AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
62
INTERNATIONAL JOURNAL OF NETWORKS AND SECURITY (ISSN: 2693-387X)
Volume 05, Issue 01, 2025, pages 62-90
Published Date: - 09-05-2025
Doi: -
https://doi.org/10.55640/ijns-05-01-06
Building Compliance-Driven AI Systems: Navigating IEC 62304
and PCI-DSS Constraints
Pradeep Rao Vennamaneni
Senior Data Engineer - Lead, Citibank, USA
ABSTRACT
Due to the ever-increasing adoption of AI systems in the financial space, it is necessary to assess these regulatory
frameworks, such as IEC 62304 and PCI DSS. As AI technologies within the finance sector process huge quantities
of data that are sensitive, like transaction and personal information, these must be handled securely so that these
are not breached or involve fraud
—
meeting the strict data security standards, privacy, and operation standards
for a medical device software compliance with IEC 62304 and PCI DSS for payment card data security results. This
article investigates how these compliance frameworks create the responsibility for designing, structuring, and
building AI systems in financial institutions. It describes the technical problems in implementing real-time financial
data processing and the issues addressed with cloud-native platforms, encryption, and data management
applications. It discusses how, with technological advancements like large language models, Apache Kafka, and
Apache Spark, the resulting financial AI systems can be compliance-driven and perform well. The article also delves
into the ethical options of AI in finance and, in particular, data privacy, bias, and transparency. The conclusions
include insights into the future of AI compliance with new technologies such as quantum computing and
blockchain that will change the face of science. This study offers an actionable roadmap for companies to address
the difficulties of regulatory compliance in the vein of AI’s potential fulfillment
.
KEYWORDS
Compliance-driven AI systems, financial data security, IEC 62304, PCI-DSS, Real-time data processing.
INTRODUCTION
On the other hand, the financial sector cannot ignore the growing contribution of artificial intelligence (AI) and
machine learning (ML) technologies in their everyday processes. Compliance with the regulatory standards is
imperative. Sensitive financial data such as transaction histories, personal information, and credit scores is
processed by AI systems in large volumes. Maintaining the integrity, security, and privacy of the data relies on the
protection of this data. Breach or fraud can easily lead to huge financial, legal, and reputational consequences, and
financial institutions are under enormous pressure to protect customer data. They mitigate risk and build customer
and regulator trust. They must comply with regulatory frameworks. Secure and compliant systems are urgently
needed as AI and ML make more decisions about financial matters. These technologies are very helpful for financial
institutions to process and analyze data quickly and accurately. Managing this power would ensure AI systems
adhere to regulatory standards, safeguarding user data and transparency. For sensitive financial information and
to keep public trust, the AI systems of financial institutions should adhere to stringent regulations like IEC 62304
(for medical software) and PCI-DSS (for payment data security).
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
63
The regulations for financial services AI systems are coming here, and they are complex. Data protection and
security frameworks are available as well. Strict regulations like IEC 62304 and PCI DSS make it mandatory for
financial Institutions to use AI for business operations, but not if the use becomes exploitable by hackers, which can
impact the business. Though IEC 62304 is focused on medical device software, it dictates that software development
processes should be minimized. Originally intended for use in healthcare, the principles of this paper are also
applicable to financial systems when they are concerned with critical financial data. IEC 62304 conformity means
that AI systems undergo intense testing and verification to prevent failures resulting in financial losses or violation
of customer privacy. PCI DSS is focused on securing payment card data and guidelines for encrypting payment data
on the one hand and ensuring data integrity and data access on the other hand.
As financial digital payment methods become more popular and secure, financial AI systems must obey PCI-DSS
standards for well-informed and secure manipulation or access to payment information. Financial institutions can
process payments securely and fearlessly if these regulations are followed to avoid experiencing fraud. The
regulatory compliance requirements will contribute to the achievement of regulatory compliance so that the
customer and the regulator will have trust when using the AI systems of the financial institutions so that they do
not violate regulations.
IC 62304 and PCI-DSS form the main base when designing and architecting AI systems. Such standards affect
compliance with security and system reliability and compliance with the AI development process. For AI systems,
the IEC 62304 highlights the importance of the software application lifecycle management process. It states that
software lifecycle management requires proper testing, validation, and risk management. Choosing to code will
decide how to design AI algorithms, and developers will need to finish constructing safe and robust systems immune
to such risks in financial operations. Allegedly, PCI-DSS requires encryption and secure transaction processing and
thus plays a role in the decisions around processing any AI model regarding financial transactions. Access control,
secure data transmission, and audit trails will be used to prevent fraud and unauthorized access. Complying with
these regulations goes beyond technical compliance. It includes ensuring that AI systems are not built to violate the
integrity of the financial data and for data breaches.
Financial AI systems are going Cloud, both being Cloud native and evident. These Cloud-based systems are set up
with strong security measures to ensure water meets. This all means that in order to use advanced AI technologies,
researchers need Cloud-based architecture that gets incorporated through blockchain and then processes real-time
data while monitoring security from ashore and ensuring secure use of the same through strong encryption, military
systems of authentication, and constant checks to avoid the security on in through any of these points. For instance,
financial information can be encrypted both in storage and between the clients and the servers to be secure from
being glimpsed if it is targeted. Multi-layered security protocols have been implemented to prevent unauthorized
access and allow only authorized users to access sensitive data. Being PCI-DSS and IEC 62304 compliant is the nature
of features such as secure data storage, audit logs, and encryption, both in the Cloud naturally wrapped. It enables
us to use this data without violating compliance and keeps it in real-time processing of large data.
The implementation of AI systems into the financial sector is the focus of this study to understand the interactions
of compliance frameworks such as IEC 62304 and PCI-DSS on how the design and implementation of said systems
are affected in the financial sector. At the same time, with the increasing significance of AI systems in financial
institutions, it is imperative to guarantee that these systems can fulfill data protection and risk management
requirements. This paper aims to assess the effects of these standards on the architecture of the culture developed
for AI systems, integration of secure cloud-native solutions in a constantly changing world of technology, and
compliance in the real world. The study will close on what is needed to resolve those challenges and ensure that
financial systems powered by AI remain secure, compliant, and efficient.
Understanding IEC 62304 and PCI-DSS
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
64
For AI systems in the financial and healthcare sectors and AI in general, following such regulatory standards is very
important for security, integrity, and trust. IEC 62304 and PCI-DSS are two crucial standards that establish the route
for developing, designing, and maintaining AI systems in a manner that is most important to safety and security and
is in conformance.
Figure 1: Compliance and Regulatory
Definition of IEC 62304 and its Relevance in AI Systems
IEC 64304 is an international standard for software development for medical devices. It provides a development
software framework that is safe and reliable and conforms to the strongly demanding healthcare requirements.
Though it was designed for medical devices, the principle is being broadly applied to an ever-increasing number of
approaches in AI, especially in healthcare and the like. IEC 62304 focuses centrally on the requirement to manage
risk within the evolution of the software (Rust et al., 2016). The standard says that the software development team
should identify the risks being taken with the software it is writing, assess the risks, and mitigate them all before
releasing it. When AI systems are used in high-stakes financial applications, the risk management process becomes
very important. Data has to be stored and handled securely by the AI systems, and decisions based on that data
have to be made without the risk of harming the AI system. In a financial context, it can impact how money can be
transacted, data privacy, and regulatory compliance.
It is specified in IEC 62304 that configuration management is necessary, including the requirements related to the
removal of software integrity during the life cycle. In the case of AI systems, this means the control of the version
and monitoring it so that when the system or its updates or changes do not create vulnerabilities or security risks
for the system. This is especially important when processing real-time real-time financial data because even small
errors can cause a dent in the side. Once the software is validated, the standard must adhere to the intended safety
and performance standards. Validation in AI is to validate the AI models to determine whether they did not violate
biases or unintended behavior or if they comply with applicable regulatory standards such as PCI DSS standards.
The practices of the IEC 62304 are very important when developing software that relies on the capability of
executing secure, compliant decisions on sensitive data.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
65
Definition of PCI-DSS and Its Impact on Financial AI Systems
PCI-DSS is a set of requirements for securing payment card data that any organization handling them should adhere
to. For those who handle credit cards using AI, PCI-DSS cannot be ignored as it sets the rules for collecting, storing,
and transmitting credit card information (PCI-DSS) (Seaman, 2020). Data encryption is one of the main points of
PCI-DSS. If strong cryptographic protocols are not used to encrypt any payment card data stored or transmitted, it
should be destroyed or stored in a secure facility. For example, in AI systems that rely on real-time data processing,
encryption can be highly important, particularly when customer-sensitive data is being processed. For example, AI
models building financial transaction analysis need to guarantee that all the personal and card number payment
data is encrypted before processing or storing it, which is by PCI-DSS.
Another required aspect under PCI-DSS is access control. Organizations must restrict access to payment card data
to the least number of people or systems that require it. In terms of financial AI systems, this would mean legally
protecting the evaluation, ownership, and amendment of aggregate data so that only authorized individuals or
processes can access it. Access control can be enforced through role-based access mechanisms, secure
authentication methods, and audit trails for AI models. PCI-DSS is also concerned with secure storage. Robust
security measures must be in place to protect any payment card data stored, such as tokenization or encryption, to
prevent unauthorized access. In the context of financial AI systems, AI models should not inadvertently release
sensitive payment information due to insecure storage mechanisms. Dual sourcing strategies can also support
redundancy and security compliance, ensuring a more resilient infrastructure in the face of regulatory and
operational demands (Goel & Bhramhabhatt, 2024). Ensuring that consumers and an organization's money are not
put at risk by fraud or breaches is vital when incorporating PCI-DSS requirements into financial AI systems. Thus,
while the systems must operate efficiently, upholding the highest security standards remains paramount.
