Meeting Notes ProBy Northern Catalyst
For compliance officers and firm counsel

Built for the Canadian compliance environment, not adapted to it.

CIRO-aligned templates and an architecture built around the four-regulator Canadian stack.

CIRO, PIPEDA, Quebec Law 25, and CSA Staff Notice 11-348 are not labels we added at the end. They shaped the architecture from the start. This page covers what compliance officers and firm counsel typically want to see when evaluating Meeting Notes Pro.

The position, stated plainly

Meeting Notes Pro is CIRO-aligned, not CIRO-approved. CIRO does not certify software. The templates, the on-device PII removal, the audit-trail metadata, and the documentation structure are built to satisfy what CIRO expects of advisor record-keeping under IDPC Rule 3800 and adjacent supervision requirements. The page below covers each regulator separately.

The four regulators

What each regulator governs, and what Meeting Notes Pro does about it.

CIROCanadian Investment Regulatory Organization

Governs books and records, supervision, and client communication retention for investment dealers and mutual fund dealers. IDPC Rule 3800 sets the retention and accuracy expectations for client communication records.

What Meeting Notes Pro doesProduces a Canadian regulatory-aligned draft that captures the substance of the meeting in the structure CIRO supervisors expect. Versioned local storage gives you the immutability and audit trail that supervisors look for. Final responsibility for the documentation remains where CIRO places it: with you, the advisor.
PIPEDAPersonal Information Protection and Electronic Documents Act

Governs federal private sector privacy through ten Fair Information Principles. Three principles bear most directly on AI meeting documentation: Principle 4 (Limiting Collection), Principle 5 (Limiting Use, Disclosure, and Retention), and Principle 7 (Safeguards).

What Meeting Notes Pro doesLocal PII removal addresses Principle 4 by limiting what gets collected by the AI provider. On-device processing addresses Principle 5 by limiting external disclosure of identifying information. Encrypted local storage addresses Principle 7 by keeping the safeguards under your control rather than a vendor’s.
Quebec Law 25An Act to modernize legislative provisions as regards the protection of personal information

Imposes stricter consent and breach notification requirements than PIPEDA, with a sensitive-information category that covers most of what advisors discuss with clients. The AMF and CSF require five-year retention of incident records.

What Meeting Notes Pro doesThe same on-device architecture limits the surface area for sensitive-information transmission. Advisors with Quebec-resident clients should also reference the Compliance Conversation Kit on northerncatalyst.ca, which covers Law 25-specific consent and disclosure language in detail.
CSA SN 11-348Canadian Securities Administrators Staff Notice 11-348

Issued in 2024 to set out CSA expectations for AI systems used in capital markets. The notice asks firms and advisors to document the model in use, the data flows, the human oversight steps, and the AI governance posture.

What Meeting Notes Pro doesDocuments the model (Claude via AWS Bedrock), the on-device PII handling architecture, the human-in-the-loop review step, and provides advisors with the AI governance documentation needed to satisfy a firm’s internal evaluation under 11-348.
Compliance review feedback

What a compliance review found.

The strongest piece of evidence on this page is feedback from one compliance review at one advisor’s firm.

Outlook · Compliance Review
Email from a compliance reviewer responding positively to an advisor's Meeting Notes Pro documentation. Sender, recipient, and client names are redacted. The reviewer writes that the process is fantastic and offers one suggestion: include mention of fees in the running notes. Dated Friday, April 11, 2025, 8:49 AM.

Email from a compliance reviewer to an advisor using Meeting Notes Pro, April 11, 2025. Sender, recipient, and client names redacted at the source.

On what this is and is not

The screenshot above is feedback from one compliance reviewer at one firm during a routine review of an advisor’s client documentation. CIRO does not approve software, and Meeting Notes Pro has not been audited by CIRO. The difference between “one compliance review went well” and “we are CIRO-approved” is the difference between truth and overclaim, and we keep that line on the truth side. The reviewer’s response is the most direct evidence available that the architecture and templates produce documentation a Canadian compliance officer is comfortable with.

The honest accounting

What we do not claim.

Some claims in this category are tempting because competitors make them. We don’t, because the wording would not be accurate.

  1. AI processing entirely in Canada.We do not claim that AI processing happens entirely in Canada. AWS Bedrock in Montreal (ca-central-1) is the entry point; cross-region inference may route the underlying Claude model through US AWS regions. The de-identified transcript means client identifying information is not part of any cross-border transmission, which is the architectural point of doing PII removal locally.

  2. SOC 2 or ISO 27001 certification.We do not claim SOC 2 or ISO 27001 certification. Those are AWS certifications, not Meeting Notes Pro’s. Meeting Notes Pro is built on AWS infrastructure that holds these certifications; the certifications themselves belong to AWS.

  3. A formal CIRO audit.We do not claim to have passed a formal CIRO audit. CIRO does not audit software; CIRO reviews firms. The compliance feedback above came from one firm’s routine review of an advisor’s documentation, not from a regulator’s review of Meeting Notes Pro.

  4. Approval by any Canadian dealer network.We do not claim approval by any Canadian dealer network. Approval cycles at major dealer networks take time and have specific procedural requirements that an independent product at this stage cannot satisfy. Advisors at restricted-vendor firms should evaluate Meeting Notes Pro through their firm’s standard internal process; the Compliance Conversation Kit is built for that conversation.

The infrastructure underneath

What sits underneath: AWS’s security posture.

Meeting Notes Pro processes meeting transcripts on AWS Bedrock infrastructure. Although the certifications below belong to AWS rather than to Meeting Notes Pro, they describe the security posture of the environment your de-identified transcript enters during AI processing. For a compliance officer evaluating Meeting Notes Pro, the inherited security characteristics of that environment are part of the picture.

  • CCCS
    CCCS Medium Cloud Security Profile assessment from the Canadian Centre for Cyber Security. This is the Government of Canada’s IT security assessment for cloud services handling sensitive but unclassified information. CCCS’s assessment is the most directly relevant Canadian certification for this discussion.
  • ISO
    ISO 27001, ISO 27017, ISO 27018, covering information security management, cloud-specific security controls, and personal data protection in the cloud.
  • SOC
    SOC 1, SOC 2, and SOC 3 independent third-party examinations covering the AWS control environment for system security, availability, and confidentiality.
  • PCI
    PCI DSS Level 1, the highest level of assessment under the Payment Card Industry Data Security Standard.
What this does and does not cover

Meeting Notes Pro itself has not been independently audited against these standards. The certifications cover the infrastructure on which Meeting Notes Pro runs, not Meeting Notes Pro’s application code or business processes. The architectural commitment that matters most for advisor-client documentation, on-device PII removal before any AI processing, is Meeting Notes Pro’s own design and is described on the How it works page.

For full documentation of AWS’s compliance programs, AWS publishes a User Guide for Federally Regulated Financial Institutions in Canada which compliance officers may find useful as additional reference material.

Free resource

The Compliance Conversation Kit.

Built by Northern Catalyst for advisors who need to navigate AI tool approval with their firm’s compliance department. Five components covering framework, business case, vendor checklist, conversation prep, and meeting agenda. Use it whether you adopt Meeting Notes Pro or any other AI tool.

Get the Compliance Conversation Kit

Ready to evaluate Meeting Notes Pro yourself?

$29 paid once for the 90-day trial. Continues at $29/month after 90 days, locked in for early adopters.