[Musashi]

You can develop an Access Management system (or integrate with a COTS). You can watermark the files with timestamp and username. Thus allowing you to track who let the documents go into the wild. Based on Meta data, you can restrict access to different files and restrict the client's ability to display those documents.

None of those tasks are trivial and all of them can be worked around. You aren't building a military grade secure system, so, perhaps what you are doing is good enough. I'd start with Access Management and add visibility controls on documents.