Key Differences between IEC 62304 and PCI-DSS
They are neither the same as PCI DSS nor IEC 62304; both are standards for safety and security but with different
scopes. The medical device software safety is centered on the IEC 62304, which is based on the risk management,
software lifecycle, and validation processes. On the other hand, PCI-DSS concentrates exclusively on payment card
data security in financial systems. So, it provides the security measures to safeguard payment card data during its
transmission, storage, and processing. One of the main differences between these two standards is their scope. The
guidelines provided by IEC 62304 help develop such software, which has to be very safe and reliable, especially for
the applications in which life is at stake. In particular, this is important when the software used in AI systems in
healthcare will lead to failure, directly impacting patient safety. There is PCI-DSS because it ensures that financial
transactions are secure and sensitive customer information is not stolen or fraudulent. Across overlapping fields
like FinTech and health tech, developers must find a way to satisfy the needs of both standards. For example,
healthcare financial transaction AI would require complying with IEC 62304's safety protocols and PCI-DSS's security
standards. To achieve this, the risk management practices officiated by IEC 62304 have to be integrated with the
measures of security in the PCI-DSS for the AI system to be both secure and safe to be deployed in a highly regulated
area.
Table 1:
Comparison of Regulatory Frameworks (IEC 62304 and PCI-DSS)
Framework
Focus Area
Applicability in AI Systems
Key Compliance Requirements
IEC 62304
Medical device
software safety
Applied to high-stakes AI systems in
regulated environments
Software lifecycle management, risk
management, testing
PCI-DSS
Payment card data Applied to AI systems processing
Data encryption, access control,
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
66
Framework
Focus Area
Applicability in AI Systems
Key Compliance Requirements
security
financial transactions
transaction integrity
How These Standards Shape Secure, Cloud-Native Data Solutions
The architectural implications of IEC 62304 and PCI-DSS exist for cloud-native financial AI systems.
The Cloud
replaces the old efficient mode of processing. Its demands for scalability, flexibility, and inclusive roll-out of strong
security features are met through cloud-native solutions such as the ability to scale up, down, or on demand in case
of a rush of visitors. Encryption, secure access controls, and real-time data processing energy can be included in the
cloud architectures of AI systems in line with the IEC 62304 and PCI-DSS. For example, AI systems may need to be
deployed within cloud platforms like AWS, Azure, and Google Cloud. Encrypted databases and storage solutions
also comply with PCI DSS. Furthermore, compliance tools are integrated into these platforms for the development
of AI without having to build and maintain compliant systems (Dhanagari, 2024).
People can use Apache Spark and Apache Kafka-supported real-time data processing on cloud platforms. Configured
to adhere to IEC 62304 and PCI DSS, devices can be equipped with the ability to securely and in real-time process
data, as well as mechanisms that facilitate the process of auditing and supplying reporting on compliance (Owoade
et al., 2024). The financial sector is the one in which investing in a safe and compliant AI for development is essential.
IEC 62304 and PCI-DSS are quite good guidelines, not just for the financial sector but also for any sector where one
wants to achieve compliance and security securely, whatever the System you are developing. Organizations must
maintain these standards to ensure their AI models are secure and reliable according to the parties' demand for
control and clients.
Building Compliance-Driven AI Systems
Steps for Designing AI Systems That Adhere to Compliance Standards
To do AI systems methodically, it is necessary to design a careful system that follows financial organizations'
regulatory requirements and their requirements in detail. The risk starts with a full assessment of the beginning
point for a compliant AI system. This step will find possible data security threats, privacy breaches, and IEC 62304,
as well as PCI DSS non-compliance. The risk analysis should focus on the risk for third-party tools, data flow patterns,
and AI model lifecycle management to be evaluated and understood. The second step involves the selection of
secure cloud platforms that can validate the scalability in the maximum levels of security and compliance. For
example, compliant cloud service providers, including AWS, Azure, or Google Cloud, offer special compliance
certification, like PCI DSS Level 1 or ISO/IEC 27001 (which can help to simplify getting compliance done (Rajesh et
al., 2024)). In order to choose which cloud platform to work with, it must have the ability to store secure data
through encryption, access control, and secure API.
Maintaining compliance requires building the AI system and building AI models to audit the AI's activities. At the
same time, working is also part of the equation, including logging model decisions, interaction, and data handling.
Furthermore, such tools as explainable AI (XAI) frameworks that make the model transparent will enable internal
and external audits for compliance that the operation of the AI system meets the requirement. Real-time reporting
and audit trails are also incorporated into the System, which can satisfy the needs of the stakeholders and verify if
the standards of law were followed.
Researchers suggest that the System be integrated with the dynamic requirements of IEC 62304 and the PCI-DSS
step-by-step as AI develops within the lifecycle.
An example of this is that PCI-DSS compliance requires that all
sensitive financial data be anonymized or tokenized during the design phase. Throughout the model training and
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
67
testing phase, in which rigorous validation and verification processes ensure IEC 62304 adherence, safety associated
with using the software in medical devices or other regulated environments should be guaranteed. Encrypted data
storage and processing should be part of development, and the final deployment should involve a wide penetration
test of the system (Dhanagari, 2024).
Table 2:
Compliance Standards for Secure AI Development
Standard
Compliance Focus
AI System Design Consideration
PCI-DSS
Securing payment card data
Encryption of payment data, access control, audit
trails
IEC
62304
Software lifecycle management and risk
mitigation
Validation, testing, and secure software
development
Leveraging Real-Time Data Processing with Kafka and Apache Spark
In financial AI systems, the principle is that data should be processed in real-time and when dealing with a large
amount of data, such as transaction records or market data. Kafka and Apache Spark handle such data and
technologies and provide the necessary architecture to implement compliance-driven AI systems. The most popular
use of Kafka deals with streaming real-time data. Data can be consumed in real-time, and that heavy financial
database can be secured during its regulatory exchange between the different parts of the System. High throughput
messaging is no problem for Kafka, so sensitive financial data like credit card transactions or stock market feeds can
be securely processed without overspending. Kafka can be used in the context of compliance in providing secure
transmission protocols like SSL/TLS to prevent users from having access to data in transit and encryption at the
message level.
Apache Spark is a robust framework that can handle real-time data analytics. Spark is critical when working with
large volumes of streaming data and complex real-time transformations for decision-making regarding processing
financial data. Data processing can be done with Spark, and compliance with standards such as PDSS can be ensured.
Data masking is possible on Spark to guarantee that sensitive information is anonymized before it can be processed
or analyzed. Additionally, Spark is known to work well with secure data lakes or cloud storage systems and keep
security standards in place. The integration of Kafka and Spark enables a Financial Organization to implement a real-
time decision-making pipeline for a large volume of data being processed regarding security and compliance (Alam
et al., 2024). For instance, these technologies assist real-time fraud detection systems in analyzing the streams of
transactions through Kafka and Spark, which helps real-time fraud detection detect suspicious transactions with the
highest security compliance.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
68
Figure 2:
Data Engineering Series
Integrating LLM-Based Microservices for Real-Time Decision Making
LLMs can provide accuracy and speed benefits by rationally applying the Large Language Models (LLMs) in real-time
financial decision-making systems. For example, LLMs, like GPT-based models, can be used to derive insights from
textual data, such as customer engagement or financial reporting, that would help make real-time decisions. It can
be particularly helpful for fraud detection, loan approval processes, or automated customer service. Therefore,
LLMs are usually deployed as microservices that can be hooked with APIs to existing systems. Among the most
common technologies used to allow communication between LLM microservices and the other system
components, such as Kafka and Spark, are REST APIs or gRPC (Ali, 2024). The LLMs can process financial data passed
through these APIs and stream real-time data streams securely through these APIs. For example, an AI-driven
financial advisor can take the help of an LLM to analyze the current market conditions, interact with customer data,
and suggest personalized investment options. These models can ensure compliance with PCI-DSS when sensitive
customer information is not being exposed during processing.
Furthermore, secure authentication and authorization protocols like OAuth or API keys ensure that entities can only
communicate with LLMs. Finally, combining LLMs with the compliance frameworks involves some auditability. Since
most LLMs work against many factors, there must be some logging mechanism to see their decisions and have
insights for the regulatory auditor. That can be done by putting model outputs in secure databases with tight access
control.
Importance of Data Encryption and Privacy in Compliance-Driven Systems
Compliance in AI systems, particularly in the financial sector, must consider data security as a cornerstone. The
objective of implementing end-to-end-to-end encryption is to ensure it remains out of reach at rest and in transit.
It is the responsibility of financial institutions to make sure all the customer data, that is to say, the transaction
details, as well as personally identifiable information (PII), are encrypted using a standard industry algorithm such
as AES256. This level of encryption prevents unauthorized access, and the data will be unreadable even if a third
person intercepts it. Tokenization and data masking are the additional approaches to protect sensitive financial
information should it be accessed using encryption (Iwasokun et al., 2018). Tokenization is a process through which
sensitive data is replaced with unique identifiers to mitigate its exposure risk. Like data masking, data masking
ensures that your sensitive data (CC numbers) are masked, but analytics can continue.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
69
Compliance with PCI-DSS and IEC 62304 necessitates the implementation of robust access control mechanisms. This
includes using MFA and RBAC to prevent anydiv from accessing sensitive data
—
only allowing the authorized
ones to do so. Moreover, the system should be audited with the help of audit logs so that access to and actions
within the system are monitored for full traceability and accountability. Financial AI systems that make use of
encryption, tokenization, data masking, and access control will be able to remain within regulatory standards and
provide the best protection for user data (Konneru, 2021).
Real-time Financial Processing with Kafka and Apache Spark
Overview of Kafka and Apache Spark in Real-time Financial Data Processing
Apart from Kafka, Apache Spark has also become an essential technology in the real-time processing of financial
data
—
especially in compliance-driven environments. Kafka is a distributed streaming platform that builds real-
time data pipelines and streaming applications. As it is for financial transactions and fraud detection, it can ingest,
store, and process data stream at collect. Financial institutions can handle large real-time transactions due to
Kafka's ability to scale horizontally, provide durability, and process a high throughput volume of data (Edapurath,
2023). Apache Spark is a fast, in-memory data processing engine for large-scale data processing. It is useful for
financial services to process data streams from Kafka to perform real-time analytics and make decisions. Spark
brings the speed to process data with such high speed that it is necessary for instant data processing as required by
the application
—
fraud detection, risk management, and customized recommendations for financial systems.
Kafka and Spark aim to work in real-time to process data streams into the system as they are generated rather than
relying on batch processing. Easy to use with massive storage makes them suitable for the usage cases of data in
the financial sector that should be processed quickly to be acted on. From the compliance and fraud perspective,
financial institutions must be able to see and analyze transactions in real-time. Kafka and Spark provide the
necessary high-throughput messaging and fast data processing combination to meet this need.
