Alpheous·
Platform Overview

Security, Compliance, and Governance

This page explains how Alpheous keeps the work it does for your firm inside your rules. It covers the compliance check that every outbound piece passes before a person sees it, who owns those rules, why no one can approve their own outbound, and how every change and send is recorded for later examination.

The short version: the agents prepare the work, your rules decide what is allowed, and a person always has the final say. Nothing skips that path.

:::info Why This Matters Your Chief Compliance Officer and your operations leaders need to know that an AI team cannot put something in front of an advisor, an LP, or a prospect that breaks a rule, and that anything it did can be reviewed afterward. Alpheous is built so the answer to both questions is yes, on the product's own terms. :::

Compliance Comes Before You See a Draft

Every agent follows the watch, draft, approve model: it does the work and posts a draft back to you. What sits between "draft" and "you see it" is a compliance check. Before any outbound artifact reaches your screen, it runs against your firm's rules. A draft that trips a rule is flagged, held, or rewritten before it ever lands in your queue.

This means the drafts you review have already cleared the bar your compliance team set. You are not the first line of defense against a disclosure that is missing or a claim that is not allowed; the check is. Your judgment goes to the things that need judgment: tone, fit, timing, and whether the message is right for the relationship.

The check applies to outbound of every kind: an email to a wholesaler, a follow-up to an advisor, a summary that publishes to the team, a note written back to your CRM. If it leaves the agent and heads toward a person or a system of record, it passes the check first.

Your Compliance Team Owns the Rules

The rules are not buried in the product. They are configuration that your compliance team owns and can change. Required disclosures, restricted claims, the language your firm must include or must avoid, the categories that need extra review: these live as data, not as something hardcoded that only an engineer can touch.

When your firm's obligations change, your compliance team updates the rules and every agent picks up the change. There is no waiting for a release. The same set of rules governs all the agents at once, so distribution, intelligence, and operations work all answer to one policy rather than each agent having its own.

For how an operator and a compliance reviewer manage these rules day to day, see the operator-side governance pages.

No One Approves Their Own Outbound

A person always approves before anything goes out, and that person cannot be the same one who originated the request. Alpheous separates the person who asks for the work from the person who signs off on it leaving the building. This is the standard four-eyes control your compliance function already expects on outbound communication, enforced by the product rather than by good intentions.

In practice, a wholesaler can ask an agent to draft a follow-up, but the approval that releases that follow-up is its own gated step with its own accountable person. The product fails closed: if the approval and notification checks cannot confirm who is signing off, nothing sends.

Every Change and Send Is Logged

Everything the product does to client data, communications, and decisions is recorded: who or what acted, what changed, and when. A draft created, a rule that flagged it, an edit you made, the approval, the send: each step is part of an examinable chain.

That chain is what lets you reconstruct, after the fact, exactly how a given message came to go out and who stood behind it. When an examiner, an auditor, or your own compliance review asks what happened on a particular communication, the record is there to answer. Nothing the agents do happens off the books.

:::tip For the Operator The audit record and the rule configuration both surface on the operator console. If you run compliance or operations for your firm, that is where you set the rules, watch what the agents are doing, and pull the history when you need it. :::

How This Shows Up in Daily Work

You do not have to think about any of this to get value from it. You ask an agent for something, you get back a draft that already cleared your firm's rules, you approve or edit it, and it goes out with a clean record behind it. The controls run underneath the watch, draft, approve rhythm described in Getting Started.

The same model holds for every agent on the roster, whether it is the Signal Outreach agent drafting advisor outreach or the Account Assistant writing back to an LP. Outbound is gated, rules are applied, and the action chain is recorded, every time.

  • Getting Started: the watch, draft, approve model these controls sit inside.
  • Signal Outreach: an agent whose outbound passes the compliance check before you review it.
  • Regulatory Digest: how the product keeps the regulatory record in front of your compliance team.