Nexus Compliance · compli.ai
Trust & AI Governance
How we handle your data, where AI is used in compli.ai — and where it never decides — and how the product and the practice align with the SFC’s expectations and Hong Kong data-protection law.
Data handling & storage
Draft · placeholder[DRAFT — to be written] Where firm data lives, how it is scoped per firm at the schema level, retention periods, backups, and what happens to your data when an engagement ends.
Where AI is used — and where it never decides
Draft · placeholder[DRAFT — to be written] The design principle: regulated judgements (risk ratings, CDD levels, approval triggers, scores) are deterministic, auditable rules. AI drafts and summarises on top; a named practitioner signs off. A map of every AI touchpoint in the product.
Alignment with the SFC's expectations on GenAI use
Draft · placeholder[DRAFT — to be written] How compli.ai's design maps to the SFC's published expectations for the use of generative AI by licensed corporations — model risk management, human-in-the-loop review, data protection, and record-keeping.
PDPO & confidentiality
Draft · placeholder[DRAFT — to be written] Compliance with the Personal Data (Privacy) Ordinance: purpose limitation, data-subject rights, cross-border transfer positions, and the confidentiality terms every engagement carries.
Insurance & engagement terms
Draft · placeholder[DRAFT — to be written] Professional indemnity cover, standard engagement terms, and the scope-of-service boundary: compliance support and advisory — regulatory responsibility, including Manager-In-Charge accountability, remains with the licensed firm at all times.