Table 3:
Data Security Measures in Cloud-Native AI Systems
Security Measure
Description
Compliance Framework(s)
Encryption at Rest
Ensures data is unreadable while stored
PCI-DSS, GDPR
Encryption in Transit
Protects data as it moves across networks
PCI-DSS, IEC 62304
Access Control
Limits access to sensitive data to authorized entities PCI-DSS, IEC 62304
How These Technologies Enhance Compliance in AI Systems
Kafka and Spark are critical for building compliant financial data manufacturing infrastructure that provides real-
time data. It complies with the regulatory framework for types of financial transactions such as PCI-DSS and IEC
62304. Kafka makes it possible to record data in real time. Every transaction is recorded with an immutable record
that can be audited. Records of such logs can be stored in a central system where financial institutions can flag any
suspicious activities or discrepancies immediately. For example, in case of any transaction, Kafka can stream the
data to Apache Spark and then apply real-time analytics to detect anomalous behavior, e.g., suspicious transactions
or transactions trying to derail a compliance regulation through computation. This integration facilitates the ability
for AI to work with data in flight so systems can easily comply with regulations for transaction monitoring, customer
identification, fraud detection, etc.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
70
Kafka's partitioning and replication features ensure that data is available and durable, which is crucial for
compliance. Kafka's architecture in the distributed model allows financial institutions to continue their ledger of
events in the event of a system failure without losing data, which is essential for verifying an accurate audit trail.
Spark is also important as it processes the data in compliance with the proper standards and regulations for
encrypting sensitive financial information before data analysis or sharing.
Kafka and Spark's infrastructures will have
transaction-related processes like transaction logging, audit trails, and secure data transmission (Nandan Prasad,
2024). Through the integration of these technologies, financial institutions could carry out the logging and auditing
processes automatically without manual staging to meet the required regulatory requirements.
Use Cases of Kafka and Spark in Financial Data Architectures
In the real world, Kafka and Spark can improve finance-related architectures. For example, Kafka and Spark are
sometimes deployed in real-time for various examples by several major banks and financial institutions, to name a
few, using Kafka and Spark to detect fraud in real time. Such data relies on streaming transaction data as the bread
and butter, and Spark consumes the stream and determines potential fraud patterns (Carcillo et al., 2018). Every
transaction on these systems runs, especially through the minutest of details, for anomalies that can be flagged,
like unverified accounts or unusual transactions. Risk management is carried out using Kafka and Spark. By using
Kafka as the source of incoming data and Spark to process it, it is possible to conduct a real-time risk assessment of
incoming data. For instance, if a large transaction has been committed, it can be checked to see if the given
transaction is in the user's behavior or if it deserves further attention and should be looked into for historical
transaction data.
Another important application is for regulatory reporting. Keeping records of transactions, customers, and what
could be money laundering or any other activity are among the things financial institutions are required to keep.
Since Kafka provides real-time streaming capabilities, all indicative data is logged immediately. Spark can then
process it accordingly to perform compliance checks so that the records are present in case of a regulatory audit.
Kafka and Spark make fulfilling requiring use cases possible, such as wherein the client supports industry regulations
like PCI-DSS, where each transaction is sent and stored safely and analyzed for security standards. Kafka ensures
data does not get lost, or any part of it from getting lost, and then Spark makes sure that data is analyzed according
to the needed financial regulations (Sardana, 2022).
Figure 3:
Apache Kafka
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
71
Ensuring Secure Data Transfers in Financial Transactions with Kafka
The primary concern in real-time financial processing is the security of sensitive data during transmission. Data
transfers in financial transactions can be secured with robust mechanisms provided by Kafka. By supporting Kafka's
SSL/TLS encryption, data is transported securely between producers (money systems) and consumers (a fraud
detection system). Alerting to the unauthorized access of transaction data during transiting is a critical requirement
for PCI-DSS compliance, which mandates that payment data be secured during transmission, and this encryption
prevents such access.
Kafka also supports data authentication and authorization mechanisms such as SASL (Simple Authentication and
Security Layer) and Kerberos, offering further security. These mechanisms add to the system's security posture,
allowing only authorized entities to create or consume data and meet compliance regulatory requirements. Kafka's
take is to enhance data transfers with such stings as replication and fault tolerance. In Kafka, the data is replicated
across many nodes to ensure that one node can still access the data in other nodes in case of failure. It guarantees
that the transaction logs and financial data will not be lost even in a system failure. Dedicated buffers are available
for the transaction data, thereby permitting Kafka's ability that guarantees all data is stored and made available for
auditing purposes (Narkhede et al., 2017). This constitutes a key requirement of PCI-DSS and IEC 62304-compliant
frameworks.
In addition to securing data processing, Apache Spark supplements Kafka security features. Data encryption in
transit and at rest is supported by Spark so that sensitive financial data is secured throughout the processing
pipeline. Spark can also be linked to Kafka to run real-time compliance and security audits to guarantee its fully
secure transactions and verify that they are hitting the right goals. Kafka and Spark also provide an all-around
solution to secure real-time transfer and processing of data in financial transactions. Combined with their
capabilities, these organizations are perfect for processing sensitive financial data while, at the same time,
maintaining compliance with industry standards (Sardana, 2022).
Integrating Generative AI Microservices for Real-Time Decision Making
The Role of Generative AI and LLMs in Real-Time Financial Decision Making
Generative AI and large language models (LLMs) are changing the dynamics of financial decision-making through
real-time and dynamic analysis of huge amounts of unstructured and structured data. These AI models strengthen
the capacity to deal with penetrable funds data, to draw on executable insights, and to adopt junctures much
quicker in customary ways. In the financial sector, where there is a race against time, accuracy, and regulatory
compliance, generative AI is quite the omen in such applications as fraud detection, credit scoring, and even
personal recommendations. In fraud detection, in the past, LLMs could look at transaction data and find quick,
suspicious patterns that break normal behavior. Generative AI models are unlike traditional rule-based systems.
The generative AI models can learn from historical data and evolve and adapt to new fraud-forcing tactics by
learning from old data associated with fraudulence. AI's adaptability enables it to quickly flag anomalies in real-
time, reducing the latency between the fraudulent action and its detection. LLMs enable the processing of real
transaction data and allow an institution to recognize complex, multi-step fraud patterns, giving the institution
greater ability to respond quickly and avert financial loss.
Credit scoring is another field where LLMs generate much value. Using generative AI, banks that can more
effectively score a borrower's creditworthiness would emerge as a significant lead. Therefore, your LLM can process
many data, like social media profiles and previous transactional data, about a borrower to give a more holistic view
of a borrower's financial behavior. These models can find new predictive factors, improve risk assessment, reduce
default rates, and maintain regulatory compliance. Generative AI also puts an end to the personalized
recommendations business. LLMs process user interactions and preferences and can bring financial products for
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
72
the user, like loans, Investment plans, or insurance policies, to his needs (Feng, 2024). This is not only data-driven
but the more user data the client gets, the more these recommendations are refined and constantly set as the most
relevant offerings for the client in real time. It provides personalization for customers to keep them happy and
retain them, as well as a way to adhere to laws related to consumer protection or data protection.
Implementing LLMs to Enhance AI Models in Compliance-Driven Systems
To enable it, a solid technical infrastructure must be in place. Often, LLMs are deployed as Docker containers
orchestrated through Kubernetes, with Kubernetes as the orchestrator and microservices as the configuration. By
providing LLMs with a scalable, portable, and efficiently managed environment, Docker helps to prevent models
from outgrowing the cloud, experiencing timing differences across the different systems it may be deployed on,
and impacting the underlying cloud infrastructure. For large-scale real-time financial data, it is critical to use
Kubernetes to deploy, scale, and run containers centrally and to automate all those deployments to scale.
Management activities are the core of Kubernetes orchestration.
Modularity is key in microservices architecture when it comes to enablement of modularity, facilitating the progress
of different AI functionalities by financial institutions in developing, testing, and deploying these. When the system
has been broken down into smaller services like fraud detection, credit scoring, or transaction monitoring, each
LLM microservice can work independently without running outside of its services and relying on the APIs of other
microservices. This architecture of architectural freedom allows greater flexibility and better maintains the ability
and scalability of the AI-driven solution. Therefore, updating or substituting a single model is easy for financial
institutions because the system is not disrupted.
This means that LLMs can integrate with Kafka and Apache Spark to make it possible for the AI model to process
real-time financial data whilst maintaining regulatory compliance. In real-time data streaming, Kafka plays an
important role in which financial institutions can process huge transactional data at low latency (Steurer, 2021).
Apache Spark boasts tremendous power in performing massive-scale data processing and analytics while facilitating
real-time execution of that algorithm for detecting fraud, predictive analytics, and customer profiles in financial
institutions.
Using generative AI in a financial application is a concern since one of the most fundamental aspects that needs to
be addressed is compliance with data privacy regulations. To deliver these LLMs with stringent data protection,
sensitive financial data must be encrypted at rest and in transit. Another thing is implementing data anonymization
and tokenization techniques, which can also help save personal information while the AI models operate efficiently.
It is necessary, by regulatory frameworks such as the PCI-DSS and the GDPR, that data handling practices are
transparent, traceable, and auditable. Using secure microservices and secure data practices, LLM-based systems
can be compliant while providing real-time decision-making capabilities.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
73
Figure 4:
Enhancing AI Workflows with LLMOps
Real-World Examples of LLM Microservices in Financial AI Systems
Real-world implementations of LLMs in financial institutions showcase this technology's practical applications and
advantages. Customer service bots, however, have become a massive tool for meeting client needs while adhering
to data privacy regulations such as PCI-DSS. These bots were created to manage clients' questions concerning
transaction history and product recommendations while ensuring strict data security (Chavan, 2024).
One case study included a leading global bank that worked on LLM-powered customer service bots to handle
transaction inquiries and account-based assistance. The bots were then integrated with real-time transaction data.
Therefore, they offered personalized insights, but at the same time, they were compliant with PCI-DSS standards
for handling secure payment data. To address this, the system was designed to allow automatic flagging of
suspicious activity and to integrate into the bank's fraud detection models for fast response.
