Applicability: All licensed advisors, corporate officers, employees, and independent contractors.

 

1. Executive Summary & Regulatory Commitment

​

Our practice is explicitly committed to leveraging technological innovation to enhance client service, improve operational efficiency, and deliver high-quality financial and insurance advice. We recognize that while Artificial Intelligence (AI) serves as a powerful productivity accelerator, ultimate professional accountability remains with our licensed human professionals.

​

This policy establishes strict guardrails for the use of Generative AI tools within our practice. It has been structured to meet or exceed:

​

• The Insurance Council of British Columbia (ICBC) Code of Conduct (specifically duties regarding Competent Practice and Confidentiality).

​

• The Alberta Insurance Council (AIC) regulatory frameworks and mandatory Errors & Omissions (E&O) parameters.

​

• Canadian Life and Health Insurance Association (CHLIA) guidelines on data privacy, fair treatment of customers, and proper client disclosures.

​

• The Canadian Insurance Services Regulatory Organizations (CISRO) Guidance on Cybersecurity Readiness and the Fair Treatment of Customers (FTC).

​

• British Columbia’s Personal Information Protection Act (PIPA) and the Canadian Anti-Spam Legislation (CASL).

​

2. Approved Corporate Infrastructure & The "Open Loop AI" Mandate

​

To ensure total data security and compliance with provincial privacy legislation, our practice has centralized its operations within a secure, corporate environment.

​

• Authorized Systems Only: Personnel may only use approved, securely-monitored, and enterprise-grade AI tools while securely authenticated under their corporate Google Workspace Enterprise Edition accounts.

​

• Disabled Data Sharing: At the administrative level, all data-sharing toggles allowing the AI provider to utilize corporate inputs for public model training have been permanently disabled. All interactions with AI tools remain entirely within our private tenant.

​

• Absolute Ban on Consumer ("free" or "consumer off the shelf") AI Platforms: The use of public, free, or unvetted AI tools (including but not limited to free versions of ChatGPT, Claude, Deepseek, or personal Gemini accounts) for any business activity is strictly prohibited. Processing any client information through public tools constitutes a severe data breach.

​

• Open-Loop Mandate: Open-loop AI is an architectural framework that enforces an absolute human professional-in-the-loop barrier before any business process is completed. By requiring manual validation for every AI output, it ensures a clear chain of liability, mitigates model hallucinations, and maintains standard corporate audit trails.

​

3. Client Confidentiality & Data Minimization (PIPA Compliance)

​

Protecting the personal and financial information of our clients is our highest fiduciary duty.

​

• Proactive De-Identification: Even within our secure Enterprise environment, personnel should minimize the input of highly sensitive, explicit identifiers. When uploading or pasting unstructured documents (e.g., tax returns, medical histories, or estate plans) into approved AI tools for summarization, staff are instructed to strip out direct identifiers such as Social Insurance Numbers (SINs), full names, and specific policy numbers where practical.

​

• Third-Party Integrations: No browser extensions, software plugins, or API integrations that connect external systems to our corporate Google Workspace environment may be installed without prior written audit and approval from the Compliance Officer.

​

4. Professional Accountability: The "Human-in-the-Loop" Core Principle

​

AI systems are subject to "hallucinations"—the plausible but incorrect fabrication of facts, figures, or policy interpretations. Under provincial regulatory guidelines, a machine cannot hold a license or assume liability.

​

• The Final Verification Rule: Employees are 100% accountable for all outputs generated by Gemini. No email, policy comparison table, market summary, or letter may be transmitted to a client, carrier, or third party without a licensed professional reviewing and verifying every single fact, number, citation, and recommendation.

​

• Policy & Contractual Interpretation: Gemini must never be used as the final authority to interpret complex carrier policy wordings or legal texts. Advisors must cross-reference any AI-generated summaries directly with the official carrier contract.

​

• Errors & Omissions (E&O) Alignment: Because E&O insurance policies cover professional negligence but may exclude systemic or unreviewed automated errors, any failure to perform mandatory human verification on an AI output that results in client detriment will be treated as a breach of professional competence and standard operating procedures.

​

5. Permitted vs. Prohibited Operational Use Cases

​

Approved Use Cases (sample scenarios):

​

• Drafting initial client communications, educational materials, and complex financial concept explanations, with the oversight of an authorized employee or licensed advisor of SY Wealth

​

• Summarizing long internal research reports, industry news, or carrier product updates for internal consumption.

​

• Structuring presentation outlines and organizing complex meeting transcripts into clean minutes, for internal consumption.

​

Explicitly Forbidden Use Cases (sample scenarios):

​

• Client-Facing Chatbots: Deploying automated, unmonitored AI chat agents directly to clients without real-time human oversight.

​

• Automated Underwriting Pre-Screening: Utilizing AI to submit client underwriting files without the oversight of a licensed financial advisor.

​

• Asset Allocation Discretionary Directives: Permitting AI to autonomously generate or execute investment portfolios without oversight or review of a licensed financial advisor.

​

6. Fair Treatment of Customers & Anti-Bias Frameworks

​

In alignment with CHLIA, ICBC, AIC, and CISRO principles, technology must never compromise the equitable treatment of consumers.

​

• Objectivity over Algorithmic Bias: Generative AI models reflect the historical data they were trained on. Advisors must ensure that any product recommendations, coverage selections, or investment strategies are tailored strictly to the client’s explicit financial needs, objectives, and risk tolerance—never skewed by automated algorithmic profiling or demographic generalizations.

​

7. Cybersecurity Readiness & Fraud Prevention

​

Generative AI tools are frequently weaponized by malicious actors to create sophisticated social engineering and phishing attacks.

​

• Prompt Safety: Personnel are strictly forbidden from inputting internal security protocols, network structures, passwords, or system configurations into Gemini for troubleshooting or analysis.

​

• Secondary Channel Verification: Because AI can effortlessly mirror the specific writing tone of clients or carrier executives, any urgent request received via text or email to move funds, alter beneficiaries, or modify policy banking details must be confirmed through a secondary verbal channel (e.g., a phone call) before execution.

​

8. Regulatory Record-Keeping & Marketing Compliance

​

• Documentation of Professional Rationale: If AI is used to compile data or compare quotes, the final output must not simply be pasted blindly into the CRM or client files. The client file must explicitly capture the advisor’s independent, human professional rationale explaining why the recommended product fits the client's needs.

​

• CASL and Advertising Standards: All marketing materials, automated email sequences, or newsletters drafted with the assistance of Gemini must strictly comply with the Canadian Anti-Spam Legislation (CASL) and provincial guidelines prohibiting misleading or exaggerated claims (e.g., "guaranteed lowest rates").

​

​