The SEC's 2026 AI Rules for Investment Advisers
Everyone is waiting for the SEC's new AI rulebook. It does not exist. Here is what examiners actually check instead.
Key Takeaways
- ✓ There is no special SEC AI rule to comply with. The agency formally withdrew its predictive data analytics proposal in June 2025. The pressure comes from rules that already exist.
- ✓ The SEC Division of Examinations 2026 priorities tell examiners to review how firms supervise AI and whether AI claims in disclosures are accurate.
- ✓ The first AI enforcement actions were not about the technology. They were about lying. Two advisers paid a combined 400,000 dollars for false AI claims in their marketing.
- ✓ Three documents get you ready: an inventory of where AI touches the firm, a check of your marketing and ADV for AI claims, and a written AI policy. None of this requires new software.
Picture a Lake Forest advisory firm with four people and 300 million dollars under management. The team uses an AI notetaker on client calls. The marketing assistant drafts the quarterly letter in ChatGPT. Someone built a spreadsheet that scores prospects. Nobody wrote any of this down.
Now an examiner asks a simple question. How does your firm use artificial intelligence, and what controls do you have around it? At most firms I see, the honest answer is a shrug. That shrug is the problem.
The good news is the rule everyone is bracing for does not exist. The SEC withdrew its proposed predictive data analytics rule in 2025. The bad news is that the absence of a special rule does not let you off the hook. The rules already on the books do the work.
$400K
Combined penalties paid by two advisers in the SEC's first AI washing enforcement actions: 225,000 dollars and 175,000 dollars.
2025
The year the SEC formally withdrew the predictive data analytics proposal. No final AI rule replaced it.
2026
AI now sits inside the SEC Division of Examinations exam priorities, named under emerging technology, cybersecurity, and disclosure accuracy.
There Is No AI Rule. That Is the Trap.
A lot of advisers are waiting for a single AI regulation to land so they know what to do. They are waiting for a starting gun that already fired, in a different race.
The SEC withdrew the predictive data analytics proposal along with thirteen other Gensler era proposals. It said it does not plan to issue final rules on them. So there is no new AI compliance regime to read.
Instead, examiners apply the rules that govern everything else you do. Your fiduciary duty. The Marketing Rule, which governs what you can say in advertisements. The Compliance Program Rule, which requires written policies for the things your firm actually does. If your firm uses AI, then AI is one of the things your policies are supposed to cover. The technology is new. The obligation is old.
The firms that come through this cleanly have one thing in common: they can show where their data goes. That is an engineering question as much as a compliance one. It is the same reason firms that handle sensitive files move toward closed, private AI systems instead of routing client information through consumer tools.
"Examiners are not looking for a fancy AI program. They are looking for a firm that knows what it is running and wrote it down."
Michael Pavlovskyi, Bace AgencyWhy This Matters for Financial Advisors
Read the first AI enforcement actions closely and you see what the SEC actually cares about. In March 2024 the agency charged two advisers, Delphia and Global Predictions, for false and misleading statements about their use of AI. One claimed to use AI on client data it never touched. One called itself the first regulated AI financial advisor.
Neither case was about a dangerous algorithm. Both were about marketing claims that were not true. The charges ran through the Marketing Rule and the antifraud provisions of the Advisers Act. The same provisions that have applied to advertising for decades.
That tells a small RIA exactly where the risk sits. It is not in using a model. It is in saying something about AI that you cannot back up, or in using AI in a way you cannot explain. A firm that documents both is in a strong position. A firm that improvised is not. For a deeper look at how to run client data through AI safely, see our piece on AI document processing for financial advisors.
Step One: Build an AI Inventory
You cannot supervise what you have not listed. The first document is a plain inventory of every place AI touches the firm.
This is the part most firms skip, and it is the part the examiner cares about most. Walk through the week. The call notetaker. The email assistant. The marketing drafts. The research summaries. The prospect scoring spreadsheet someone built without telling compliance. Write down each one: what it does, what data goes into it, and whether a person checks the output before it reaches a client.
Most owners are surprised by how long the list gets. That surprise is the point. An hour of listing turns a shrug into a document you can hand an examiner.
Note: Use this prompt to structure the inventory, but never paste real client data into a consumer chatbot interface. The public, consumer tiers of tools like ChatGPT and Claude are not built for client records. Live client data belongs in an isolated, private API setup that does not train on your inputs.
SAMPLE CLAUDE PROMPT
"You are helping a registered investment adviser build an AI usage inventory for SEC examination readiness. I will describe each tool my firm uses. For each one, organize my answer into a table with these columns: tool name, business purpose, what data is entered, whether the output is client facing, and whether a person reviews the output before it reaches a client. After the table, list any tool where client data is entered but no human review step exists, because those are the items to address first. Do not give legal advice. Here is the first tool:"
Step Two: Check Your Marketing and ADV for AI Claims
This is where the money penalties came from. Every AI claim in your advertising and filings has to be true and provable.
Pull every place your firm describes its technology. The website. The pitch deck. LinkedIn. The Form ADV. Now read each AI claim like an examiner who will ask you to prove it. If you say AI drives your research, you should be able to show how. If you call something proprietary, it should be proprietary. If a claim is aspirational, it does not belong in an advertisement.
The SEC Marketing Rule, rule 206(4)-1 under the Advisers Act, bars untrue or unsubstantiated statements of material fact. That is the exact hook the SEC used in the AI washing cases. Vague AI language that sounded good in a marketing meeting is the language that draws scrutiny. The fix is cheap: say what is true, cut what is not.
Note: A generic AI can clean up your text, but it does not know SEC case law. Before publishing any rewrites, an expert validation of your registration boundaries is critical.
SAMPLE CLAUDE PROMPT
