Skip to content
FSS Knowledge Base

Risks Inbox

Section titled “Risks Inbox”

Append-only capture. One idea per bullet. Promote to Tasks/ when ready to work.

Capture

Section titled “Capture”
  • [PHASE-1 FIRST DELIVERABLE] Customer Data Isolation Policy — Document MBR’s fintech-critical data architecture: what data is collected (rate-scanner queries, comparison results), where it lives (anonymized in KB vs. identified in CRM external), who can access it, retention schedule, and what can/cannot flow through AI agents. Hard rule: no PII in KB vault. CRM external. KB holds only schema, queries, anonymized samples.
  • Rate-scanner abuse-path threat model — what happens if someone floods queries? Rate limiting? IP blocking? Data exfiltration surface?
  • Compliance scope for rate-scanner outputs — are we giving “advice” (regulated) or “information” (unregulated)? What disclosures are required for CA fintech?