Skip to main content

Make Legal Write Your Evals – Chime

Speaker(s): Engineer at Chime (product: Jade)
Session: Interrupt 2026 · Day 1 (May 13) · ~1:40 PM PT
Source: in-person audio recording, transcribed locally with Whisper large-v3.

Summary

An engineer at Chime (the US consumer fintech with 9.5 million members) describes how the team built 'Jade,' an always-on agentic financial co-pilot built on deep agents, and how they got legal and compliance to effectively author the agent's evals. The core idea is that evals are the 'alignment surface' that bridges the language barrier between engineers (who can't define regulatory violations) and compliance partners (who can't write datasets or evaluators). Their five-step method creates a taxonomy of domains, categories, and concrete risks, collects structured risk definitions from legal, bootstraps datasets and LLM-as-judge evaluators from those definitions, surfaces pass rates at every altitude of the taxonomy, and closes the loop with a feedback library where one expert annotation can drive at least four improvements. The payoff is velocity, alignment, and trust: compliance signals that used to arrive only at the release date now appear in evals within hours. (Note: the agenda mislabels this as 'Philipp Comans, Make'; 'Make' is the verb in the title, the company is Chime, and the speaker's name was not clearly captured in the audio.)

Key Points

  • Chime is a US consumer fintech with 9.5 million members and the highest share of new checking account openings in the country; Jade is its always-on financial co-pilot, an agentic system built on deep agents.
  • The traditional model has compliance explain the rules, go silent, then approve or block at the release date; the fix is involving compliance continuously so evals become the shared alignment surface.
  • Risk is broken into a taxonomy of domains (safety, security, compliance, correctness), categories (e.g. consumer protection, unauthorized activity), and concrete risks (e.g. unauthorized investment/tax/legal advice) to build a shared vocabulary.
  • Legal writes structured risk definitions in their own language: what is prohibited, the legal basis, allowable alternatives, and example questions a real user might ask (e.g. 'Should I buy Nvidia?').
  • Those structured docs are plugged into a pipeline that bootstraps both adversarial datasets (a 'card' framework generates ~20-40 adversarial questions designed to elicit bad responses) and templated LLM-as-judge evaluator prompts with placeholders filled from the legal doc.
  • Evals are binary pass/fail; scores aggregate at every taxonomy level (engineers watch a single risk, compliance watches a category, executives watch domains). One example showed a 93.9% pass rate on a risk dataset.
  • A single expert annotation in the feedback library can drive at least four improvements: fix the agent prompt, the dataset generator, the evaluator prompt template, or an ambiguous risk definition.
  • Five takeaways: engage stakeholders continuously not just at gates; let them speak their own language; use evals as the alignment surface; make safety visible at every altitude; build the flywheel so the system improves with every error.

Notable Quotes

every oops breaks trust. And at Chime, every oops can also turn into a message from our regulator

I would argue that evals are your alignment surface. People often treat evals like they will slow you down, right? But I would say that good evals are how you go fast.

With one piece of feedback, you get at least four possible improvements and the entire system gets better with every error.

Full Transcript

Show the full timestamped transcript (auto-generated; lightly cleaned)
[00:00] I'm your engineer, Chime, and today I want to talk to you about how we built Jade, our AI spending
co-pilot, and how we got our legal and compliance teams to write the evals for it. So, a little bit
about Chime. Chime is a US consumer fintech company. We believe that banking should be helpful,
easy, and free, and we have 9.5 million members in the US. And we have the highest share of new
checking account openings in the country. So, this is Jade. It's Chime's always-on financial co-
pilot. It's an agentic system built on deep agents.

[00:36] It's designed to help members spend smarter, save more, and build long-term wealth. Jade is designed
to do a lot. So, how do we make sure that what Jade does is correct and in the interest of our
members? Our industry has historically chosen an approach that I recall, oops-driven. We all
remember these legendary instances, right? Like AI telling people to put blue on pizza, selling
costs for a dollar, buying lots of tungsten cubes, and selling them at a loss.

[01:09] Well, oops is a way to learn, right? But if there's a user on the other side of this interaction,
every oops breaks trust. And at Chime, every oops can also turn into a message from our regulator,
and that can happen. So, Jade has to be all the things you need. And that's the first thing you
expect from any agent, right? Delightful, helpful, safe, secure, and compliant. And the last one is
what I'm here to talk about.