An example like this is credit scoring using an AI-driven platform that runs an LLM to analyze an alternative data
source, such as payment history on rent and utilities, to add alongside traditional credit bureau data. This is a more
accurate and holistic risk view of the creditworthiness of an individual (especially early in their credit history). The
system achieves this continuous updating of the credit scores. It offers personalized loan recommendations while
remaining fully compliant with financial regulations by integrating real-time data processing using Kafka and Spark.
While there are so many examples of how generative AI microservices can take your operation to another level
concerning things such as customer service and making better decisions
–
while being compliant, it uses generative
AI microservices in a compliant framework.
Enhancing Data Interpretation and Predictive Analytics with Generative AI
Predictive analytics is a must-have, especially in fraud detection, transaction monitoring, and regulatory reporting,
and is especially applicable to LLMs and generative AI. Wrecking affects a wide range of probabilities, such as
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
74
pretending to approach financial chance or risk, and also permits making keen choices given the past activity
(Ritondale, 2022). Therefore, LLMs can detect fraud in real-time by analyzing the transaction data and looking for
the patterns that indicate fraudulent action. The models are designed to learn new frauds and grow as they handle
more data. The speed and accuracy of fraud by default will be increased thanks to LLMs' ability to create new
insights into and predict the future behavior of consumers who adopt the LLMs.
Predictive analytics is a key reason transaction monitoring benefits from using LLMs since LLMs can find anomalies
in a spending pattern or account activity. LLMs can use real-time data processing platforms such as Kafka and Spark
to integrate in real-time or with timestamps to monitor and alert for suspicious activity continuously. This capability
allows financial institutions to act upon fraud immediately, minimizing its implications to the institution and
financial regulations. Regulatory reporting is just as important to LLMs as it provides the automation to extract and
interpret financial data for these institutions to meet compliance. They can lend themselves to analyzing large data
sets, helping them identify the trends, the risks, and the anomalies, and create compliance reports, which would
not have to be done with manual effort. Financial institutions can ensure that these models meet compliance
frameworks such as PCI-DSS and IEC 62304 while their systems are efficient and compliant.
This all helps to bring a straightforward case of generative AI microservices integration into financial systems that
will increase real-time decision-making ability, improve operations, and make them quicker and more compliant.
Financial institutions can also benefit from using LLMs for dynamic fraud detection, personalized recommendations,
and predictive ML for a low cost of implementation and low overhead while complying with the strictest regulatory
standards.
The systems are deployed securely on these systems, and real-time data processing is used to deal with
the complexities and regulatory requirements of the financial sector (Raju, 2017).
Security Best Practices for Cloud-Native Financial AI Systems
Financial AI system security is even more important for the development and deployment of cloud-native solutions.
These systems handle sensitive financial data and must be compliant with PCI DSS, GDPR, and IEC 62304.
Figure 5:
Security, privacy, and robustness for trustworthy AI systems
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
75
Implementing Cloud Security Standards in AI Systems
Security of AI systems is no small task, and there are cloud security frameworks like the AWS Well-Architected
Framework and Microsoft Azure's Security recommendations that can help prevent the lack of security from
entering the system. They are structured frameworks for building secure, compliant, scalable AI systems in the
cloud. These key areas include operational excellence, security, reliability, performance efficiency, and cost
optimization.
Complementing this framework is a complete security pillar within the AWS Well-Architected Framework,
addressing such granular details as data protection, access control, incident response, and continuous monitoring
(Muzukwe, 2023). This will implement basic security measures such as data at rest and in transit encryption, secured
entry methods, deep recording, and auditing. The same goes for Microsoft Azure, for they advocate the best
practice of security by helping data confidentiality through encryption, identity and access management (IAM), and
secure key management, albeit like Microsoft Azure. In both frameworks, guidelines have been provided to support
role-based, role-based role-based access control (RBAC), restricting access to this vital financial data to only
authorized users and systems.
This helps the AI and financial institution developers follow these frameworks in this way in order to implement
some important security features, such as data encryption and access control. Data encryption ensures that
sensitive financial data is safe, stored, and used during the movement on and off the network. The access control
mechanism allows system access to only authorized users and entities to reduce insider threats or incidents of
breach. Audit logging allows continuous investigation and monitoring of all the system activities, tracing all the
accesses to the sensitive data, and such logs are available for compliance and security audit purposes (Kumar, 2019).
Using Zero Trust Architecture in Financial AI Solutions
Zero Trust Architecture (ZTA) is a security model that considers that every entity inside or outside the network will
not be considered trusted initially. In the case of cloud-native financial AI systems, ZTA becomes particularly useful
for protecting access to financial data by specifying which parties are allowed to access certain sensitive
components in the system and providing means of tokenizing entities as created during the systems' life cycle. ZTA
verifies every request, user, device, and system each time before permitting access, wherever it is. On the contrary,
this is very useful in a financial AI system, as it reduces the possibility of unauthorized access to PII and financial
transaction data. One example of a ZTA principle is implementing multi-factor authentication (MFA) for users and
machine identities as they try to access the cloud resources.
In addition, ZTA has stringent monitoring of attempted accesses and continuous validation of trust on every session
so that at any point, permissions are given only to those who satisfy the required security conditions (Mubeen,
2024). IAM systems that enforce granular access policies can be integrated into financial AI solutions to implement
ZTA. These policies indicate whether people can see a certain piece of data or service, depending on their job, the
device's security state, and how sensitive the resources are.
Enacting ZTA principles allows for a secure environment
for financial AI systems. When unauthorized access attempts occur, the system recognizes them and immediately
blocks them so no data is breached.
Best Practices for Data Protection and Privacy Compliance in AI Systems
Financial AI systems have to be compliant with data protection and privacy requirements. These big systems handle
huge amounts of sensitive personal, financial, or transactional data, subject to strict regulations like GDPR, CCPA,
or PCI DSS. There are several techniques to ensure that from the start of the system’s life cycle, data protection and
privacy requirements are met (Koo et al., 2020). An example of such a technique is tokenization, which replaces the
recursive battery of sensitive data with a nonsensitive token so that computations can be performed securely while
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
76
the original data remains hidden. That also prevents unauthorized access as the data is safely secured. Data
anonymization, therefore, is another essential practice to reduce personally identifiable information (PII) in the
datasets before they are used for analysis or model training. While there is less risk of exposing private data, it still
generates much insight about the data.
Another aspect is to provide a secure way of authentication for users. Strong authentication protocols such as MFA
are implemented to authorize users given access to sensitive data. Role-based access control (RBAC) also restricts
access to data only relevant to the employee or the system through its role. Furthermore, AI developers must also
create a financial AI system data retention policy where data storage and secure deletion are specified, such as how
long it will be stored and when it will be removed. Practices such as encrypted databases and file systems can be
used to prevent unauthorized access to stored data. On the other hand, organizations have a data retention policy
that only requires the retention of necessary data.
Table 4:
Best Practices for Compliance-Driven AI Models in Financial Institutions
Best Practice
Description
Application in Financial AI Systems
Data Anonymization
Removes personally identifiable
information (PII)
Ensures privacy of customer data during AI
processing
Tokenization
Replaces sensitive data with non-sensitive
identifiers
Protects sensitive payment data during
transaction processing
Multi-Factor
Authentication
Enhances security by requiring multiple
forms of verification
Restricts access to sensitive financial data
Securing AI Models in the Cloud: Encryption and Authentication Methods
Protecting financial AI systems necessitates the security of AI models and their code in the cloud. In areas such as
fraud detection, credit scoring, and investment strategies, where the accuracy of an AI model makes a big
difference, the models must be protected from intrusion by AI modeling and any unauthorized access. Because
these models are highly data-rich, it is imperative to encrypt and authenticate them to protect against unauthorized
parties accessing them and, therefore, the data that generates them (Nyati, 2018).
Homomorphic encryption that enables the computation of encrypted data without decrypting would be used to
secure the AI models during training and inference from access. Homomorphic encryption can protect Sensitive
financial data from unauthorized access during modeling. Furthermore, the additional layer of security is encryption
of the model and its data for the containers or virtual machines deployed under a cloud environment to prevent
the model and its data from being exposed to other processes (Barik et al., 2016). In addition, ensuring that AI
models are secure in the cloud is also important, and certain authentication methods exist. A useful feature would
be to create a multi-factor authentication (MFA) to ensure that the identities of users and systems interacting with
the model are verified. Furthermore, API security also requires protecting communications between an AI model
and other systems. Models are secured with an API gateway like OAuth 2.0; an authorized entity can reach the
model's endpoints.
Cryptographic hashing technology is also used to keep AI models secure in a fashion that creates such a hash to
ensure the model has not been tampered with or changed. They are of particular importance for financial artificial
intelligence systems as the more deviating any change on a model is, the more consequences follow in terms of
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
77
applicability. Security for any cloud-native financial AI system has a multi-layer approach that includes adopting
cloud security frameworks, enabling Zero Trust architecture, applying data protection best practices, encryption,
and authenticating AI models. This will help increase the level of security that financial institutions institute within
their AI systems while being compliant and resistant to any changing cybersecurity threats.
Compliance Challenges in AI System Development
Common Compliance Issues in AI and Financial Systems
Compliance is the most important issue in industries like finance when developing AI systems to align with
regulatory requirements, but finding such a thing is not. One of the primary hurdles is appropriately maintaining
data integrity. Financial data is sensitive, and the AI system must keep the data accurate, without corruption, and
should be reliably processed. As financial transactions become more complex and voluminous, it is important to
ensure that AI algorithms do not unintentionally distort or misinterpret the data. Data integrity issues are
aggravated when large datasets from various sources need to be integrated into AI models. In such cases, it is not
always possible to ensure data consistency across datasets while meeting regulatory frameworks like PCI-DSS,
which require strict data accuracy standards (Singh, 2022). There is another major issue related to transparency in
algorithmic decision-making. Credit scoring, loan approval, fraud detection, or any other financial AI system are
often automated. These decisions are effective and transparent to both regulators and consumers. AI models,
especially deep learning algorithms, are often black-box functional as the rationale of a decision is rarely known. It
demands that systems, such as IEC 62304, governing medical device software, and PCI-DSS, be auditable for
financial transactions. For example, this tension is that AI's predictive capability is usually ahead of the game
regarding suitability, leaving organizations uncertain of compliance.
