The day began for you like any other: you show up to your office at the same time as always. You follow your usual habits and routines as you move through the space to your workstation, the sights, sounds, and smells of your surroundings greeting you as familiar friends on your daily quest. Sitting down, you contemplate how your job is, in many ways, both the same as and radically different from what it was when you started in this profession seemingly not so many years ago.
A brief glance around your workspace confirms it: awaiting you are email alerts from various systems now in use at your firm. The first informs you of the latest results of periodic email reviews that await your signoff. Unlike before, instead of wading through hundreds of messages—many of which were false positives—now you must review what the system has flagged for you and confirm the validity of the system’s search terms. Email review has been reduced to merely reviewing messages escalated for your attention, the messages that must be dealt with. Bonus: it is so convenient that the system can be left to run overnight just by setting its activation times.
Another email message indicates that a separate system has completed several marketing reviews. But as with the email review, you must confirm the validity of anything the system caught and perhaps briefly skim the submissions to ensure the system did not miss anything.
Another email notification, like clockwork, right away in the morning. The irony of this notification, coming so close to that of the marketing review system, was that it came from the system that composes ad copy for your firm. While the terms of the SEC’s Revised Marketing Rule—not the original Marketing Rule that became effective in November 2022, you remind yourself, but the revised version enacted during the waning months of the second Trump Administration[1]—made the production of ad copy straightforward enough for systematized solutions to become a very real possibility. In the industry, debate rages about the degree to which firms should embrace the irony of having a system that produces ad copy which is then fed into a system that reviews ad copy, its proponents referred to as the so-called “Double-Up Movement”. While your firm is aware of the possibility of this, you are skeptical of the “Double-Uppers” and align yourself with the “One-by-One” position as it relates to reviewing these outputs. It was not unlike reviewing ad copy back when it was produced by human authors (those compositions are sent to the marketing review system). An upside to the marketing composition system is that it can be programmed to *mostly* comply with the Revised Marketing Rule. With such pre-programming, reviews were easier, to be sure: fewer needed corrections of finished marketing materials meant more time for other matters, such as client meeting notes, now dutifully written down by another system solution that mimicked old-time Dictaphones.
But even this system, for all of its capabilities, was sometimes prone to generating outputs that would have the entire team laughing out loud—wrong words that sounded the same as those spoken during the meeting changed the entire meaning of the meeting notes. And while these outputs could be humorous, it also presented a serious books and records issue.
“Every system has its imperfections”, you think to yourself as you see another email arrive in your inbox.
*PING*
This one is from your firm’s investment analysis system. It was the system that you had the greatest difficulty adopting—the way it integrated with your firm’s CRM system to read the risk tolerance profiles and other information about every single client in order to construct model portfolios suited for all clients throughout the firm was unnerving, to say the least. Weeks of due diligence on the vendor that culminated in the signing of an NDA resolved that. While this new system all but eliminated the need for old-school investment committees, save for some of the old-timers who always enjoyed doing investment analysis and were loath to surrender that to a computer, it remained necessary to double-check the system’s outputs to make sure conservative retirees did not end up placed in triple leveraged options strategies…or some such thing.
The advent of AI has unlocked a whole world of possibility and potential. The prospect of systems executing efficiency enhancing tasks has brought a great deal of excitement and trepidation: what are these systems’ capabilities? How will they change the business? The industry? Where do compliance and industry rules and regulations come in?
Often, the best way to approach new methods and technologies in the industry is by looking at the existing regulatory framework as a starting point: what already exists that is applicable to the topic at hand?
From the story above, we see many examples of AI operating within the present regulatory framework. Below we discuss.
Oversight Controls: Email and Communication Surveillance
It is widely believed that AI could hold great promise when employed in an email review application. Such a system could be programmed in such a way as to reduce or even eliminate the “noise” of false positives by interpreting words and phrases in the same way a human reviewer would read a message and determine its relevance. The time saved if a machine could eliminate the mountains of spam and seemingly relevant messages currently flagged by email review tool lexicons cannot be understated. However, a firm must still exercise governance over that process. Not only must the firm oversee the continued validity of the AI’s programming to verify that the correct messages are being excluded, it must ensure that nothing relevant is wrongly excluded, and nothing irrelevant is being included. Additionally, the firm must pursue further action to remediate any identified issues.
