Download PDF (140 KB)
PDF version — print or share with your team.
Advisors want to know whether Claude Cowork can speed up client and portfolio work without putting account data or a CIRO record obligation at risk. According to Statistics Canada, finance and insurance firms already use AI at 30.6%, so staff at most practices are testing these tools. The duty to keep client information confidential and the activity supervised stays with the firm.
Mike Pearlstein, CISSP, MSc AI, founder of Fusion Computing, which has secured IT for Canadian wealth and advisory firms across Toronto, Hamilton, and Metro Vancouver since 2012.
Key takeaways
- An advisory firm can use Claude Cowork on a Team or Enterprise plan with access scoped to one household’s folder and a written policy.
- Scope it to one household, never the whole CRM or client-document store.
- Cowork stores its work locally, so it sits outside your audit logs. CIRO record-keeping and supervision need a record you build yourself.
- An advisor or compliance reviews anything client-facing. Never put account numbers on a personal account.
Can wealth management firms use Claude Cowork with client and account data?
Yes, an advisory firm can use Claude Cowork on a Team or Enterprise plan, with access scoped to one household’s folder and a written policy. CIRO record-keeping and supervision duties, plus PIPEDA, bind the firm, not the software. On the business plans, your content is not used to train Anthropic’s models by default, which is why client work belongs there and never on a personal account.
Confidentiality and supervision are the firm’s obligations under CIRO rules, and no vendor setting removes them. What a practice controls is the scope: which files the agent opens, which plan governs the data, and who reviews the output. On the business tiers, Anthropic’s privacy commitments keep that data out of model training.
This spoke is the tactical companion to our deeper work on AI governance for wealth management firms, and it applies the secure-adoption logic from the pillar guide on using Claude Cowork securely in your business. It sits alongside our broader IT for wealth management firms work.
What Claude Cowork actually does for an advisory firm
Claude Cowork completes multi-step document work rather than answering a single question. For an advisory firm, the practical jobs are synthesizing KYC and onboarding documents, drafting account and portfolio reports, summarizing client-meeting notes, preparing suitability reviews, and organizing compliance documents. Each output is a draft for an advisor to verify, never a finished client deliverable.
Here’s how those jobs map to the work, with the guardrail that keeps each one safe. Fusion Computing walks firms through this before any pilot, the same way we scope any AI services engagement.
Book a 30-minute call to scope Claude Cowork for your firm safely →
| Task | What Cowork does | The guardrail |
|---|---|---|
| KYC and onboarding synthesis | Reads onboarding documents and drafts a client summary | Scope to one household; the advisor verifies |
| Account and portfolio reporting | Assembles a draft report from statements and holdings | Figures checked before anything is sent |
| Client-meeting note summaries | Turns raw notes into a structured summary and action list | A draft for the file, not the official record |
| Suitability-review prep | Pulls KYC and holdings into a review-ready package | Compliance review before any recommendation |
| Compliance-document organization | Sorts and renames disclosures and records | One household folder, never the whole CRM |
The client-data and supervision guardrails
The core guardrail is least privilege: scope Cowork to one household’s folder, not the whole CRM or client-document store. Classify what is allowed in (working documents for the active household) and what stays out (account numbers and identifiers beyond the scoped folder). Keep an advisor reviewing anything client-facing. Cowork runs in an isolated virtual machine, but prompts still reach Anthropic, so scope is the control that limits exposure.
The mistake we flag most often is scope. When a firm points the agent at the whole CRM, a single task can read every client’s account data. Scope it to the active household and most of the risk disappears.
Field note. In the firm pilots I’ve run, the first thing I change is access. I’ve watched an advisor point an agent at a CRM export that held every household’s holdings. We scoped it to one folder, and the workflow that felt reckless became routine. The work’s identical; the exposure isn’t.
The policy is the other half. A short rule set, the kind we cover in our guide on what belongs in an AI acceptable use policy, names the approved tool, the data that may go in, and who may run it. Fusion Computing pairs that with a cybersecurity review so the firm has a defensible position with its regulator.
The oversight gap that matters for CIRO record-keeping and audits
Claude Cowork stores its conversation history locally on each user’s computer, and that activity is not captured by audit logs, the Compliance API, or data exports. For a CIRO-regulated firm this is the sharpest issue: books-and-records and supervision both assume the firm can reconstruct what happened. Team and Enterprise owners can stream Cowork events to a SIEM through OpenTelemetry, which Anthropic notes does not replace audit logging for compliance.
According to Anthropic’s guidance on using Cowork on Team and Enterprise plans, the local history “is not subject to Anthropic’s standard data retention policies and cannot be centrally managed or exported by admins.” The Enterprise audit logs that do exist capture metadata, not the content of the work.
That gap doesn’t rule Cowork out. It means the firm designs its own record of AI-assisted work. Fusion Computing wires the OpenTelemetry stream into the same monitoring we run for managed detection and response, so a practice sees tool calls and file access even though the transcript stays on the device. If a record supports a recommendation or a supervision review, the firm keeps it on purpose.
