Pilot Asset · Confidential - Swiss Private Bank
Clarm Copilot Launch Control Policy Control Governance
Book Pilot Discussion
04 · Governance, Control & Compliance

Built for governed rollout execution

For Swiss private bank teams, comms, training, launch video, and feedback follow-up can move overnight without losing human approval, bounded distribution, or auditability. These controls apply across Clarm Copilot, Launch Control, and Policy Control, including private model hosting and proprietary model development where the bank wants to keep full control of what Clarm builds for it over time.

SOC 2 Type II
Control Baseline
Private model hosting
deployment and ownership control
Full Audit Trail
Governance Proof

Context: procurement and risk teams need control before a pilot can touch regulated workflows. Progress: show approval, source traceability, private hosting, and human decision boundaries in one place. Impact: the rollout workflow becomes easier to approve because the trust model is visible from day one.

Trust Boundary Snapshot

What Clarm handles

  • Retrieval of approved source context for generation tasks.
  • Transformation into role-specific comms, training outputs, launch video drafts, and follow-up jobs.
  • Routing through configured governance checkpoints, approvals, and reviewable engineering handoff drafts.

What remains with the bank

  • Source-document ownership and system-of-record authority.
  • Approval authority, escalation rules, and final publishing decisions.
  • Human in the loop requirement before any operational use.

Compliance & Certifications

  • SOC 2 Type II audited control framework for security, availability, and change management.
  • ISO 27001 program in progress with structured policy and control maturation.
  • FINMA-aligned data handling principles for regulated Swiss private banking operations.
  • GDPR and Swiss FADP compliant operating model for personal data processing contexts.

Data Architecture

  • Data residency options aligned to Switzerland and EU deployment requirements.
  • Zero Data Retention model available for model-provider interactions and sensitive workflows.
  • Tenant-isolated architecture with per-bank deployment boundaries.
  • On-prem deployment option for Tier 1 institutions with strict hosting controls.

Proprietary Model Training & Hosting

  • Dedicated proprietary model training and tuning path for bank-specific workflows, language, and internal operating patterns.
  • Private model hosting can stay inside the bank's preferred boundary, including private cloud or on-prem control planes.
  • You keep full control over the prompts, retrieval layer, model behavior, and workflow IP Clarm builds for your bank over time.
  • No dependence on a shared black-box layer to keep the system useful after the pilot becomes production workflow.

Auditability

  • Line-level source traceability from generated output back to approved source passages.
  • Version control across generated assets with deterministic revision history.
  • Approval chain captured with reviewer identity and timestamped decisions.
  • Immutable audit event log for control reviews and procurement diligence.

Human Approval by Design

  • No output is published without explicit human approval in the configured chain.
  • Configurable two-step and three-step approval flows by workflow risk level.
  • Escalation paths for sensitive launch material and compliance exceptions.
  • Rollback and version pinning support for controlled reversion when needed.