By: E.J. Yerzak
Artificial intelligence (AI) was a central theme at the 2026 Investment Adviser Compliance Conference in Washington, D.C., where multiple sessions explored how firms can responsibly adopt AI while meeting regulatory expectations.
One session, “Regulating Intelligence: Navigating Compliance in the Age of AI,” focused on how generative AI tools intersect with the SEC’s Books and Records Rule. Under Rule 204-2(a)(7), advisers must retain originals of written communications related to key business activities such as recommendations, trading, and performance reporting. Panelists generally agreed that AI prompts and outputs, on their own, are not “written communications” in the traditional sense. Instead, they are better understood as supporting evidence of a communication, similar to drafts or internal notes, rather than the final communication itself.
That distinction has practical implications. For example, some firms have considered retaining AI-generated transcripts, such as summaries of meetings or conversations. However, panelists cautioned against broad or long-term retention of these materials, noting that they could become discoverable in regulatory exams or litigation. In other words, keeping more data than necessary can create additional risk. Firms that do lean toward longer retention periods for meeting transcripts are exploring ways to reduce that risk by adding disclaimers to the raw transcripts noting that they are AI-generated. The discussion also emphasized the importance of obtaining appropriate consent before recording or transcribing communications—whether AI is involved or not.
Another area of interest at the conference was whether AI use needs to be disclosed in an adviser’s privacy notice. The answer, according to the panel, depends on how the firm uses AI and what data is retained. If AI tools process or store client information in a way that differs from existing practices, updates to disclosures may be warranted. On the topic of personally identifiable information (PII), panelists noted that using PII within enterprise-grade AI tools is generally acceptable, provided firms understand how the data is handled, and there are no client-specific restrictions that would prohibit such use.
In another discussion, Brian Daley, Director of the SEC’s Division of Investment Management, reinforced a broader regulatory principle: rules should remain technology-neutral. Rather than writing regulations for specific tools, the SEC aims to focus on outcomes, such as proper recordkeeping and investor protection, regardless of the technology used. Daley pointed to past lessons, including the SEC’s early emphasis on WORM (Write Once, Read Many) storage tied to CD-ROM technology. While well-intentioned, that approach highlighted how quickly technology can evolve and become obsolete. Today, the SEC is working to modernize requirements while maintaining flexibility for future innovation.
Looking ahead, Salus GRC’s Chief Technology Officer and Chief AI Officer, Jay Patel, joined a panel titled “AI Technology and the Future of Financial Services,” where industry leaders discussed how firms should approach adopting AI. A key theme was the “build, borrow, or buy” decision. Building AI solutions internally can offer customization but is often costly and time-intensive, especially in a rapidly evolving market. For many firms, the more practical decision comes down to borrowing (leveraging existing platforms or APIs) or buying (purchasing established solutions).
As Patel noted, speed matters.
“Don’t waste too much time and money trying to evaluate and running through this lengthy process about buying,” he cautioned. “When you start to borrow, it allows you to move significantly faster. The speed at which everything is moving is very quick today.”
Patel also emphasized that the market has not yet consolidated around a single, all-in-one AI solution. Instead, most firms are deploying a combination of tools tailored to specific use cases, such as document analysis, compliance monitoring, or client communications.
For advisers, the path forward is not about chasing every new technology trend. It is about thoughtfully integrating AI in a way that aligns with regulatory obligations, protects client information, and delivers measurable value.
Perhaps the most important takeaway from Patel was simple. Start now. AI is no longer experimental or optional. Firms that delay adoption risk falling behind peers who are already using these tools to improve efficiency, enhance decision-making, and strengthen compliance programs.