What sensitive data do finance professionals paste into AI tools?

Recurring patterns: live deal terms and target names for memo drafting (MNPI), client portfolio and account data for letter writing, draft research before publication, loan files containing consumer financial data, and internal financial models. Each maps to a specific regulatory regime: insider-trading rules, GLBA, MiFID II, or confidentiality undertakings.

Why did banks ban ChatGPT in 2023, and did it work?

JPMorgan, Bank of America, Citigroup, Goldman Sachs, Wells Fargo, and Deutsche Bank all restricted ChatGPT in early 2023, citing data and compliance risk. The bans controlled corporate networks and devices, but usage moved to personal devices and unmanaged browsers rather than stopping, and most institutions have since shifted to a sanctioned-tools-plus-monitoring model.

Is pasting MNPI into a chatbot a securities-law problem?

It is a control failure regulators treat seriously. Material non-public information disclosed to an external service without confidentiality protections undermines information-barrier obligations, and firms must be able to evidence supervision of communications and data handling. An undocumented MNPI disclosure to an AI vendor is the kind of gap examinations are designed to surface.

How do financial firms control AI usage without stopping the work?

The pattern that holds: sanctioned enterprise AI with no-training terms for approved workflows; browser-level detection that classifies client identifiers, account data, and credentials on-device and blocks them from unsanctioned tools; and an exportable, supervision-grade audit log, the artefact compliance can hand to an examiner. AIovert delivers that browser-level layer: it classifies financial and client data on-device, blocks it from unsanctioned AI tools, and keeps the audit log.

Industry · Financial ServicesJune 12, 20268 min read

What Bankers Share with AI: MNPI, Client Data, and the Compliance Gap

Finance was the first industry to ban ChatGPT, and the first to learn that bans move the problem instead of solving it. The data at stake is the kind regulators build entire examination programmes around.

AIovert Security Team

GDPR & EU AI Act practitioners

Quick answers

What gets pasted?

Deal terms and target names, client portfolios and account numbers, unpublished research, loan files, internal models: MNPI and consumer financial data.

Why did the 2023 bans fail?

Usage moved to personal devices and unmanaged browsers. Prohibition without visibility just relocated the risk outside the firm's sight.

What do examiners want?

Evidence of supervision: which AI tools are in use, what controls exist, and a log proving they operate. A policy without a log fails the exam question.

The prompts that keep compliance officers awake

Financial work is synthesis under time pressure: turn this data into a memo, this memo into a deck, this deck into a client letter. LLMs are superb at every step, which is why adoption ran ahead of permission. The characteristic prompt patterns:

M&A and capital markets: “Draft the investment-committee summary”, with the target's name, valuation range, and timetable. That is material non-public information in a third party's input logs.
Wealth and private banking: “Write a review letter for this client”, portfolio holdings, account values, sometimes account numbers, attached to a real name.
Research: “Tighten this initiation note”, an unpublished rating and price target, pre-release: front-running material.
Lending and retail: “Summarise this application”, consumer financial data squarely under GLBA (and GDPR for EU clients).
Risk and finance functions: “Explain the variance in this model output”, internal models and unpublished financials.

2023: the great ban, and what it taught

In early 2023, JPMorgan, Bank of America, Citigroup, Goldman Sachs, Wells Fargo, and Deutsche Bank (among others) restricted employee ChatGPT use, citing exactly the risks above. The bans were rational, fast, and instructive in their failure mode: AI usage did not stop; it moved to phones, home machines, and unmanaged browsers, where the firm had neither visibility nor control. By 2024–2025, most large institutions had pivoted to the model the rest of the market is now converging on: sanctioned enterprise AI for approved workflows, plus monitoring of everything else.

The lesson generalises: in a regulated industry, prohibition without detection is just risk relocation.

Why finance's exposure is regulatory, not just contractual

Three regimes converge on a single paste:

MNPI and information barriers. Firms are obliged to control the flow of material non-public information. Disclosure to an external AI service with no confidentiality undertaking is a barrier breach, and if the information later moves a market, the firm must reconstruct who knew what, when. An invisible paste makes that reconstruction impossible.
Consumer financial privacy. GLBA's Safeguards Rule requires a written security programme with technical controls protecting customer financial data; the EU equivalents run through GDPR (with the 72-hour breach clock) and DORA's ICT-risk regime. “Customer account data flowed to a consumer chatbot and we had no control addressing it” is a findings paragraph that writes itself.
Supervision and recordkeeping. The off-channel-communications enforcement wave (hundreds of millions in fines over unmonitored messaging apps) established the principle: regulated firms must supervise the channels their people actually use. AI chatbots are the next unmonitored channel, and examiners have started asking about them by name.

The control stack that passes an examination

Sanction the workflow, not just the tool. Enterprise AI with no-training terms, mapped to specific approved use cases (drafting from public information; summarising firm-authored documents) and explicitly not others (anything client-identified, anything deal-related).
Classify at the browser. On-device detection of client identifiers, account numbers, credentials, and bulk customer lists, at the paste, before submission, across every AI surface rather than only the ones IT knows about.
Block on unsanctioned surfaces. Guard-style blocking converts the MNPI paste from a reportable barrier breach into a logged near-miss with an educated employee, the difference between an incident report and a coaching moment.
Keep the supervision log. Timestamped, user-attributed, classification-only (the log must not itself become a second copy of client data), exportable. This is the artefact you hand the examiner, and the dataset that tells compliance which desks need attention.

The desk-head summary

“Your team can use AI for anything public or firm-authored. Client names, account data, and live deals never go in, and the browser will stop you if you forget. Compliance sees classifications, never your prompts.”

That message (generous defaults, hard edges, visible fairness) is what durable AI governance looks like in a regulated firm. It is also, not coincidentally, the configuration that survives both the examiner and the analysts' workflow.

Supervision-grade AI control for regulated firms

AIovert Guard blocks client data, account numbers, and credentials before they reach ChatGPT, Claude, or 21 other AI tools, and Monitor builds the exportable, classification-only audit trail your examiners ask for. On-device detection, no raw content ever collected, deployed in 15 minutes.

Get started Get a demo