BIASMIX-FINANCE: POST-GENERATION KYC GUARDRAILS FOR LLM PORTFOLIO ADVICE

Large language models (LLMs) can generate plausible-sounding ETF portfolios while silently violating basic KYC-style constraints on risk, fees, and diversification. This is especially problematic in *agentic* multi-turn advisory systems, where each draft recommendation can become an action unless guarded by an auditable enforcement layer. We study a model-agnostic, asset-agnostic *post-generation guardrail* pipeline: (i) enforce a strict JSON allocation schema, (ii) validate allocations against numeric caps, and (iii) when violations occur, *deterministically* project the output to the nearest feasible portfolio via a convex quadratic program (QCQP). We introduce **BiasMix-Finance (Mini)**, a compact stress-test benchmark for *constrained decision-making under biased LLM generations*, with a 16-ETF universe, three investor profiles, and eight bias prompts. Across three models and three inference modes (direct, critique, self-consistency), first-pass generations violate at least one cap in **47.6--85.7\%** of test cases (**67.2\%** pooled), but the convex projection layer reduces *final feasibility violations to **0\%*** while requiring only a *small correction distance* (test pooled median $D=\|w^* - w_0\|_2=0.066$), indicating that the guardrail typically preserves the intent of the original allocation. We report violation rates and correction distances with confidence intervals, and paired model comparisons with multiple-testing correction. To support reproducibility, we will release the dataset, prompts, caps, and code in an anonymous repository (URL withheld for double-blind review).