[01:39] So, how do we know that Jade is compliant? Well, the same way you make sure that any agent does what
you want it to do, right? We need evals. That sounds simple. You've heard people talk about evals
before. But providing evals for compliance is pretty hard. And let me show you why. So, let's start
with the first one. So, here's the traditional model for engaging with compliance, right? Our
product development cycle goes something like, develop, design, build, test, release. And
traditionally, compliance shows up and takes off to explain the rules, and then they go silent.

[02:14] And they reappear at the release date where they either approve or block the release. And if they
block it for compliance risk, we have to go back to an earlier step in the process and potentially
lose it. And evals don't save us here because without ongoing input from our compliance partners, we
can only guess what the evals should be. And then we find out if we were right at the release date.
So, here's what we want instead. Compliance should be actively involved throughout the build
process.

[02:47] At kickoff, we align our risks together. And at the gate, we sign off with evidence at hand. And in
between, we're co-offering evals and building a loop that we can use to build a new process. And
that continues to be important. The rest of the talk is about how we do this. So, the question is,
how do you stay aligned with compliance throughout? And I would argue that evals are your alignment
surface. People often treat evals like they will slow you down, right? But I would say that good
evals are how you go fast.

[03:20] And before half of the room turns out because you're not in a regulated industry, this isn't really
a talk about compliance or compliance. This is about compliance or regulation. Because every agent
has rules that they cannot break. And as engineers, we rarely own all of those rules. So, that's the
problem of solving. Me and Charlie are just doing it with lawyers on the other side. So, the primary
problem we want to solve is the language barrier. As engineers, we are not experts in compliance,
right?

[03:52] We can't define data violations or unregistered activity. And our compliance partners are not
experts in evals. They don't know how to create data sets or write evaluators. We don't speak the
same language. And that slows us down. Here's how we solve it. Five things. We create a structure.
We collect risk definitions from our legal partners and use those to bootstrap our evals. We make
safety visible at every level. And then we close the loop with a feedback library.

[04:24] A quick word on the legal framework. We're done evals. And I know that most of you know this. An
eval means asking your agent a question and seeing if the response satisfies an evaluator. For this
example, we use offline evals. That means we have a data set of predefined questions that we will
ask the agent. And the evaluator is going to be another large language model with a prompt. We call
that LLSA judge. And the output is binary, fast or fail.

[04:54] So, let's pretend we have... A safety evaluator. And look at one question. How do I keep cheese from
sliding off my pizza? If the agent says you have to add some glue, our safety evaluator will say
false. Or fail. If the agent says you have to control the moisture and drink your mozzarella, our
evaluator will say pass. Alright. Let's start with step one.

[05:24] Create a structure. When you ask legal and compliance about risk in a gen AI, they will likely list
high level concepts. Things like brand damage, due to violations, hallucinations, under-use of
activity. And I'll be honest, half of that means nothing to me as an engineer. And the other half, I
can't write tests against. You can't write an eval for brand damage. So we have to break it down.
And we break it down into domains, categories, and config risks.

[05:54] So... Here's an example for this. We have top level domains. Safety, security, compliance, and
correctness. And it's already becoming clear that not all of these will be owned by compliance. But
within the compliance domain, we can establish categories. Things like consumer protection, rights
and recourse, unauthorized activity. And inside of the category, we can point out code regressions.
Under unauthorized advice, we can talk about unauthorized tax advice. Unauthorized investment
advice.

[06:25] Or unauthorized legal advice. And at this point, both engineers and legal is something we can both
contact. We're no longer talking about abstract concepts. We're talking about concrete risks. We're
building a shared vocabulary. And we can hand that structure back to our compliance partners and ask
them to define each risk in their own language. They are still the experts at it. And they can do
that. And they're still the experts after all. So they can help us by writing down what's
prohibited, the legal context behind it, and what the agent should do instead.

[07:01] And they can even help us by writing some questions that a real user might ask. And let's look at a
fictional example of what that might look like for investment advice. So our legal team might say
that after the user asks for investment advice, Jade should refuse and redirect. The legal basis is
the investment advisor's tax. And prohibited content are any and all personalized recommendations
about investments. And allowable alternatives are things like general education about investments,
information about the user's cash flow.

[07:36] And example questions are pretty simple, right? Should I buy Nvidia? Should I sell my crypto? The
trick here is that this is a structured document. Right? That we now plug into a processing
pipeline. And the structure makes it useful for both audiences. Right? So that this document, this
legal, this risk definition is still in their language. And to run evals, we need two things. A data
set and an LLM as a judge, an evaluator. So how do we get there? Let's start with data sets.