Financial data in AI systems is also challenging to be stored securely. It is meetings like these that make up the
industry, as it is meetings like these that provide a forum for financial data to be spoken about in detail
—
and in
reality, financial data is subject to stringent privacy and security regulations such as PCI-DSS, for example, which
requires a secure payment card data storage. In cloud environments, especially AI systems, the data should be
securely stored and encrypted, secured from unauthorized access. Cloud-based infrastructure is dynamic, where
data can live across several locations, which adds to the complexity (Luo et al., 2015). Since frameworks like PCI-
DSS necessitate developers to develop secure storage mechanisms, such as data tokenization, encryptions, and
strong access control, the AI system architecture must undergo many changes. Iceberg complexity is increased
when multiple compliance frameworks are combined. For financial AI systems, for example, it requires PCI-DSS and
IEC 62304. IEC 62304 requires software safety and risk management to be considered in medical or other regulated
environments, while PCI
–
DSS specifies ways of securing financial transaction data on particular terms. Careful
planning is needed to align them to meet rather than conflict to ensure that AI system architectures comply with
all these compliance rules. As a result, it mostly leads to significant design and architecture decisions, which in turn
make the overall system structure and the time frame for development very complicated.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
78
Figure 6: AIi-in-financial-regulatory-compliance
Balancing Innovation with Regulatory Requirements
While the kernel of driving innovation exists in the field of AI development, there is little leeway when it comes to
regulatory requirements. Usually, developers need to provide cutting-edge solutions such as real-time analytics,
fraud detection, and personalized financial services. These features are expected to improve the system's
performance and user experience and put it in a competitive edge position. With more and more regulation in the
financial sector, AI innovations must be designed to comply with existing frameworks such as PC and IEC 62304, in
which government data are handled and software safety resources actively. Keeping a sense of agility in the AI
system without violating regulatory standards is one of the key problems. Real-time processing is one of the places
where this tension is felt more particularly. In the case of financial AI systems, Apache Kafka and Apache Spark are
technologies used to handle large amounts of data in real-time via processing. Such technologies promise extremely
responsive systems but also require such systems to conform to data security and auditability compliance
standards. Developers must work faster and at the highest level possible. The responsibility should be to keep
sensitive data safe and follow regulations, such as correctly logging transaction records and encrypting them.
Usually, such issues are overcome through developers' modular development approaches. The modularization
approach will allow the teams to test the AI feature independently and choose whether the feature passes the
system. Another supplement to this is the use of compliance auditing tools in AI pipelines to do compliance auditing
for all aspects of the system in its development at each step of the pipeline. With these tools, developers can keep
creating and keeping with compliance. As regulatory requirements evolve for AI systems, new risks are still a thing
for these systems to deal with, and this calls for continuous monitoring of the systems for a check to ensure they
stay in compliance. Most financial institutions have invested in AI systems with pre-embedded monitoring
mechanisms that monitor compliance in real-time and trigger an alert when any irregularities are noticed. This
enables organizations to be agile amid the risk of non-compliance (Singh et al., 2020).
Overcoming Technical and Legal Barriers in Real-Time Data Processing
The technical and legal problem of generating real-time financial data processing systems that satisfy regulatory
standards is very hard. Real-time systems have to process large volumes of data at high speed. One of the biggest
challenges is ensuring their reliability and secure storage. Data storage and transmission delays can result in delays
in processing transactions, violating compliance standards for the timely recording of transactions, for example, for
PCI-DSS, which requires timely transaction records. Given such fluctuating transaction volumes, scalability is one
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
79
major problem in financial systems. During high-traffic financial periods (such as many holiday sale periods), AI
systems will need to scale to accommodate spikes in demand. When processing sensitive customer information,
the delicate question is how to scale these systems for data security and the respective regulatory requirements
like PCI DSS or GDPR (General Data Protection Regulation).
While adding complexity to cross-border data transfer, much of data transfer is legal from a legal perspective.
Financial institutions must process data from customers in jurisdictions with different compliance requirements.
GDPR mandates that the personal data of citizens of the European Union stay inside the European Union or in other
countries with equivalent data protection (Hoofnagle et al., 2019). PCI DSS enforces geographical data storage and
access requirements. When considering the various requirements of AI systems and data processing across borders,
developers must design AI systems reasonably and competently. It will have to work with its legal teams to ensure
that the system works by the international and regional standards it needs to comply with. In addition, cross-border
legal issues in financial AI systems are resolved by data localization methods such as regional data centers and data
encryption.
Managing the Complexity of Multi-Tier Compliance (IEC 62304, PCI-DSS)
Especially if several frameworks need to be obeyed simultaneously, these compliance architectures are often highly
applicable to AI systems. Individuals must have compliance in multiple tiers as it is necessary to meet the various
requirements of the regulatory bodies. Specific laws need to be enforced in each tier of the system (data storage,
transaction processing) to be fulfilled by the systems of financial AI (Lee, 2020). For instance, a system subject to
PCI-DSS and IEC 62304 has to ensure PCI-DSS requirements for data storage tier for safely and securely storing
payment card information. The processing tier is subjected to IEC 62304 standards at the same time. It ensures the
safety of this multi-layered security and complies with safety and risk management standards regarding its health.
The compliance protocols of each layer have to comply with the particular standards of the work of the tier. Over
time, one of the great ways to alleviate some of the complexity of this is to implement layered security strategies.
One way to meet the demands of both compliance frameworks is, for instance, using encryption and multi-device
authentication (multi-factor) at the application layer and using more robust measures such as tokenization at the
data storage layer. Part of the regular compliance audits at each tier ensures that the system is always fully
compliant, even as regulations evolve. Developing such AI systems between PCI DSS and IEC 62304 standards
necessitates a thorough and detailed approach. The integration of multiple compliance frameworks presents a
challenge that developers must deal with, especially when navigating the technical and legal difficulties of real-time
data processing, scalability, and cross-border data transfer. Financial AI systems can adhere to regulations through
modular development, continuous monitoring, and multi-tier compliance strategies while preserving innovation
and high performance (Chavan, 2024).
Successful Case Study: Navigating Compliance in Financial AI Systems
Overview of the Case Study: Implementing IEC 62304 and PCI-DSS in a Real-time Financial System
This case study addresses implementing such a system at a large fintech company specializing in real-time payment
processing and fraud detection. The company aimed to establish a secure, scalable, and fast financial AI system
capable of performing fraud detection, transaction monitoring, and automated compliance reporting while
adhering to strict industry regulations such as IEC 62304 and PCI DSS. Without these standards, the system would
fail with the safety and security of sensitive financial data and real-time transaction processing. The purpose of the
project was to enhance the ability of the company in the field of fraud detection through the use of AI technologies
and the capability of 24/7 status of monitoring of customer transactions to identify suspicious activities. The
company's AI system needed to integrate PCI DSS so payment card data are protected and IEC 62304 to provide the
safety of software used in medical devices (as this company provides diversified solutions) (Juuso & Pöyhönen,
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
80
2023). The aim was to create a solution for a fraud detection solution that could identify patterns quickly and keep
within international regulations on data privacy, encryption, and system reliability.
Figure 7:
Harmonized Standards Medical Device Software MDR IVDR
The Challenges Faced in Achieving Compliance
The AI system that results is not without its challenges in developing. Consistent with strict compliance standards,
the biggest challenge was ensuring the system was still usable with intense volumes of real-time payment
transactions. Financial data transmission security and extremely strict data encryption protocols were major
technical challenges that must be addressed in real-time. The company also had to deal with the fact that to fulfill
the requirements of PCI
–
DSS, the integrity and privacy of their sensitive payment data must be maintained. The
other difficulty was the integration of compliance checks within this AI decision-making process. Fraud detection
algorithms must make real-time decisions without compromising the data privacy laws (Batani, 2017). Because the
system was working with multiple financial institutions and their customers, the most important thing was ensuring
that AI models did not accidentally reveal personal or financial information during analysis. The constant data
breaches and unauthorized access were especially troublesome in cloud-native environments where data was
stored and processed in distributed systems. The aspect that complicated development further was the need to use
advanced cryptographic methods to ensure data encryption compliance in transit and at rest.
Solutions Deployed Using Kafka, Spark, and LLM-Based Microservices
The company deployed a hybrid mix of the latest cutting-edge technologies like Apache Kafka, Apache Spark, and
LLM-based microservice to overcome these compliance challenges. For instance, the company billed real-time
payment transactions using Kafka for event streaming. With Kafka's powerful message queuing capabilities, it was
possible to stream payment data while retaining the correct encryption and access control measures enforced by
PCI DSS. The financial data was processed securely and efficiently without encountering bottlenecks due to Kafka's
ability to handle high-throughput event processing. Real-time analytics is essential, and Apache Spark was used to
process huge amounts of transaction data to detect patterns indicative of fraudulent activities. Because Spark made
it so that one could process data quickly at high speeds and identify suspicious activity before the transactions were
completed, Spark's in-memory processing capabilities were critical. Enabling real-time data processing has enabled
the fintech company to meet operational and regulatory requirements. The company employed LLM-based
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
81
microservices to make AI decisions. By using these microservices built on hyper-large language models (LLMs),
customers could be analyzed more accurately. The AI system could then detect fraud and anomalous behavior in
line with PCI-DSS and IEC 62304 standards. The company ensured the deployment was scalable, secure, and
updateable as it adapted to changing compliance regulations using containerized microservices (Karwa, 2024).
Results: Achieving Both Compliance and High-Performance Financial AI Processing
This was implemented successfully, and the results were also excellent. The biggest result was a significant drop in
fraudulent activities. The system identified suspicious transactions in milliseconds using Kafka and Spark's real-time
fraud detection capabilities to prevent money from being taken from the customer. It led to a 35% decrease in
financial loss caused by fraud in the first six months of deployment. Real-time transaction monitoring integration
allowed the company to provide timely and accurate compliance reporting (Kansal & Gupta, 2024). The AI system
automatically generated compliance reports, reducing the manual work for the compliance teams and allowing the
company to provide quick demonstrations of PCI-DSS and IEC 62304 standards adherence. Real-time details,
through audit trails, enabled robust mechanisms for ongoing compliance verification and for the system to
generate.
