Skip to content

AI Safety & Bias Auditing

Updated 2026-04-076 min read
On this page

Overview

Complaint Analyst uses AI to help analysts investigate and draft responses to regulated complaints. This document explains how the AI operates, what safeguards are in place, and what the system does not do without human approval.

Responsible AI use in a regulated context means being precise about boundaries. The system is designed to assist analysts, not to replace them. No AI output is presented as a final decision or delivered to a complainant without human review.

Model Usage & Grounding

Complaint Analyst uses Anthropic's Claude Haiku model for complaint analysis and draft response generation. The model is accessed via the Anthropic API over an encrypted HTTPS connection. No complaint data is stored by the AI provider beyond the request lifecycle.

AI outputs are grounded in the firm's Knowledge Base — a curated set of articles, policies, and regulatory guidance that the firm controls. The AI is instructed to base its analysis and draft responses on this Knowledge Base content rather than general model knowledge. Citations are surfaced alongside AI outputs so analysts can verify the grounding.

Prompts are versioned as part of the platform's deployment process. The exact prompt and model configuration used for each analysis can be reconstructed for compliance review, supporting the FCA's expectation that AI-assisted decisions are auditable.

PII Masking Pipeline

Before any complaint text is sent to the AI provider, the PII masking service strips personal identifiers from the content. The AI model receives masked text, not raw customer data.

The masking pipeline covers names, email addresses, phone numbers, account numbers, sort codes, national insurance numbers, and other identifiable information. Masking is applied at the service layer before the API call is made, ensuring the raw PII never leaves the firm's infrastructure in the context of an AI request.

The data handling policy service adds a second layer of control. Firms can configure complaint categories or sensitivity levels that trigger stricter handling — including routing to manual review instead of AI analysis for especially sensitive complaints such as those involving health conditions, financial vulnerability, or special-category data under GDPR.

Human Approval Requirements

No AI output is delivered to a complainant without analyst review and approval. The platform treats AI analysis and draft responses as analyst tools, not autonomous outputs.

Draft response letters generated by AI are held in a draft state until an authorised analyst explicitly approves and marks the ticket as resolved. Senior analyst and admin roles can be configured as the approval gate for sensitive complaint categories. The draft approval action is logged in the audit trail.

The compliance copilot feature — which provides AI-assisted regulatory guidance — similarly presents recommendations for analyst consideration. It does not take actions or modify ticket state autonomously.

What the System Does Not Do Autonomously

The system does not close, resolve, or update complaint tickets without analyst action. Status transitions require a human decision. The AI can suggest an outcome and draft a response, but the analyst must confirm both.

The system does not send communication to complainants. Draft letters are generated for analyst review; delivery requires explicit analyst action outside the AI pipeline.

The system does not access external data sources or make real-time decisions based on market data, credit data, or other third-party feeds. Its analysis scope is limited to the complaint text, the firm's Knowledge Base, and structured ticket metadata.

The system does not learn from individual complaint decisions. The AI model is not fine-tuned on customer interactions. Knowledge Base updates are the mechanism for improving AI grounding over time, and those updates are controlled by the firm.

Bias & Quality Posture

The platform's grounding approach — tying AI outputs to firm-controlled Knowledge Base content — is the primary mechanism for managing output quality and consistency. Analysts who identify incorrect or misleading AI outputs can flag them through the ticket workflow.

The Knowledge Base management interface allows firms to review, edit, enable, or disable KB articles that inform AI analysis. Quality scoring on KB articles surfaces low-quality or outdated content for review. This gives compliance teams direct control over the informational context the AI operates in.

The platform does not currently implement automated bias detection testing across protected characteristics. This limitation is disclosed here rather than obscured. Firms with requirements for formal bias auditing should engage their own evaluation process against the AI outputs in their complaint categories.

Configurable AI Data Handling

Each firm can configure its own AI data handling policy through the platform's settings interface. This policy controls which complaint categories are eligible for AI analysis, which roles can trigger AI calls, and how cross-border complaints are handled relative to the firm's data residency requirements.

The policy can be configured to require explicit analyst opt-in for AI analysis on sensitive complaints, restrict AI analysis to specific analyst roles, or disable AI analysis entirely for certain complaint types. These controls are enforced at the service layer before any AI call is made.

Need more detail?

Request the full trust packet or schedule an AI safety review.

Trust request

Request the trust packet.

Tell us who is reviewing ComplaintLab and we’ll send the relevant diligence materials for your procurement or compliance process.

Add any jurisdiction, review deadline, or questionnaire context if it would help us respond faster.
We only use this to respond to your enquiry.