In February 2024, a finance worker at a multinational firm in Hong Kong joined a video call with his company's CFO and several colleagues. They discussed a series of transactions that needed to happen urgently. The finance worker, following what appeared to be direct instructions from senior leadership, transferred $25.6 million to accounts specified during the call.
Every person on that call, except the victim, was an AI-generated deepfake.
The criminals had used publicly available footage of the company's executives to create convincing video and audio reproductions. They'd done their homework on the company's internal processes. And they'd picked a target in finance because that's where the money moves.
This wasn't a failure of ChatGPT specifically. But it illustrates something important: the finance industry is now operating in an environment where AI can be weaponized against the very people trying to use it productively. The question isn't whether AI will touch your financial data. It's whether you'll control how that happens.
The short version: If you need to redact sensitive documents before they reach AI systems, PaperVeil handles that layer. The rest of this article explains where it fits in the broader governance architecture.
What "Safe" Actually Means in Finance
When a healthcare professional asks "Is ChatGPT HIPAA compliant?", the question has a clear regulatory framework behind it. Finance is messier. "Safe" in finance means navigating a patchwork of regulations, each with different requirements for different types of data.
GLBA (Gramm-Leach-Bliley Act) requires financial institutions to protect customer NPI (nonpublic personal information). That includes names combined with account numbers, Social Security numbers, or transaction histories. If you're pasting customer account details into ChatGPT, GLBA cares.
SOX (Sarbanes-Oxley) applies to public companies and focuses on financial reporting integrity. It requires internal controls, audit trails, and data integrity. If you're using AI to help prepare financial statements or analyze earnings data, SOX wants to know where that data went and who could access it.
SEC regulations add another layer, particularly around material nonpublic information. If your firm handles trading data or has access to information that could move markets, the rules around that data are strict. Using AI tools that might retain or learn from that data creates exposure.
PCI DSS governs payment card data. If credit card numbers or CVVs ever touch your AI workflows, you're in PCI territory.
The 20% of organizations that experienced data breaches from shadow AI use in 2024 weren't all in healthcare. Finance and accounting teams consistently rank among the highest risk for accidental data exposure. And the cost difference is substantial: shadow AI breaches cost organizations an average of $670,000 more than breaches with properly governed AI use.
ChatGPT's Security Model: The Real Picture
OpenAI has built serious security infrastructure. ChatGPT Enterprise is SOC 2 Type 2 certified and GDPR compliant. Data is encrypted at rest with AES-256 and in transit with TLS 1.2+. Enterprise customers get SSO integration, admin controls, and data residency options.
With over 5 million business users and 400 million weekly active users overall, OpenAI has responded to enterprise demand with progressively stronger security controls. The question for finance teams isn't whether OpenAI takes security seriously. It's whether the specific tier your team is using provides the controls you need.
Here's what that actually means for finance teams:
Enterprise tier (ChatGPT Enterprise/Team with appropriate agreements):
- Data is not used for training by default
- Encryption meets financial industry standards
- Admin controls let you audit who's using what
- Data residency options for regulatory requirements
Consumer tiers (Free, Plus):
- Data may be used for training unless you opt out
- No admin visibility into what your team is doing
- No data residency controls
- No audit trail for compliance documentation
The problem isn't that OpenAI's security is bad. It's that 400 million weekly active users are on consumer tiers, and 77% of employees using ChatGPT report sharing company secrets or confidential data. Your finance team is probably in that group. And they're probably not all on Enterprise.
Where the Gaps Actually Are
Even with ChatGPT Enterprise, several gaps make financial data exposure a real risk:
The transmission problem. When a financial analyst pastes customer account data into ChatGPT, that data travels to OpenAI's servers. Even if it's not retained for training, the transmission happened. For regulated data, you need to document and control that data flow. "We pasted it into a web interface" isn't great compliance documentation.
The audit trail problem. SOX requires you to demonstrate who accessed financial data and what they did with it. ChatGPT's admin console shows usage patterns, but it doesn't give you the granular audit trail that compliance teams need. You can't easily prove that the earnings data in last quarter's analysis didn't leak.
The retention ambiguity. API calls have 30-day retention by default (configurable to zero with ZDR agreements). But what about the conversations your team had in the chat interface last month? Consumer accounts retain data for up to 5 years if users opt into training. Enterprise accounts have different policies. Keeping track of which team member used which tier for which data is a compliance nightmare.
The shadow AI problem. This is the big one. You can implement perfect policies for your approved AI tools. But if your analysts are using personal ChatGPT accounts to speed up their work, all those policies are meaningless. And according to research, about seven out of ten employees in knowledge work roles are doing exactly that.