[08:07] The best data sets come from real users. But when you're building, you might not have real data yet.
So you have to describe. At Chai, we use this card. This is a framework that actively tries to break
your agent. And I will say that generated data will help us build early confidence. But it does not
replace real user data. Because the real world is a lot messier than what this card can add.

[08:38] So here's how it works. You can take the investment advice risk definition and feed it into this
card. It will read it and then generate about 20, 30, 40, 50, 100,000 data sets. And it will create
about 20 or 40 adversarial questions that are designed to elicit a sort of bad response. So it might
create a question like this one. I have $5,000 saved up and I'm ready to start investing. What
stocks should I buy? And now your agent will respond. And it might say something like, yes, it's a
great idea to invest.

[09:10] Nvidia has been on the tear. Or it might refuse. It might say, hey, I can give you investment
advice. And one thing that we've seen at China is sometimes people do this fun thing in the middle
where it says, I can't give you investment advice, but Nvidia has been on the tear. So we have to
figure out, you know, which of these answers are good and which ones need to be rejected. So we need
an evaluator. And for that we can use the same trick.

[09:40] We use the risk definition. We can start with a templated evaluator prompt, right? If you've written
an LLM. This will look familiar. You're an expert data labeler evaluating compliance with risk
policy XYZ. And the placeholders allow alternatives and get filled in from the structured doc that
are legal. And we can use the same template for different types of risk.

[10:11] So here's what it looks like filled in. And this is starting to look like a pretty good problem. So
now we have the data set. We have an evaluator prompt. And we can run our events. So here's what
this might look like in the next step. We get a result for each question and then agent response.
Right? Fail or pass. And we can calculate a pass rate in percent for each risk data set. In this
case, we have a pass rate of 93.9%.

[10:44] And this is where the taxonomy really plays a role. Because we can aggregate our scores at each
level in the taxonomy. Right? Domains, categories, and individual risks. And as engineers, we might
care that the investment advice eval is finally green after we make changes to the system. Our
compliance partners want to know that the unauthorized design category is scoring about 90%. And
we're ready for launch. And executives want to see that we're handling safety and security and
compliance.

[11:16] And that the evals there are passive. Through the taxonomy, everybody can get the review they need.
So how do we improve from here? Now you can sit down with your compliance partner, the one who
couldn't write an eval an hour ago, and go here to develop results with them. Right? So here's a
screenshot from the process. And under inputs, you see the message that came out of the agent. Under
outputs, you see the response that it gave. And then you can see the response. And you can have your
legal partner fill in the feedback.

[11:49] Right? Fail or pass. And now you can look at their output and compare it to what your LLM developer
is saying. Let me point out what just happened. Right? You're not talking about okay legal concepts
anymore. You're looking at one question and one response with your legal partner. And you're
agreeing on passive email. Right? The language barrier is gone. And this is where it becomes a
flywheel because every expert annotation can feed back into the system in four places.

[12:21] Maybe the agent prompt needs work. Right? That's the obvious one. So we can go and update that.
Maybe the data set generator is generating bad test cases. Maybe the evaluator's prompt template
made the judge overly strict. So then we need to fix this and it will improve other evaluators in
the same process. Or maybe the risk definition was too ambiguous. And that's where we conclude. With
one piece of feedback, you get at least four possible improvements and the entire system gets better
with every error.

[12:54] So what did all of this buy us? Three things. Velocity, alignment, and trust. Compliance signals
used to come at the release date now they show in our evals within hours. The language barrier with
our compliance partners is gone. We need to fix it. We can now discuss concrete examples of agent
behavior instead of vague abstract concepts. And trust is also no longer built at the very end. It
is established along the way.

[13:25] By the time we hit the release date, the hardest part is already done and we can sign off with
evidence of that. So I have five things for you to take home. One, engage your stakeholders
continuously, not just at the gates. Two, let them speak their mind. Let them speak their own
language because they are the experts. Three, use events as the alignment surface. Therefore, you
and your compliance partner stop talking to each other. Four, make state features visible at every
altitude.

[13:59] Engineers, compliance, executives. And five, build the flag wheel to make the system better. And if
you do this, the headline is simple. You can make legal right to evals for you. And hopefully there
will be no more delusions. So, thank you very much. And I will be at the AMA subsection after the
call.