These advanced capabilities helped to maintain the system's performance at a high rate. The integration of Kafka
for event streaming, Spark for analytics, and LLM-based microservices did not affect the system's speed or
scalability. The system was able to process millions of transactions per day, and the AI system did this at high
throughput and low latency and ensured full compliance with the regulations involved.
Key Takeaways and Lessons Learned from the Case Study
This case study offers several important lessons for companies that want to develop compliance intelligent
computing systems in the financial business. It shows the importance of technological selection for real-time data
processing. However, Kafka and Spark were crucial in meeting the system's performance and scalability
requirements while conforming to PCI DSS regulations. The second is to show the integration of LLM-based
microservices and how advanced AI models can improve decision-making without violating compliance standards.
The pitfall it often saw was complexity when integrating these compliance assessments into an AI's decision-making.
Real-time AI models had to stay strict with data privacy and security protocol, which was done through constant
collaboration between AI developers, security experts, and legal teams (Gupta et al., 2020). Continuous monitoring
and updating of the compliance systems was an important lesson learned. The systems must adapt to the changing
regulatory requirements, notably in the financial industry. To interact with this, the company designed the system
around operating systems of containerized microservices that could have their AI models easily updated as new
compliance regulations came to be. A case study shows that building a high-performance, compliance-driven AI
system capable of real-time processing of financial data is possible and a great benefit. This means that if the right
technologies are used and a company is maintained in compliance throughout the development process, businesses
can develop wildly innovative AI that is fully compliant with the standards of the relevant regulation.
Ethical Considerations in Compliance-Driven AI Systems
When it comes to matters of ethics, artificial intelligence (AI)
—
especially in financial systems
—
is playing an
important role in ensuring that AI-driven technologies not only comply with compliance requirements such as PCI-
DSS and IEC 62304 but also act transparently, accountably, and fairly.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
82
Table 5:
Ethical Considerations in Financial AI Systems
Ethical Concern
Description
Mitigation Strategy
Bias in Decision-
Making
AI models may perpetuate existing
demographic biases
Use diverse training data, fairness-aware
algorithms
Transparency
Difficulty in explaining AI's decision-
making process
Implement Explainable AI (XAI) to enhance
model transparency
Privacy
Risk of exposing sensitive financial data
Encrypt and anonymize customer data during
processing
Ethical Implications of Using AI in Financial Decision-Making
Ethical challenges to AI systems used in financial decision-making (whether to pass a loan, detect fraud, or provide
customer service) are ubiquitous. Algorithmic bias is one of the biggest ethical issues. Lightning AI, a machine
learning algorithm, is trained from massive datasets that may contain terrible biases. For example, if an AI learns to
perpetuate existing historical biases in a loan approval process in a financial institution, such as granting loans to
people from specific demographics more than other people, then gender, race, and other demographic biases may
be perpetuated as part of any lending decisions in the AI. To define this at a higher level, it can translate into unfair
lending practices in the financial services sector, discrimination in credit scoring, or bias in the fraud detection
systems.
Among the other ethical concerns regarding AI is the lack of transparency of AI models. There are many AI systems,
such as 'black boxes' of deep learning models, whose decision-making is easy to understand for humans. It results
in difficulties auditing AI decisions and explaining them to the stakeholder, the regulator, or the customer.
Recalcitrant decisions are detrimental to the financial services industry, where bad decisions can completely upend
the financial well-being of individuals. Developers can use several strategies to mitigate these risks. First, I
recommend using diverse and representative datasets trained on AI systems to minimize the chance of the AI
system coming up with biased outcomes. Additionally, utilizing fairness constraints during model training can tackle
discrimination. Transparency initiatives like explaining AI (XAI) methods reveal and fix possible biases whenever AI
systems decide to make fair and unbiased choices. Developers and users must prioritize privacy while handling data,
particularly regarding financial data's ethical and legal usage.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
83
Figure 8: Ethical artificial intelligence principal in digital agriculture.
Maintaining Transparency and Accountability in AI Systems
Ethical use of AI in financial services entails transparency and accountability. To guarantee that AI systems are
transparent and accountable, in highly regulated sectors like finance, developers must strive for systems that
regulators and users can thoroughly audit and understand. Any AI system should be able to trace and explain the
decisions that rely on it. One practical way to enforce transparency is explainable AI (XAI). XAI techniques make it
possible to get explanations from AI models for their predictions or decisions that humans can understand (Dwivedi
et al., 2023). As an example of this, an AI model that uses credit scoring should not simply reject or accept a loan
application. It should provide the credit score and a rationale for why this decision was made, such as individual
factors that compounded to determine whether a loan was approved or rejected. A regulation implementation with
this explanation could be in the format of feature importance scores and trees, making it easier for regulators and
users to visualize how decisions are made, thereby guaranteeing the fairness and compliance of the regulation with
the PCI-DSS, for example.
Simultaneously with AI, grating XAI into these AI systems also improves accountability. XAI can help the developer
fix the error indicating if an AI system makes a bad decision, such as rejecting a loan application for reasons that
would be discriminatory. In addition, keeping strict logs of all the AI decisions, especially in our financially sensitive
applications, helps make the company eligible to check that the application complies with the regulatory standards.
Also, these logs serve as an important level of accounting in that external auditors and regulators can check AI
decisions and verify whether they abide by the industry's rules and norms.
Balancing User Privacy with Data Utilization in Real-Time AI Models
The one other very important ethical aspect of AI systems, and finally in the financial world, is to harmonize a user's
confidentiality and the strong desire to be able to use real-time analysis based on real-time. In finance, the data an
AI system needs to be effective is transaction histories, credit scores, and personal identifiers. This data is essential
for sound judgment decisions but can also cause a splash of privacy. Since personal financial data is associated with
personal health data, there has to be confidence that the personal financial data is treated securely and by privacy
laws such as the General Data Protection Regulation (GDPR) or the Health Insurance Portability and Accountability
Act (HIPAA), if applicable.
Financial institutions adopting appropriate data protection measures can resolve these issues. One best practice
for data anonymization in AI involves de-identifying the dataset it was fed during training using an anonymization
library (Kanwal et al., 2023). This prevents any user name from being connected to the released data. Tokenization
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
84
analytically converts sensitive data without substituting it and is a second line of protection for sensitive data. The
data must be stored securely. To counter the potential for bad actors, financial institutions should use strong
encryption of data at rest and in transit to prevent breaches. Additionally, sensitive data should be offered secure
access controls to prevent unauthorized entities from accessing it. Tokenizing, anonymizing, and encrypting
financial data helps developers perform real-time data analysis.
Addressing Bias and Fairness in Financial AI Systems
Bias and fairness are of great importance in designing AI systems that will make financial decisions on behalf of
humans. Financial AI systems, such as those in credit scoring, lending, and fraud detection, can, if not carefully
managed, amplify the Trump bump or perpetuate biases. For example, suppose historical lending data with implicit
or explicit biases against some demographic groups has been used to train an AI system. In that case, that system
may have negative outcomes, such as rejecting loan applications from a minority applicant more often than from
another. Fair play practices and legal liabilities for money institutions might result from that. The way through these
risks is that fairness should be prioritized when a developer develops an AI model. Eliminating bias is one possible
method, using datasets that are extremely diverse and diverse to the very highest degree of representing not just
one group of users but all groups of users.
This can include generating synthetic data of such populations using
techniques for creating synthetic data or creating datasets with underrepresented groups. Additionally, developers
can impose fairness constraints during AI system training to ensure that no demographic is disadvantaged in the AI
system's decisions.
Regular audits and fairness checks are also important because they aid in maintaining an unbiased AI system. They
are system audits assessing decisions based on ethical guidelines and regulatory standards. Such fairness-aware
algorithms will create checks to detect biased outcomes during model training and automatically adjust in case of
biases. For example, PCI-DSS requires developers to work with regulatory bodies to ensure nondiscrimination and
fairness in financial systems, IEC 62304. Based on these best practices, financial institutions can emulate the
establishment of AI systems that follow laws and regulations so that they will be compliant with ethical criteria such
as fairness, transparency, and privacy. This work makes an ethical consideration of developing compliance-driven
AI systems in the financial area integral (Onoja et al., 2021). In designing systems to work in the world ethically
(without following rules like PCI DSS and IEC 62304) and during machine learning (to DevOps requirements), those
who brew with AI can address bias, privacy, transparency, and fairness. In this world, moving towards a more digital
financial world, ensuring that the AI models used in the background are fair, transparent, and accountable to build
people's trust and protect users' rights is important.
Future Trends in Compliance-Driven AI Systems
Emerging Technologies Shaping Compliance in AI Systems
Most technologically defined on the new frontier of compliance in AI systems today are quantum computing,
advanced cryptographic techniques, and blockchain. Such threats to data security, compliance monitoring, and real-
time financial processing can be attributed to this technology.
An area of application is quantum computing, which provides exceptionally fast computational capabilities for
processing very large data sets more effectively than can be done by classical computers. Such a change could help
us with the more efficient and secure encryption algorithms needed for preserving information privacy and unified
compliance with regulatory policies in highly delicate financial environments. Instead, as data-sharing capabilities
grow, advanced cryptographic techniques like homomorphic encryption permit data to be processed in encrypted
form. This allows AI algorithms to use encrypted data without exposing it. This is especially critical for adhering to
regulations about data protection (PCI DSS), as sensitive financial data remains secure even in analysis. In addition,
these techniques support secure data sharing between platforms, a critically important element for financial
institutions that often need to work together in compliance-mandated ways.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
85
The blockchain offers its users the most secure and transparent ledger, in which all financial transactions are
traceable and transparent. Blockchain can greatly increase the auditability of financial AI systems by recording every
transaction in a tamper-proofed way. This technology could simplify the tracking of every decision and manipulation
of data by the AI models for compliance purposes, which would be useful for organizations to demonstrate
compliance with regulatory requirements (Padmanaban, 2024). These emerging technologies will offer a new
secure, transparent, and efficient financial data processing interface. Such systems can help reduce compliance
procedures, reduce the risk of data breaches, and strengthen the financial system's overall integrity.