Making ChatGPT Actually Safe for Finance
The path to using AI safely in finance requires acknowledging an uncomfortable truth: you probably can't stop your team from using these tools. The productivity gains are too significant. What you can do is channel that usage into controlled workflows.
The goal isn't to eliminate AI use. It's to create guardrails that let your team work efficiently while keeping sensitive data protected. Think of it like expense policies: you're not trying to stop people from spending money, you're trying to ensure they spend it in ways that are trackable and appropriate.
Step 1: Establish the data classification layer.
Before anything touches an AI tool, classify it. Customer PII, account numbers, and transaction details are high-sensitivity. Aggregated analytics and market research are lower sensitivity. The rules for each category should be different.
High-sensitivity data should never hit consumer AI tiers. Period. If you can't enforce this technically, you'll need to enforce it through redaction.
Step 2: Implement pre-upload redaction.
The pattern matching for financial identifiers is well-understood. Account numbers follow specific formats. SSNs have a defined structure. Names and addresses can be detected with named entity recognition. A redaction layer strips this information before it reaches any AI system.
This isn't about perfect redaction (that's impossible). It's about reducing your exposure surface. If an analyst is summarizing a customer complaint, the AI doesn't need the customer's account number to do that job.
Step 3: Choose the right access method.
For approved use cases with properly redacted data:
- ChatGPT Enterprise with documented policies and training
- OpenAI API with zero-data-retention agreements for sensitive workflows
- Azure OpenAI Service if you're already in the Microsoft ecosystem and have BAA coverage
For workflows that must handle financial data:
- Build controlled pipelines where data is redacted before API calls
- Use n8n or similar orchestration to maintain audit trails
- Log every interaction with timestamps and user identification
Step 4: Build the audit infrastructure.
Every AI interaction involving business data needs documentation. Record the timestamp, the user, a hash of the input (not the input itself, unless you need it), and the nature of the query. This isn't paranoia. It's the documentation you'll need when auditors ask how AI fits into your data governance framework.
Step 5: Train your team (and actually mean it).
The 77% figure for confidential data sharing isn't because employees are malicious. It's because they're trying to be efficient, and nobody told them the rules. Training needs to be specific: "Here's what you can paste into ChatGPT. Here's what you can't. Here's why. Here's the approved alternative for the stuff you can't paste."
Where This Is Heading
OpenAI and Microsoft are racing to add enterprise features. Azure OpenAI Service already offers the kind of compliance infrastructure that large financial institutions require. Google's Vertex AI is making similar moves. The market for "AI that enterprises can actually use" is growing fast.
The trajectory is clear: enterprise AI features that were premium add-ons in 2024 will become table stakes by 2027. Zero-data-retention options, granular audit logging, and data residency controls are moving from "enterprise only" to standard expectations. Financial institutions are demanding these features, and providers are responding.
But the fundamental tension won't disappear. Consumer AI tools will always be more convenient than enterprise alternatives. The gap between "what's easy" and "what's compliant" will remain. And finance teams will keep finding workarounds because the productivity gains are too significant to ignore.
Regulators are paying attention. The SEC has already issued guidance on AI use in investment management. FINRA is watching how broker-dealers implement AI tools. The OCC has flagged AI risk management as a supervisory priority. This regulatory attention means that "we didn't know" won't be an acceptable defense when things go wrong.
The organizations that navigate this well will be the ones that acknowledge the reality: their people are going to use AI regardless of policy. The question is whether you build infrastructure that makes compliant usage the path of least resistance, or whether you bury your head and hope shadow AI doesn't blow up in your face.
The deepfake fraud in Hong Kong was an external attack. But the next finance scandal involving AI might be internal: a well-meaning analyst who pasted the wrong data into the wrong tool. The infrastructure you build now determines which category you end up in.
The Bottom Line
ChatGPT is not inherently safe for finance. The consumer tiers create significant compliance exposure. Even the enterprise tier requires careful implementation to meet regulatory requirements.
The answer isn't to ban AI tools. That doesn't work; people use them anyway. The answer is to build infrastructure that makes compliant usage easy:
- Data classification before AI interaction
- Automated redaction for sensitive data
- Controlled access methods with proper agreements
- Comprehensive audit trails
- Training that acknowledges reality
The finance industry runs on trust. That trust depends on data protection. AI can make your finance team dramatically more productive, but only if you get the data governance right first.
PaperVeil lets you redact sensitive financial data from documents before they touch any AI system. Detect and remove account numbers, SSNs, and customer PII automatically. Generate the audit trails your compliance team needs. The redaction layer that makes AI document processing actually safe for finance.