By: Matt Calabro
Artificial intelligence is no longer a future concept—it’s part of daily operations for nearly every firm. From note-taking and data analysis to marketing, coding, and network monitoring, AI is reshaping how investment advisers work. The efficiencies are undeniable. The compliance and governance implications are just as real.
In the September edition of Salus GRC’s NAVIGATOR webinar series, a panel featuring Angela McCray (General Counsel and CCO, Surgocap Partners), Steve Stone (Partner, Morgan Lewis & Bockius), E.J. Yerzak (Managing Director, Salus GRC), and I explored how firms can embrace AI while staying compliant, secure, and credible.
AI Across the Business
AI is finding its way into every corner of the advisory ecosystem.
Portfolio managers and analysts use it to summarize market data and manage risk. Traders rely on AI-driven algorithms to enhance execution quality. Compliance and legal teams apply AI to review marketing materials, analyze communications, and manage contracts.
Client-facing teams use it to create content and respond to RFPs more efficiently, while back-office operations adopt AI for accounting, note-taking, training, and engagement tracking. Even IT professionals now depend on AI for writing code and detecting vulnerabilities.
In short: AI is everywhere. Whether approved by leadership or not, employees are already using it—and that’s where governance becomes critical.
Governance: Balancing Innovation and Control
Every firm needs some level of structure around AI use. Governance doesn’t need to mean bureaucracy, but it does require visibility and accountability. Firms must know which tools are being used, by whom, and for what purpose.
When building an AI governance process, start simple and scale as needed. Consider the following framework:
- Identify the business need. What problem is the tool solving?
- Assess risks and opportunities. What value does it add, and what risks does it create?
- Vet vendors carefully. Evaluate data protection, privacy, and access controls.
- Approve users and set parameters. Define who can use AI tools and how results are reviewed, stored, and retained.
- Monitor and evolve. Tools change quickly. Ensure governance keeps pace.
The right approach will look different for every firm, but every program should balance innovation with oversight.
Business and Regulatory Considerations
No matter how sophisticated the technology becomes, human accountability must remain central. AI can draft, summarize, and analyze—but people are responsible for what’s produced.
Firms should approach AI outputs as starting points, not finished products. A transcript from an AI notetaker, for example, should be reviewed and validated by a person before it becomes part of the official record.
Accuracy is another concern. Large language models rely on vast, uncurated data sets that can include bias or misinformation. Even the best systems can produce flawed results. Verification and human review are essential.
Data protection is also critical. Because AI tools often “learn” from user inputs, sensitive firm or client information could be exposed if not handled carefully. Likewise, advisers must ensure their teams aren’t infringing on others’ intellectual property when using AI-generated content.
Finally, regulators are paying close attention. Both the SEC and FINRA have expressed concern about “AI washing,” where firms exaggerate their capabilities to appear more advanced. Firms using AI in marketing must ensure all claims are accurate and substantiated. Regulators are also focusing on cybersecurity, vendor oversight, and incident response protocols.
AI isn’t exempt from the same expectations that govern everything else in compliance—it simply raises the stakes for transparency and proof.
NAVIGATOR Webinar Series
NAVIGATOR is a monthly webinar series designed for compliance and cybersecurity professionals in financial services. Each session explores the evolving issues shaping the industry, from AI and data governance to examination readiness and risk management.
Stay informed and future-ready. Register for upcoming sessions at salusgrc.com/NAVIGATOR.