Compliance

Documentation for Firmly's data governance and compliance capabilities for investment firms.

Firmly provides built-in controls for SOC 2 Trust Services Criteria, specifically addressing the unique challenges of AI deployments in investment management. This guide covers how Firmly implements C1.2 (Confidential Information Disposal) and P5.1 (Data Retention) controls for your SOC 2 audit.

Firmly implements the recordkeeping controls required by SEC Rule 204-2 (Books and Records Rule) for investment advisers using AI-assisted workflows. This guide explains how Firmly addresses books and records requirements, examination readiness, and data retention when investment professionals use AI to interact with deal documents and portfolio data.

Firmly maintains a complete, tamper-evident record of every AI interaction with investment data. When analysts use AI to query deal documents, summarize portfolio performance, or retrieve market research, each action is automatically logged with full context—who accessed what, when, and why.

Firmly provides configurable retention periods for investment conversations, audit logs, and deal documents. Policies can be set at the firm level with fund-specific overrides, allowing you to align data lifecycle management with your regulatory requirements and investor agreements.

Firmly enables investment firms to preserve data during SEC examinations, investor litigation, regulatory inquiries, or internal compliance reviews. Holds can target all data for a firm or specific deal conversations and documents. Protected data is excluded from automated retention cleanup until the hold is released.

Firmly maintains a complete record of all data removed by retention policies. This documentation is essential for SEC compliance, investor due diligence, and demonstrating your data governance practices.