FinGuard โ Open-source LLM safety layer for financial AI
Project description
FinGuard ๐ก๏ธ
The LLM Safety Orchestration Layer for Financial AI.
FinGuard is a modular, plug-and-play guardrail framework built for fintech teams. It wraps any LLM with a tiered safety pipeline covering PII redaction, prompt injection detection, regulatory compliance, and financial fraud signals โ all configurable via simple YAML policies.
โก Quick Start
from finguard import FinGuard
guard = FinGuard(policy="retail_banking")
@guard.wrap
async def banking_assistant(prompt: str) -> str:
return await llm.generate(prompt)
# PAN card in prompt is automatically blocked
response = await banking_assistant("My PAN is ABCDE1234F, reset my password")
๐๏ธ Tiered Safety Architecture
FinGuard uses a three-tier pipeline โ each tier adds safety depth at the cost of latency. Pick the tier that fits your use case.
| Tier | Policy | Avg Latency | What It Covers |
|---|---|---|---|
| Tier 1 โ Fast Lane | fast_lane |
~35ms | Regex PII (PAN, Aadhaar, IFSC, UPI), PMLA |
| Tier 2 โ Standard | retail_banking, default |
~55ms | Tier 1 + Native Presidio NER + Injection AI |
| Tier 3 โ Full Stack | high_security, wealth_advisor |
~180ms | Tier 2 + Topic Banning + Compliance Phrases |
Benchmarks measured on CPU (ONNX runtime, no GPU). Mock LLM latency excluded.
๐ Policy Catalog
FinGuard ships with 5 ready-to-use policies. Load by name:
guard = FinGuard(policy="high_security")
| Policy | Use Case | Tier |
|---|---|---|
default |
Balanced starting point for any financial bot | 2 |
fast_lane |
High-throughput systems: IVR, SMS bots, dashboards | 1 |
retail_banking |
Branch chatbots, net banking, UPI assistants | 2 |
wealth_advisor |
Robo-advisors, portfolio managers (SEBI compliance) | 3 |
high_security |
Fraud ops, compliance officers, internal audit tools | 3 |
All policies ship with injection.threshold: 1.0 โ only absolute certainty triggers a block.
๐ What Gets Protected
PII โ Finance Base (Always Active)
Native Presidio entities with context-awareness and checksum validation:
| Entity | ID | Detection |
|---|---|---|
| Credit Card | CREDIT_CARD |
Pattern + Luhn checksum |
| IBAN | IBAN_CODE |
Pattern + checksum |
| PAN Card | IN_PAN |
Pattern + context |
| Aadhaar | IN_AADHAAR |
Pattern + Verhoeff checksum |
| IFSC Code | IN_IFSC |
Custom pattern + context |
| UPI/VPA | IN_VPA |
Custom pattern + context |
| Email / Phone | EMAIL_ADDRESS, PHONE_NUMBER |
Pattern |
Optional Locale Packs
pii:
locale_packs: ["IN_EXTENDED"] # Adds Voter ID, Passport, Vehicle Reg
# locale_packs: ["US"] # Adds SSN, Driver License
# locale_packs: ["GLOBAL"] # Adds IP, URL, Location
Fraud & Compliance
- PMLA Scanner โ flags high-value transfers (>โน50,000) with transfer keywords
- Compliance Phrases โ enforces SEBI/RBI-style disclaimers on investment advice
- Numerical Hallucination โ validates AI-stated figures against prompt context
- Topic Banning โ blocks off-domain queries (crypto, medical, illegal lending)
๐งฉ Architecture
Prompt โ [Tier 1: Regex Fast-Path] โ [Tier 2: Presidio NER + ONNX AI] โ [Tier 3: Compliance] โ LLM โ Output Guard โ Response
- Singleton model cache โ ONNX models loaded once per process, shared across all guards
- Whitelist-only PII registry โ only finance-relevant recognizers are active; no BTC/SSN overhead
- Per-component latency โ every
GuardResultexposescomponent_latenciesfor observability
๐ Benchmarking
uv run benchmark.py
