# AI Use Policy for Escrow Offices

**Version 0.1 — Starting Template**

> The office decides. Veto records the review.

Use this as a starting point. Have counsel and management adapt it before adoption.

---

## Purpose

AI tools (ChatGPT, Copilot, Gemini, Claude, and others) are landing in escrow offices whether anyone planned for it or not. Officers draft emails, summarize files, and generate checklists using these tools. Some uses are fine. Some put client data, wire instructions, and regulatory exposure into a public AI system the office does not control.

This policy gives your staff a practical framework for deciding what goes into an AI tool and what does not. It is a starting template, not legal advice. Adapt it with counsel and management before adoption.

---

## 1. Approved Uses (Green)

OK to use with public AI tools, provided no client, file, or transaction data is included.

- Generic checklists and training outlines
- Neutral email templates with no client names
- Formatting and grammar assistance
- Researching regulatory concepts and statutes
- Drafting office-internal SOPs with no client references
- Generating interview questions for hiring
- Summarizing public regulatory bulletins

**Rule:** If the content contains no client name, file number, address, dollar amount, or transaction detail, it is in the green zone.

---

## 2. Review-Required Uses (Yellow)

May use AI assistance, but the output must be reviewed by a designated reviewer before it is used or sent. No private data may enter the AI tool.

- Client-facing email drafts (reviewed before sending)
- Internal SOPs and procedure drafts
- Office AI use policy drafts
- Training scenarios with sanitized details
- File checklists generated from office templates

**Rule:** The output is a draft, not a decision. A human reviews it before it leaves the office or enters the file. The reviewer records what they checked.

---

## 3. Prohibited Uses (Red)

Never put into any public AI tool. This is the line that cannot move.

- Escrow instructions and file details
- Wire information and bank routing numbers
- Social Security numbers and loan documents
- Payoff demands and proceeds instructions
- Client names combined with transaction details
- Driver license numbers, dates of birth, or government IDs
- Any content that could expose client funds or personal identifiers

**Rule:** If it contains or could expose client funds, personal identifiers, or transaction-specific instructions, it stays out of public AI. No exceptions, no manager override.

---

## 4. Client-Data Rule

No client personally identifiable information (PII) may be entered into any public AI tool. This includes names, addresses, phone numbers, email addresses, Social Security numbers, loan numbers, and file numbers.

If a task requires referencing a client, sanitize the content first: replace real names with placeholders (e.g., "Client A"), remove all identifying details, and confirm no remaining text could identify the client before submitting to the AI tool.

---

## 5. Wire and Account Data Rule

Wire instructions, bank account numbers, routing numbers, and payoff demand details are strictly prohibited from entry into any public AI tool under any circumstances.

This includes:
- Full or partial wire instructions
- Bank name combined with account or routing number
- Payoff demand letter contents
- Proceeds disbursement instructions
- Any document containing financial account credentials

There is no business need that justifies putting wire or account data into a public AI tool. If a task seems to require it, stop and use an office-internal process instead.

---

## 6. Manager Review Requirement

Any AI-assisted output that will be used in a client-facing communication, filed in a transaction file, or relied upon for an operational decision must be reviewed by a manager or designated reviewer before use.

The reviewer must:
1. Confirm no prohibited data was entered into the AI tool
2. Verify the output is factually correct for the office's purpose
3. Record what was reviewed and the decision to use or reject the output
4. Approve the output before it is sent or filed

The review itself is the record. The office still needs to record what it reviewed before action.

---

## 7. Public AI vs Private Tools Distinction

**Public AI tools** (ChatGPT free tier, Copilot, public Gemini, etc.) process data on servers the office does not control. Content entered into these tools may be stored, logged, or used to train future models. Treat all public AI tools as external systems.

**Private or enterprise AI tools** (Copilot for Microsoft 365 with enterprise data protection, ChatGPT Team/Enterprise with data privacy controls) may offer stronger data protections. However, they are still AI tools, not escrow systems. The green/yellow/red framework still applies. Private deployment does not move red-zone content into the green zone.

**Rule:** The data classification (green/yellow/red) is based on the content, not the tool. A private tool does not make prohibited content safe to enter.

---

## 8. Retention and File Documentation

When AI-assisted output is used in a transaction file or client communication, the following must be documented:

- **What was generated:** A brief description of the AI-assisted output
- **What was reviewed:** Which reviewer checked the output and what they verified
- **What was changed:** Any edits made to the AI output before use
- **What remained open:** Any gaps, limitations, or unresolved questions
- **Office action:** What the office decided to do with the output

This documentation goes in the file alongside the final output. The policy says do not trust AI output as the record. The office still needs to record what it reviewed before action.

AI output should not be stored as the authoritative record. The office's reviewed and approved version is the record. The AI draft is working paper, not file evidence.

---

## 9. Sample Staff Acknowledgment Form

```
AI USE POLICY ACKNOWLEDGMENT

Office name: _______________________________

Employee name: _______________________________

I acknowledge that I have received, read, and understood the
AI Use Policy for this office. I agree to:

1. Follow the Green/Yellow/Red framework for all AI tool use.
2. Never enter client PII, wire instructions, bank account numbers,
   or transaction-specific details into any public AI tool.
3. Submit all AI-assisted client-facing or file-bound output for
   manager review before use.
4. Document what was reviewed, what was changed, and what the
   office decided.
5. Report any accidental disclosure of client data to an AI tool
   to my manager immediately.

I understand that violations of this policy may result in
disciplinary action up to and including termination.

Employee signature: ______________________  Date: __________

Manager signature: _______________________  Date: __________
```

---

## Boundary

The office decides. Veto records the review.

Veto does not approve, verify, authorize, guarantee, insure, or release funds. This policy template is provided as educational material, not as legal advice or a compliance product.

---

*This policy template is provided by Veto as a public education resource. Use this as a starting point. Have counsel and management adapt it before adoption.*