Table 6:
Future Trends in Compliance-Driven AI Systems
Emerging
Technology
Description
Impact on Financial AI Systems
Quantum
Computing
Accelerates complex computations,
improving encryption
Enhances data security and encryption in AI
models
Blockchain
Provides secure, tamper-proof transaction
records
Increases transparency and auditability in
financial transactions
Federated
Learning
Enables AI models to learn without sharing
data
Reduces data privacy risks while maintaining
compliance
The Future of Real-Time Financial Data Processing and AI in Cloud-Native Architectures
In particular, the progress of AI algorithms and cloud-native platforms will greatly affect the development of real-
time financial data processes. In this context, cloud computing has greatly benefited financial services by providing
scalable, flexible, and cost-effective architectures to ingest, process, and analyze real-time data. With the
advancement of AI algorithms, it will be easier for them to deal with more complex transactions in real-time and
predict and make more accurate insights, all while improving the efficiency of the whole financial institution. In the
context of compliance, cloud-native architectures provide an environment where an AI model can be continuously
updated and managed without a heavy infrastructure burden. These platforms also help them conform to industry
standards such as PCI DSS with features such as data encryption, secure access management, and audit logs. They
make it super easy to follow changing regulations by implementing updates that follow the changed regulations
and keeping services running without disrupting the process. The next evolution of financial systems will likely
involve implementing more refined techniques, including edge computing and federated learning (Brecko et al.,
2022). As for federated learning, this can allow machine learning models to be trained on decentralized data without
disclosure and for processing data more sensitive to its source, which naturally reduces latency and bandwidth
usage. These two technologies will enable financial institutions to continue to comply while handling commensurate
quantities of real-time data in distributed networks.
Predictions for Changes in IEC 62304 and PCI-DSS Compliance Standards
Since they are becoming more complex, AI systems in the financial sector will require a different approach regarding
regulatory frameworks like IEC 62304 and PCI DSS to avoid being redundant as they evolve. IEC 62304, which defines
software development for medical devices, can apply as AI systems move from other sectors into the medical device
sphere. In the context of advanced roles played by AI in decision-making, such as risk management and fraud
detection, regulations may have to be increased to include enhanced testing and validation protocols for AI models.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
86
These rules are also subjected to updates in the following years due to the increasing use of AI and ML for
transaction monitoring and merchant fraud prevention. There will be an increasing focus on making access to the
decision-making logic, market access logs, and product rating features of AI-driven systems auditable and
transparent while keeping data integrity intact during analysis (Elouataoui, 2024). It can expect new regulations on
how financial powerhouses and AI firms should audit their judgmental or automated AI programming, including
compelling explainability requirements on AI decisions. AI model predictions must be proven to meet regulators'
standards. The continued advancement of IEC 62304 and PCI-DSS will make AI essential in its regulatory monitoring
and enforcement capacity. The evolution of these standards makes it possible for AI-powered tools to assist
financial institutions in guaranteeing that they meet their compliance obligations, such as using AI-powered tools.
They automatically detect compliance violations, run audits, and provide real-time updates on compliance status.
Figure 9:
PCI DSS Compliance
Impact of Quantum Computing on Compliance-Driven Financial AI Systems
A quantum computer could enable the financial industry to tackle such issues differently. Encrypted
communications will be one of the areas where quantum computing will have one of the most immediate effects.
The computational power in quantum machines could attack currently used encryption methods RSA (Sharma et
al., 2021). As part of countermeasures against this threat, financial institutions will have to adopt quantum-safe
algorithms, which may prevent quantum computers from processing what would have been the quantum-safe
algorithm. They will be useful in ensuring that the channel for transferring sensitive financial data complies with
data protection regulations such as PCI-DSS.
Some problems are computationally infeasible for classical computers, which quantum computers can solve and
could help speed up the training of AI models. In that case, developing better AI models for financial services with
more accurate outcomes would lead to faster development and benefit decision-making processes like fraud
detection, credit scoring, and investment strategies. There are limits to what quantum computing will adopt.
Quantum disruption means financial institutions and AI developers will have to ensure that their systems are ready
for quantum, and this will be achieving quantum-safe cryptographic solutions. A rigorous test is needed to ensure
they comply with the regulatory standard.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
87
The Role of AI in Evolving Regulatory and Compliance Landscapes
In the future, AI will also be crucial to make compliance reporting easier, enhance audits, and anticipate
noncompliance in financial institutions. Since the regulatory framework is becoming more complex and dynamic,
AI can assist with automating compliance checks and time resolution of potential violations. Vast quantities of data
from many sources can be analyzed using AI, and the pattern indicative of a regulatory breach can be detected very
quickly. It enables institutions to take quick remedial steps and thus avoid penalties from the regulators. AI-powered
tools will also assist financial institutions to stay updated with the ever-changing regulations. Natural language
processing (NLP) techniques aid artificial intelligence (AI) systems to scan new regulations and automatically keep
organizations updated on compliance requirements so that they never get out of track.
AI will put regulators in the future in a position to harness insights into market trends, risk factors, and potential
threats to compliance using AI. Having AI systems making decisions and regulators need to verify the AI on the fly
to ensure it is doing things correctly (either recognizing the information on incoming traders the compliance
department receives given potential differences), which brings me back to monitoring the system or that regulators
can leverage AI-driven systems to monitor AI behavior - the algorithms must comply with compliance rules. They
should not introduce unintended biases or risks. An AI can guide the action so that it acts proactively and not
reactively by detecting and resolving issues before they become major problems. AI technologies have reached
another milestone, so financial systems and the Compliance landscape will soon build another wave of evolution.
The integration of quantum computing, blockchain, and AI-driven compliance tools will be required to keep financial
data secure and have integrity the same when increasingly complex regulations become.
CONCLUSION
In the financial sector, Artificial Intelligence (AI) is the biggest instrument of integration, enabling the system to
respond in real-time and detect and manage risk. The reliance on AI has increased, and so has the responsibility of
complying with strict regulatory standards. Maintaining security and privacy, combating financial institutions from
rightfully breaking the law, and gaining trust from customers and regulators are essential for security and privacy
compliance to adhere to frameworks like IEC 62304 and PCI-DSS. This article has looked at how the standard of IEC
62304, designed for medical software, and PCI-DSS, focused on protecting payment and card data, impacts the
architecture and design of AI systems. However, software lifecycle management and risk assessment are
emphasized in IEC 62304, which states that AI systems in financial services need to undergo rigorous testing and
validation. Therefore, there would be minimum risk involved. On the other hand, PCI-DSS specifies the guidelines
for encrypting payment data, securing transactions, and maintaining the financial system's integrity. They should
meet these standards to ensure that order systems are scalable, flexible, secure, and effective.
These technologies include Apache Kafka, Apache Spark, and large language models (LLMs). Without question,
processing financial information in real-time efficiently and securely is critical, and they are a critical part of the
process. Kafka implicitly provides event streaming capabilities to structure large transactional data. Spark's broad
power for real-time analysis helps financial institutions cope with huge volumes of transactional data and satisfy
security regulations such as PCI DSS. On the flip side, LLM microservices can continuously enhance the security and
compliance of AI financial decisions if they are deployed properly. If these technologies are placed in a HIPAA-
compliant framework, these technologies also offer several benefits, such as improved transaction monitoring,
fraud detection, and better customer experience.
With financial institutions and fintech companies continuing to become more innovative, the path is to balance
security, compliance, and operational efficiency. Organizations must take a proactive approach to ensure their AI
systems conform to the ever-changing regulatory standards. Regular compliance audits, secure cloud platform
utilization with built-appliance features, and encryption and access control measures for protecting sensitive
financial data are key steps of this process. Real-time compliance monitoring tools in a company should be
integrated, and a solid AI lifecycle management process should be in place to help stay compliant with regulatory
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
88
requirements and industry best practices. Besides that, financial institutions must also benefit from the
continuously evolving compliance standards by being up to date with the latest general guidelines so that the AI
systems they use are not rigid and fit to deal with these changes quickly and quickly.
Regulatory necessity, as well as an objective requisite of long-term stability and trustworthiness of financial
markets, compliance-driven AI systems are. Given the increasing implementation of AI in financial services, AI
adoption developers, data scientists, and financial professionals are responsible for ensuring that the systems they
are working with are compliant, transparent, and secure. Because predictively more complex tasks will afford AI
systems greater potential for application, compliance will play a bigger and even more critical role. Compliance that
is not AI-driven is not just about compliance in the present but also compliance that is aware of what is coming
shortly. Nevertheless, the capacity of the financial sector to keep up with evolved requirements while keeping AI
innovation will be fundamental to its continuance of success. So, ensuring that the regulatory compliance of AI
systems forms their basis will ultimately ensure the safeguarding of customer data, earning customers' trust and
preventing costly legal or financial repercussions.
Innovating and being compliant at the same time are the attributes of the financial sector. This will require
collaboration between regulatory bodies, technology developers, and financial institutions for this to be achieved.
By building an ecosystem that allows for innovation within the scope of compliance, the industry can allow
innovation to thrive and become the AI solution that powers growth and supports values of privacy, security, and
fairness. Achieving a balance between cutting-edge technology and the vagaries of periodically changing
compliance-driven AI systems in the financial sector will be a collective responsibility and one which each of the
various interlinked disciplines bears in silos and as a joint effort. With the evolution of AI, the industry needs to
focus on a collaborative, transparent, and ethical development environment that will benefit the businesses and
the customers and a compliant approach at all levels. Staying ahead of the curve in terms of technology and having
solid regulatory oversight is made possible by financial institutions focusing on both aspects.
REFERENCE
1.
Alam, M. A., Nabil, A. R., Mintoo, A. A., & Islam, A. (2024). Real-Time Analytics In Streaming Big Data:
Techniques And Applications.
Journal of Science and Engineering Research
,
1
(01), 104-122.
2.
Ali, O. (2024). Popular API Technologies: REST, GraphQL, and gRPC.
3.
Barik, R. K., Lenka, R. K., Rao, K. R., & Ghose, D. (2016, April). Performance analysis of virtual machines and
containers in cloud computing. In
2016 international conference on computing, communication and
automation (iccca)
(pp. 1204-1210). IEEE.
4.
Batani, J. (2017). An adaptive and real-time fraud detection algorithm in online transactions.
International
Journal of Computer Science and Business Informatics
,
17
(2), 1-12.
