"为什么拒绝或升级"。
- complaint 和 remediation 要回流, 否则 surveillance 只能看表面指标。
Conduct Risk Taxonomy
| Risk | 示例 | 控制重点 |
|---|---|---|
| Misleading claim | "guaranteed return", "no risk", "pre-approved" | forbidden claim scan |
| Unsuitable recommendation | 高风险产品推荐给低风险/短期限客户 | suitability gate |
| Ineligible offer | 向不符合资格客户展示优惠或保险 rider | eligibility policy |
| Conflict-driven pitch | AI 优先推荐高佣金或 campaign 产品 | conflict metadata |
| Advice boundary breach | 客服 AI 给出具体投资/税务/法律建议 | role/license gate |
| Vulnerability exploitation | 催收或销售话术压迫困难客户 | vulnerability escalation |
| Disclosure failure | 费用、风险、替代方案未清楚展示 | disclosure timing |
| Complaint suppression | AI 把投诉当普通咨询处理 | complaint classifier |
| Evidence gap | 无法证明推荐依据和话术版本 | event ledger |
Financial Retail Case
场景: Wealth Advisory Assistant for Branch Relationship Managers。 目标:
- 帮 RM 准备客户会谈摘要。
- 推荐可讨论的投资、现金管理或保险保护主题。
- 生成合规批准的 conversation guide。
- 禁止 AI 直接对客户输出个性化买卖建议。 客户画像:
- 年龄 67 岁, 近期退休。
- 现金余额高, 有保守风险偏好。
- 最近账户有大额医疗支出。
- RM 有 campaign quota 推动结构化票据销售。 Conduct gates: | Gate | 判断 | |---|---| | Profile completeness | 风险偏好、投资期限、流动性需求、收入、目标是否更新 | | Product eligibility | 结构化票据是否允许该客户渠道/账户/地区销售 | | Suitability | 产品风险、复杂度、流动性锁定是否与退休和医疗支出相冲突 | | Conflict | campaign quota 必须披露或从 recommendation ranking 中降权 | | Vulnerability | 年龄、医疗支出、退休转变触发 warm handoff 和更谨慎 review | | Approved copy | 只能生成教育式风险说明和问题清单, 不能承诺收益 | | Escalation | 具体投资建议必须交给 licensed advisor | 输出不应该是:
推荐购买 X 结构化票据, 适合您退休后获取稳定收益。
输出应该是:
客户有退休和近期医疗支出信号。请先确认流动性需求、风险承受能力、投资期限和目标是否仍然有效。若讨论复杂投资产品, 使用 approved risk discussion guide, 并升级给具备相应资质的 advisor 完成适当性评估。
PM / BA / Architect Checklist
PM:
- 明确 AI 是否影响推荐、报价、排序、话术、下一步行动或客户承诺。
- 定义哪些 intent 属于 education、comparison、recommendation、advice、complaint、hardship。
- 把 success metric 从 conversion 扩展到 suitability pass rate、complaint rate、escalation quality、harm recovery。 BA:
- 采集 product eligibility、customer profile、approved claims、forbidden claims、disclosure、escalation 的业务规则。
- 把规则拆成 decision tables、policy events、evidence fields 和 exception paths。
- 验证 disclosure、consent、complaint capture 和 human handoff 的时点。 Architect:
- 把 conduct gate 外置为 policy decision point, 不让 LLM 独自判断资格或适当性。
- 设计 approved content service、claim scanner、policy evidence ledger、surveillance dashboard。
- 保障 audit replay: 能重建 customer context、product rule version、model config、policy decision 和 output copy。
Code-Lite Experiment
目标: 用最小原型证明"AI 生成建议必须经过 conduct policy"。
scenario_id: wealth_rm_001
customer:
age: 67
risk_tolerance: conservative
liquidity_need: high
recent_life_event: retirement
vulnerability_signal: medical_expense
product:
type: structured_note
complexity: high
liquidity: locked
campaign_incentive: true
ai_draft:
text: "This note is a strong fit for stable retirement income."
expected_policy:
decision: block_and_escalate
reasons:
- forbidden_claim_stable_income
- product_complexity_conflicts_with_profile
- vulnerability_signal_requires_human_review
- conflict_metadata_requires_disclosure
伪代码:
def conduct_gate(customer, product, ai_draft):
findings = []
findings += scan_forbidden_claims(ai_draft["text"])
findings += check_product_eligibility(customer, product)
findings += check_suitability(customer, product)
findings += check_vulnerability(customer)
findings += check_conflict(product)
if any(f.severity == "block" for f in findings):
return {"decision": "block_and_escalate", "findings": findings}
if findings:
return {"decision": "allow_with_disclosure", "findings": findings}
return {"decision": "allow", "findings": []}
评估样本:
- 20 条 approved education copy。
- 20 条 forbidden claim。
- 20 条 eligibility failure。
- 20 条 suitability mismatch。
- 20 条 complaint/vulnerability escalation。 通过标准:
- forbidden claim block recall >= 0.98。
- suitability mismatch escalation recall >= 0.95。
- approved education copy false block <= 0.05。
- 每个 decision 都有 reason code、policy version、evidence link。
Interview Questions
- 如何区分 AI trust UX 和 conduct risk architecture?
- 银行不是 broker-dealer 时, 为什么还要学习 Reg BI 和 suitability 思维?
- AI 在 wealth sales assist 中可以做什么, 不能做什么?
- 如何设计 forbidden claims 和 approved copy library?
- Suitability gate 需要哪些客户、产品、渠道和员工角色数据?
- 如何处理 campaign、佣金、quota 对 AI recommendation ranking 的影响?
- Vulnerable customer signal 应该怎样进入 AI escalation?
- 如何证明一次 AI 推荐没有越界?
- 投诉和 remediation 如何反馈到 recommendation guardrails?
- 高管只看 conversion uplift 时, 你如何解释 conduct KRI? 30 秒回答:
我会把 customer-impacting AI 当成 conduct-controlled decision support, 不是聊天机器人。核心是把资格、适当性、话术、披露、冲突、升级和证据外置成 policy control plane, 让 AI 只能在批准边界内辅助客户或员工, 并通过 surveillance、complaints 和 remediation 闭环证明没有系统性 customer harm。
Pitfalls
| Pitfall | 为什么危险 | 更好的做法 |
|---|---|---|
| 只靠 prompt 禁止投资建议 | prompt 不可审计、不可稳定执行 | policy engine + claim scanner |
| 把 disclosure 当免责 | 客户可能不理解或时点错误 | contextual disclosure + comprehension check |
| 只看 lead conversion | 激励 AI 过度销售 | 加入 suitability、complaint、harm KRI |
| approved copy 无版本 | 出事后无法证明客户看到什么 | versioned content and evidence |
| 忽略员工 assist 风险 | 员工会复制 AI 话术给客户 | employee-facing conduct gate |
| 不接投诉系统 | 看不到 downstream harm | complaint linkage and remediation |
| suitability 数据缺失还继续推荐 | 推荐依据不足 | ask more / escalate / refuse |
| 不区分 bank、broker-dealer、RIA、insurance | obligation 和许可边界不同 | entity/channel/role-aware policy |
| 最终记忆句: |
AI sales guardrails are not a nicer refusal message. They are a conduct-risk architecture that decides what may be recommended, to whom, by whom, with which disclosure, under which evidence, and with what surveillance after the fact.