Skip to Content

Why keep an authoritative list of compliance violations in code?

Category: Security & Compliance

Answer

A code-side COMPLIANCE_RULES["prohibited_words"] list is testable, version-controlled, and reviewable. Each rule has a confidence floor; a fast-path can short-circuit the LLM call when a violation is keyword-detected. The model then only sees ambiguous cases.

Concrete examples from the fca project context

Example 1

prohibited_words: [“risk-free”, “guaranteed to”, “no risk”] are checked by fast-path first.

Example 2

Fast-path violation: is_compliant=False, confidence≈0.99, no LLM call.

Example 3

Heuristic pass: LLM at temperature=0.1 for stability, returns 0.95 or 0.85.

Data flow / flow chart

response -> fast-path regex -> {reject 99%} OR {LLM at T=0.1 -> pass/fail 95/85}

Takeaway

Authoritative rules in code + LLM semantic check on the rest is faster and safer than LLM-only.