A comprehensive plan for implementing Claude AI to automate meeting follow-ups, client emails, and action plans, with full PII protection and regulatory compliance for Australian financial services.
What this solution does and why it works for a private wealth firm
Lucerne Private Wealth wants to use AI to transform how advisors handle post-meeting client communications. Currently, after a client meeting, an advisor must manually write up notes, draft a follow-up email summarising the discussion, outline action items, and flag anything requiring client approval. This is time-consuming and inconsistent.
The proposed solution connects to Lucerne's existing Microsoft 365 environment (Outlook, Teams, Dynamics CRM) via secure APIs, processes meeting transcripts and emails through a PII removal layer, sends the sanitised content to Claude AI for intelligent summarisation and action plan generation, then re-inserts client details only at the final human-approved output stage.
Client PII is removed before any data leaves the secure environment. Claude AI only ever sees anonymised placeholders (e.g., "[CLIENT_1]", "[ACCOUNT_REF_A]"). After AI processing, the system re-inserts real names and details in a controlled, auditable step that requires human approval before any communication is sent.
How the components connect, from Microsoft 365 to Claude AI and back
The PII Processing Layer runs entirely within Lucerne's secure environment (Azure tenant or on-premises). No personally identifiable information ever crosses the network boundary to Anthropic's servers. The AI only processes text containing generic placeholders like [CLIENT_1], [ACCOUNT_A], [ADVISER_1].
Connecting to Outlook, Teams, and Dynamics 365 via Microsoft Graph API
All API access uses Microsoft Entra ID (formerly Azure Active Directory) with OAuth 2.0 authorization code flow. This ensures:
GET /me/messages
GET /me/messages/{id}
POST /me/sendMail
Read advisor's inbox, filter by client, draft and send follow-ups via Microsoft Graph API v1.0.
GET /me/events
GET /me/onlineMeetings
Retrieve upcoming and past meeting details, attendees, and links to Teams recordings.
GET /me/onlineMeetings/{id}/transcripts
GET .../transcripts/{id}/content
Download auto-generated meeting transcripts in VTT or text format for AI processing.
GET /api/data/v9.2/contacts
PATCH /api/data/v9.2/contacts({id})
Read client records, update notes, log activities. Uses OData v4 REST API with separate Azure app registration.
Teams meeting transcripts require Teams Premium or Microsoft 365 E5 licensing for automatic transcription. If Lucerne is on a lower tier, transcripts can be generated via a third-party service or manual upload. Confirm current licensing before build.
How personally identifiable information is stripped before AI processing
The PII engine is the security backbone of the entire system. It runs as a server-side process within Lucerne's secure environment (their Azure tenant or on-prem servers). No data leaves until PII is removed.
| PII Category | Detection Method | Example Input | Tokenised Output |
|---|---|---|---|
| Client Names | NER + CRM Dictionary | John & Sarah Smith | [CLIENT_1] & [CLIENT_2] |
| Tax File Numbers | Regex (9 digits) | 123 456 789 | [TFN_1] |
| ABN / ACN | Regex (11/9 digits) | 51 824 753 556 | [ABN_1] |
| Phone Numbers | Regex (AU patterns) | 0412 345 678 | [PHONE_1] |
| Email Addresses | Regex | john@email.com | [EMAIL_1] |
| Physical Addresses | NER + Pattern | 42 Collins St, Melbourne | [ADDRESS_1] |
| Account Numbers | CRM Dictionary | ACC-LPW-00847 | [ACCOUNT_1] |
| Dollar Amounts | Regex + Context | $2.4M portfolio | [AMOUNT_1] portfolio |
| Dates of Birth | Regex + Context | born 15/03/1965 | born [DOB_1] |
| Medicare Numbers | Regex (10 digits) | 2123 45670 1 | [MEDICARE_1] |
| Bank BSB/Account | Regex | BSB 062-000, Acc 1234567 | BSB [BSB_1], Acc [BANKACCT_1] |
Regex alone misses context-dependent PII (e.g., "Mr. Smith" without a number pattern). NER alone misses structured data (TFNs, account numbers). Dictionary lookup alone misses new or ad-hoc mentions. The three layers together provide comprehensive coverage. A post-processing scan validates that no known PII patterns remain in the sanitised output before it leaves the secure zone.
From client meeting to approved follow-up email, step by step
DRAFT (Pending Advisor Approval)
To: john.smith@email.com
Subject: Summary of Our Meeting, 18 March 2026
Hi John and Sarah,
Thank you for meeting with us today. Here is a summary of what we discussed and the next steps:
Key Discussion Points:
Action Items:
Please let us know if anything above doesn't match your understanding. We'll be in touch with the formal Statement of Advice within the next week.
Warm regards,
Steve
Lucerne Private Wealth
Every AI output requires human review before any client-facing action
Gate 1 catches PII leakage before it leaves the building. Gate 2 catches AI quality issues (hallucinations, wrong tone, missing info) before a human sees a confusing draft. Gate 3 is the final human checkpoint: the advisor who knows this client validates accuracy. This layered approach means no single point of failure can result in incorrect or privacy-violating client communications.