"You are a marketing compliance reviewer for a registered investment adviser. Below is text from our website and Form ADV. Find every statement that references artificial intelligence, machine learning, algorithms, or automated technology. For each statement, flag whether it is a factual claim that would need evidence to support, and rewrite any vague or overstated claim into plain, defensible language. Do not invent capabilities. If a claim cannot be supported by a normal firm, recommend removing it. Here is the text:"
Step Three: Write the AI Policy
The Compliance Program Rule expects written policies for what your firm does. If you use AI, you need a short policy that covers it.
This does not have to be long. A useful AI policy for a small firm fits on two pages. It names the approved tools. It states what client data may and may not be entered, and into which systems. It requires human review before AI output reaches a client. It assigns one person to own the inventory and update it. That is most of it.
The point is not a thick binder. The point is that when an examiner asks how you supervise AI, you hand over a document instead of describing good intentions. If you want a sense of where your firm stands before you start, the AI readiness quiz is a five minute starting point.
Note: A prompt can draft a template, but if your team's actual daily habits deviate from it even slightly, examiners will flag it as a failure of supervision.
SAMPLE CLAUDE PROMPT
"Draft a two page artificial intelligence use policy for a small registered investment adviser. Include these sections: approved AI tools, prohibited uses, what client data may and may not be entered and into which systems, the required human review step before any AI output reaches a client, recordkeeping, and the named person responsible for maintaining the AI inventory. Keep the language plain and specific. This is a starting draft for review by the firm and its compliance counsel, not final legal advice."
How to Get Started
List every AI tool this week
Block one hour. Walk through a normal week with your team and write down each place AI shows up, including the tools nobody officially approved. Capture what data goes in and whether a person checks the output. This list is the spine of everything else.
Clean up your AI claims
Review your website, ADV, and decks for AI language. Cut anything you cannot prove. This is the single fastest way to reduce your exposure, because every dollar of penalty in the first AI cases came from claims, not from the technology itself.
Write the two page policy
Turn the inventory and the cleanup into a short written policy: approved tools, data rules, human review, and one owner. Have your compliance counsel review it. Now when the question comes, you answer with a document.
What This Does Not Replace
An inventory, a marketing cleanup, and a written policy get a firm ready for the conversation. They do not replace your compliance counsel or your chief compliance officer. The policy is a draft until a qualified person reviews it against your firm specific obligations.
AI does not make the judgment calls either. A model can help you list tools and rewrite claims. It cannot decide what your fiduciary duty requires, or sign off on a regulatory filing, or sit across from an examiner. Those stay with the people who hold the licenses and the accountability.
But understand what the exam is really testing. It is not a template exercise. It is proof that you have documented control over how data moves through your firm: which tools touch client information, where that data goes, and who checks the output before a client sees it. You can patch that together by hand and hope there are no gaps in how your team actually works day to day. Or you can build it once, properly, with people who design closed AI systems for a living.
An examiner wants to see that you are in control of your technology. That control is exactly what we build. Our AI consulting and implementation work starts by mapping where AI already lives in your practice, then building the documentation and controls that show an examiner a firm in command of its own systems.
Frequently Asked Questions
Is there a new SEC rule on AI for investment advisers?
No. The SEC withdrew its proposed predictive data analytics rule in June 2025 and said it does not plan to finalize it. AI is governed by existing rules: your fiduciary duty, the Marketing Rule, and the Compliance Program Rule. The lack of a new rule does not remove the obligation to supervise and disclose your AI use accurately.
What is AI washing, and how does it apply to my firm?
AI washing means overstating or misrepresenting your use of artificial intelligence. In March 2024 the SEC charged two advisers for false AI claims in their marketing, with combined penalties of 400,000 dollars. The lesson for a small firm is simple: only say what you can prove about your technology, in your advertising and in your Form ADV.
What will an examiner actually ask about AI?
Based on the SEC Division of Examinations 2026 priorities, expect questions about how you supervise AI tools, what policies and procedures you have around them, and whether your disclosures about AI are accurate. A written inventory and a short AI policy answer most of that directly.
Do I need to stop using AI tools to stay compliant?
No. The SEC has not banned advisory use of AI. The risk is undocumented or misrepresented use, not use itself. A firm that lists its tools, controls what data goes in, reviews output before it reaches clients, and describes its AI accurately can keep using these tools with confidence.
How long does it take to get exam ready on AI?
For a small RIA, the core work is a few focused sessions: an hour to build the inventory, a pass through your marketing and ADV, and a short policy draft for compliance counsel to review. The harder part is keeping the inventory current as the firm adopts new tools, which is why one named owner matters.
Related Articles

We Spent $20,000 to Run AI Locally
We bought two Mac Studios to run open models in house and stop renting AI by the token. The hardware worked. The economics, and the intelligence gap, did not.

AI Fixes Family Office Bill Pay First
Bill pay is the quiet money pit of every family office. A small team, serious capital, and invoices checked by hand across five entities. Here is how AI closes the gap.

AI Due Diligence for Search Fund Operators
A searcher gets one shot to diligence a company, often alone and on a clock. Here is what a working AI diligence workflow actually does, and what it does not replace.
About the author
Written by
Michael Pavlovskyi
Founder, Bace Agency
Michael builds custom Claude and GPT workflows for insurance agencies, law firms, and PE firms on Chicago's North Shore. Speaker at Northwestern and Lake Forest College on practical AI adoption for professional services.
Connect on LinkedInWant to see how AI fits in your firm?
Book a free 30-minute AI audit. No obligation, no pitch deck.
Book a Free AI Audit →