Oversight Controls: Advertising/Marketing Composition and Reviews
The extremely nuanced nature of advertising and marketing poses some of the biggest challenges to an AI tool. On the composition side, some financial firms are already using AI to produce and write/create marketing materials. The final products are usually slick, well-written, and at times can rival anything that can be produced by a human author. Along with that, an added bonus is that an AI tool can be programmed to “know” regulatory requirements and firm procedures prior to creating anything, thereby allowing AI-produced materials to have a certain level of built-in compliance. Despite this, as with human authors, even AI generated advertising must undergo review by a responsible person prior to use to ensure the content is accurate and contains appropriate and required disclosures.
While the story above humorously imagined a future where cynical firms are positioned to send AI-generated marketing materials through an AI reviewer tool, AI reviewers are currently less developed than their composition stablemates. Suffice it to say, even in a future where AI reviewers have developed substantial review capabilities, there will still be a need for a responsible party to affirm the review and verify that the AI reviewers’ findings are sound. This process of reviewing AI-reviewed marketing materials will include verifying the presence of required disclosure language, validating at the system level the basis for including and excluding language or other materials from a marketing piece, and a read-through of the marketing piece to verify the AI review did not miss anything.
Oversight Controls: Investment Analysis
The heavy lifting of searching for the next big thing to include in a firm’s investment lineup would appear to be the exact purpose for which AI was created. What a time-saving boon it would be to the industry to be able to set the desired investment parameters and let the system scan the entire investment universe for the exact investment fit that current human analysis can only attempt. Taken one step further, the system could be programmed to “read” all of a firm’s client profiles to further customize investment selections at any scale the firm desires—the firm could opt to customize to the individual account, to batches of accounts, to the firm as a whole, or any point in between.
Naturally, these features bring with them compliance concerns. For example:
- Firmwide model creation: When creating investment models for use with clients across your entire firm, did you verify that the investments included in each model are suitable for the clients who would invest in those investment models? Your firm will need procedures to determine which investments should be included in a model portfolio and how those investments are weighted.
- Firmwide model creation: The use of AI and its development of greater capabilities may eventually lead to higher expectations about what is included in a client’s investment portfolio. A day may come when your firm will need to document a review performed to determine why a more generic firmwide investment model was used instead of using AI to customize portfolios to each individual client and why that decision is in your firm’s clients’ best interest. Your firm will need procedures in place to determine the criteria for deciding when to use firmwide models versus creating customized portfolios.
- Privacy topics: An AI system from a third-party “reading” client profile information is an obvious concern. Aside from the problem of granting access to client information to an unaffiliated third party, there is the problem of AI systems that generate written outputs including that information for use outside of your firm. Controls for this possibility include the same measures taken with vendors who provide CRM systems: conduct due diligence on the vendor, have the vendor sign a Non-Disclosure Agreement, and review any outputs the system creates to verify that sensitive information is not disseminated outside your firm.
Conclusion
Even as the rest of us learn, the Securities and Exchange Commission is finding uses of its own for this technology, such as using it to conduct market surveillance and to assist in enforcement investigations. Beyond that, the SEC is prioritizing review of firms’ representations of their AI capabilities and use; adequacy of procedures governing AI use in applications such as fraud prevention/detection, back-office operations, AML, and trading; and protection against the loss or misuse of sensitive information when using third-party AI systems.
The story of AI is still being written. We have seen just in the past dozen years the rise of new technologies that promised to transform the industry. Will AI be like social media, which after years of uncertainty found widespread adoption by the industry? Or will it be like robo-advisors, where after years of tinkering and experimentation, was determined to be a poor fit for the industry and largely discarded? Time will tell.
Author: Matthew Rothchild, Sr. Compliance Consultant; Editor: Tina Mitchell, Managing Director, Consultation Services Compliance & Legal Services (“Core Compliance”). Core Compliance works extensively with investment advisers, broker-dealers, investment companies, hedge funds, private equity firms and banks on regulatory compliance issues.
This article is for information purposes and does not contain or convey legal or tax advice. The information herein should not be relied upon in regard to any particular facts or circumstances without first consulting with a lawyer and/or tax professional.
[1]This event is the author’s speculation for purposes of the story. The author makes no claim as to the future status of this or any other rule or regulation.