3 posts tagged with "SEC Cybersecurity Rule"

FINRA and the SEC have moved from observation to active expectation on AI. FINRA's 2024 AI in Financial Services report outlined specific examination focus areas. The SEC's 2024 guidance on AI use in investment advice created new conflicts of interest disclosure requirements. And FINRA Rule 3110's supervision requirement applies to AI systems used in client-facing functions as fully as it does to human representatives.

If you're a broker-dealer or investment adviser using AI agents for client communication, suitability analysis, order routing, or research, the regulatory expectations are clear and increasingly examined.

Two US financial privacy regulations updated significantly in 2023: the FTC's Safeguards Rule under GLBA (effective June 2023) and New York DFS's 23 NYCRR 500 cybersecurity regulation (effective November 2023). Both have teeth that the originals lacked — and both attach personal liability to individuals for compliance failures.

If you're a US financial institution, non-bank financial company, or mortgage servicer, and you're deploying AI agents that touch customer financial data, both regulations apply.

SOX Section 302 requires the CEO and CFO to personally certify that financial reports are accurate and that they've reviewed the controls over financial reporting. Section 906 makes false certifications a criminal offense — up to 20 years in prison.

When an AI agent is generating financial reports, running disclosure checks, or preparing SEC filings, those certifications still apply. The executives signing them need to be able to vouch for the process that produced the numbers.

That's only possible if the AI's actions are auditable, the outputs are traceable to specific data sources, and a human reviewed the result before it was filed.