How this solution aligns with Australian financial services regulations
APP 6 (Use & Disclosure): PII is only used for the primary purpose it was collected (servicing the client). AI processing uses tokenised data only, so no disclosure to a third party occurs.
APP 11 (Security): Encryption at rest and in transit, access controls, audit logging, and the PII never leaving the secure environment satisfies "reasonable steps" to protect personal information.
Key action: Update Lucerne's Privacy Policy to mention AI-assisted communications. Obtain opt-in client consent as best practice.
While Lucerne may not be directly APRA-regulated (they're likely ASIC-licensed), aligning with CPS 234 demonstrates best practice:
Section 988E: Financial services licensees must keep records of financial services provided. The audit log captures every AI interaction and human approval.
Section 912A: "Efficient, honest and fair" obligation. Human review gate ensures AI outputs are verified for accuracy before client delivery.
7-year retention: All logs, drafts, approvals, and sent emails are retained for the mandated period.
If a client complains about an AI-generated communication, Lucerne must be able to:
The audit trail satisfies this entirely. Ensure IDR procedures reference AI-assisted communications.
Because the AI never receives PII, there is a strong argument that no additional consent is needed beyond Lucerne's existing privacy policy. However, for transparency and client trust (especially for high-net-worth individuals), we recommend:
How data is protected at every stage
When using the Claude API (not the consumer product), Anthropic does not retain or train on any data submitted. API inputs and outputs are not stored after processing. This is contractually guaranteed in Anthropic's commercial terms.
Anthropic offers a DPA for enterprise customers that covers GDPR, Australian Privacy Act, and other frameworks. This should be executed before go-live. Covers: data processing obligations, breach notification, sub-processor management.
Anthropic maintains SOC 2 Type II certification, independently audited. This covers security, availability, and confidentiality controls. Audit reports can be requested for Lucerne's compliance team.
| Layer | Protection | Standard |
|---|---|---|
| Data in Transit | TLS 1.3 for all API calls (Microsoft Graph, Claude API) | AES-256-GCM |
| Data at Rest (Mapping Store) | AES-256 encryption for the PII token mapping database | FIPS 140-2 |
| Data at Rest (Audit Logs) | Encrypted storage within Lucerne's Azure tenant | Azure Managed Keys |
| API Authentication | OAuth 2.0 with short-lived tokens, no stored passwords | RFC 6749 |
| Claude API Key | Stored in Azure Key Vault, rotated quarterly | RBAC access only |
| Access Control | Role-based: only authorised advisors can trigger processing | Azure AD RBAC |
| Network | All processing within Lucerne's Azure VNet / tenant | Private endpoints where possible |
Transparency about what the system cannot do, and how we address each limitation
| Limitation | Risk Level | Mitigation |
|---|---|---|
| PII detection is not 100% Novel name formats or unusual data patterns may slip through |
Medium | Three-layer detection (regex + NER + dictionary) provides 99%+ coverage. Post-processing validation scan. Gate 1 automated check. Regular model retraining on missed patterns. Client name dictionary pre-loaded from CRM. |
| AI may hallucinate content Claude could generate advice or details not discussed in the meeting |
Medium | Prompts explicitly instruct: "Only summarise what was discussed. Do not add recommendations." Gate 3 human review catches any fabricated content. Advisor knows what was actually discussed. |
| Teams transcript quality varies Background noise, accents, or technical terms may be misheard |
Low-Med | Advisor reviews the final output against their memory of the meeting. Poor transcript quality flagged automatically based on confidence scores. Manual notes can supplement. |
| Financial advice generation risk AI must not generate personal financial advice (AFSL obligation) |
High | System prompt explicitly prohibits advice generation. Output includes disclaimer. Only summarises what was discussed, never recommends. Gate 2 scans for advisory language patterns. Human approval mandatory. |
| Context-dependent PII "My son James" may not be detected as PII without context |
Low-Med | NER model detects names in context. CRM lookup for known family members. Conservative approach: when in doubt, tokenise. |
| Data leaves Australia momentarily Anthropic's API servers may be outside Australia |
Low | No PII leaves Australia (only tokenised data). Anthropic offers AWS Sydney region processing for enterprise. Zero retention means no data stored overseas. DPA covers cross-border data flow obligations. |
A phased approach to reduce risk and validate at each stage
The business case for AI-assisted client communications
If each advisor spends 30 minutes per meeting on follow-up emails and action logging, and they have 15 meetings per week, that is 7.5 hours per advisor per week on admin. With 5 advisors, that's 37.5 hours/week. This system reduces that to ~5 minutes per meeting (review and approve), saving ~30 hours/week across the team. At an advisor billing rate of $300/hr, that's ~$9,000/week in recovered capacity, or ~$36,000/month.