5.
Brecko, A., Kajati, E., Koziorek, J., & Zolotova, I. (2022). Federated learning for edge computing: A
survey.
Applied Sciences
,
12
(18), 9124.
6.
Carcillo, F., Dal Pozzolo, A., Le Borgne, Y. A., Caelen, O., Mazzer, Y., & Bontempi, G. (2018). Scarff: a scalable
framework for streaming credit card fraud detection with spark.
Information fusion
,
41
, 182-194.
7.
Chavan, A. (2024). Fault-tolerant event-driven systems: Techniques and best practices. Journal of Engineering
and Applied Sciences Technology, 6, E167.
http://doi.org/10.47363/JEAST/2024(6)E167
8.
Chavan, A. (2024). Fault-tolerant event-driven systems: Techniques and best practices.
Journal of Engineering
and Applied Sciences Technology
,
6
, E167.
https://doi.org/10.47363/JEAST/2024(6)E167
9.
Dhanagari, M. R. (2024). MongoDB and data consistency: Bridging the gap between performance and
reliability.
Journal
of
Computer
Science
and
Technology
Studies,
6
(2),
183-198.
https://doi.org/10.32996/jcsts.2024.6.2.21
10.
Dhanagari, M. R. (2024). Scaling with MongoDB: Solutions for handling big data in real-time.
Journal of
Computer Science and Technology Studies, 6
(5), 246-264.
https://doi.org/10.32996/jcsts.2024.6.5.20
11.
Dwivedi, R., Dave, D., Naik, H., Singhal, S., Omer, R., Patel, P., ... & Ranjan, R. (2023). Explainable AI (XAI): Core
ideas, techniques, and solutions.
ACM Computing Surveys
,
55
(9), 1-33.
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
89
12.
Edapurath, V. N. (2023). Design and Implementation of a Scalable Distributed Machine Learning Infrastructure
for Real-Time High-Frequency Financial Transactions.
13.
Elouataoui, W. (2024). AI-Driven frameworks for enhancing data quality in big data ecosystems:
Error_detection, correction, and metadata integration.
arXiv preprint arXiv:2405.03870
.
14.
Feng, Z. (2024). Can GPT Help Improve Robo-advisory? The Construction of Robo-advisor for Users with Low
Investment Experience Based on LLM.
Advances in Economics, Management and Political Sciences
,
90
, 26-41.
15.
Goel, G., & Bhramhabhatt, R. (2024). Dual sourcing strategies.
International Journal of Science and Research
Archive
, 13(2), 2155.
https://doi.org/10.30574/ijsra.2024.13.2.2155
16.
Gupta, R., Tanwar, S., Al-Turjman, F., Italiya, P., Nauman, A., & Kim, S. W. (2020). Smart contract privacy
protection using AI in cyber-physical systems: tools, techniques and challenges.
IEEE access
,
8
, 24746-24772.
17.
Hoofnagle, C. J., Van Der Sloot, B., & Borgesius, F. Z. (2019). The European Union general data protection
regulation: what it is and what it means.
Information & Communications Technology Law
,
28
(1), 65-98.
18.
Iwasokun, G. B., Omomule, T. G., & Akinyede, R. O. (2018). Encryption and tokenization-based system for credit
card information security.
International Journal of Cyber Security and Digital Forensics
,
7
(3), 283-293.
19.
Juuso, I., & Pöyhönen, I. (2023).
Medical-Grade Software Development: How to Build Medical-Device Products
That Meet the Requirements of IEC 62304 and ISO 13485
. CRC Press.
20.
Kansal, S., & Gupta, V. (2024). ML-powered compliance validation frameworks for real-time business
transactions.
International Journal for Research in Management and Pharmacy (IJRMP)
,
13
(8), 48.
21.
Kanwal, N., Janssen, E. A., & Engan, K. (2023, September). Balancing privacy and progress in artificial
intelligence: anonymization in histopathology for biomedical research and education. In
International
Conference on Frontiers of Artificial Intelligence, Ethics, and Multidisciplinary Applications
(pp. 417-429).
Singapore: Springer Nature Singapore.
22.
Karwa, K. (2024). The future of work for industrial and product designers: Preparing students for AI and
automation trends. Identifying the skills and knowledge that will be critical for future-proofing design careers.
International
Journal
of
Advanced
Research
in
Engineering
and
Technology
,
15
(5).
https://iaeme.com/MasterAdmin/Journal_uploads/IJARET/VOLUME_15_ISSUE_5/IJARET_15_05_011.pdf
23.
Konneru, N. M. K. (2021). Integrating security into CI/CD pipelines: A DevSecOps approach with SAST, DAST,
and SCA tools.
International Journal of Science and Research Archive
. Retrieved from
https://ijsra.net/content/role-notification-scheduling-improving-patient
24.
Koo, J., Kang, G., & Kim, Y. G. (2020). Security and privacy in big data life cycle: a survey and open
challenges.
Sustainability
,
12
(24), 10571.
25.
Kumar, A. (2019). The convergence of predictive analytics in driving business intelligence and enhancing
DevOps efficiency. International Journal of Computational Engineering and Management, 6(6), 118-142.
Retrieved from
https://ijcem.in/wp-content/uploads/THE-CONVERGENCE-OF-PREDICTIVE-ANALYTICS-IN-
DRIVING-BUSINESS-INTELLIGENCE-AND-ENHANCING-DEVOPS-EFFICIENCY.pdf
26.
Lee, J. (2020). Access to finance for artificial intelligence regulation in the financial services industry.
European
Business Organization Law Review
,
21
(4), 731-757.
27.
Luo, F., Zhao, J., Dong, Z. Y., Chen, Y., Xu, Y., Zhang, X., & Wong, K. P. (2015). Cloud-based information
infrastructure for next-generation power grid: Conception, architecture, and applications.
IEEE Transactions
on Smart Grid
,
7
(4), 1896-1912.
28.
Mubeen, M. (2024). Zero-Trust Architecture for Cloud-Based AI Chat Applications: Encryption, Access Control
and Continuous AI-Driven Verification.
29.
Muzukwe, S. (2023).
A Governance Framework for Security in Cloud Architecture
(Master's thesis, University of
Johannesburg (South Africa)).
30.
Nandan Prasad, A. (2024). Monitoring and Maintaining Machine Learning Systems. In
Introduction to Data
Governance for Machine Learning Systems
(pp. 429-483). Apress, Berkeley, CA.
31.
Narkhede, N., Shapira, G., & Palino, T. (2017).
Kafka: the definitive guide: real-time data and stream processing
at scale
. " O'Reilly Media, Inc.".
AMERICAN ACADEMIC PUBLISHER
https://www.academicpublishers.org/journals/index.php/ijns
90
32.
Nyati, S. (2018). Revolutionizing LTL carrier operations: A comprehensive analysis of an algorithm-driven pickup
and delivery dispatching solution. International Journal of Science and Research (IJSR), 7(2), 1659-1666.
Retrieved from
https://www.ijsr.net/getabstract.php?paperid=SR24203183637
33.
Onoja, J. P., Hamza, O., Collins, A., Chibunna, U. B., Eweja, A., & Daraojimba, A. I. (2021). Digital Transformation
and Data Governance: Strategies for Regulatory Compliance and Secure AI-Driven Business Operations.
34.
Owoade, S. J., Uzoka, A., Akerele, J. I., & Ojukwu, P. U. (2024). Cloud-based compliance and data security
solutions in financial applications using CI/CD pipelines.
World Journal of Engineering and Technology
Research
,
8
(2), 152-169.
35.
Padmanaban, H. (2024). Revolutionizing regulatory reporting through AI/ML: Approaches for enhanced
compliance and efficiency.
Journal of Artificial Intelligence General science (JAIGS) ISSN: 3006-4023
,
2
(1), 71-
90.
36.
Rajesh, Y. S., Kumar, V. K., & Poojari, A. (2024). A unified approach toward security audit and compliance in
cloud computing.
Journal of The Institution of Engineers (India): Series B
,
105
(3), 733-750.
37.
Raju, R. K. (2017). Dynamic memory inference network for natural language inference. International Journal of
Science and Research (IJSR), 6(2).
https://www.ijsr.net/archive/v6i2/SR24926091431.pdf
38.
Ritondale, E. (2022). Shipwrecking Probability in Mediterranean Territorial Waters. A Cultural Approach to
Archaeological Predictive Modelling.
39.
Rust, P., Flood, D., & McCaffery, F. (2016). Creation of an IEC 62304 compliant software development
plan.
Journal of Software: Evolution and Process
,
28
(11), 1005-1010.
40.
Sardana, J. (2022). Scalable systems for healthcare communication: A design perspective.
International Journal
of Science and Research Archive
https://doi.org/10.30574/ijsra.2022.7.2.0253
41.
Sardana, J. (2022). The role of notification scheduling in improving patient outcomes.
International Journal of
Science and Research Archive
. Retrieved from
https://ijsra.net/content/role-notification-scheduling-
42.
Seaman, J. (2020).
PCI DSS: An integrated data security standard guide
. Apress.
43.
Sharma, M., Choudhary, V., Bhatia, R. S., Malik, S., Raina, A., & Khandelwal, H. (2021). Leveraging the power of
quantum computing for breaking RSA encryption.
Cyber-Physical Systems
,
7
(2), 73-92.
44.
Singh, V. (2022). Intelligent traffic systems with reinforcement learning: Using reinforcement learning to
optimize traffic flow and reduce congestion. International Journal of Research in Information Technology and
Computing.
https://romanpub.com/ijaetv4-1-2022.php
45.
Singh, V., Doshi, V., Dave, M., Desai, A., Agrawal, S., Shah, J., & Kanani, P. (2020). Answering Questions in
Natural Language About Images Using Deep Learning. In
Futuristic Trends in Networks and Computing
Technologies: Second International Conference, FTNCT 2019, Chandigarh, India, November 22
–
23, 2019,
Revised Selected Papers 2
(pp. 358-370). Springer Singapore.
https://link.springer.com/chapter/10.1007/978-
46.
Steurer, R. (2021). Kafka: Real-Time Streaming for the Finance Industry.
The Digital Journey of Banking and
Insurance, Volume III: Data Storage, Data Processing and Data Analysis
, 73-88.
