Download PDF (140 KB)
PDF version — print or share with your team.
Financial services firms want to know whether Claude Cowork can take on application and document work without exposing client financial data. According to Statistics Canada, finance and insurance firms already use AI at 30.6%, so back-office staff are well into testing these tools. The duty to protect client information stays with the firm.
Mike Pearlstein, CISSP, MSc AI, founder of Fusion Computing, which has secured IT for Canadian financial services firms across Toronto, Hamilton, and Metro Vancouver since 2012.
Key takeaways
- A financial services firm can use Claude Cowork on a Team or Enterprise plan with access scoped to one client file and a written policy.
- Scope it to one client file, never the whole CRM or policy system.
- Cowork stores its work locally, so it sits outside your audit logs. Sector record-keeping and audits need a record you build yourself.
- Compliance reviews client-facing output. Registered advisory and accounting firms have their own guides linked below.
Can financial services firms use Claude Cowork with client data?
Yes, a financial services firm can use Claude Cowork on a Team or Enterprise plan, with access scoped to one client file and a written policy. The firm owns its PIPEDA duties and any sector record obligations, and no vendor setting removes them. On the business plans, your content is not used to train Anthropic’s models by default, which is why client work belongs there and never on a personal account.
This guide covers the broader financial firm: brokerages, MGAs, lenders, and fintech operations. A registered investment advisory firm should also read our wealth-management guide for CIRO duties, and an accounting practice our accounting guide for CPA duties.
It’s the same secure-adoption logic from the pillar guide on using Claude Cowork securely in your business, applied to a financial firm, and it sits alongside our broader IT for financial services work.
What Claude Cowork actually does in a financial back office
Claude Cowork completes multi-step document work rather than answering a single question. For a financial firm, the practical jobs are synthesizing application and onboarding documents, drafting client communications, organizing policies and disclosures, summarizing claims or files, and preparing compliance documents. Each output is a draft for staff to verify before it reaches a client or a regulator.
Here’s how those jobs map to the work, with the guardrail that protects the client. Fusion Computing walks firms through this before any pilot, the same way we scope any AI services engagement.
Book a 30-minute call to scope Claude Cowork for your firm safely →
| Task | What Cowork does | The guardrail |
|---|---|---|
| Application and onboarding synthesis | Reads onboarding documents and drafts a client summary | Scope to one client file; staff verify |
| Client communications | Drafts letters and follow-ups from records | Client identifiers stay in a scoped folder |
| Policy and disclosure organization | Sorts and updates policies and disclosures | Internal documents, reviewed before issue |
| Claims or file summaries | Summarizes a claim or file from source documents | A draft for review, not the official record |
| Compliance-document prep | Assembles compliance and reporting documents | One client file, reviewed by compliance |
The client-data and compliance guardrails
The core guardrail is least privilege: scope Cowork to one client file, not the whole CRM or policy system. Classify what is allowed in (working documents for the active file) and what stays out (account numbers and client identifiers beyond the scoped folder). Keep compliance reviewing anything client-facing. Cowork runs in an isolated virtual machine, but prompts still reach Anthropic, so scope is the control that limits exposure.
The mistake we flag most often is scope. When a firm connects the agent to the whole CRM, a single task can read every client’s file. Scope it to the active client and you’ve cut most of the risk.
Field note. In the financial-firm pilots I’ve run, the first thing I change is access. I’ve watched an operations lead point an agent at a CRM holding every client’s financial profile. We scoped it to one client file, and the workflow that felt reckless became routine. The work’s identical; the exposure isn’t.
The policy is the other half. A short rule set, the kind we cover in our guide on what belongs in an AI acceptable use policy, names the approved tool, the data that may go in, and who may run it. Fusion Computing pairs that with a cybersecurity review so the firm protects client trust and its regulatory standing.
The oversight gap for record-keeping and audits
Claude Cowork stores its conversation history locally on each user’s computer, and that activity is not captured by audit logs, the Compliance API, or data exports. For a financial firm this matters: record-keeping rules and regulator audits assume the firm can reconstruct what happened. Team and Enterprise owners can stream Cowork events to a SIEM through OpenTelemetry, which Anthropic notes does not replace audit logging for compliance.
According to Anthropic’s guidance on using Cowork on Team and Enterprise plans, the local history “is not subject to Anthropic’s standard data retention policies and cannot be centrally managed or exported by admins.” The Enterprise audit logs that do exist capture metadata, not the work. A firm regulated by the Financial Services Regulatory Authority of Ontario builds its own record.
Fusion Computing wires the OpenTelemetry stream into the same monitoring we run for managed detection and response, so a firm sees tool calls and file access even though the transcript stays on the device.
