Sign Anthropic finance-agent outputs for FRE 902(13) compliance

When to use this pattern

• — Investment banking: every pitch deck, CIM, teaser, and merger model delivered to a client is an advertised claim under FINRA + SEC scrutiny. Sign at delivery, give the client + counsel a verify URL alongside the PDF.
• — Equity research: published research is FINRA Rule 2241 regulated; recordkeeping is required. Earnings reviewer outputs (notes, model updates, morning notes) get signed before publication. Re-verification proves the note hasn't been retroactively edited.
• — Private equity / fund admin: IC memos drive investment committee decisions + are discoverable in fund litigation. Valuation reviewer + statement auditor outputs touch LP reporting + GP annual reviews. Sign each artifact so the LP/GP relationship has a shared cryptographic record.
• — Operations / compliance: KYC screener outputs are BSA/AML audit-trail surfaces. FinCEN exam asks "show me why you flagged this customer" — signed outputs are the answer.

The wrapper pattern

All 10 named agents in anthropics/financial-services end with a "deliver" step (write file, send email, push to PowerPoint, return result). Wrap that step with a CertNode signing call:

import { CertNode } from '@certnode/sdk'

const cert = new CertNode({ apiKey: process.env.CERTNODE_API_KEY! })

/**
 * Wraps any finance-agent's delivery step with a signing call.
 * Returns the original output plus the receipt info so callers can
 * attach the verify URL to the artifact (deck footer, email signature,
 * report appendix, etc.).
 */
async function signFinanceAgentOutput(opts: {
  agentName: string                // 'pitch-builder' | 'earnings-reviewer' | ...
  output: string                    // the deliverable content
  model: string                     // 'claude-opus-4-7' typically
  contentType: 'ai_output' | 'document' | 'json' | 'image'
  clientContext?: {                 // optional: for audit trail
    clientId?: string
    ticker?: string
    dealId?: string
  }
}) {
  const signed = await cert.signAIOutput({
    output: opts.output,
    model: opts.model,
    provider: 'anthropic',
    // Encode agent + client context in promptHash so the audit trail
    // includes which agent + for whom, without exposing raw client data
    promptHash:
      'agent=' + opts.agentName +
      (opts.clientContext?.clientId ? '|client=' + hashId(opts.clientContext.clientId) : '') +
      (opts.clientContext?.ticker   ? '|ticker=' + opts.clientContext.ticker : '') +
      (opts.clientContext?.dealId   ? '|deal=' + opts.clientContext.dealId : ''),
  })

  return {
    output: opts.output,                         // unchanged
    receiptId: signed.receiptId,                 // for audit retrieval
    verifyUrl: signed.verifyUrl,                 // public verify page
    timestamp: signed.signedAt,                  // ISO 8601
    bitcoinStatus: signed.timestamps.bitcoin?.status ?? 'skipped',
  }
}

function hashId(id: string): string {
  const crypto = require('crypto')
  return crypto.createHash('sha256').update(id).digest('hex').slice(0, 16)
}

Example — Pitch Builder agent

The Anthropic pitch-builder agent ends by producing branded PowerPoint slides. Hook signing into the deliver step:

import { runPitchBuilder } from 'anthropic-finance-agents/pitch-builder'

async function deliverPitch(opts: { clientId: string, ticker: string }) {
  // 1. Run the agent (Anthropic plugin)
  const pitch = await runPitchBuilder({
    target: opts.ticker,
    style: 'M&A advisory',
  })

  // 2. Sign the pitch content (the narrative + figures + conclusions)
  const signed = await signFinanceAgentOutput({
    agentName: 'pitch-builder',
    output: pitch.fullText,
    model: 'claude-opus-4-7',
    contentType: 'document',
    clientContext: {
      clientId: opts.clientId,
      ticker: opts.ticker,
    },
  })

  // 3. Embed the verify URL in the deck footer
  await renderPitchDeck({
    slides: pitch.slides,
    footer: `Cryptographically signed: ${signed.verifyUrl}`,
  })

  // 4. Persist receipt id alongside the deliverable in your CRM / DMS
  await db.deliverables.create({
    type: 'pitch-deck',
    clientId: opts.clientId,
    receiptId: signed.receiptId,
    verifyUrl: signed.verifyUrl,
    deliveredAt: signed.timestamp,
  })

  return signed
}

Verifying the chain later

When a regulator, LP, or opposing counsel asks "did this pitch exist in this form on this date" — the answer is one verification call:

// Anyone can verify — no CertNode account needed
const verification = await cert.verify({ receiptId: 'uuid-from-deliverable' })

console.log(verification.valid)                       // true / false
console.log(verification.receipt.signedAt)            // ISO timestamp
console.log(verification.receipt.timestamps.rfc3161)  // independent TSA token
console.log(verification.receipt.timestamps.bitcoin)  // { status: 'anchored', block_height: ... }

// Or — open the public verify URL in any browser:
//   https://certnode.io/verify/uuid-from-deliverable

What this proves under FRE 902(13)/(14)

• — Content existed at this exact form at this time. Three-layer timestamp chain (CertNode + RFC 3161 + Bitcoin) makes retroactive editing computationally infeasible.
• — Which agent produced it. promptHash field carries the agent name + client / ticker / deal context (hashed for privacy). Verifier can reconstruct attribution.
• — No retroactive fabrication. "Did they generate this evidence after the dispute started?" — Bitcoin anchor pins the artifact to a specific block, which is publicly auditable.
• — Independent verifiability. Opposing counsel + auditors run the same verification using open standards (RFC 3161, ES256, OpenTimestamps). They don't need to trust CertNode — the cryptography is open.

"Designed for FRE 902(13)/(14)" — no court has ruled on a CertNode receipt specifically. The cryptographic primitives are well-precedented; the admissibility argument is one paragraph plus a qualified-person certification. See compliance docs for the framing breakdown.

Privacy patterns for sensitive workflows

KYC screening + LP-statement audits + IC memos often touch PHI / PII / privileged content. Sign content-hash, not raw content — see the privacy-preserving recipe for the sealed-content pattern (hash + salt; raw content never leaves your infrastructure).