TL;DR: Whereas there is a lack of express AI governance necessities, corporations ought to use current regulatory guidelines to tell their use of AI.
As synthetic intelligence continues to combine into every day enterprise operations — from shopper chatbots to generative advertising instruments — regulators are signaling a easy however agency message: current guidelines nonetheless apply.
In Q2 2025, whereas no formal AI-specific rules have been launched, each FINRA and the SEC emphasised that AI should be ruled with the identical care as some other enterprise device. Throughout our Q2 Regulatory Roundup webinar, Eversheds Sutherland panelists and Smarsh regulatory specialists shared how corporations can responsibly navigate this evolving area.
Why AI governance issues now
Monetary providers corporations are more and more deploying AI instruments that generate content material, automate selections, or help with shopper communications. However as utilization will increase, so do regulatory dangers — particularly if output is unsupervised or if shopper knowledge is dealt with with out applicable safeguards.
Although no AI-specific rulebook exists but, corporations are anticipated to use current requirements for supervision, recordkeeping, knowledge privateness, and advertising to those instruments. The problem is mapping rising applied sciences to long-standing obligations and doing so transparently.
Present regulatory panorama for AI
We’ve written beforehand on evolving AI governance rules. With the newest expectations, listed below are what corporations ought to have in mind:
• FINRA reiterated in Regulatory Discover 24-09 that its guidelines are technology-neutral. AI instruments should be supervised like some other communications or decision-making system.
• Widespread AI makes use of embrace: chatbots, automated analysis summaries, content material technology, coverage searches, and shopper knowledge analytics.
• Third-party vendor oversight is essential. Companies should perceive how AI options are embedded in exterior platforms and guarantee contracts prohibit unauthorized use of shopper knowledge.
• Advertising and marketing content material created by AI should nonetheless meet FINRA Rule 2210: clear, balanced, and never deceptive.
“You must know what’s taking place with the knowledge that you just feed into that device.”
Widespread AI makes use of in monetary providers
In the course of the stay Q2 webinar, attendees have been requested to determine their largest compliance concern associated to AI. Right here’s how they responded:
These outcomes reinforce that whereas AI adoption is rising, issues about oversight, documentation, and danger administration stay prime of thoughts.
Key compliance dangers and the right way to tackle them
Recordkeeping is a rising concern. Companies should decide whether or not AI outputs qualify as enterprise communications that require archiving, and the right way to seize them. Past communications, corporations ought to assess whether or not AI techniques or outputs set off different forms of recordkeeping obligations.
“It’s most likely essentially the most tough query for final — books and information necessities. When is an AI-generated communication a file of the agency? There’s not a superb reply to this but.”
Whereas Smarsh makes a speciality of communications oversight, compliance groups should assume holistically about knowledge governance and information throughout operational features.
This contains being conscious of:
- Regulatory give attention to “AI washing,” claims that overstate a agency’s capabilities, might result in future enforcement actions
- Not ready for full steerage from FINRA and the SEC — the shortage of a rule isn’t a defend
- Making certain AI use is roofed in your Written Supervisory Procedures (WSPs), and reviewing any client-facing AI beneath relevant communications guidelines
- Creating cross-functional AI governance frameworks spanning compliance, danger, authorized, and know-how enter
How Smarsh will help with AI governance
The absence of AI-specific regulation doesn’t equate to a regulatory vacuum. As corporations undertake more and more refined instruments, regulators are watching how they apply long-standing ideas of supervision, transparency, and documentation to new applied sciences.
At Smarsh, we’ve seen that corporations that deal with AI governance not as a one-time coverage replace however as an ongoing operational follow are finest positioned to remain forward of scrutiny and to make use of rising instruments responsibly and successfully.
As a result of on the subject of AI, the actual danger isn’t regulation. It’s ready too lengthy to arrange for it.
Share this submit!
As a Regulatory Advisor at Smarsh, Tiffany Magri displays, evaluates and consults on the monetary providers regulatory panorama. Tiffany has greater than 10 years of expertise facilitating compliance with legal guidelines and rules, insurance policies, and danger administration. Previous to becoming a member of Smarsh, Tiffany was a Senior Affiliate at Profit Avenue Companions and a Compliance Analyst at Broadstone and Manning & Napier Advisors.
Smarsh Weblog
Our inner subject material specialists and our community of exterior business specialists are featured with insights into the know-how and business developments that have an effect on your digital communications compliance initiatives. Enroll to learn from their deep understanding, suggestions and finest practices relating to how your organization can handle compliance danger whereas unlocking the enterprise worth of your communications knowledge.