Sample output:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
BENCHMARK SUMMARY
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Tier Avg Min Max
Tier 1 โ Fast Lane (Regex) 35.0ms 30.5ms 36.9ms
Tier 2 โ Retail (NER+AI) 54.7ms 47.3ms 65.4ms
Tier 3 โ High Sec (Full) 181.0ms 149.2ms 277.3ms
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ Project Structure
finguard/
โโโ pii/ # Native Presidio PII engine
โ โโโ engine.py # FinGuardPIIEngine singleton
โ โโโ profiles.py # Finance base + locale packs
โ โโโ recognizers.py # Custom recognizers (IFSC, VPA, Demat)
โโโ validators/ # Domain-specific validators
โ โโโ financial.py # Fast-path regex + PMLA scanner
โ โโโ compliance.py # Disclaimer enforcement
โ โโโ numerical.py # Hallucination detection
โโโ policies/ # YAML policy catalog
โ โโโ default.yaml
โ โโโ fast_lane.yaml
โ โโโ retail_banking.yaml
โ โโโ wealth_advisor.yaml
โ โโโ high_security.yaml
โโโ core.py # FinGuard main class
โโโ router.py # Scanner factory + model cache
โโโ config.py # Pydantic policy models
โ๏ธ License
MIT License.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
finguard-0.3.0.tar.gz
(117.2 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
finguard-0.3.0-py3-none-any.whl
(22.1 kB
view details)
File details
Details for the file finguard-0.3.0.tar.gz.
File metadata
- Download URL: finguard-0.3.0.tar.gz
- Upload date:
- Size: 117.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b3670c7422d9b85c0c89ec226d65c96f4522372cbf2f9efc95b3b4969afbe294
|
|
| MD5 |
61f4df44b6a37ae1c5b1ef0e7a7a030b
|
|
| BLAKE2b-256 |
3123333c68cfd9d5b98b4d1d456a16dc51b5b806c7726d07c924c073039e2617
|
Provenance
The following attestation bundles were made for finguard-0.3.0.tar.gz:
Publisher:
python-publish.yml on suryanshgupta9933/FinGuard
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
finguard-0.3.0.tar.gz -
Subject digest:
b3670c7422d9b85c0c89ec226d65c96f4522372cbf2f9efc95b3b4969afbe294 - Sigstore transparency entry: 1189491303
- Sigstore integration time:
-
Permalink:
suryanshgupta9933/FinGuard@61c142a5984c9285c67da958e7510a10a3b0c52e -
Branch / Tag:
refs/tags/v0.3.0 - Owner: https://github.com/suryanshgupta9933
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
python-publish.yml@61c142a5984c9285c67da958e7510a10a3b0c52e -
Trigger Event:
release
-
Statement type:
File details
Details for the file finguard-0.3.0-py3-none-any.whl.
File metadata
- Download URL: finguard-0.3.0-py3-none-any.whl
- Upload date:
- Size: 22.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f0a604cbfe5ae0a916133035920bd32d60b27cde57f405c8ce2793b4f0590229
|
|
| MD5 |
1c1b5f9a8fa103c33c12a16d06a34237
|
|
| BLAKE2b-256 |
db2c6b7a691c6045ad9c2af540f890fc04ec94deb4c66db113e2cd8e1542cfbe
|
Provenance
The following attestation bundles were made for finguard-0.3.0-py3-none-any.whl:
Publisher:
python-publish.yml on suryanshgupta9933/FinGuard
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
finguard-0.3.0-py3-none-any.whl -
Subject digest:
f0a604cbfe5ae0a916133035920bd32d60b27cde57f405c8ce2793b4f0590229 - Sigstore transparency entry: 1189491329
- Sigstore integration time:
-
Permalink:
suryanshgupta9933/FinGuard@61c142a5984c9285c67da958e7510a10a3b0c52e -
Branch / Tag:
refs/tags/v0.3.0 - Owner: https://github.com/suryanshgupta9933
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
python-publish.yml@61c142a5984c9285c67da958e7510a10a3b0c52e -
Trigger Event:
release
-
Statement type:
