Before an advice firm lets any AI tool touch client data, it must confirm the tool is secure enough to hold some of the most sensitive personal and financial information there is. The essentials to verify are: where data is hosted and processed, whether it is encrypted in transit and at rest, whether your data is used to train the provider's models, how access is controlled and logged, and whether the vendor holds recognised security certifications and will sign a proper data processing contract. General-purpose consumer chatbots rarely meet this bar; purpose-built platforms for regulated firms should.
Key takeaways
- Client financial data is high-value to attackers, the security bar for AI tools should match the sensitivity of the data, not the novelty of the technology.
- Insist on encryption in transit and at rest, clear data residency, and a documented position on whether your data trains the vendor's models.
- Look for recognised assurance such as ISO 27001 or SOC 2, and read what the certification actually covers.
- Enforce least-privilege access, multi-factor authentication, and audit logging so you know who accessed what.
- Do proper vendor due diligence and paper it, the FCA and UK GDPR both expect you to manage third-party and outsourcing risk.
Why AI raises the data-security stakes
AI tools are attractive precisely because they ingest and reason over lots of data, fact-finds, portfolios, health details, family circumstances. That concentration of sensitive information is exactly what makes them a target and what makes a mistake costly. A breach involving client financial data can trigger regulatory action, ICO involvement, mandatory notifications, reputational damage and lost trust. The convenience of pasting a client's situation into a public chatbot is not worth that exposure.
The eleven checks before you adopt any AI tool
1. Data hosting and residency. Where is data stored and processed? Is it in the UK, the EU, or elsewhere, and if outside, are transfers lawfully safeguarded?
2. Encryption. Is data encrypted in transit (e.g. TLS) and at rest? Who holds the keys?
3. Model training. Is your client data used to train or fine-tune the provider's models? For regulated data the answer should be "no by default," and you should be able to prove it contractually.
4. Access controls. Does the platform support least-privilege roles, so staff only see what they need? Is multi-factor authentication enforced?
5. Audit logging. Can you see who accessed which client's data and when? Logging is essential for both security and SMCR/Consumer Duty accountability.
6. Data segregation. Is your firm's data logically separated from other customers' data (tenant isolation)?
7. Certifications. Does the vendor hold ISO 27001, SOC 2 Type II, or equivalent, and does the scope cover the actual product you're using?
8. Breach response. What is the vendor's incident response and breach-notification commitment, and does it meet the UK GDPR 72-hour reporting timeline?
9. Sub-processors. Who else touches the data (cloud providers, model providers), and are they contractually bound to equivalent standards?
10. Data retention and deletion. Can you control how long data is kept and have it deleted or returned on exit? Beware lock-in.
11. Contract. Will the vendor sign an Article 28 data processing agreement with the security, sub-processor and instruction terms UK GDPR requires?
Consumer chatbot vs regulated platform
The distinction matters. A free or consumer-tier general chatbot may retain inputs, use them to improve models, offer limited access controls, and provide no processor contract, all disqualifying for client data. A platform built for regulated financial firms should treat data residency, no-training-by-default, isolation, logging and contractual assurance as baseline. When comparing tools, weigh the security posture as heavily as the features.
Don't forget the human layer
Most breaches involve people, not just technology. Alongside vendor checks:
- Train staff never to paste client data into unapproved tools ("shadow AI").
- Maintain an approved-tools list and review it.
- Apply the same access discipline internally that you demand of vendors.
- Include AI tools in your firm's information-security policy and risk register.
Frequently asked questions
Is it safe to use AI with client financial data?
It can be, if the tool is built and contracted appropriately, encryption, UK/EU data residency or lawful transfers, no model training on your data by default, strong access controls, and a proper data processing agreement. It is generally not safe to use free consumer chatbots for this.
Should client data be used to train AI models?
For regulated client data, the default should be no. Confirm the vendor's position in writing and ensure you can prevent it.
What certifications should an AI vendor have?
Recognised information-security assurance such as ISO 27001 and/or SOC 2 Type II, with a scope that actually covers the product you'll use.
Does the FCA require data-security due diligence for AI vendors?
The FCA expects firms to manage outsourcing and third-party risk, and UK GDPR requires you to use processors that provide sufficient guarantees. In practice that means documented due diligence before adopting an AI tool.
What is "shadow AI"?
Staff using unapproved AI tools with company or client data outside the firm's oversight. It is a leading source of data-security and compliance risk and should be actively managed.