Artificial intelligence (AI) has been a hot topic for several years. Following an AI-focused Executive Order earlier this year, federal agencies are encouraged to use the technology to “remove unnecessary bureaucratic restrictions, allow agencies to be more efficient and cost-effective, and support a competitive American AI marketplace.”
However, the focus is not just on federal agencies. A recent Securities and Exchange Commission-hosted roundtable explored the use of AI in the financial industry. For investment advisers and wealth managers, the insights provided differing viewpoints on AI, its benefits, and its pitfalls, as well as a glimpse of future regulatory guidance and framework.
Like any new technology, investment advisers can’t just plug in AI and expect it to ensure compliance automatically. As your firm considers adopting or continuing to use AI, consider the critical risks and how your firm can remain compliant in an evolving regulatory environment.
Related: Artificial Intelligence (AI) and Risk Management Controls: How to Protect Your Financial Institution
AI risk areas
Governance and oversight
Given the range of risks it introduces, AI governance was a central focus of the roundtable, including algorithmic bias, data security concerns, and intellectual property issues. To address these challenges, participants recommended implementing human oversight, conducting sensitivity and scenario analyses, and running bias testing to help mitigate risks and ensure AI systems operate fairly and transparently.
While there are no comprehensive regulations, now is the time to be proactive and ensure your firm and vendors use AI responsibly. Focus on AI as part of your firm’s larger risk management program and communicate how your institution and vendors use AI in internal and external outreach.
Related: Is Your Compliance Program Reactionary or Proactive?
Marketing and advertising
Last year, the SEC took action against two firms that claimed to use AI-enabled investment models in their marketing when they weren’t using such technology — an example of AI washing. The SEC found the advisers violated the Marketing Rule, which prohibits registered investment advisers (RIAs) from releasing untrue or unsubstantiated advertisements.
While former acting SEC Chairman Mark Uyeda cautioned against heavily regulated rules that might hinder AI innovation, investment advisers should still be wary and precise in their AI-related marketing and outreach. If you say you use AI, how exactly are you using it? Can you substantiate those claims? Ensure you can satisfactorily answer these questions and others from examiners and auditors down the road.
Related: What is AI Washing, and What Are the Risks?
Vendor management
When monitoring your firm’s internal AI, you should also assess how your vendors use it. What systems are they deploying? What services are they supporting?
Remember, you’re responsible for your vendors’ AI use. As part of your firm's vendor management program, regularly review their controls, performance, and adherence to contractual obligations.
Learn more about Ncontracts’ TPRM Control Assessments and explore how this solution can transform your third-party risk management process.
Data security and privacy
Understanding what data your AI systems and vendors access is also crucial. Does it include “covered information” under Reg S-P or Reg S-ID?
Both regulations are designed to protect customer data and identities. As you adopt AI across business functions like marketing, customer service, and portfolio management, those protections must extend to how AI is developed, trained, and deployed. Ensure your firm (and your third parties) uphold data security and privacy practices that align with these regulatory standards.
Related: Inside the SEC’s New Vendor Management Requirements
Using AI effectively and transparently
Now that we’ve identified some of the essential AI risk areas, let’s dive into how investment advisers and wealth management firms can proactively mitigate AI-related risks in their products, services, and outreach:
- Maintain strong risk management controls. Establishing measures, processes, and mechanisms to mitigate risks is crucial. Due diligence and risk assessments, qualified staff for risk accountability, and an AI usage policy are just a few examples of AI risk management controls.
Related: Policy Management Pain? Here’s How Financial Institutions Can Fix It
- Proactively manage vendor relationships. Perform due diligence on third-party providers, document oversight and risk management practices, and ensure vendors adhere to your firm's compliance obligations.
- Review marketing and outreach campaigns. Before you publish or promote any marketing materials that reference AI, ensure your compliance team reviews them for accuracy, clear disclosures, appropriate audience targeting, and delivery methods. If you're using vendors to distribute content, review how they distribute it and what data or criteria are used to reach the audience.
- Enhance information security. IT focuses on mitigating harm from data breaches and other cyber vulnerabilities, including AI cybersecurity risks, which occur when bad actors use AI to access systems or produce more efficient cyberattacks.
- Ensure secure storage policies. Your firm has a plethora of sensitive information to keep safe. As you implement AI or any new technology, ensure your protection and security procedures, including physical and environmental controls, are updated.
- Stay current on regulatory updates. We can expect more risk alerts and guidance from the SEC as examiners begin seeing how AI is implemented. A compliance management solution that sends automatic updates tailored to your firm and its services can save you valuable time and resources so you can focus on your AI use strategy.
As you reevaluate your firm’s AI strategy, consider how you can effectively use AI while mitigating risks. As AI usage grows, so will the opportunities and challenges. Is your firm prepared for the future?
Artificial intelligence is just one risk area that advisers and wealth management firms face.
Explore more emerging risks in the securities industry in our guide.
Subscribe to the Nsight Blog
Share this
Risk Management
Risk Management In Healthcare