Plan tier and a setup checklist for a financial firm
The plan tier is the first decision: only Team and Enterprise carry the “not trained on by default” commitment plus the admin controls a firm needs. From there, a safe rollout is short: scope to one client file, keep “ask before acting” on, write a usage policy, turn on OpenTelemetry monitoring, keep compliance signing off, and review the vendor terms against PIPEDA and your sector rules.
Cowork runs on Pro, Max, Team, and Enterprise plans per Anthropic’s release notes, and on the business tiers your content is not used to train models by default, as Anthropic’s privacy commitments set out. Here’s the checklist Fusion Computing runs with a firm.
Get a CISSP-led review of where AI tools touch client financial data →
Why Canadian firms bring this work to Fusion Computing
CISSP-led, a Microsoft Solutions Partner and a CompTIA Managed Services Trustmark holder, securing IT for Canadian SMBs across Toronto, Hamilton, and Metro Vancouver since 2012.
- Choose Team or Enterprise. Client financial data on a personal account is the first risk to fix.
- Scope to one client file. Never the whole CRM or policy system. Widen only with a reason.
- Default to “ask before acting.” Cowork always asks before deleting files; keep approvals on.
- Write an acceptable use policy. Name the approved tool, the data that may go in, and who may run it.
- Turn on OpenTelemetry monitoring. It’s the only visibility you have into what the agent did.
- Keep compliance signing off. Nothing client-facing or regulator-facing ships without review.
- Map the terms to your rules. Check Anthropic’s data handling against PIPEDA and your sector obligations before go-live.
None of it’s exotic, and most of it takes an afternoon. Fusion Computing sets it up as part of the managed IT work we already do for firms, and the same pattern carries to wealth management firms and accounting firms under their own regulators. If you want a second set of eyes before your firm pilots Cowork, talk to us or read more about how we work.
Claude Cowork is worth adopting for the application and document work that fills a financial back office. The firms that set the plan, the scope, and the policy first are the ones that’ll use it calmly while their competitors are still arguing about whether it’s allowed.
Fusion Computing helps Canadian businesses across Toronto and the GTA, Hamilton, and Metro Vancouver with managed IT, cybersecurity, and Microsoft 365.
Frequently Asked Questions
Is Claude Cowork safe for client financial data?
Claude Cowork can be safe for client financial data on a Team or Enterprise plan, with access scoped to one client file and compliance reviewing the output. The work runs locally, though prompts reach Anthropic, so expose only the documents a task needs. On the business plans your content is not used to train models by default, which is why client data belongs there.
What plan does a financial services firm need for Claude Cowork?
A financial firm should use the Team or Enterprise plan, never a personal Pro or Max account. Only the business tiers carry Anthropic’s commitment not to train on your content by default, plus the owner and admin controls a firm needs. Client financial data on a personal account is the first risk to remediate.
Is our data used to train the model?
On Team and Enterprise plans, your content is not used to train Anthropic’s models by default, so documents processed under a business plan stay out of training. Personal Pro and Max plans follow individual privacy settings, which differ from the business default. For a firm holding client financial data, that difference is the reason to use a business plan.
How does this differ from the wealth-management and accounting guides?
This guide covers the broader financial-services firm: brokerages, MGAs, lenders, and fintech operations. A registered investment advisory firm should read the wealth-management guide for CIRO duties, and an accounting or bookkeeping practice the accounting guide for CPA duties. The Cowork setup is the same across all three; the regulator and the records differ.
How is Claude Cowork different from fintech AI?
Fintech AI is usually built into a lending, advisory, or policy platform and scoped to that system. Claude Cowork is a general desktop agent that works across your own files and apps, which suits application, communication, and compliance documents more than scoring or transactions. The practical differences are where the data lives and how broadly the agent can reach.
Want an AI use policy that fits PIPEDA and your sector rules? →
Does Claude Cowork meet record-keeping rules?
Claude Cowork on its own does not satisfy record-keeping rules, because its session history is stored locally and is not captured in central audit logs or exports. A firm meets the rule by keeping its own record of AI-assisted work and streaming Cowork events to a SIEM through OpenTelemetry. Design that record before the first client file goes near the tool.
Does Claude Cowork work on Windows or only Mac?
Claude Cowork works on both macOS and Windows through the Claude desktop app, and it reached general availability on both on April 9, 2026. It is not available on the web or on mobile. Some capabilities, such as computer use, arrived first as research previews, so confirm the current feature list for your platform inside the app.
Who at the firm should run Claude Cowork?
Start with a small group in operations or compliance who understand client confidentiality, never the whole firm. Cowork is an organization-wide setting that owners can switch on or off, and granular per-user controls are limited, so a deliberate pilot with named users beats a broad rollout. Pair it with training and a written policy first.
