What wealth firms should take away from FINRA's new Gen AI focus

Last week, FINRA gave its member firms and registrants an early Christmas present with its annual Regulatory Oversight Report for 2026.

Apart from the usual emphasis on financial crimes, firm operations, communications, and market integrity, the report – which the industry regulator issued earlier than expected in response to member firm feedback – included a new section on generative AI, an emerging area of interest for FINRA as it engages with firms and other regulators.

While the report stressed that existing rules and securities laws still apply when implementing generative AI, its presence as the sole new dedicated topic for FINRA this year speaks volumes to at least one expert in securities regulation.

"I think that says a lot, that they really put it front and center," said A. Valerie Mirko, partner and leader of the securities regulation and litigation practice at national law firm Armstrong Teasdale.

A risk-based approach

Among more than a dozen types of Gen AI FINRA observed among its member firms, FINRA said "summarization and information extraction" from unstructured documents was the top application. The report also noted other use cases such as translation, coding, and modeling that could go beyond saving time for users.

Beyond that, it laid out a laundry list of risks and considerations for firms with respect to GenAI tools and technologies. That includes watching out for hallucinations or bias, evaluating how their cybersecurity programs deal with third-party vendors and potential Gen AI-enabled threat actors, and addressing questions of privacy.

"I like that they took a risk-based approach. I think that's healthy and better than a prescriptive approach, because we're still talking about emerging trends of Gen AI," Mirko said. "It's important to give the market latitude to develop in terms of what Gen AI looks like in terms of risk and use cases."

FINRA emphasized that before deploying Gen AI, firms should implement formal review and approval processes to assess opportunities, with business and tech experts as part of a broader system of controls to help manage unique risks. Clear policies and procedures, model risk frameworks, and comprehensive documentation are also a must. 

"I am not surprised at all that FINRA [is highlighting the] need to develop a supervisory process before developing and implementing AI," Mirko said. "That is what we counsel as attorneys, and it makes good sense."

In terms of Gen AI adoption, 2025 has proven to be the year of the notetaker, with various wealth tech vendors touting their platforms' ability to help advisors prepare for, record, summarize, and extract insights from meetings at scale. But while the time savings and productivity gains have been obvious, Mirko emphasized that the supercharged ability to record and store conversations digitally also raises a host of issues for firms.

"Does it become a business record? How should it be retained? Should it be retained in the verbal recording or the transcript? Does the transcript have to be searchable and stored in a particular way?" she said. "It immediately raises a domino of issues: confidentiality, privacy, disclosure to the client."

The FINRA report also encouraged firms to have governance frameworks that drive their implementation and use of AI. For Mirko, that's another item that must remain top of mind for firms that want to do well with their Gen AI execution.

"It's not just about supervising for potential mistakes," she said. "From a governance standpoint every firm should be thinking: how do we want to use AI?"

Dani Fava, chief strategy officer at Carson Group, says her firm's Gen AI approach keeps humans in the loop, which helps reinforce oversight, documentation, and accountability.

"We design our AI to give advisors unparalleled efficiency and data-driven insights, but it will never replace professional human judgment," Fava said, emphasizing that no decisions are made automatically and all items delivered to clients are subject to human review.

"By keeping advisors firmly in the driver’s seat, we’re able to responsibly scale innovation while staying aligned with regulatory expectations and our fiduciary commitment to clients," she said.

Closing the compliance gap

For now, it seems AI adoption is outpacing compliance across the industry. 

According to the most recent Investment Management Compliance Testing Survey released in July, 40% of firms have formally adopted AI tools for internal purposes, just 15% said they have established policies and procedures to govern employee use of AI, while just 4% have set up dedicated AI governance groups. Encouragingly, 57% of survey respondents identified AI and predictive analytics as a compliance priority, suggesting a cautious attitude as they roll Gen AI tools out more broadly.

Based on past enforcement settlements from the Securities and Exchange Commission involving AI, Mirko has extrapolated a framework for firms to consider AI in three silos: whether they use it as part of giving investment advice; it's used for internal processes that don't impact advice; or using AI as part of running their business.

"I think there's a lot of precedent and guidance that registrants can look to for AI compliance. As long as there is sufficient disclosure and good controls in place, I think we will see AI-related issues resolve at the exam level," she said. "I don't expect there to be aggressive enforcement unless there is outright fraud."