Enhancing firm-level advisory compliance in the age of AI

FINRA's 2024 regulatory oversight report is notable for its topical focus on artificial intelligence and the shifting state of cybersecurity and recordkeeping requirements. Overall, the broker-dealer self-regulator emphasizes a shift away from mere compliance to more active surveillance of improper communications on the part of advisory firms.

When advisory firms use off-channel platforms and devices, the report says, there is a far greater risk that records won't be maintained. It also references SEC fines administered across the industry from 2021 to 2023 regarding off-channel texting on WhatsApp and other messaging services — a trend that has continued into 2024.

Mobile correspondence undoubtedly accounts for a significant proportion of off-channel communications, largely due to its convenience of use, immediacy and availability outside working hours. The Financial Industry Regulatory Authority report provides questions that firms should ask themselves, including whether their electronic communication policy includes procedures to maintain, preserve and monitor all business-related correspondence by staff — including off-channel methods — and whether they have processes in place to monitor for new channels available to customers.

READ MORE: They're coming for the RIAs: Latest SEC messaging sting nabs small firm

Compliance departments as detectives

Rather than expecting employees to simply follow protocol, the report indicates that compliance teams are expected to do the detective work to understand the new landscape and make sure employee conduct is aboveboard. FINRA recommends that firms keep an active eye on whether approved channels are underutilized, signifying that alternatives are being used. Firms should also check their approved channels for "indicia of communications occurring off-channel," i.e., references to other conversations on unsanctioned domains. These could come in the form of email chains that copy an email address from an off-channel domain or suggestions that recipients should interact elsewhere, away from scrutiny.

Traditionally, companies have paid the price for employee misconduct, and so FINRA is encouraging firms to establish deterrents for individuals who go rogue and breach policy and to consider what corrective/disciplinary measures are in place for advisors. 

Like the SEC's marketing rule, FINRA Rule 2210 (Communications with the Public) encompasses electronic communications, so websites and social media channels are held to the same standard as written brochures, TV advertisements and indeed emails.

AI and compliance concerns

FINRA's report reminds firms of their obligation to present information that is accurate, balanced and not misleading by sharing, for example, the associated risks of a product/service alongside its benefits. This overlaps significantly with developments around the use of AI for content creation purposes. FINRA explicitly classifies AI as an "emerging risk" and recommends that firms consider its pervasive impact and the regulatory consequences of its deployment.

When you break down the ways in which marketers can leverage ChatGPT, for example, it becomes clear how effective the tool has become. Not only can it draft social media posts and website copy, it can also optimize them based on SEO, trending keywords, or other relevant metrics. This saves marketers an incredible amount of work, and will tempt stretched workforces in need of a lifeline. Marketing teams might not be equipped to check the generated output thoroughly, which is especially problematic in the context of chatbot "hallucinations." Without the correct checks and amendments, a brand's tone of voice and clarity of messaging can be compromised. More worryingly, so can its factual legitimacy.

READ MORE: Chatting with ChatGPT? 5 questions marketers should ask

The SEC has already clarified that advisors themselves are responsible for issues that arise after AI tools are used for investment recommendations. On a podcast dissecting the 2024 report, Ornella Bergeron, FINRA senior vice president of member supervision, said that despite the operational efficiencies afforded by developments in AI, there are worries.

"While these tools can present really promising opportunities, their development has raised concerns about things like accuracy, privacy, bias and intellectual property," Bergeron said. "So far, firms are being very cautious and thoughtful when considering the use of AI tools, and before deploying new technologies, so while for this year's report there was not a lot in the AI section by way of specific roles or observations, this is likely a topic we'll be seeing a lot more about in the future."

Looking ahead

Off-channel and public-facing communications have been on the regulatory agenda for some time now, and FINRA's 2024 report reiterates these concerns and, by providing probing questions for firms to ask themselves, will help highlight the inadequacies and the blind spots that led to industrywide recordkeeping shortcomings. By prescribing procedures to uncover and root out the use of unauthorized channels, the regulator has shown a genuine desire to put a stop to it, or for firms to find new ways to handle the situation compliantly.

Communications-archiving providers can now capture and record data across the traditional off-channel platforms like WhatsApp, WeChat and Telegram. They are also increasingly developed to tackle the surveillance piece of the puzzle by applying lexicon policies to flag specific wording, for example. This would negate the need for unrealistic platform bans and ensure that illicit activity is quickly uncovered.

While a lot of the report's content feels familiar, FINRA has also shown that it is alive to new developments — particularly the latent carnage that artificial intelligence could bring to proceedings. In a world where algorithms can follow prompts but might state a few fictions in the process, digital accountability is of paramount importance, and FINRA, like most regulators, is treading carefully.