Plan tier and a setup checklist for an advisory firm
The plan tier is the first decision: only Team and Enterprise carry the “not trained on by default” commitment plus the admin controls a firm needs. From there, a safe rollout is short: scope to one household folder, keep “ask before acting” on for client data, write a usage policy, turn on OpenTelemetry monitoring, keep an advisor or compliance signing off, and review the vendor terms against CIRO record-keeping and PIPEDA.
Cowork runs on Pro, Max, Team, and Enterprise plans per Anthropic’s release notes, but only the two business tiers fit client work. Here’s the checklist Fusion Computing runs with a firm before the first household goes near the tool.
Why Canadian firms bring this work to Fusion Computing
CISSP-led, a Microsoft Solutions Partner and a CompTIA Managed Services Trustmark holder, securing IT for Canadian SMBs across Toronto, Hamilton, and Metro Vancouver since 2012.
Get a CISSP-led review of how AI tools reach your client accounts →
- Choose Team or Enterprise. An advisor running client work on a personal account is the first risk to fix.
- Scope to one household folder. Never the whole CRM or client-document store. Widen only with a reason.
- Default to “ask before acting.” Cowork always asks before deleting files; keep approvals on for client data.
- Write an acceptable use policy. Name the approved tool, the data that may go in, and who may run it.
- Turn on OpenTelemetry monitoring. It’s the only visibility you have into what the agent did.
- Keep an advisor or compliance signing off. Nothing client-facing ships without review.
- Map the terms to your duties. Check Anthropic’s data handling against CIRO record-keeping and PIPEDA before go-live.
None of it’s exotic, and most of it takes an afternoon. Fusion Computing sets it up as part of the managed IT work we already do for firms, and the same pattern carries to law firms, accounting firms, and healthcare clinics under their own regulators. If you want a second set of eyes before your firm pilots Cowork, talk to us or read more about how we work.
Claude Cowork is worth adopting for the client and portfolio work that fills an advisory practice. The firms that set the plan, the scope, and the policy first are the ones that’ll use it calmly while their competitors are still arguing about whether it’s allowed.
Fusion Computing helps Canadian businesses across Toronto and the GTA, Hamilton, and Metro Vancouver with managed IT, cybersecurity, and Microsoft 365.
Frequently Asked Questions
Is Claude Cowork safe for client accounts?
Claude Cowork can be safe for client account data on a Team or Enterprise plan, with access scoped to one household’s folder and an advisor reviewing the output. The work runs locally and, on the business plans, is not used to train Anthropic’s models by default. Confidentiality and supervision stay the firm’s duty, so the controls around the tool are what make it safe.
Does Claude Cowork meet CIRO record-keeping rules?
Claude Cowork on its own does not satisfy CIRO record-keeping, because its session history is stored locally and is not captured in central audit logs or exports. A firm meets the rule by keeping its own record of AI-assisted work and streaming Cowork events to a SIEM through OpenTelemetry. Design that record before the first client file goes near the tool.
What plan does an advisory firm need for Claude Cowork?
An advisory firm should use the Team or Enterprise plan, not a personal Pro or Max account. Only the business tiers carry Anthropic’s commitment not to train on your content by default, plus the owner and admin controls a firm needs. An advisor running client work on a personal account is the first risk to remediate.
Is client PII used to train the model?
On Team and Enterprise plans, your content is not used to train Anthropic’s models by default, so client PII processed under a business plan stays out of training. Personal Pro and Max plans follow individual privacy settings, which differ from the business default. For a regulated advisory firm, that difference is the reason to standardise on a business plan.
Can Claude Cowork summarize client meetings?
Yes. Cowork can turn raw meeting notes into a structured summary and an action list, which saves an advisor time on file notes. Treat the result as a draft for the file, not the official record, and keep client identifiers in a scoped folder. An advisor should review the summary before it informs any recommendation.
How is Claude Cowork different from wealthtech AI tools?
Most wealthtech AI is built into a specific advisory or CRM platform. Claude Cowork is a general agent that works across your own files and apps on the desktop, using the same engine as Claude Code. For a firm, the practical differences are where the data lives, the admin and audit controls, and how broadly the agent can reach across client records.
Does Claude Cowork work on Windows or only Mac?
Claude Cowork works on both macOS and Windows through the Claude desktop app, and it reached general availability on both on April 9, 2026. It is not available on the web or on mobile. Some capabilities, such as computer use, arrived first as research previews, so confirm the current feature list for your platform inside the app.
Who at the firm should run Claude Cowork?
Start with a small group who understand the client relationship and the supervision duty, not the whole firm at once. Cowork is an organization-wide setting that owners can switch on or off, and granular per-user controls are limited, so a deliberate pilot with named users beats a broad rollout. Pair it with training and a written policy before wider use.
