Compliance

Built for a regulated industry.

Regulatory

FCA alignment
from the first line.

Every Gild report follows the structure and language your compliance team expects. The output is aligned with FCA suitability requirements under COBS 9.4, including Consumer Duty obligations.

This means appropriate disclosures, risk warnings, charges summaries, and suitability rationale are present in every document by default - not added as an afterthought.

Consumer Duty

Language and structure aligned with the FCA's Consumer Duty expectations for client communications.

COBS 9.4

Reports structured to meet the FCA's suitability report requirements for personal recommendations.

Risk Disclosures

Appropriate risk warnings, capital-at-risk statements, and product-specific disclosures included automatically.

Charges Transparency

Clear, compliant presentation of advice charges, platform costs, and ongoing management fees.

Infrastructure & Security

Enterprise-grade.
Not side-of-desk.

Gild is built to enterprise standards on AWS infrastructure. Client data is encrypted in transit (TLS 1.3) and at rest (AES-256). All AI processing is handled through Amazon Bedrock - meaning client data never leaves a ringfenced, secure environment. It is not sent to third-party AI providers, not used for model training, and not accessible outside your generation session.

This is the difference between a regulated-business AI service and a side-of-desk experiment. Pasting client data into ChatGPT or a browser-based AI tool offers no data governance, no audit trail, and no guarantees about where that data ends up. Gild is purpose-built for firms that hold themselves to a higher standard.

AWS Infrastructure

Hosted on Amazon Web Services - the same enterprise cloud infrastructure trusted by banks, insurers, and the NHS.

Amazon Bedrock

All AI processing runs through Amazon Bedrock. Client data is ringfenced within your session - never used for model training or accessible to third parties.

Encryption

TLS 1.3 in transit. AES-256 at rest. Client data is never transmitted or stored in plaintext at any point in the pipeline.

Minimal Retention

Client data is accessed at point of generation and not retained beyond the session unless you opt for document storage on your portal.

Audit Trail

Every edit.
Every version.
Every timestamp.

Every report carries a full version history. Every edit is timestamped and attributed to the user who made it. Your compliance team can export the audit trail for any document at any time.

This means your file reviews are straightforward. The original generated version, every subsequent change, and the final approved version are all recorded and retrievable.

No ambiguity about what was sent, when it was sent, or what changed between drafts.

Data Protection

GDPR compliant.
DPA available.

Gild operates as a data processor on your behalf. Your firm remains the data controller at all times. We provide a standard Data Processing Agreement during onboarding.

We support your obligations under UK GDPR, including subject access requests and data deletion. Client data is never used to train models, improve our systems, or for any purpose beyond generating your requested documents.

Compliance FAQ

Questions your compliance
team will ask.

Who is the data controller?

Your firm. Gild operates as a data processor under your instruction. We process client data solely to generate the documents you request.

Where is data stored?

All data processing and storage occurs within UK-based data centres. No data is transferred or processed offshore.

Can we get a Data Processing Agreement?

Yes. A standard DPA is provided during onboarding and can be reviewed by your legal team before signing.

How is the AI processing handled?

Report Forge uses Amazon Bedrock for all AI processing. Bedrock runs within our AWS environment - client data is ringfenced within the session, never leaves the secure boundary, and is not accessible to the underlying model provider. This is fundamentally different from pasting data into a consumer AI tool.

Is client data used to train AI models?

No. Amazon Bedrock guarantees that data submitted for inference is not used to train or improve foundation models. Your client data is used exclusively to generate the documents you request - nothing else.

What happens to data if we cancel?

All client data and stored documents are permanently deleted within 30 days of cancellation. We provide written confirmation of deletion on request.

How is this different from using ChatGPT or similar tools?

Consumer AI tools offer no data governance, no encryption guarantees, and no control over where client data is processed or stored. With Gild, all processing runs through enterprise-grade AWS infrastructure with Bedrock - purpose-built for regulated environments. There is a full audit trail, encryption at every layer, and a contractual DPA. It is the difference between a regulated service and a side-of-desk experiment.

Do reports meet FCA suitability requirements?

Reports are structured to align with COBS 9.4 requirements for suitability reports and personal recommendations. This includes Consumer Duty aligned language, appropriate disclosures, and compliant charges presentation.

Can we customise the compliance language?

Yes. During onboarding we configure the regulatory language, disclosure wording, and risk warnings to match your firm's approved compliance templates.

How is the audit trail exported?

Version history and edit logs can be exported as PDF or CSV at any time. Each entry includes the timestamp, user, and nature of the change.

Need to discuss compliance requirements?

We're happy to walk your compliance team through our approach in detail. Book a call and we'll answer everything.

Talk to Our Team