There is no single AI rule for investment advisers. The rules that govern technology, data, communications, and supervision already apply to AI — and the SEC has been explicit on this point. This framework translates those existing obligations into nine specific controls for governing AI use at an RIA.
Download the PDFAI use at an RIA is governed by the same rules that already govern technology, data, communications, and supervision. The SEC has been explicit: existing rules apply, and AI is not an excuse for weaker controls. The following rules most directly affect how advisers deploy AI in 2026.
Any material AI use that affects compliance — surveillance, communications, marketing, advice generation — must be reflected in written policies and tested in the annual review. "Reasonably designed" is the standard examiners apply. Untested AI tools that shape client communications fail it.
The 2024 amendments are the single most important AI-adjacent regulatory development for RIAs. Every AI tool that touches customer information is a service provider under Reg S-P. Free-tier consumer AI services cannot satisfy the written-contract or oversight requirements. Written incident response programs must cover unauthorized access at AI vendors. Customer notification obligations apply when AI vendors experience breaches involving firm customer data.
AI-generated marketing content must be reviewed and approved by a qualified person before publication and retained under Rule 204-2. Claims that the firm uses AI in advice generation must be substantiated and not misleading. Overstating AI capabilities is itself a Marketing Rule violation.
Establish an AI Risk Management Policy aligned with SEC cybersecurity rules and the NIST AI Risk Management Framework. Formally document approved AI use cases — client communication, internal operations, surveillance — and maintain an AI Bill of Materials (AIBOM) identifying datasets, open-source components, model versions, and training sources. Define governance roles across IT, compliance, and business units. Map AI usage against compliance risk factors including privacy, fiduciary duty, and supervisory obligations.
The AIBOM is the AI equivalent of a software bill of materials — a living document listing training inputs, model versions, and dependencies that is essential for understanding AI-related risk exposures during an incident or regulatory inquiry.
Enforce least privilege on AI models, APIs, and vector databases. Require multi-factor authentication for developers, administrators, and AI platform access. Implement audit logging of model usage, admin actions, and system prompts. Segment access between client-facing, internal-only, and test environments. No user — human or system — should have access beyond what their role strictly requires.
Never train AI on non-anonymized client data or NPI without an explicit, documented risk mitigation plan. Use differential privacy or data redaction where client data is fed into prompts. Secure vector databases and augmentation data with encryption in transit and at rest, change logging, anomaly alerts, and read/write segregation. Any third-party-hosted model should be reviewed under vendor due diligence, with legal clauses addressing training reuse, jurisdiction, data sharing, and supportability.
The platform you choose determines what protections you have. The same underlying model offers very different data handling depending on which product you bought. Prioritize on-premise or isolated cloud environments for sensitive workflows. Block consumer-tier ChatGPT, Gemini, and Claude for any work-related use — these cannot satisfy Reg S-P service-provider oversight requirements. For any third-party-hosted AI, document contractual clauses on data usage, retention, training reuse, model tuning rights, and jurisdictional control.
| Platform tier | Training on customer data? | Suitable for |
|---|---|---|
| ChatGPT Free/Plus (consumer) | Default settings allow training | Personal use only — block for firm work |
| ChatGPT Team/Enterprise | Contractually no training on customer data | Medium-tier work with vendor DD complete |
| Microsoft 365 Copilot | No training; processes within M365 boundary | Medium and high-tier work for M365 firms |
| Azure OpenAI Service | No training; data stays in Azure tenant | High-tier custom builds |
| Claude for Enterprise / AWS Bedrock | No training; data remains in AWS account | Medium and high-tier work |
Inference is where most users interact with AI — and where most real-world attacks occur. Prompt injections, jailbreak attempts, and adversarial inputs are active tactics used to override system safeguards. Implement input validation and prompt sanitization across all AI interfaces. Restrict models from responding to certain prompt types, implement contextual constraints, and filter outputs for hallucinations or policy violations before they are shared or stored. Monitor anomalous behavior — a model producing investment recommendations or revealing internal code logic should trigger an alert.
Integrate AI usage logs into existing SIEM infrastructure so AI-related anomalies are visible alongside other system alerts. Track prompt refusals, failed inference attempts, and API usage spikes that deviate from baseline. Schedule red team exercises to simulate prompt injection and data leakage. AI systems should undergo periodic penetration testing, particularly those deployed in production or tied to sensitive workflows. Findings feed directly into AI risk assessments, policy updates, and training programs.
The most sophisticated AI controls can be undone by human error. Incorporate AI-specific modules into annual cybersecurity training covering prompt injection, hallucinations, data leakage, and AI-generated phishing. Run tabletop exercises built around realistic AI incidents — receiving a convincing phishing email written by an LLM, or responding to a prompt that produces unauthorized investment advice. Provide clear policy-driven guidance on which AI use cases are acceptable and which are not. FieldCraft, available to BrainTrust members, includes modules designed specifically for AI use in regulated environments.
AI is not a one-time install — it is a living system. Maintain model registries tracking lineage, dependencies, training sources, fine-tuning events, and deployment environments. Limit who can modify or deploy models, log every operation, and maintain rollback capability. Trained models that are integral to investment processes or client analytics should be treated as business-critical IP — their distribution should be restricted, monitored, and legally protected.
Include AI-specific threat scenarios in the annual cybersecurity risk assessment. Ensure the Cybersecurity Policies and Procedures Manual has a section dedicated to AI — describing where AI is used, how it is governed, and what controls are in place. Maintain a vendor register of all third-party AI tools, including open-source components, with due diligence documentation covering licensing, data retention, model provenance, and update mechanisms. Review AI systems as part of mock audits and SEC preparedness exercises.
| Timeframe | Priority actions |
|---|---|
| Days 1–30 | Inventory all AI tools currently in use. Block consumer-tier AI platforms for firm work. Draft AI use policy and add to P&P manual. Create initial AIBOM entries for each tool in use. |
| Days 31–60 | Complete vendor due diligence on all AI tools touching client data. Verify contractual no-training clauses. Add AI to annual risk assessment. Deploy DLP rules for AI platforms. Deliver initial staff training on approved vs. prohibited AI use. |
| Days 61–90 | Enable audit logging on AI platforms. Run first tabletop exercise covering an AI-related scenario. Review AI governance roles and formalize in RACI. Schedule AI system review as part of annual compliance review cadence. |
The goal is not perfection — it is clarity, transparency, and demonstrated control. Firms that treat AI oversight as seriously as any other regulated function will be in a defensible position when examiners ask about it. Firms that don't will generate findings.
This framework is general guidance for RIAs and does not constitute legal advice.
Enter your email to receive the PDF. The same address subscribes you to BrainTrust Free — the newsletter, starter templates, and the compliance calendar.
Get the PDF via BrainTrust Free