Back to Case Studies
Regulated Financial Services Firm
Building a SOC2-Ready "Private GPT" for Regulated Finance
The Challenge
A regulated financial services firm needed to give their internal teams access to GenAI (LLMs) for document analysis but was blocked by compliance risks associated with public APIs.
They could not use public ChatGPT/Claude APIs due to data residency laws and "Zero Data Training" requirements.
The Intervention
We architected a Sovereign AI Platform entirely inside their AWS VPC, using VPC Interface Endpoints to ensure traffic never traversed the public internet.
The Architecture
Technical Implementation
We deployed Amazon Bedrock with strict IAM policies and full audit logging.
- Entry: API Gateway (Private) + AWS WAF (IP Whitelisting).
- Auth: Amazon Cognito (integrated with Corporate SSO) for RBAC.
- Compute: Python FastAPI on AWS Lambda (Serverless) in Private Subnets.
- Model: Amazon Bedrock (Claude 3.5 Sonnet) with Zero Data Retention.
- Audit: Full payload logging to S3 (Encrypted with KMS) + CloudWatch Logs Insights.
Key Results
Where did the savings come from?
- •Compliance: Passed internal ISO/SOC2 security review in 3 weeks.
- •Adoption: Scaled to 5 internal departments in Month 1.
- •Security: Zero Data Egress. The AI lives in the vault.
"We didn't just build a chatbot. We built a data fortress that happens to speak English."